Scaleable PHP Applications in Kubernetes
Denunciar
Robert LemkeSeguir
27 de Oct de 2022•0 gostou•46 visualizações
0 gostaram
Seja o primeiro a gostar disto
mostrar mais
visualizações
Vistos totais
0
No Slideshare
0
De incorporações
0
Número de incorporações
0
Check these out next
Scaleable PHP Applications in Kubernetes
27 de Oct de 2022•0 gostou•46 visualizações
0 gostaram
Seja o primeiro a gostar disto
mostrar mais
visualizações
Vistos totais
0
No Slideshare
0
De incorporações
0
Número de incorporações
0
Baixar para ler offline
Denunciar
Internet
Kubernetes is also called the "distributed Linux of the cloud" – which implies that it provides fundamental infrastructure, which can solve a lot of challenges. Let’s see how PHP applications fit into this picture. In this presentation, we are going to explore when Kubernetes is a good fit for operating your PHP application and how it can be done in practice. We’ll look at the whole lifecycle: how to build your application, create or choose the right Docker images, deploy and scale, and how to deal with performance and monitoring. At the end you will have a good understanding about all the different stages and building blocks for running a PHP application with Kubernetes in production.
Robert LemkeSeguir
Recomendados
Docker - Demo on PHP Application deployment Arun prasath
Kubernetes for the PHP developerPaul Czarkowski
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Codemotion
Laravel, docker, kubernetesPeter Mein
Docker-v3.pdfBruno Cornec
codemotion-docker-2014Carlo Bonamico
Scaleable PHP Applications in Kubernetes
- Scaleable PHP applications in Kubernetes Robert Lemke
- Robert Lemke Flownative Managing Partner Neos CMS Project Founder
- Robert Lemke Flownative Managing Partner Neos CMS Project Founder
- Intro | Discussion
- Should I use Kubernetes? it depends
- Automation and Developer Experience IaC GitOps agile DX UX
- Challenges security expertise complexity
- What does it take to run a PHP application in Kubernetes?
- Application Architecture
- Building Application Artifacts
- FROM scratch MAINTAINER Flownative <support@flownative.com> VOLUME /build COPY DistributionPackages /build/DistributionPackages COPY Packages/Framework /build/Packages/Framework COPY Packages/Libraries /build/Packages/Libraries COPY Packages/Application /build/Packages/Application COPY bin /build/bin COPY Web /build/Web COPY flow /build/flow COPY composer.json /build/composer.json COPY composer.lock /build/composer.lock COPY Configuration /build/Configuration COPY beach* /build/
- FROM scratch alpine:latest MAINTAINER Flownative <support@flownative.com> VOLUME /build COPY DistributionPackages /build/DistributionPackages COPY Packages/Framework /build/Packages/Framework COPY Packages/Libraries /build/Packages/Libraries COPY Packages/Application /build/Packages/Application COPY bin /build/bin COPY Web /build/Web COPY flow /build/flow COPY composer.json /build/composer.json COPY composer.lock /build/composer.lock COPY Configuration /build/Configuration COPY beach* /build/
- name: Build on: push: branches-ignore: - '**' tags: - 'v*.*.*' jobs: build: runs-on: ubuntu-latest steps: # see https: / / github.com/shivammathur/setup-php#bookmark-versioning) - uses: shivammathur/setup-php@v2 with: php-version: '8.1' - uses: actions/checkout@v2 with: ref: main fetch-depth: 100 - name: Determine latest version id: latest_version uses: flownative/action-git-latest-release@master
- - uses: actions/checkout@v2 with: ref: ${{ steps.latest_version.outputs.tag }} fetch-depth: 100 - name: Docker meta id: meta uses: docker/metadata-action@v3 with: flavor: | latest=true images: | europe-docker.pkg.dev/flownative/beach/beach-controlpanel labels: | org.opencontainers.image.title=Beach Control Panel org.opencontainers.image.description=Docker image providing the Beach Contro org.opencontainers.image.licenses=proprietary org.opencontainers.image.vendor=Flownative GmbH org.opencontainers.image.version=${{ steps.latest_version.outputs.version }} tags: | type=semver,pattern={{major}},value=${{ steps.latest_version.outputs.version type=semver,pattern={{major}}.{{minor}},value=${{ steps.latest_version.outpu type=semver,pattern={{version}},value=${{ steps.latest_version.outputs.versi - name: Set up QEMU id: qemu
- europe-docker.pkg.dev/flownative/beach/beach-controlpanel labels: | org.opencontainers.image.title=Beach Control Panel org.opencontainers.image.description=Docker image providing the Beach Contro org.opencontainers.image.licenses=proprietary org.opencontainers.image.vendor=Flownative GmbH org.opencontainers.image.version=${{ steps.latest_version.outputs.version }} tags: | type=semver,pattern={{major}},value=${{ steps.latest_version.outputs.version type=semver,pattern={{major}}.{{minor}},value=${{ steps.latest_version.outpu type=semver,pattern={{version}},value=${{ steps.latest_version.outputs.versi - name: Set up QEMU id: qemu uses: docker/setup-qemu-action@v1 - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@v1 - name: Login to Google Artifacts Registry uses: docker/login-action@v1 with: registry: europe-docker.pkg.dev/flownative/beach username: '_json_key' password: ${{ secrets.GOOGLE_ARTIFACTS_PASSWORD_BEACH }}
- id: composer-cache uses: actions/cache@v2 with: path: Packages key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }} restore-keys: | php- - name: Add SSH key uses: webfactory/ssh-agent@v0.5.4 with: ssh-private-key: ${{ secrets.FLOWNATIVE_BOT_SSH_PRIVATE_KEY }} - name: Install Dependencies env: COMPOSER_AUTH: ${{ secrets.COMPOSER_AUTH_JSON }} run: composer install -q - - no-ansi - - no-dev - - no-interaction - - no-progress - - opt - name: Build Docker image uses: docker/build-push-action@v2 with: context: . platforms: linux/amd64 push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }}
- Google Cloud https://cloud.google.com/artifact-registry/
- Harbor https://goharbor.io
- Container Docker Images
- Pod Structure
- Base Image - standards and tooling for other images - common tools for application usage 👉 create your own base image 👉 reduce to a minimum, but not less
- Which OS? Alpine Linux - smaller fi lesystem footprint - more secure? - only relevant in container context - uses musl instead of glibc 🐛
- Which OS? Debian - larger fi lesystem footprint - well-established security team - wide-spread, therefore more fi rst-hand experience - high compatibility due to glibc
- Which OS? 👉 You need to feel comfortable working with the OS and it must support all the software you want to install
- 0 30 60 90 120 ubuntu:jammy debian:bullseye bitnami/minideb:bullseye alpine:latest 5,29 MB 72 MB 118 MB 69 MB
- Does the image size matter? Due to layering not so much if most containers use the same base image
- dive https://github.com/wagoodman/dive
- Nightly Rebuilds 🙄
- Nightly Rebuilds 😮
- Build Cascade announce: runs-on: ubuntu-latest needs: build steps: - name: Dispatch to beach-php uses: peter-evans/repository-dispatch@v1 with: token: ${{ secrets.FLOWNATIVE_BOT_TOKEN }} repository: flownative/docker-beach-php event-type: php-images-built client-payload: '{"image_name": "flownative/docker-php/php"}'
- Build Cascade name: Build Docker images on: repository_dispatch: types: [php-images-built] push: branches-ignore: - '**' tags: - 'v*.*.*' jobs: build: runs-on: ubuntu-latest strategy: matrix:
- fl ownative/docker-php https://github.com/flownative/?q=docker-
- More image security - don't run as root (use SecurityContext) - disable privilege escalation - automatically scan images - redeploy automatically, frequently - only include minimal amount of software – do you really need a shell?
- Deployment
- Deployment Strategies
- Recreate
- Recreate
- Rollout
- Rollout
- Rollout
- Rollout
- Rollout
- Blue / Green
- Blue / Green
- Blue / Green
- apiVersion: apps/v1 kind: Deployment metadata: name: podinfo-frontend namespace: podinfo spec: selector: matchLabels: app.kubernetes.io/name: podinfo-frontend template: metadata: labels: app.kubernetes.io/name: podinfo-frontend spec: containers: - name: podinfo image: ghcr.io/stefanprodan/podinfo:6.2.0 command: - ./podinfo - - - port=9898
- spec: containers: - name: podinfo image: ghcr.io/stefanprodan/podinfo:6.2.0 command: - ./podinfo - - - port=9898 env: - name: PODINFO_BACKEND_URL value: http: / / backend-podinfo:9898/echo ports: - containerPort: 9898 name: http protocol: TCP resources: requests: cpu: 50m memory: 16Mi limits: cpu: 1 memory: 100Mi
- Helm https://helm.sh
- Separate Pods Frontend, Backend, Worker, Cron, …
- Use Jobs for Warm Up Container start-up time can be critical. Helm hooks can be one solution.
- Scaling
- What to scale? What about sessions, database, queues? How quickly does your app start?
- Test Performance
- k6 https://k6.io/open-source
- Storage
- Object / Persistent Prefer object storage, key / value storage, database where possible. Avoid traditional fi les (persistent volumes).
- Persistent Volumes - vs. Ephemeral Volumes - Storage Classes - dynamic provisioning - Container Storage Interface drivers
- Persistent Volumes - vs. Ephemeral Volumes - Storage Classes - dynamic provisioning - Container Storage Interface drivers - ReadWriteOnce vs ReadWriteMany
- GlusterFS / Ceph - distributed persistent storage systems - GlusterFS: network fi le system - Ceph: object storage
- Databases
- Latencies and clusters
- Database in K8s? probably not (yet)
- Postgres Operator https://github.com/zalando/postgres-operator
- Monitoring and Logging
- Centralize logs or you won't have logs.
- Loki https://grafana.com/docs/loki/latest/clients/promtail
- Promtail https://grafana.com/docs/loki/latest/clients/promtail
- Prometheus https://prometheus.io
- Running Kubernetes
- Self-Managed Bare Matal Virtual Machine Managed Control Plane
- Rancher https://www.rancher.com/
- How do I …? Can I …? With K8s, how does …?
- robert@ fl ownative.com www. fl ownative.com @robertlemke @robert@ fl ownative.social Your thoughts?
- Bonus: Base Image
- FROM bitnami/minideb:bullseye LABEL org.opencontainers.image.authors="Robert Lemke <robert@flownative.com>" ARG BUILD_DATE LABEL com.flownative.base-image-build-date=$BUILD_DATE ENV FLOWNATIVE_LIB_PATH="/opt/flownative/lib" FLOWNATIVE_INIT_PATH="/opt/flownative/init" FLOWNATIVE_LOG_PATH="/opt/flownative/log" FLOWNATIVE_LOG_PATH_AND_FILENAME="/dev/stdout" SYSLOG_BASE_PATH="/opt/flownative/syslog-ng" LOGROTATE_BASE_PATH="/opt/flownative/logrotate" SUPERVISOR_BASE_PATH="/opt/flownative/supervisor" LOG_DEBUG=true COPY - - from=europe-docker.pkg.dev/flownative/docker/bash-library:1.13.4 /lib $FLOWNATIVE_LIB_PATH COPY root-files / RUN /build.sh & & rm /build.sh USER 1000 ENTRYPOINT ["/entrypoint.sh"] CMD [ "run" ]
- FROM europe-docker.pkg.dev/flownative/docker/base:bullseye LABEL org.opencontainers.image.authors="Robert Lemke <robert@flownative.com>" # ----------------------------------------------------------------------------- # PHP # Latest versions: https: / / www.php.net/downloads.php ARG PHP_VERSION ENV PHP_VERSION ${PHP_VERSION} ENV PHP_BASE_PATH="/opt/flownative/php" PATH="/opt/flownative/php/bin:$PATH" LOG_DEBUG="false" USER root COPY root-files / RUN export FLOWNATIVE_LOG_PATH_AND_FILENAME=/dev/stdout & & /build.sh init & & /build.sh prepare & & /build.sh build & & /build.sh build_extension vips & & /build.sh build_extension igbinary & & /build.sh disable_extension igbinary & & /build.sh build_extension imagick & & /build.sh build_extension yaml & & /build.sh build_extension phpredis & & /build.sh build_extension xdebug & & /build.sh disable_extension xdebug & & /build.sh build_extension ssh2 & & /build.sh clean USER 1000 EXPOSE 9000 9001 WORKDIR ${PHP_BASE_PATH} ENTRYPOINT [ "/entrypoint.sh" ] CMD [ "run" ]
- FROM europe-docker.pkg.dev/flownative/docker/base:bullseye LABEL org.opencontainers.image.authors="Robert Lemke <robert@flownative.com>" # ----------------------------------------------------------------------------- # PHP # Latest versions: https: / / www.php.net/downloads.php ARG PHP_VERSION ENV PHP_VERSION ${PHP_VERSION} ENV PHP_BASE_PATH="/opt/flownative/php" PATH="/opt/flownative/php/bin:$PATH" LOG_DEBUG="false" USER root COPY root-files / RUN export FLOWNATIVE_LOG_PATH_AND_FILENAME=/dev/stdout & & /build.sh init & & /build.sh prepare & & /build.sh build & & /build.sh build_extension vips & & /build.sh build_extension igbinary & & /build.sh disable_extension igbinary & & /build.sh build_extension imagick & & /build.sh build_extension yaml & & /build.sh build_extension phpredis & & /build.sh build_extension xdebug & & /build.sh disable_extension xdebug & & /build.sh build_extension ssh2 & & /build.sh clean USER 1000 EXPOSE 9000 9001 WORKDIR ${PHP_BASE_PATH} ENTRYPOINT [ "/entrypoint.sh" ] CMD [ "run" ]
- # ! /bin/bash # Load helper libraries . "${FLOWNATIVE_LIB_PATH}/banner.sh" . "${FLOWNATIVE_LIB_PATH}/log.sh" . "${FLOWNATIVE_LIB_PATH}/packages.sh" set -o errexit set -o nounset set -o pipefail … # --------------------------------------------------------------------------------------- # Main routine case $1 in init) banner_flownative 'PHP' if [[ ! "${PHP_VERSION}" =~ ^7.[1-4]|^8.[0-2] ]]; then error "🛠 Unsupported PHP version '${PHP_VERSION}'" exit 1 fi build_create_directories ; ; prepare) packages_install $(build_get_runtime_packages) 1>$(debug_device) packages_install $(build_get_build_packages) 1>$(debug_device) ; ; build) build_compile_php ; ; build_extension) build_php_extension $2 ; ; disable_extension) build_disable_php_extension $2 ; ; clean) build_adjust_permissions packages_remove $(build_get_build_packages) 1>$(debug_device) packages_remove $(build_get_unnecessary_packages) 1>$(debug_device) packages_remove_docs_and_caches 1>$(debug_device) build_clean ; ; esac
- # --------------------------------------------------------------------------------------- # build_compile_php() - # # @global PHP_BASE_PATH # @return void # build_compile_php() { local php_source_url php_source_url="https: / / github.com/php/php-src/archive/php-${PHP_VERSION}.tar.gz" info "🛠 Downloading source code for PHP ${PHP_VERSION} from ${php_source_url} . . . " with_backoff "curl -sSL ${php_source_url} -o php.tar.gz" "15" | | ( error "Failed downloading PHP source from ${php_source_url}" exit 1 ) mkdir -p "${PHP_BASE_PATH}/src" tar -xf php.tar.gz -C "${PHP_BASE_PATH}/src" - - strip-components=1 rm php.tar.gz* cd "${PHP_BASE_PATH}/src" info "🛠 Generating build configuration . . . " ./buildconf - - force >$(debug_device) if [[ ! -f configure ]]; then error "🛠 Failed generating build configuration, 'configure' not found" # shellcheck disable=SC2012 ls | output exit 1 fi # For GCC warning options see: https: / / gcc.gnu.org/onlinedocs/gcc-3.4.4/gcc/Warning-Options.html export CFLAGS='-Wno-deprecated-declarations -Wno-stringop-overflow -Wno-implicit-function-declaration' if [[ "${PHP_VERSION}" =~ ^7.4 ]]; then info "🛠 Running configure for PHP 7.4 . . . " ./configure - - prefix=${PHP_BASE_PATH} - - with-config-file-path="${PHP_BASE_PATH}/etc" - -
- if [[ ! -f configure ]]; then error "🛠 Failed generating build configuration, 'configure' not found" # shellcheck disable=SC2012 ls | output exit 1 fi # For GCC warning options see: https: / / gcc.gnu.org/onlinedocs/gcc-3.4.4/gcc/Warning-Options.html export CFLAGS='-Wno-deprecated-declarations -Wno-stringop-overflow -Wno-implicit-function-declaration' if [[ "${PHP_VERSION}" =~ ^7.4 ]]; then info "🛠 Running configure for PHP 7.4 . . . " ./configure - - prefix=${PHP_BASE_PATH} - - with-config-file-path="${PHP_BASE_PATH}/etc" - - with-config-file-scan-dir="${PHP_BASE_PATH}/etc/conf.d" - - disable-cgi - - enable-calendar - - enable-exif - - enable-fpm - - enable-ftp - - enable-gd - - enable-intl - - enable-mbstring - - enable-pcntl - - enable-soap - - enable-sockets - - with-curl - - with-freetype - - with-gmp - - with-jpeg - - with-mysqli - - with-openssl - - with-pdo-pgsql - - with-pdo-mysql - - with-readline - - with-sodium - - with-system-ciphers - - with-webp - - with-zip - - with-zlib - - without-pear