SlideShare ist ein Scribd-Unternehmen logo

Kubernetes extensibility

Docker, Inc.
Docker, Inc.

Kubernetes is designed to be an extensible system. But what is the vision for Kubernetes Extensibility? Do you know the difference between webhooks and cloud providers, or between CRI, CSI, and CNI? In this talk we will explore what extension points exist, how they have evolved, and how to use them to make the system do new and interesting things. We’ll give our vision for how they will probably evolve in the future, and talk about the sorts of things we expect the broader Kubernetes ecosystem to build with them.

Präsentationen & Vorträge
1 von 73
Downloaden Sie, um offline zu lesen
Eric Tune & Tim Hockin Google Kubernetes Extensibility
Kubernetes is a container management system
Kubernetes is a container management system platform
What is Kubernetes? ...an abstraction layer over infrastructure ...a framework for declarative APIs and distributed control Infrastructure Extensibility API Extensibility
Extensibility Goals Infrastructure Extensibility API Extensibility Support portability Support customization Autonomy Autonomy Scalable growth of project Encourage new uses
A major focus of the last 2 years of development From infrastructure to APIs, we have over a dozen extension points We have WAY more material than time! https://goo.gl/2qz8jW Kubernetes & Extensibility
Infrastructure Extensibility
Networks are like snowflakes There is no “one size fits all” for almost anything networking related We needed a way for users to customize how Kubernetes consumes networking infra Network Plugins
Old: built-in “plugins” (aka “send Tim a PR”) New: CNI - Container Network Interface ● Started by CoreOS, now CNCF with community ● “exec” interface with stdin/stdout/env API Widely used, also by other projects (e.g. Mesos) Underpins the default impl in Kubernetes Network Plugins (present)
Proposal open for a gRPC based API which covers more than just interfaces and IPAM Tighter coupling with Service API seems valuable Proposals open for multi-IP and multi-network Network Plugins (future)
Many storage technologies - physical and virtual, block and file ● Cloud block devices, FC, iSCSI, NFS, Ceph, Gluster, ... Many vendors want their products to support Kubernetes Storage Plugins
Old: built-in “plugins” (aka “send Tim a PR”) Old: Volume “flex” plugins via “exec” New: CSI - Container Storage Interface ● Collaboration: Google, Mesosphere, Docker, Cloud Foundry ● gRPC spec, with Kubernetes-specific adaptors ● In development now, alpha in Kubernetes 1.10 Plan to transition most in-tree plugins to CSI Storage Plugins (present)
GPUs and other “accelerator” hardware is becoming very common Part of the larger resource model in Kubernetes gRPC based plugins Beta in Kubernetes 1.10 Device Plugins
Docker was baked-in, but people wanted to try new and interesting ideas ● rkt, Containerd, CRI-O ● Kata containers, Hyper.sh, gVisor Making it a plugin made the code better: win-win! CRI - gRPC based plugins Container Runtimes
● Stateful, daemon plugins ● Upgradeable in-cluster plugins ● Evolution: exec → RPC ● Evolution: loose spec → tight ● Containerized plugins FTW Lessons Learned gRPC Plugins Runtimes (CRI) Storage (CSI) Devices Key Management Networking (proposed)
Controllers observe diff act
Controllers THE fundamental design pattern in Kubernetes Examples: scheduler, kubelet, deployments, kube-proxy, cloud providers, load balancers, volume provisioners, auto-scalers, ... Allows automation & extension of almost any existing API
resource resource resource Higher level of abstraction Lower level of abstraction
Kubernetes is designed to leverage clouds Built-in cloud-provider API (i.e. send me a PR) is hooked into many core control loops Now 8 implementations (and huge LOC count), so moving out-of-tree Cloud Providers
The API is a VIP (more or less) and virtual LB We ship a default implementation (kube-proxy), but that can be replaced Controller: watch the API server for Services and Endpoints, program $NETWORK Services
But Wait, There’s More! ● Secret management (KMS) ● HTTP load-balancing (Ingress) ● NetworkPolicy ● DNS ● Scheduler extenders & whole schedulers ● ...and that’s JUST the infrastructure (i.e. boring) parts
API Extensibility
● Add new types of resources to your cluster ● Add custom policy hooks ○ to custom and built-in APIs ● "APIs that add and modify APIs" API Extensibility
● In Mac Edge, Windows Edge, and EE 2.0 ● Supports API Extensions. ● Certified Kubernetes ● Docker Stacks uses API Extensions Kubernetes for Docker
Exploring Stacks Follow along at https://goo.gl/JT7v8Z
Exploring Stacks https://goo.gl/JT7v8Z $ cat docker-compose.yml version: "3.3" services: redis: image: redis:alpine ports: - 6379 networks: - frontend deploy: replicas: 1 networks: frontend:
Exploring Stacks https://goo.gl/JT7v8Z $ docker stack deploy --compose-file docker-compose.yml stackdemo Waiting for the stack to be stable and running... - Service redis has one container running Stack stackdemo is stable and running
Exploring Stacks https://goo.gl/JT7v8Z $ kubectl config current-context docker-for-desktop
Exploring Stacks https://goo.gl/JT7v8Z $ kubectl get services NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 29d redis ClusterIP None <none> 55555/TCP 1s redis-random-ports NodePort 10.101.242.155 <none> 6379:31248/TCP 1s
Exploring Stacks https://goo.gl/JT7v8Z $ kubectl get services NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 29d redis ClusterIP None <none> 55555/TCP 1s redis-random-ports NodePort 10.101.242.155 <none> 6379:31248/TCP 1s $ kubectl get deployments NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE redis 1 1 1 1 2s
compose resource service resource deployment resource Higher level of abstraction Lower level of abstraction
Kubernetes API Server Service API compose resource Deployment API service resource deployment resource
Kubernetes APIs Service API Deployment API service resource deployment resource something custom compose resource
Kubernetes APIs Service API Deployment API service resource deployment resource dockerd hypothetical /stacks compose resource
Kubernetes APIs Service API Deployment API service resource deployment resource dockerd hypothetical /stacks compose resource docker cli
Exploring Stacks API https://goo.gl/JT7v8Z # last time... $ docker stack deploy --compose-file docker-compose.yml stackdemo Waiting for the stack to be stable and running... - Service web has one container running - Service redis has one container running Stack stackdemo is stable and running
Exploring Stacks API https://goo.gl/JT7v8Z № last time... $ docker stack deploy --compose-file docker-compose.yml stackdemo Waiting for the stack to be stable and running... - Service web has one container running - Service redis has one container running Stack stackdemo is stable and running $ kubectl get stacks NAME AGE stackdemo 39s
Exploring Stacks API https://goo.gl/JT7v8Z $ kubectl proxy -v 5 Starting to serve on 127.0.0.1:8001
Exploring Stacks API https://goo.gl/JT7v8Z $ kubectl proxy -v 5 Starting to serve on 127.0.0.1:8001 $
Exploring Stacks API https://goo.gl/JT7v8Z $ kubectl proxy -v 5 Starting to serve on 127.0.0.1:8001 $ kubectl get stacks -s localhost:8001
Exploring Stacks API https://goo.gl/JT7v8Z $ kubectl proxy -v 5 Starting to serve on 127.0.0.1:8001 I0613 10:13:27.322416 82905 proxy_server.go:138] Filter accepting GET /apis/compose.docker.com/v1beta2/name spaces/default/stacks localhost $ kubectl get stacks -s localhost:8001 NAME AGE stackdemo 1m
Kubernetes APIs Service API Deployment API service resource deployment resource kubectl compose.docker.com API compose resource
Exploring Stacks API https://goo.gl/JT7v8Z $ kubectl get apiservices.apiregistration.k8s.io NAME AGE v1. 29d v1.apps 29d ... v1beta2.compose.docker.com 29d v2beta1.autoscaling 29d
Exploring Stacks API https://goo.gl/JT7v8Z $ kubectl describe apiservices.apiregistration.k8s.io v1beta2.compose.docker.com Name: v1beta2.compose.docker.com ... API Version: apiregistration.k8s.io/v1beta1 Kind: APIService Metadata: ... Spec: ... Service: Name: compose-api Namespace: docker Status: Conditions: Message: all checks passed
Exploring Stacks API https://goo.gl/JT7v8Z $ kubectl get services -n docker NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE compose-api ClusterIP 10.110.211.86 <none> 443/TCP 17d
Exploring Stacks API https://goo.gl/JT7v8Z $ kubectl get services -n docker NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE compose-api ClusterIP 10.110.211.86 <none> 443/TCP 17d $ kubectl get deployments -n docker NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE compose 1 1 1 1 29d compose-api 1 1 1 1 29d
Kubernetes APIs Service API API Registration API Kubernetes Cluster Deployment API Compose-API
Kubernetes APIs Service API API Registration API Compose. docker.com Kubernetes Cluster Deployment API Compose-API
Kubernetes APIs Service API API Registration API Compose. docker.com Kubernetes Cluster Deployment API Compose-API compose.docker.com API
Kubernetes APIs Service API API Registration API Compose. docker.com Kubernetes Cluster Deployment API Compose-API compose.docker.com API
Kubernetes APIs Service API API Registration API Compose. docker.com Kubernetes Cluster Deployment API Compose-API compose.docker.com API Compose
Kubernetes APIs Service API API Registration API Compose. docker.com Kubernetes Cluster Deployment API Compose-API compose.docker.com API Compose redis docker CLI
Kubernetes APIs Service API API Registration API Compose. docker.com Kubernetes Cluster Deployment API Compose-API compose.docker.com API Compose redis redis redis redis
● Users ○ Already have a client installed ○ Already know how to find, trust it (TLS) and auth to the API ● Controllers ○ Can efficiently watch your resources ● Admins ○ Can separate your resources by Namespace ○ Can authorize and audit log access to your resources Why Use an API Extension?
API Aggregation & Extension API Servers (EAS) Extension API Server (EAS) API resource Controller
API Aggregation & Extension API Servers (EAS) Extension API Server (EAS) API resource Controller
Extension API Server (EAS) API Aggregation & Extension API Servers (EAS) Extension API Server (EAS)Extension API Server (EAS) API resource Controller
Extension API Server (EAS) API Aggregation & Extension API Servers (EAS) Extension API Server (EAS)Extension API Server (EAS) API resource Controller
Extension API Server (EAS) Extension API Server (EAS)Extension API Server (EAS) API resource Controller
API resource Controller Custom Resource Definitions
EAS Forked LoC: 0 Storage: provided Components: 1 Popularity: 100s Multiversioning: not yet Customizability: good CRD Forked LoC: 5000* Storage: you manage Components: 3 Popularity: 10s Multiversioning: yes Customizability: better * http://github.com/sample-apiserver
Extension Ecosystem Devices 5 public plugins Storage 10 public plugins Networking >20 public plugins Custom APIs >400 Github Projects with custom APIs
Extension Ecosystem ● 4 Serverless frameworks ● 6 PaaSes ● 10 CI/CD systems ● 14 different database controllers ● 4 popular ML toolkits
Adding Types to the API ● Extension API Servers ● Custom Resource Definitions Adding Policy to the API ● ValidatingAdmissionWebhooks ● MutatingAdmissionWebhooks API Extensions
Admission: After authn/z but before storing the change. Affects mutations, not reads. Webhooks: The API Server calls your URL, synchronously Run in cluster via service or outside, e.g. serverless. Admission Webhooks
Old thinking: Better to make narrow specific interfaces, like ImagePolicyWebhook, for specific use cases. Can make easier to use. Overly general extensions may limit future optimization. Admission Webhooks
New thinking: Many custom resoures. Cluster owners need to write policy for core resources and for custom resources written by 3rd parties. Need to compose policies written by different parties. Admission Webhooks
Composability. Make all the changes before doing all the checks. MutatingAdmissionWebhooks - then- ValidatingAdmissionWebhooks Admission Webhooks
Kelsey Hightower: - reject pods that set environment variables https://github.com/kelseyhightower/denyenv-validating-admission-webhook CRD Authors : - add complex validation Validating Admission Webhooks
Istio: inject sidecar into all the pods Service Catalog: inject credentials into Mutating Admission Webhooks
- Mutate the pod template of a deployment - Install a flaky webhook matching all resources. Bad Ideas
•Kubernetes for Docker: • Super easy way to try Kubernetes •API Extensions: • Use them. Author them. On Docker. For Kubernetes. •Try it: • https://goo.gl/JT7v8Z Conclusion
v Questions? Learn more: https://goo.gl/JT7v8Z Thanks!

Empfohlen

Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
Eric Gustafson
 
An intro to Kubernetes operators
An intro to Kubernetes operatorsAn intro to Kubernetes operators
An intro to Kubernetes operators
J On The Beach
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
CJ Cullen
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
Antonin Stoklasek
 
Exploring the power of OpenTelemetry on Kubernetes
Exploring the power of OpenTelemetry on KubernetesExploring the power of OpenTelemetry on Kubernetes
Exploring the power of OpenTelemetry on Kubernetes
Red Hat Developers
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
Imesh Gunaratne
 
PromQL Deep Dive - The Prometheus Query Language
PromQL Deep Dive - The Prometheus Query Language PromQL Deep Dive - The Prometheus Query Language
PromQL Deep Dive - The Prometheus Query Language
Weaveworks
 
Helm - Application deployment management for Kubernetes
Helm - Application deployment management for KubernetesHelm - Application deployment management for Kubernetes
Helm - Application deployment management for Kubernetes
Alexei Ledenev
 

Empfohlen

Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
Eric Gustafson
 
An intro to Kubernetes operators
An intro to Kubernetes operatorsAn intro to Kubernetes operators
An intro to Kubernetes operators
J On The Beach
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
CJ Cullen
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
Antonin Stoklasek
 
Exploring the power of OpenTelemetry on Kubernetes
Exploring the power of OpenTelemetry on KubernetesExploring the power of OpenTelemetry on Kubernetes
Exploring the power of OpenTelemetry on Kubernetes
Red Hat Developers
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
Imesh Gunaratne
 
PromQL Deep Dive - The Prometheus Query Language
PromQL Deep Dive - The Prometheus Query Language PromQL Deep Dive - The Prometheus Query Language
PromQL Deep Dive - The Prometheus Query Language
Weaveworks
 
Helm - Application deployment management for Kubernetes
Helm - Application deployment management for KubernetesHelm - Application deployment management for Kubernetes
Helm - Application deployment management for Kubernetes
Alexei Ledenev
 
Kubernetes device plugins
Kubernetes device pluginsKubernetes device plugins
Kubernetes device plugins
ssuser75c76a2
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101
Weaveworks
 
Kubernetes Application Deployment with Helm - A beginner Guide!
Kubernetes Application Deployment with Helm - A beginner Guide!Kubernetes Application Deployment with Helm - A beginner Guide!
Kubernetes Application Deployment with Helm - A beginner Guide!
Krishna-Kumar
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep dive
Winton Winton
 
Gitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCDGitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCD
Haggai Philip Zagury
 
OpenTelemetry For Developers
OpenTelemetry For DevelopersOpenTelemetry For Developers
OpenTelemetry For Developers
Kevin Brockhoff
 
Designing a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd productsDesigning a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd products
Julian Mazzitelli
 
Introduction to helm
Introduction to helmIntroduction to helm
Introduction to helm
Jeeva Chelladhurai
 
Kubernetes extensibility: CRDs & Operators
Kubernetes extensibility: CRDs & OperatorsKubernetes extensibility: CRDs & Operators
Kubernetes extensibility: CRDs & Operators
SIGHUP
 
Kubernetes for Beginners: An Introductory Guide
Kubernetes for Beginners: An Introductory GuideKubernetes for Beginners: An Introductory Guide
Kubernetes for Beginners: An Introductory Guide
Bytemark
 
Helm - the Better Way to Deploy on Kubernetes - Reinhard Nägele - Codemotion...
Helm - the Better Way to Deploy on Kubernetes - Reinhard Nägele - Codemotion... Helm - the Better Way to Deploy on Kubernetes - Reinhard Nägele - Codemotion...
Helm - the Better Way to Deploy on Kubernetes - Reinhard Nägele - Codemotion...
Codemotion
 
Operator SDK for K8s using Go
Operator SDK for K8s using GoOperator SDK for K8s using Go
Operator SDK for K8s using Go
CloudOps2005
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOps
Weaveworks
 
Quarkus tips, tricks, and techniques
Quarkus tips, tricks, and techniquesQuarkus tips, tricks, and techniques
Quarkus tips, tricks, and techniques
Red Hat Developers
 
Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)
Megan O'Keefe
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17
Ryan Jarvinen
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Sunnyvale
 
Community Openstack 구축 사례
Community Openstack 구축 사례Community Openstack 구축 사례
Community Openstack 구축 사례
Open Source Consulting
 
Kubernetes
KubernetesKubernetes
Kubernetes
erialc_w
 
Extending kubernetes with CustomResourceDefinitions
Extending kubernetes with CustomResourceDefinitionsExtending kubernetes with CustomResourceDefinitions
Extending kubernetes with CustomResourceDefinitions
Stefan Schimanski
 
Effective Building your Platform with Kubernetes == Keep it Simple
Effective Building your Platform with Kubernetes == Keep it Simple Effective Building your Platform with Kubernetes == Keep it Simple
Effective Building your Platform with Kubernetes == Keep it Simple
Wojciech Barczyński
 
Metal-k8s presentation by Julien Girardin @ Paris Kubernetes Meetup
Metal-k8s presentation by Julien Girardin @ Paris Kubernetes MeetupMetal-k8s presentation by Julien Girardin @ Paris Kubernetes Meetup
Metal-k8s presentation by Julien Girardin @ Paris Kubernetes Meetup
Laure Vergeron
 

Weitere ähnliche Inhalte

Was ist angesagt?

Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOps
Weaveworks
 

Was ist angesagt? (20)

Kubernetes device plugins
Kubernetes device pluginsKubernetes device plugins
Kubernetes device plugins
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101
 
Kubernetes Application Deployment with Helm - A beginner Guide!
Kubernetes Application Deployment with Helm - A beginner Guide!Kubernetes Application Deployment with Helm - A beginner Guide!
Kubernetes Application Deployment with Helm - A beginner Guide!
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep dive
 
Gitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCDGitlab, GitOps & ArgoCD
Gitlab, GitOps & ArgoCD
 
OpenTelemetry For Developers
OpenTelemetry For DevelopersOpenTelemetry For Developers
OpenTelemetry For Developers
 
Designing a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd productsDesigning a complete ci cd pipeline using argo events, workflow and cd products
Designing a complete ci cd pipeline using argo events, workflow and cd products
 
Introduction to helm
Introduction to helmIntroduction to helm
Introduction to helm
 
Kubernetes extensibility: CRDs & Operators
Kubernetes extensibility: CRDs & OperatorsKubernetes extensibility: CRDs & Operators
Kubernetes extensibility: CRDs & Operators
 
Kubernetes for Beginners: An Introductory Guide
Kubernetes for Beginners: An Introductory GuideKubernetes for Beginners: An Introductory Guide
Kubernetes for Beginners: An Introductory Guide
 
Helm - the Better Way to Deploy on Kubernetes - Reinhard Nägele - Codemotion...
Helm - the Better Way to Deploy on Kubernetes - Reinhard Nägele - Codemotion... Helm - the Better Way to Deploy on Kubernetes - Reinhard Nägele - Codemotion...
Helm - the Better Way to Deploy on Kubernetes - Reinhard Nägele - Codemotion...
 
Operator SDK for K8s using Go
Operator SDK for K8s using GoOperator SDK for K8s using Go
Operator SDK for K8s using Go
 
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsFree GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOps
 
Quarkus tips, tricks, and techniques
Quarkus tips, tricks, and techniquesQuarkus tips, tricks, and techniques
Quarkus tips, tricks, and techniques
 
Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)Kubernetes: A Short Introduction (2019)
Kubernetes: A Short Introduction (2019)
 
Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17Hands-On Introduction to Kubernetes at LISA17
Hands-On Introduction to Kubernetes at LISA17
 
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCDKubernetes GitOps featuring GitHub, Kustomize and ArgoCD
Kubernetes GitOps featuring GitHub, Kustomize and ArgoCD
 
Community Openstack 구축 사례
Community Openstack 구축 사례Community Openstack 구축 사례
Community Openstack 구축 사례
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
Extending kubernetes with CustomResourceDefinitions
Extending kubernetes with CustomResourceDefinitionsExtending kubernetes with CustomResourceDefinitions
Extending kubernetes with CustomResourceDefinitions
 

Ähnlich wie Kubernetes extensibility

DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container Networking
Docker, Inc.
 
Kubernetes - Sailing a Sea of Containers
Kubernetes - Sailing a Sea of ContainersKubernetes - Sailing a Sea of Containers
Kubernetes - Sailing a Sea of Containers
Kel Cecil
 
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
Mario-Leander Reimer
 

Ähnlich wie Kubernetes extensibility (20)

Effective Building your Platform with Kubernetes == Keep it Simple
Effective Building your Platform with Kubernetes == Keep it Simple Effective Building your Platform with Kubernetes == Keep it Simple
Effective Building your Platform with Kubernetes == Keep it Simple
 
Metal-k8s presentation by Julien Girardin @ Paris Kubernetes Meetup
Metal-k8s presentation by Julien Girardin @ Paris Kubernetes MeetupMetal-k8s presentation by Julien Girardin @ Paris Kubernetes Meetup
Metal-k8s presentation by Julien Girardin @ Paris Kubernetes Meetup
 
Kubernetes day 2 Operations
Kubernetes day 2 OperationsKubernetes day 2 Operations
Kubernetes day 2 Operations
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container Networking
 
OSS Japan 2019 service mesh bridging Kubernetes and legacy
OSS Japan 2019 service mesh bridging Kubernetes and legacyOSS Japan 2019 service mesh bridging Kubernetes and legacy
OSS Japan 2019 service mesh bridging Kubernetes and legacy
 
Load Balancing in the Cloud using Nginx & Kubernetes
Load Balancing in the Cloud using Nginx & KubernetesLoad Balancing in the Cloud using Nginx & Kubernetes
Load Balancing in the Cloud using Nginx & Kubernetes
 
Dayta AI Seminar - Kubernetes, Docker and AI on Cloud
Dayta AI Seminar - Kubernetes, Docker and AI on CloudDayta AI Seminar - Kubernetes, Docker and AI on Cloud
Dayta AI Seminar - Kubernetes, Docker and AI on Cloud
 
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
 
Kubernetes for the PHP developer
Kubernetes for the PHP developerKubernetes for the PHP developer
Kubernetes for the PHP developer
 
Get you Java application ready for Kubernetes !
Get you Java application ready for Kubernetes !Get you Java application ready for Kubernetes !
Get you Java application ready for Kubernetes !
 
Docker kubernetes fundamental(pod_service)_190307
Docker kubernetes fundamental(pod_service)_190307Docker kubernetes fundamental(pod_service)_190307
Docker kubernetes fundamental(pod_service)_190307
 
Kubernetes for java developers - Tutorial at Oracle Code One 2018
Kubernetes for java developers - Tutorial at Oracle Code One 2018Kubernetes for java developers - Tutorial at Oracle Code One 2018
Kubernetes for java developers - Tutorial at Oracle Code One 2018
 
Containers as a Service with Docker
Containers as a Service with DockerContainers as a Service with Docker
Containers as a Service with Docker
 
Docker Container As A Service - March 2016
Docker Container As A Service - March 2016Docker Container As A Service - March 2016
Docker Container As A Service - March 2016
 
Red Hat and kubernetes: awesome stuff coming your way
Red Hat and kubernetes: awesome stuff coming your wayRed Hat and kubernetes: awesome stuff coming your way
Red Hat and kubernetes: awesome stuff coming your way
 
Kubernetes - Sailing a Sea of Containers
Kubernetes - Sailing a Sea of ContainersKubernetes - Sailing a Sea of Containers
Kubernetes - Sailing a Sea of Containers
 
Kubernetes Administration from Zero to Hero.pdf
Kubernetes Administration from Zero to Hero.pdfKubernetes Administration from Zero to Hero.pdf
Kubernetes Administration from Zero to Hero.pdf
 
Scaling docker with kubernetes
Scaling docker with kubernetesScaling docker with kubernetes
Scaling docker with kubernetes
 
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
 

Mehr von Docker, Inc.

Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
Docker, Inc.
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
Docker, Inc.
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
Docker, Inc.
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
Docker, Inc.
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
Docker, Inc.
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
Docker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
Docker, Inc.
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
Docker, Inc.
 

Mehr von Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker Build
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and Compose
 
Hands-on Helm
Hands-on Helm Hands-on Helm
Hands-on Helm
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker Hub
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio Code
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container Registry
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm Architecture
 

Kürzlich hochgeladen

Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Delhi Call girls
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
Kayode Fayemi
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
raffaeleoman
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
Sheetaleventcompany
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
Kayode Fayemi
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
Delhi Call girls
 

Kürzlich hochgeladen (20)

Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
 
Causes of poverty in France presentation.pptx
Causes of poverty in France presentation.pptxCauses of poverty in France presentation.pptx
Causes of poverty in France presentation.pptx
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 

Kubernetes extensibility

  • 1. Eric Tune & Tim Hockin Google Kubernetes Extensibility
  • 2. Kubernetes is a container management system
  • 3. Kubernetes is a container management system platform
  • 4. What is Kubernetes? ...an abstraction layer over infrastructure ...a framework for declarative APIs and distributed control Infrastructure Extensibility API Extensibility
  • 5. Extensibility Goals Infrastructure Extensibility API Extensibility Support portability Support customization Autonomy Autonomy Scalable growth of project Encourage new uses
  • 6. A major focus of the last 2 years of development From infrastructure to APIs, we have over a dozen extension points We have WAY more material than time! https://goo.gl/2qz8jW Kubernetes & Extensibility
  • 8. Networks are like snowflakes There is no “one size fits all” for almost anything networking related We needed a way for users to customize how Kubernetes consumes networking infra Network Plugins
  • 9. Old: built-in “plugins” (aka “send Tim a PR”) New: CNI - Container Network Interface ● Started by CoreOS, now CNCF with community ● “exec” interface with stdin/stdout/env API Widely used, also by other projects (e.g. Mesos) Underpins the default impl in Kubernetes Network Plugins (present)
  • 10. Proposal open for a gRPC based API which covers more than just interfaces and IPAM Tighter coupling with Service API seems valuable Proposals open for multi-IP and multi-network Network Plugins (future)
  • 11. Many storage technologies - physical and virtual, block and file ● Cloud block devices, FC, iSCSI, NFS, Ceph, Gluster, ... Many vendors want their products to support Kubernetes Storage Plugins
  • 12. Old: built-in “plugins” (aka “send Tim a PR”) Old: Volume “flex” plugins via “exec” New: CSI - Container Storage Interface ● Collaboration: Google, Mesosphere, Docker, Cloud Foundry ● gRPC spec, with Kubernetes-specific adaptors ● In development now, alpha in Kubernetes 1.10 Plan to transition most in-tree plugins to CSI Storage Plugins (present)
  • 13. GPUs and other “accelerator” hardware is becoming very common Part of the larger resource model in Kubernetes gRPC based plugins Beta in Kubernetes 1.10 Device Plugins
  • 14. Docker was baked-in, but people wanted to try new and interesting ideas ● rkt, Containerd, CRI-O ● Kata containers, Hyper.sh, gVisor Making it a plugin made the code better: win-win! CRI - gRPC based plugins Container Runtimes
  • 15. ● Stateful, daemon plugins ● Upgradeable in-cluster plugins ● Evolution: exec → RPC ● Evolution: loose spec → tight ● Containerized plugins FTW Lessons Learned gRPC Plugins Runtimes (CRI) Storage (CSI) Devices Key Management Networking (proposed)
  • 17. Controllers THE fundamental design pattern in Kubernetes Examples: scheduler, kubelet, deployments, kube-proxy, cloud providers, load balancers, volume provisioners, auto-scalers, ... Allows automation & extension of almost any existing API
  • 19. Kubernetes is designed to leverage clouds Built-in cloud-provider API (i.e. send me a PR) is hooked into many core control loops Now 8 implementations (and huge LOC count), so moving out-of-tree Cloud Providers
  • 20. The API is a VIP (more or less) and virtual LB We ship a default implementation (kube-proxy), but that can be replaced Controller: watch the API server for Services and Endpoints, program $NETWORK Services
  • 21. But Wait, There’s More! ● Secret management (KMS) ● HTTP load-balancing (Ingress) ● NetworkPolicy ● DNS ● Scheduler extenders & whole schedulers ● ...and that’s JUST the infrastructure (i.e. boring) parts
  • 23. ● Add new types of resources to your cluster ● Add custom policy hooks ○ to custom and built-in APIs ● "APIs that add and modify APIs" API Extensibility
  • 24. ● In Mac Edge, Windows Edge, and EE 2.0 ● Supports API Extensions. ● Certified Kubernetes ● Docker Stacks uses API Extensions Kubernetes for Docker
  • 25. Exploring Stacks Follow along at https://goo.gl/JT7v8Z
  • 26. Exploring Stacks https://goo.gl/JT7v8Z $ cat docker-compose.yml version: "3.3" services: redis: image: redis:alpine ports: - 6379 networks: - frontend deploy: replicas: 1 networks: frontend:
  • 27. Exploring Stacks https://goo.gl/JT7v8Z $ docker stack deploy --compose-file docker-compose.yml stackdemo Waiting for the stack to be stable and running... - Service redis has one container running Stack stackdemo is stable and running
  • 28. Exploring Stacks https://goo.gl/JT7v8Z $ kubectl config current-context docker-for-desktop
  • 29. Exploring Stacks https://goo.gl/JT7v8Z $ kubectl get services NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 29d redis ClusterIP None <none> 55555/TCP 1s redis-random-ports NodePort 10.101.242.155 <none> 6379:31248/TCP 1s
  • 30. Exploring Stacks https://goo.gl/JT7v8Z $ kubectl get services NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 29d redis ClusterIP None <none> 55555/TCP 1s redis-random-ports NodePort 10.101.242.155 <none> 6379:31248/TCP 1s $ kubectl get deployments NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE redis 1 1 1 1 2s
  • 32. Kubernetes API Server Service API compose resource Deployment API service resource deployment resource
  • 33. Kubernetes APIs Service API Deployment API service resource deployment resource something custom compose resource
  • 34. Kubernetes APIs Service API Deployment API service resource deployment resource dockerd hypothetical /stacks compose resource
  • 35. Kubernetes APIs Service API Deployment API service resource deployment resource dockerd hypothetical /stacks compose resource docker cli
  • 36. Exploring Stacks API https://goo.gl/JT7v8Z # last time... $ docker stack deploy --compose-file docker-compose.yml stackdemo Waiting for the stack to be stable and running... - Service web has one container running - Service redis has one container running Stack stackdemo is stable and running
  • 37. Exploring Stacks API https://goo.gl/JT7v8Z № last time... $ docker stack deploy --compose-file docker-compose.yml stackdemo Waiting for the stack to be stable and running... - Service web has one container running - Service redis has one container running Stack stackdemo is stable and running $ kubectl get stacks NAME AGE stackdemo 39s
  • 38. Exploring Stacks API https://goo.gl/JT7v8Z $ kubectl proxy -v 5 Starting to serve on 127.0.0.1:8001
  • 39. Exploring Stacks API https://goo.gl/JT7v8Z $ kubectl proxy -v 5 Starting to serve on 127.0.0.1:8001 $
  • 40. Exploring Stacks API https://goo.gl/JT7v8Z $ kubectl proxy -v 5 Starting to serve on 127.0.0.1:8001 $ kubectl get stacks -s localhost:8001
  • 41. Exploring Stacks API https://goo.gl/JT7v8Z $ kubectl proxy -v 5 Starting to serve on 127.0.0.1:8001 I0613 10:13:27.322416 82905 proxy_server.go:138] Filter accepting GET /apis/compose.docker.com/v1beta2/name spaces/default/stacks localhost $ kubectl get stacks -s localhost:8001 NAME AGE stackdemo 1m
  • 42. Kubernetes APIs Service API Deployment API service resource deployment resource kubectl compose.docker.com API compose resource
  • 43. Exploring Stacks API https://goo.gl/JT7v8Z $ kubectl get apiservices.apiregistration.k8s.io NAME AGE v1. 29d v1.apps 29d ... v1beta2.compose.docker.com 29d v2beta1.autoscaling 29d
  • 44. Exploring Stacks API https://goo.gl/JT7v8Z $ kubectl describe apiservices.apiregistration.k8s.io v1beta2.compose.docker.com Name: v1beta2.compose.docker.com ... API Version: apiregistration.k8s.io/v1beta1 Kind: APIService Metadata: ... Spec: ... Service: Name: compose-api Namespace: docker Status: Conditions: Message: all checks passed
  • 45. Exploring Stacks API https://goo.gl/JT7v8Z $ kubectl get services -n docker NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE compose-api ClusterIP 10.110.211.86 <none> 443/TCP 17d
  • 46. Exploring Stacks API https://goo.gl/JT7v8Z $ kubectl get services -n docker NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE compose-api ClusterIP 10.110.211.86 <none> 443/TCP 17d $ kubectl get deployments -n docker NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE compose 1 1 1 1 29d compose-api 1 1 1 1 29d
  • 47. Kubernetes APIs Service API API Registration API Kubernetes Cluster Deployment API Compose-API
  • 48. Kubernetes APIs Service API API Registration API Compose. docker.com Kubernetes Cluster Deployment API Compose-API
  • 49. Kubernetes APIs Service API API Registration API Compose. docker.com Kubernetes Cluster Deployment API Compose-API compose.docker.com API
  • 50. Kubernetes APIs Service API API Registration API Compose. docker.com Kubernetes Cluster Deployment API Compose-API compose.docker.com API
  • 51. Kubernetes APIs Service API API Registration API Compose. docker.com Kubernetes Cluster Deployment API Compose-API compose.docker.com API Compose
  • 52. Kubernetes APIs Service API API Registration API Compose. docker.com Kubernetes Cluster Deployment API Compose-API compose.docker.com API Compose redis docker CLI
  • 53. Kubernetes APIs Service API API Registration API Compose. docker.com Kubernetes Cluster Deployment API Compose-API compose.docker.com API Compose redis redis redis redis
  • 54. ● Users ○ Already have a client installed ○ Already know how to find, trust it (TLS) and auth to the API ● Controllers ○ Can efficiently watch your resources ● Admins ○ Can separate your resources by Namespace ○ Can authorize and audit log access to your resources Why Use an API Extension?
  • 55. API Aggregation & Extension API Servers (EAS) Extension API Server (EAS) API resource Controller
  • 56. API Aggregation & Extension API Servers (EAS) Extension API Server (EAS) API resource Controller
  • 57. Extension API Server (EAS) API Aggregation & Extension API Servers (EAS) Extension API Server (EAS)Extension API Server (EAS) API resource Controller
  • 58. Extension API Server (EAS) API Aggregation & Extension API Servers (EAS) Extension API Server (EAS)Extension API Server (EAS) API resource Controller
  • 59. Extension API Server (EAS) Extension API Server (EAS)Extension API Server (EAS) API resource Controller
  • 61. EAS Forked LoC: 0 Storage: provided Components: 1 Popularity: 100s Multiversioning: not yet Customizability: good CRD Forked LoC: 5000* Storage: you manage Components: 3 Popularity: 10s Multiversioning: yes Customizability: better * http://github.com/sample-apiserver
  • 62. Extension Ecosystem Devices 5 public plugins Storage 10 public plugins Networking >20 public plugins Custom APIs >400 Github Projects with custom APIs
  • 63. Extension Ecosystem ● 4 Serverless frameworks ● 6 PaaSes ● 10 CI/CD systems ● 14 different database controllers ● 4 popular ML toolkits
  • 64. Adding Types to the API ● Extension API Servers ● Custom Resource Definitions Adding Policy to the API ● ValidatingAdmissionWebhooks ● MutatingAdmissionWebhooks API Extensions
  • 65. Admission: After authn/z but before storing the change. Affects mutations, not reads. Webhooks: The API Server calls your URL, synchronously Run in cluster via service or outside, e.g. serverless. Admission Webhooks
  • 66. Old thinking: Better to make narrow specific interfaces, like ImagePolicyWebhook, for specific use cases. Can make easier to use. Overly general extensions may limit future optimization. Admission Webhooks
  • 67. New thinking: Many custom resoures. Cluster owners need to write policy for core resources and for custom resources written by 3rd parties. Need to compose policies written by different parties. Admission Webhooks
  • 68. Composability. Make all the changes before doing all the checks. MutatingAdmissionWebhooks - then- ValidatingAdmissionWebhooks Admission Webhooks
  • 69. Kelsey Hightower: - reject pods that set environment variables https://github.com/kelseyhightower/denyenv-validating-admission-webhook CRD Authors : - add complex validation Validating Admission Webhooks
  • 70. Istio: inject sidecar into all the pods Service Catalog: inject credentials into Mutating Admission Webhooks
  • 71. - Mutate the pod template of a deployment - Install a flaky webhook matching all resources. Bad Ideas
  • 72. •Kubernetes for Docker: • Super easy way to try Kubernetes •API Extensions: • Use them. Author them. On Docker. For Kubernetes. •Try it: • https://goo.gl/JT7v8Z Conclusion