O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubernetes

548 visualizações

Publicada em

These are my sheets of the talk given at the Kubernetes Meetup, Feb 28, 2017 in our rooms @Endocode.

Enjoy!

Publicada em: Software
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubernetes

  1. 1. Endoctus Academy Next Trainings: INTRODUCTION TO KUBERNETES April 27th May 4th May 18th https://endoctus.com/course/introduction-to-kubernetes
  2. 2. Architecture Patterns for Microservices in Kubernetes Thomas Fricke CTO thomas@endocode.com
  3. 3. Penrose Tilings 1973 Golden Section CC BY-SA 2.5, https://commons.wikimedia.org/w/index.php?curid=474348
  4. 4. Giri Tiles, since 1200 Cronholm144, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=2303498
  5. 5. Roof Hafez Tomb
  6. 6. WHAT ARE CONTAINERS Way of isolating and restricting Linux processes ● Isolation ○ namespaces ● Restriction ○ cgroups ○ capabilities ○ seccomp
  7. 7. CGROUPS: CONTROL GROUPS ● cpuset ● cpu ● cpuacct ● memory ● devices ● freezer ● net_cls ● ns ● blkio these are directories with fine grained sub folders
  8. 8. NAMESPACES Namespace Constant Isolates Cgroup CLONE_NEWCGROUP Cgroup root directory IPC CLONE_NEWIPC System V IPC, POSIX message queues Network CLONE_NEWNET Network devices, stacks, ports, etc. Mount CLONE_NEWNS Mount points PID CLONE_NEWPID Process IDs User CLONE_NEWUSER User and group IDs UTS CLONE_NEWUTS Hostname and NIS domain name
  9. 9. CAPABILITIES CAP_AUDIT_CONTROL, CAP_AUDIT_READ, CAP_AUDIT_WRITE, CAP_BLOCK_SUSPEND, CAP_CHOWN,CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH, CAP_FOWNER, CAP_FSETID, CAP_IPC_LOCK, CAP_IPC_OWNER, CAP_KILL, CAP_LEASE, CAP_LINUX_IMMUTABLE, CAP_MAC_ADMIN,CAP_MAC_OVERRIDE, CAP_MKNOD, CAP_NET_ADMIN, CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW, CAP_SETGID, CAP_SETFCAP, CAP_SETPCAP, CAP_SETUID, CAP_SYS_ADMIN, CAP_SYS_BOOT, CAP_SYS_CHROOT, CAP_SYS_MODULE, CAP_SYS_NICE, CAP_SYS_PACCT, CAP_SYS_PTRACE, CAP_SYS_RAWIO, CAP_SYS_RESOURCE, CAP_SYS_TIME, CAP_SYS_TTY_CONFIG, CAP_SYSLOG, CAP_WAKE_ALARM, CAP_INIT_EFF_SET These are a lot! Use profiles to group them together!
  10. 10. Linking Containers: Patterns at least one common Namespace process network … process network … mount
  11. 11. No need for a running process network … pause mount: WAR file
  12. 12. Multiple Containers network … pause mount: WAR file pause pause mount: WAR file
  13. 13. Locomotive Pattern By Nate Beal (originally posted to Flickr as Griffith, IN) [CC BY 2.0 (http://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons
  14. 14. Scary ideas network … pause
  15. 15. Share the Network namespace files: credentials user mount files user mount network: tun0 iptables NET ADMIN
  16. 16. DEMO TIME
  17. 17. Linking Containers: Wormhole common Namespace with the host Docker Host default namespaces /usr/bin/docker /var/run/docker.sock
  18. 18. apiVersion: v1 kind: Pod metadata: name: busybox-cloudbomb spec: containers: - image: busybox command: - /bin/sh - "-c" - "while true; do docker run -d --name BOOM_$(cat /dev/urandom | tr -cd 'a-f0-9' | head -c 6) nginx ; done" name: cloudbomb volumeMounts: - mountPath: /var/run/docker.sock name: docker-socket - mountPath: /bin/docker name: docker-binary volumes: - name: docker-socket hostPath: path: /var/run/docker.sock - name: docker-binary hostPath: path: /bin/docker
  19. 19. DEMO TIME
  20. 20. ORCHESTRATION
  21. 21. Greek for “Helmsman”; also the root of the words “governor” and “cybernetic” ● Runs and manages containers ● Inspired and informed by Google’s experiences and internal systems ● Supports multiple cloud and bare-metal environments ● Supports multiple container runtimes ● 100% Open source, written in Go Manage applications, not machines KUBERNETES
  22. 22. Deployment Replicaset v1.7.9 v1.7.9 v1.7.9 Replicaset v1.10.2 v1.10.2 v1.10.2
  23. 23. Distributed Patterns ● Client - Server ● Layers ● Message Queues ● Cattle - Pets ● Replication
  24. 24. Rob Hirschfeld https://www.openstack.org/summit/boston-2017/vote-for-speakers/#/18163
  25. 25. SUMMARY ● Lot of useful standard patterns ○ sidecar ○ scatter gather ○ locomotive, tractor ● Powerful Linux container patterns ○ separation of control and transport ○ wormhole ○ here be dragons ● Orchestration Patterns ○ Helm charts ○ upcoming: Service Broker
  26. 26. CONCLUSION ● Concepts before Coding ● Reshaping applications ○ Legacy ○ Compromises are necessary ○ Containment for Technical Debt ● Paradigm Shift ● Microservice Mindset
  27. 27. QUESTIONS? https://endocode.com https://endocode.com/blog/ https://endocode.com/trainings-overview/ Visit us on GitHub https://github.com/endocode

×