Kubernetes
It’s a platform,�not just a deployment tool
Jose Armesto
@fiunchinho�
#bilbostack2019
app.bilbostack.com
Agenda
Agenda
Let’s program a thermostat
That’s how Kubernetes works
Kubernetes Architecture
Kubernetes is not a monolith. It’s built as a set of processes that are executed inside a cluster of servers.
Some of these processes are called controllers: processes that react to changes in the API.
Psst... Like the thermostat
It’s called Reconciliation Loop
Kubernetes Controllers
Each Kubernetes controller watches the current state of the cluster and compares that to the desired state.
If they don’t match, execute actions to make the current state match the desired state.
What do we mean by state?
How do we choose the desired state?
Using the API to save the desired state
Agenda
Kubernetes exposes a model through its API.
This model describes how applications must behave.
Using resources defined in that model we describe the desired state.
We save these resources using the Kubernetes API.
The ReplicaSet object defines how an application is deployed
Save the resource using the API
$ curl -X POST -d @replicaset.json \ "https://k8s_api/apis/apps/v1/namespaces/default/replicasets"
Save the resource using the API
$ curl -X POST -d @replicaset.json \ "https://k8s_api/apis/apps/v1/namespaces/default/replicasets"
Save the resource using the API
$ kubectl create -f "replicaset.json"
The Replication controller is watching
How do we choose the desired state?
How do we choose the desired state?
The Service object defines how an application receives traffic
Save the resource using the API
$ kubectl create -f "service.json"
The Endpoints controller is watching
You can watch resources in the API to react when the desired state and the current state don’t match.
Like the thermostat with temperature
Watching resources using the API
$ curl -X GET \ https://k8s_api/apis/apps/v1/namespaces/ns/replicasets
Watching resources using the API
$ curl -X GET \ https://k8s_api/apis/apps/v1/namespaces/ns/replicasets?watch=true
We will start getting events every time something happens on the watched resources.
When creating a new resource, we get its entire definition.
When the object is modified, we get the new object definition.
We also get an event when a resource is deleted.
Kubernetes controllers
Default controllers watching for changes in specific resources
Kubernetes controllers
But not all the resources are being watched by a controller.
The Ingress object defines how external traffic is mapped to services.
Routing based on the Host header and the path.
Kubernetes controllers
But not all the resources are being watched by a controller.
No one is watching Ingress resources.
Nothing will happen when we save the Ingress object
$ kubectl create -f "ingress.json"
You need to install an Ingress controller
Watches Ingress resources to handle external traffic.
nginx Ingress Controller
Renders the nginx config file whenever a change occurs in Ingress resources.
nginx Ingress Controller
Ingress controllers
Agenda
You can create your own controllers
Controllers can do anything we want
The Ingress object defines how external traffic is mapped to services.
Tries to match the request using the Host header and the path.
Controllers can do anything we want
Creates DNS entries in your cloud DNS service automatically based on your Ingress rules.
External DNS
There are lots of open source controllers
Auto config Prometheus services based on applications running in Kubernetes.
Prometheus discovery
Restart applications when changes are made to ConfigMaps / Secrets.
Reloader
Agenda
Kubernetes is extensible
The built-in resources exposed by the Kubernetes model may not be enough to describe all the different use cases.
The API lets you make your own resource types called Custom Resources.
You can create a controller that watches your Custom Resources.
This is called the Operator pattern
Retrieve TLS certificates for your applications automatically.
Cert Manager
This Custom Resource describes what TLS certificate we want
Describe what you want, not how you want it
The what is described in the resource
The how is programmed into the Operator
Manage AWS resources directly from Kubernetes.
AWS Service Operator
This Custom Resource describes that we want an S3 Bucket.
Kubernetes as a Platform
Handle all infrastructure problems the same way: no more snowflakes.
Kubernetes primitives and patterns become standard.
Declarative model over imperative model.
More advanced Operators
Provides mechanisms for traffic management like routing, discovery, load balancing, handling failures.
Istio
Build, deploy, and manage modern serverless workloads.
Uses Istio under the hood.
Knative
CI/CD solution for modern cloud applications on Kubernetes.
Uses knative under the hood.
Jenkins X
Kubernetes as a Platform
All of these operators provide a higher level abstraction on top of Kubernetes resources.
Users will use these new layer of resources instead of the built-in Kubernetes resources.
https://codely.tv/pro/bilbostack-19
Jose Armesto
@fiunchinho
#bilbostack2019�
app.bilbostack.com