Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
Endoctus Academy
Next Trainings:
INTRODUCTION
TO KUBERNETES
April 27th
May 4th
May 18th
https://endoctus.com/course/introd...
Architecture Patterns for
Microservices in Kubernetes
Thomas Fricke
CTO
thomas@endocode.com
Penrose Tilings 1973
Golden Section
CC BY-SA 2.5, https://commons.wikimedia.org/w/index.php?curid=474348
Giri Tiles, since 1200
Cronholm144, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=2303498
Roof Hafez Tomb
WHAT ARE CONTAINERS
Way of isolating and restricting Linux processes
● Isolation
○ namespaces
● Restriction
○ cgroups
○ ca...
CGROUPS: CONTROL GROUPS
● cpuset
● cpu
● cpuacct
● memory
● devices
● freezer
● net_cls
● ns
● blkio
these are directories...
NAMESPACES
Namespace Constant Isolates
Cgroup CLONE_NEWCGROUP Cgroup root directory
IPC CLONE_NEWIPC System V IPC, POSIX m...
CAPABILITIES
CAP_AUDIT_CONTROL, CAP_AUDIT_READ, CAP_AUDIT_WRITE, CAP_BLOCK_SUSPEND,
CAP_CHOWN,CAP_DAC_OVERRIDE, CAP_DAC_RE...
Linking Containers: Patterns
at least one common Namespace
process
network
…
process
network
…
mount
No need for a running process
network
…
pause
mount: WAR file
Multiple Containers
network
…
pause
mount: WAR file
pause
pause
mount: WAR file
Locomotive Pattern
By Nate Beal (originally posted to Flickr as Griffith, IN) [CC BY 2.0 (http://creativecommons.org/licen...
Scary ideas
network
…
pause
Share the Network namespace
files: credentials
user
mount
files
user
mount
network:
tun0
iptables
NET ADMIN
DEMO TIME
Linking Containers: Wormhole
common Namespace with the host
Docker Host
default namespaces
/usr/bin/docker
/var/run/docker...
apiVersion: v1
kind: Pod
metadata:
name: busybox-cloudbomb
spec:
containers:
- image: busybox
command:
- /bin/sh
- "-c"
- ...
DEMO TIME
ORCHESTRATION
Greek for “Helmsman”; also the root of the
words “governor” and “cybernetic”
● Runs and manages containers
● Inspired and ...
Deployment
Replicaset
v1.7.9 v1.7.9 v1.7.9
Replicaset
v1.10.2 v1.10.2 v1.10.2
Distributed Patterns
● Client - Server
● Layers
● Message Queues
● Cattle - Pets
● Replication
Rob Hirschfeld https://www.openstack.org/summit/boston-2017/vote-for-speakers/#/18163
SUMMARY
● Lot of useful standard patterns
○ sidecar
○ scatter gather
○ locomotive, tractor
● Powerful Linux container patt...
CONCLUSION
● Concepts before Coding
● Reshaping applications
○ Legacy
○ Compromises are necessary
○ Containment for Techni...
QUESTIONS?
https://endocode.com
https://endocode.com/blog/
https://endocode.com/trainings-overview/
Visit us on GitHub htt...
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubernetes
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubernetes
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubernetes
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubernetes
Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubernetes
Prochain SlideShare
Chargement dans…5
×

Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubernetes

546 vues

Publié le

These are my sheets of the talk given at the Kubernetes Meetup, Feb 28, 2017 in our rooms @Endocode.

Enjoy!

Publié dans : Logiciels
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubernetes

  1. 1. Endoctus Academy Next Trainings: INTRODUCTION TO KUBERNETES April 27th May 4th May 18th https://endoctus.com/course/introduction-to-kubernetes
  2. 2. Architecture Patterns for Microservices in Kubernetes Thomas Fricke CTO thomas@endocode.com
  3. 3. Penrose Tilings 1973 Golden Section CC BY-SA 2.5, https://commons.wikimedia.org/w/index.php?curid=474348
  4. 4. Giri Tiles, since 1200 Cronholm144, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=2303498
  5. 5. Roof Hafez Tomb
  6. 6. WHAT ARE CONTAINERS Way of isolating and restricting Linux processes ● Isolation ○ namespaces ● Restriction ○ cgroups ○ capabilities ○ seccomp
  7. 7. CGROUPS: CONTROL GROUPS ● cpuset ● cpu ● cpuacct ● memory ● devices ● freezer ● net_cls ● ns ● blkio these are directories with fine grained sub folders
  8. 8. NAMESPACES Namespace Constant Isolates Cgroup CLONE_NEWCGROUP Cgroup root directory IPC CLONE_NEWIPC System V IPC, POSIX message queues Network CLONE_NEWNET Network devices, stacks, ports, etc. Mount CLONE_NEWNS Mount points PID CLONE_NEWPID Process IDs User CLONE_NEWUSER User and group IDs UTS CLONE_NEWUTS Hostname and NIS domain name
  9. 9. CAPABILITIES CAP_AUDIT_CONTROL, CAP_AUDIT_READ, CAP_AUDIT_WRITE, CAP_BLOCK_SUSPEND, CAP_CHOWN,CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH, CAP_FOWNER, CAP_FSETID, CAP_IPC_LOCK, CAP_IPC_OWNER, CAP_KILL, CAP_LEASE, CAP_LINUX_IMMUTABLE, CAP_MAC_ADMIN,CAP_MAC_OVERRIDE, CAP_MKNOD, CAP_NET_ADMIN, CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW, CAP_SETGID, CAP_SETFCAP, CAP_SETPCAP, CAP_SETUID, CAP_SYS_ADMIN, CAP_SYS_BOOT, CAP_SYS_CHROOT, CAP_SYS_MODULE, CAP_SYS_NICE, CAP_SYS_PACCT, CAP_SYS_PTRACE, CAP_SYS_RAWIO, CAP_SYS_RESOURCE, CAP_SYS_TIME, CAP_SYS_TTY_CONFIG, CAP_SYSLOG, CAP_WAKE_ALARM, CAP_INIT_EFF_SET These are a lot! Use profiles to group them together!
  10. 10. Linking Containers: Patterns at least one common Namespace process network … process network … mount
  11. 11. No need for a running process network … pause mount: WAR file
  12. 12. Multiple Containers network … pause mount: WAR file pause pause mount: WAR file
  13. 13. Locomotive Pattern By Nate Beal (originally posted to Flickr as Griffith, IN) [CC BY 2.0 (http://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons
  14. 14. Scary ideas network … pause
  15. 15. Share the Network namespace files: credentials user mount files user mount network: tun0 iptables NET ADMIN
  16. 16. DEMO TIME
  17. 17. Linking Containers: Wormhole common Namespace with the host Docker Host default namespaces /usr/bin/docker /var/run/docker.sock
  18. 18. apiVersion: v1 kind: Pod metadata: name: busybox-cloudbomb spec: containers: - image: busybox command: - /bin/sh - "-c" - "while true; do docker run -d --name BOOM_$(cat /dev/urandom | tr -cd 'a-f0-9' | head -c 6) nginx ; done" name: cloudbomb volumeMounts: - mountPath: /var/run/docker.sock name: docker-socket - mountPath: /bin/docker name: docker-binary volumes: - name: docker-socket hostPath: path: /var/run/docker.sock - name: docker-binary hostPath: path: /bin/docker
  19. 19. DEMO TIME
  20. 20. ORCHESTRATION
  21. 21. Greek for “Helmsman”; also the root of the words “governor” and “cybernetic” ● Runs and manages containers ● Inspired and informed by Google’s experiences and internal systems ● Supports multiple cloud and bare-metal environments ● Supports multiple container runtimes ● 100% Open source, written in Go Manage applications, not machines KUBERNETES
  22. 22. Deployment Replicaset v1.7.9 v1.7.9 v1.7.9 Replicaset v1.10.2 v1.10.2 v1.10.2
  23. 23. Distributed Patterns ● Client - Server ● Layers ● Message Queues ● Cattle - Pets ● Replication
  24. 24. Rob Hirschfeld https://www.openstack.org/summit/boston-2017/vote-for-speakers/#/18163
  25. 25. SUMMARY ● Lot of useful standard patterns ○ sidecar ○ scatter gather ○ locomotive, tractor ● Powerful Linux container patterns ○ separation of control and transport ○ wormhole ○ here be dragons ● Orchestration Patterns ○ Helm charts ○ upcoming: Service Broker
  26. 26. CONCLUSION ● Concepts before Coding ● Reshaping applications ○ Legacy ○ Compromises are necessary ○ Containment for Technical Debt ● Paradigm Shift ● Microservice Mindset
  27. 27. QUESTIONS? https://endocode.com https://endocode.com/blog/ https://endocode.com/trainings-overview/ Visit us on GitHub https://github.com/endocode

×