Kubernetes reminds me a lot of git. Git was originally designed to be a collection of tools to create a version control system. Kubernetes is very similar. It exposes a lot of primitives to help people develop their own orchestration, dev-ops tooling because of it's low-level, beautifully designed APIs. A lot of kubectl tooling, is just using lower level kubernetes APIs underneath. In this talk, I will talk about how we created an opinionated workflow for devops that did everything triggered from receiving git-push and then generate a docker image, issue a zero-downtime rollout, generate SSL certificates, and reconfigure the API gateway using Kubernetes as a framework. This talk will help you understand the Kubernetes API, the Kubernetes execution model and design philosophy, and maybe write your own tools for fun and profit!
Presented in Bangalore Container Conference 2017.
2. Tanmai Gopal
Head Engineering, Hasura
@tanmaigo
● Building applications for 8 years
● Machine Learning/Computer Vision
● Software engineering, functional
programming, distributed systems
http://hasura.io
@HasuraHQ
3. HASURA
PaaS + BaaS built on:
nginx + redis + postgres
CoreOS + Docker + Kubernetes
Components primarily written in
Haskell.
4. The Kubernetes way
1. Pods
2. Replicasets
3. Deployments
4. Services
5. PersistentVolumes
6. Configmaps
5. The Kubernetes way
You don’t actually ever manage a resource.
You manage the definition of the resource.
Kubernetes makes the resource arrive at
that definition, eventually.
6. Examples to understand the Kubernetes way
● Run a process
● Processes communicating with each other
● Configure a process
● Restart a process with configuration changes
● Set up an API gateway to upstream services
● Run a one-off script
● Stop/delete a process
8. Setting context - Hasura
A demo to show Hasura features
1. Collection of microservices to give you BaaS APIs
2. Easy to deploy custom code or packaged code (PaaS)
10. Let’s build some PaaS tooling
1. Deploy a docker image backed service
a. Run the process
b. Configure a API gateway rule to reach the process
2. Add a new domain for the API gateway
3. TCP access via SSH tunneling
4. Single point of configuration for my application
5. Initialise and manage state (Postgres)
11. Deploy docker image
1. Demo
Client
(console/kubectl)
kubernetes
Deployment
Service
Pod
Service
13. “Expose” via API gateway
1. Create a new
configmap
Client
(console/kubectl)
Pod
APIGateway
Service
nginx.conf
(configmap)
14. “Expose” via API gateway
1. Listen to the service
2. Update the configmap
APIGateway
Service
configmap
operator
15. “Expose” via API gateway
1. Update the configmap
a. Wait for it to sync to the deployment?
2. Configmap hash
3. Update gateway deployment with a
new configmap hash
4. Rollbacks!
APIGateway
Service
configmap
operator
1
2
3
16. “Expose” via API gateway
1. But which service should the
operator expose?
Service
(annotation)
operatorOperator
(configmap)
17. Deploy docker image, finally!
Client
(console/kubectl)
kubernetes
Deployment
Service
Pod
Service
Operator
Configmap
APIGateway
18. New domains for API gateway
Client
(console/kubectl)
kubernetes
Configmap
APIGateway
19. Authorized keys for an SSH container
Client
(console/kubectl)
kubernetes
Configmap
AuthorizedKeys
(configmap)
SSH deployment
20. Single point of configuration
Client
(console/kubectl)
kubernetes
Configmap operator
API gateway SSHD
Configmap