Java Based Containers in Kubernetes

Greater Milwaukee Java Meetup

9/29/2016 @ Digital Measures

Event Link

Andrew Glassman

Back End Architect - Digital Measures

@a_glassman

http://www.deepfriedeverything.com

Slack with us! #Java

Chip In!

Pizza Consumption

Containers

What is a Container?

Docker containers wrap a piece of software in a complete filesystem that contains everything needed to run: code, runtime, system tools, system libraries – anything that can be installed on a server. This guarantees that the software will always run the same, regardless of its environment. (docker.com)

​

• https://www.docker.com/what-docker
• https://coreos.com/rkt/

​

Advantages of Containers

• Lightweight
• Container images are layered, and can share common base layers. Spinning up new containers is fast once these images are downloaded.
• Based on Open standards
• Can run on all major Linux platforms, and Windows 10. Mac requires a VirtualBox host.
• Secure
• Container processes cannot see or affect other container processes, even though they are on the same host system.
• Containers each have their own network stack.

​

• https://docs.docker.com/engine/security/security/

​

Containers

File System & Storage

How Containers Work - File System

• Containers are built on a layered file system of read only “images”.
• Image layers are immutable.
• You compose full images using a Dockerfile.

​

• Your modifications are layered on the base image stack as a new layer that allows reads, and writes.
• Modifications to this layer are not persistent.
• Modifications for each container are not shared, even by instances of the same container.

​

​

• https://docs.docker.com/engine/userguide/storagedriver/imagesandcontainers/
• http://developers.redhat.com/blog/2016/03/09/more-about-docker-images-size/

​

How Containers Work - Storage

• Container R/W file system layer is deleted when container is destroyed.

​

• To provide persistent storage on the host, use a Storage Volume.
• Containers can share volumes.
• Volumes are not added in to images if the container is “re imaged”. (docker commit)
• Volumes bypass the layered image file system.

​

• Options to attach iSCSI, NFS, or FC.

​

​

• https://docs.docker.com/engine/tutorials/dockervolumes/

​

Containers

Networking

How Containers Work - Networking

• The docker engine has three networks. When you run a container, you can specify which stack it runs on.
• Bridge: Spans all containers on the host.
• None: Creates a container specific stack.
• Host: All networks available on the host are accessible by the containers.

​

• Docker DNS - internal DNS, or specify your own external DNS IP address. You can specify the hostname as a parameter to the “run” command.

​

​

• https://docs.docker.com/engine/userguide/networking/
• http://www.dasblinkenlichten.com/docker-networking-101-host-mode/

​

Awesome! ... So what is Kubernetes for?

Containers

At Scale

Working Together

• Containers are great on their own, but can get complex fast. Imagine having to write scripts to manage the following:
• Application Clustering
• Self Healing Applications
• Rolling Updates
• Load Balancing
• Service Discovery
• Auto Scaling
• Persistent Volume Management

Kubernetes gives you ALL OF THE ABOVE, out of the box!

• http://kubernetes.io/
• http://blog.kubernetes.io/

​

Kubernetes

Concepts

Nodes

• Nodes are host machines within the Kubernetes cluster.
• They can be a VM, or a physical machine.
• A node runs multiple PODS.

• http://kubernetes.io/docs/admin/node/

​

PODS

• Pods are the smallest unit of deployment in Kubernetes.
• Pods define one or more containers, how they interact. And what attached resources are available to them.
• Think “docker compose”.

​

• Containers within a Pod are co-located, and co-scheduled.
• Containers within a Pod can communicate over localhost.
• Pods are “ephemeral”, which means they shouldn’t be treated as “pets”. (see link below)

• http://kubernetes.io/docs/user-guide/pods/
• https://blog.engineyard.com/2014/pets-vs-cattle

​

Labels

• Labels are key/value pairs that are attached to objects, such as pods.
• Used to organize and select sets of objects.
• ​

• http://kubernetes.io/docs/user-guide/labels/

​

PODS - Example Pod

Spring Boot App

Logstash Service

nginx

/tmp

zlib

POD

CONTAINER

STORAGE VOLUME

• http://kubernetes.io/docs/user-guide/pods/multi-container/

​

Replica Set

• A Replica Set ensures that a specified number of Pod “replicas” are running at any given time.
• Kubernetes manages the number of active Pods, and keeps it as close as possible to your specified number.
• *Don’t use these directly, use them within a Deployment.

• http://kubernetes.io/docs/user-guide/replicasets/

​

Deployments

• A Deployment provides declarative updates for Pods and Replica Sets.
• Basically it is an “eventually consistent” environment definition.
• Supports rolling updates / rollbacks.

• http://kubernetes.io/docs/user-guide/deployments/

​

Deployments

• http://kubernetes.io/docs/user-guide/deployments/

​

Volumes

• Allows all containers in a pod to share storage.
• Lots of available options!
• AWS - EBS (Elastic Block Storage)
• iSCSI, NFS, flocker, gitrepo, azuredisk
• Volumes are tied to Pod lifecycle, NOT container lifecycle.

• http://kubernetes.io/docs/user-guide/volumes/

​

Persistent Volumes

• Not tied to any Pod lifecycle.
• Lives at the same “resource level” as a Node in the cluster.
• Pods make PersistentVolumeClaims to obtain this resource.
• Infrastructure can provide different StorageClass options depending on how the storage is implemented. This helps consumers know the QoS they can expect from a particular PersistentVolume.
• Recycle policies: retain, recycle, delete
• Read Policies: ReadWriteOnce, ReadOnlyMany, ReadWriteMany
• Pertains to how nodes are allowed to interact with the PV.

• http://kubernetes.io/docs/user-guide/persistent-volumes/

​

Volumes & PersistentVolumes

Spring Boot App

Logstash Service

nginx

/ (emptyDir)

zlib

POD

CONTAINER

• http://kubernetes.io/docs/user-guide/pods/multi-container/

​

/tmp

/logs

Node

/ (hostPath)

/../docker

PersistentVolume

NFS/iSCSI

/zipped

REST APIs

• Kubernetes API
• The Kubernetes API also serves as the foundation for the declarative configuration schema for the system. The Kubectl command-line tool can be used to create, update, delete, and get API objects.
• Use via REST calls
• Use via kubectl command line utility

• http://kubernetes.io/kubernetes/third_party/swagger-ui/
• http://kubernetes.io/docs/user-guide/kubectl-overview/

​

Namespaces

Spring Boot App

Logstash Service

nginx

/ (emptyDir)

zlib

POD

CONTAINER

• http://kubernetes.io/docs/user-guide/pods/multi-container/

​

/tmp

/logs

Node

/ (hostPath)

/../docker

PersistentVolume

NFS/iSCSI

/zipped

Annotations

Annotations can be added to any Kubernetes object.

​

Annotations provided metadata that can be used by controller to do specific things to the cluster, or external resources.

Ingress

Spring Boot App

nginx

POD

DNS

Firewall / Load Balancer / TLS Termination

K8s API

Service my-service

Exposes Port 8080

To port 8080

Labels: app=my-app, env=qa

Expose port 940021

For pods with labels that match: app=my-app, env=qa

Ingress

Specify host�- qa.my-service.com

​

Specify Service

​

Any special annotations (TLS, TTL)

Service Mesh (Consul Connect)

Spring Boot App

nginx

POD

Exposes Port 8080

Labels: app=app-a, env=qa

Go App

nginx

POD

Exposes Port 8080

Labels: app=app-b, env=qa

Annotations:

Upstreams: app-b:4223

Consul Connect

Side Car

Side Car

Annotations:

Register: app-b:4223

localhost:4223

Thanks! Check out these interesting links

Providers

Getting Started Guides

• Kubernetes quick install
• Kubernetes - One Million Requests / Second
• Docker Swarm outperforms Kubernetes at Scale
• 10 Things To Avoid in Docker Containers
• More About Docker Image Size

​

• Red Hat - OpenShift
• Google - Container Engine
• Platform 9 - Managed Kubernetes

​

• Kubernetes quick install
• Kubernetes, Multi-Node on Vagrant (VB) - PHP “guestbook” / Redis

​

Sources

• https://cloud.google.com/container-engine/
• https://kubernetes.io
• https://github.com/kubernetes/kubernetes/tree/release-1.4/examples/guestbook
• https://docs.docker.com/engine/userguide/storagedriver/imagesandcontainers/
• http://developers.redhat.com/blog/2016/02/24/10-things-to-avoid-in-docker-containers/
• http://developers.redhat.com/blog/2016/03/09/more-about-docker-images-size/
• https://docs.docker.com/engine/reference/builder/
• https://docs.docker.com/engine/userguide/storagedriver/imagesandcontainers/
• http://www.dasblinkenlichten.com/docker-networking-101-host-mode/
• https://www.hastexo.com/blogs/florian/2016/02/21/containers-just-because-everyone-else/
• http://k8s.info/cs.html
• https://www.virtualbox.org/
• https://docs.docker.com/engine/security/security/
• https://coreos.com/rkt/
• https://www.docker.com/what-docker
• http://www.slideshare.net/RedHatEvents/persistent-storage-with-containers-with-kubernetes-openshift (continued)

​

Sources

• https://docs.docker.com/engine/swarm/
• https://blog.docker.com/2016/03/swarmweek-docker-swarm-exceeds-kubernetes-scale/

​