More tips and tricks for running containers like a pro - Rancher Online MEetup - February 2017

6. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc .5 There are rules for a meetup! • We won’t be done on time • Questions are always welcome • Demo, then demo some more • Things will break, be patient #ranchermeetup

8. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Agenda • Integrated Secrets Management – Bill • Autoscaling with Rancher webhooks – Rajashree • Hand-on with Traefik – Raul • Using the Kubernetes Dashboard and Helm – Sidhartha • Latest Releases – Darren 7 #ranchermeetup

10. © 2017 Rancher Labs, Inc. A complete container management platform that makes it easy to… 9 INNOVATE WITH CONTAINERS without compromising flexibility by empowering developers with fast access to the latest tools MANAGE APPLICATIONS by simplifying day to day application lifecycle management RUN CONTAINERS with the most complete set of container and infrastructure management capabilities Production ready ✔ 20 million+ downloads ✔ Open platform for innovating ✔ Easy to use interface ✔ Multi-tenant ✔ Role based access ✔ 24X7 support ✔ And more….

11. © 2017 Rancher Labs, Inc. Complete Container Management Platform 10 Application Catalog Container Orchestration and SchedulingUser Mgmt RBAC AD/LDAP SAML Ops Mgmt CI/CD Registries Monitoring Networking Multi-tenant Environments Environment 1 Environment N Infrastructure Services Storage ……. ..Environment 2 Security DNS/LB

18. © 2017 Rancher Labs, Inc.  Lock down the local key at rest.  Vault:  Support storing secrets in Vault secrets backend.  Long Term improvements  Signing Public Keys  Create and deploy Vault tokens. Road to GA

22. © 2017 Rancher Labs, Inc. Autoscaling using webhooks • Create webhooks for scaling up/down a service • Configure an external service to monitor it, example Prometheus • Prometheus raises alerts and triggers configured webhooks • Webhook-service handles scaling

23. © 2017 Rancher Labs, Inc. Webhooks for service upgrade • Add receiver hook to use as a Docker Hub webhook for an image • When any tag of the image is pushed, webhook is triggered • Webhook-service upgrades all services based on service selectors used while creating receiver hook

28. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Static config # traefik.toml logLevel = "INFO" traefikLogsFile = "/opt/traefik/log/traefik.log" accessLogsFile = "/opt/traefik/log/access.log" defaultEntryPoints = ["http", "https"] [entryPoints] [entryPoints.http] address = ":8080" [entryPoints.https] address = ":8443" [entryPoints.https.tls] [[entryPoints.https.tls.certificates]] certFile = "/opt/traefik/certs/traefik.crt" keyFile = "/opt/traefik/certs/traefik.key" [web] address = ":8000" [file] filename = "/opt/traefik/etc/rules.toml" watch = true

29. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Dynamic config [backends] [backends.web-test__webtest] [backends.web-test__webtest.circuitbreaker] expression = "NetworkErrorRatio() > 0.5" [backends.web-test__webtest.LoadBalancer] method = "drr" [backends.web-test__webtest.servers.webtest-web-test-1] url = "http://10.42.115.5:8080" weight = 0 [backends.web-test__webtest.servers.webtest-web-test-2] url = "http://10.42.90.235:8080" weight = 0 [backends.web-test__webtest.servers.webtest-web-test-3] url = "http://10.42.251.194:8080" weight = 0 [frontends] [frontends.web-test__webtest] backend = "web-test__webtest" passHostHeader = true priority = 5 [frontends.web-test__webtest.routes.service] rule = "Host:webtest.local,test2.local,test3.local;"

30. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Catalog - Admin ui - http and https ports - Deploy by host label - https and sticky bit support - Letsencrypt (ACME) support - Autoconfig by services labels TODO - Rancher internal certs and sni - Real time backend update and traefik built in support https://github.com/containous/traefik/pull/1173 Will be included in traefik release v1.2.0-rc2

32. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Service labels - traefik.enable = <true | stack | false> - true: the service will be published as *service_name.stack_name.traefik_domain* - stack: the service will be published as *stack_name.domain*. WARNING of collisions - false: the service will not be published - traefik.priority = <priority> # Override for frontend priority. 5 by default - traefik.protocol = <http | https> # Override the default http protocol - traefik.sticky = <true | false> # Enable/disable sticky sessions to the backend - traefik.alias = <alias> # Alternate names to route rule. traefik.domain is appended - traefik.alias.fqdn = < alias fqdn > # Alternate names to route rule. traefik.domain is not appended. - traefik.domain = < domain.name > # Domain names to route rules. Multiple domains separated by "," - traefik.domain.regexp = < domain.regexp > # Domain name regexp rule. Multiple domains separated by "," - traefik.port = <port> # port to expose throught traefik - traefik.acme = < true | false > # Enable/disable ACME traefik feature - traefik.path = < path > # Path rule. Multiple values separated by "," - traefik.path.strip = < path > # Path strip rule. Multiple values separated by "," - traefik.path.prefix = < path > # Path prefix rule. Multiple values separated by "," - traefik.path.prefix.strip = < path > # Path prefix strip rule. Multiple values separated by "," WARNING: Only services with healthy state are added to traefik, so health checks are mandatory.

35. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Kubernetes Dashboard • Web based Kubernetes control UI • Deploy applications • Provides overview of various Kubernetes resources • Provides a log viewer for easy debugging 34 #ranchermeetup

36. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Kubernetes Helm • Package manager for Kubernetes • Supports private repositories • Search for packages • Configure and Install packages • Delete packages 35 #ranchermeetup

38. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Latest Release 37 Rancher 1.4 – February 4, 2017 Key Features: - Kubernetes Dashboard & Helm - Webhooks - Network Policies - Multi-IP Host Scheduling - Secrets Management (Experimental)

39. © 2017 Rancher Labs, Inc.© 2017 Rancher Labs, Inc . Next Releases 38 Rancher 1.5 – Early March Key features: - Catalog Enhancements – Ability to add catalogs per environment - Additional Webhooks – Host scaling, service redeploy - Additional Network Policies – Enhances network policies to support services that are linked - API Interceptor – Admins can now configure pre and post filter hooks into Rancher API requests - Metadata Refactoring – Improvements to allow increased environment scaling

More tips and tricks for running containers like a pro - Rancher Online MEetup - February 2017

Shannon Williams

More tips and tricks for running containers like a pro - Rancher Online MEetup - February 2017