1 of 37

Java Based Containers in Kubernetes

Greater Milwaukee Java Meetup

9/29/2016 @ Digital Measures

Event Link

2 of 37

Andrew Glassman

Back End Architect - Digital Measures

@a_glassman

http://www.deepfriedeverything.com

Slack with us! #Java

Chip In!

3 of 37

4 of 37

Pizza Consumption

5 of 37

Containers

6 of 37

What is a Container?

Docker containers wrap a piece of software in a complete filesystem that contains everything needed to run: code, runtime, system tools, system libraries – anything that can be installed on a server. This guarantees that the software will always run the same, regardless of its environment. (docker.com)

7 of 37

Advantages of Containers

  • Lightweight
    • Container images are layered, and can share common base layers. Spinning up new containers is fast once these images are downloaded.
  • Based on Open standards
    • Can run on all major Linux platforms, and Windows 10. Mac requires a VirtualBox host.
  • Secure
    • Container processes cannot see or affect other container processes, even though they are on the same host system.
    • Containers each have their own network stack.

8 of 37

Containers

File System & Storage

9 of 37

How Containers Work - File System

  • Containers are built on a layered file system of read only “images”.
    • Image layers are immutable.
    • You compose full images using a Dockerfile.

  • Your modifications are layered on the base image stack as a new layer that allows reads, and writes.
    • Modifications to this layer are not persistent.
    • Modifications for each container are not shared, even by instances of the same container.

10 of 37

11 of 37

How Containers Work - Storage

  • Container R/W file system layer is deleted when container is destroyed.

  • To provide persistent storage on the host, use a Storage Volume.
    • Containers can share volumes.
    • Volumes are not added in to images if the container is “re imaged”. (docker commit)
    • Volumes bypass the layered image file system.

  • Options to attach iSCSI, NFS, or FC.

12 of 37

13 of 37

Containers

Networking

14 of 37

How Containers Work - Networking

  • The docker engine has three networks. When you run a container, you can specify which stack it runs on.
    • Bridge: Spans all containers on the host.
    • None: Creates a container specific stack.
    • Host: All networks available on the host are accessible by the containers.

  • Docker DNS - internal DNS, or specify your own external DNS IP address. You can specify the hostname as a parameter to the “run” command.

15 of 37

Awesome! ... So what is Kubernetes for?

16 of 37

Containers

At Scale

17 of 37

Working Together

  • Containers are great on their own, but can get complex fast. Imagine having to write scripts to manage the following:
    • Application Clustering
      • Self Healing Applications
      • Rolling Updates
    • Load Balancing
    • Service Discovery
    • Auto Scaling
    • Persistent Volume Management

Kubernetes gives you ALL OF THE ABOVE, out of the box!

18 of 37

Kubernetes

Concepts

19 of 37

Nodes

  • Nodes are host machines within the Kubernetes cluster.
    • They can be a VM, or a physical machine.
  • A node runs multiple PODS.

20 of 37

PODS

  • Pods are the smallest unit of deployment in Kubernetes.
    • Pods define one or more containers, how they interact. And what attached resources are available to them.
      • Think “docker compose”.

  • Containers within a Pod are co-located, and co-scheduled.
    • Containers within a Pod can communicate over localhost.
  • Pods are “ephemeral”, which means they shouldn’t be treated as “pets”. (see link below)

21 of 37

Labels

  • Labels are key/value pairs that are attached to objects, such as pods.
  • Used to organize and select sets of objects.

22 of 37

PODS - Example Pod

Spring Boot App

Logstash Service

nginx

/tmp

zlib

POD

CONTAINER

STORAGE VOLUME

23 of 37

Replica Set

  • A Replica Set ensures that a specified number of Pod “replicas” are running at any given time.
  • Kubernetes manages the number of active Pods, and keeps it as close as possible to your specified number.
  • *Don’t use these directly, use them within a Deployment.

24 of 37

Deployments

  • A Deployment provides declarative updates for Pods and Replica Sets.
  • Basically it is an “eventually consistent” environment definition.
  • Supports rolling updates / rollbacks.

25 of 37

Deployments

26 of 37

Volumes

  • Allows all containers in a pod to share storage.
  • Lots of available options!
    • AWS - EBS (Elastic Block Storage)
    • iSCSI, NFS, flocker, gitrepo, azuredisk
  • Volumes are tied to Pod lifecycle, NOT container lifecycle.

27 of 37

Persistent Volumes

  • Not tied to any Pod lifecycle.
  • Lives at the same “resource level” as a Node in the cluster.
    • Pods make PersistentVolumeClaims to obtain this resource.
  • Infrastructure can provide different StorageClass options depending on how the storage is implemented. This helps consumers know the QoS they can expect from a particular PersistentVolume.
  • Recycle policies: retain, recycle, delete
  • Read Policies: ReadWriteOnce, ReadOnlyMany, ReadWriteMany
    • Pertains to how nodes are allowed to interact with the PV.

28 of 37

Volumes & PersistentVolumes

Spring Boot App

Logstash Service

nginx

/ (emptyDir)

zlib

POD

CONTAINER

/tmp

/logs

Node

/ (hostPath)

/../docker

PersistentVolume

NFS/iSCSI

/zipped

29 of 37

REST APIs

  • Kubernetes API
    • The Kubernetes API also serves as the foundation for the declarative configuration schema for the system. The Kubectl command-line tool can be used to create, update, delete, and get API objects.
    • Use via REST calls
    • Use via kubectl command line utility

30 of 37

31 of 37

Namespaces

Spring Boot App

Logstash Service

nginx

/ (emptyDir)

zlib

POD

CONTAINER

/tmp

/logs

Node

/ (hostPath)

/../docker

PersistentVolume

NFS/iSCSI

/zipped

32 of 37

Annotations

Annotations can be added to any Kubernetes object.

Annotations provided metadata that can be used by controller to do specific things to the cluster, or external resources.

33 of 37

Ingress

Spring Boot App

nginx

POD

DNS

Firewall / Load Balancer / TLS Termination

K8s API

Service my-service

Exposes Port 8080

To port 8080

Labels: app=my-app, env=qa

Expose port 940021

For pods with labels that match: app=my-app, env=qa

Ingress

Specify host�- qa.my-service.com

Specify Service

Any special annotations (TLS, TTL)

34 of 37

Service Mesh (Consul Connect)

Spring Boot App

nginx

POD

Exposes Port 8080

Labels: app=app-a, env=qa

Go App

nginx

POD

Exposes Port 8080

Labels: app=app-b, env=qa

Annotations:

Upstreams: app-b:4223

Consul Connect

Side Car

Side Car

Annotations:

Register: app-b:4223

localhost:4223

35 of 37

Thanks! Check out these interesting links

Providers

Getting Started Guides

36 of 37

Sources

37 of 37

Sources