Rancher and Kubernetes Best Practices
Download as PPTX, PDF0 likes656 views
Kubernetes is an open-source platform for managing containerized workloads and services that provides capabilities like scheduling, self-healing, rollouts and rollbacks. Rancher Labs provides Rancher, which is an orchestration and management tool that adds features like multi-cloud support, global load balancing, backup/restore and a catalog for deploying applications on Kubernetes clusters. The document discusses Kubernetes concepts and practices and how Rancher extends Kubernetes with additional capabilities through its web UI and integration with tools like Helm, Istio and AWS.
Rancher and Kubernetes Best Practices
- 1. Rancher Case Study Howdy Containers, Let’s adopt Kubernetes !!! Prepared By : Avinash Patil
- 2. Comparison of Container Tech Company Docker Kubernetes (Google) Rancher Labs Mesospehre DC/OS Hashicorp Nomad Type Orchestration , Scheduling Orchestration , Scheduling Orchestration , Scheduling with webUI and infrastructure management. Orchestration , Scheduling, CLI-Based Used Cases Small teams Production ready big Production ready, multi-cloud Enterprise version Consul and service discovery intergration
- 3. What is Kubernetes ? Kubernetes is a portable, extensible open-source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation.
- 4. Kubernetes Core features : Automated scheduling, self healing capabilities, Automated rollouts and rollback Horizontal scaling and load balancing Metadata and namespace : describe app labels for diff env like staging,prod Services (Testing for canary,blue/green deployment), Fine grained RBAC permissions Resources not machines (Multiple Cluster for own kube and other deployments) Infrastructure as a code : Config files,manifests : checked into GIT SVN system
- 5. Kubernetes Practices to Consider Infrastructure as Code Update Practices Blue-Green Canary Policy Enforcer Stable Kubernetes 1.3 Manage Deployments Manifest files Docker image version, labels Multiple Kubernetes Clusters (For Kubemasters and namespaces) Access of Kube Logs per different members
- 6. Kubernetes practices to Consider (Contd.) Keep data associated with terminated pods Replace k8s with Docker (Independent of Cloud Provider) Containerd from v1.11 onwards Helm Reusability of manifest or jobs to run on different environments Helm YAML provides the solution as package and deploy kubernetes application (3rd party apps) to serve common definitions Service Meshes : etcd in Microservice architecture Distributed tracing,Metrics and Observability Service discovery like Istio,Consul,etc. Stateful apps (Node constraint for replica), Stateful Sets
- 7. Rancher Support with newer 2.2 release BDR Rancher 2.2 adds support for backup and restore of the etcd datastore directly into the Rancher UI/API and the Kubernetes API. It also adds support for S3- compatible storage as the endpoint, so you can immediately get your backups off of the hosts without using NFS. Multi-Cloud Rancher is built to manage multiple clusters. It has a strong integration with Helm via the Application Catalog, which takes Helm’s key/value YAML and turns it into a form that anyone can use. Global DNS Rancher Global DNS solves this by provisioning and maintaining an external DNS record that corresponds to the IP addresses of the Kubernetes Ingress for an application. This, by itself, isn’t a new concept, but Rancher will also do it for applications deployed to multiple clusters.
- 8. Features and Administration Global / Cluster Resources brought from local cluster, Hosted VMs or Instances for kube ecosystem Hosted Kubernetes Engine Project Deployments : deploy,upgrade,rollback Statefulsets Daemonsets Jobs , Cronjobs Pods,Services,ClusterIP,Nod eport, Load Balancer Catalog Apps Built-in Catalogs Custom catalog Multicluster Apps Global DNS : AWS Route53, AliDNS , Cloudflare
- 10. Rancher on AWS Nodes
- 11. Rancher with EKS and Istio Eksctl to deploy AWS Kubernetes cluster Cluster.yml , create immutable layer Uses Cloud-formation stack specifying node and worker size EBS- StorageClass for Persistent Volumes Istio Integration with AWS ALB Istio-ingress gateway Istio-Virtual Services for GuardHat Apps Kiali UI for service mesh topology Sidecar containers for Ingress/Egress Sidecar container for Circuit breakers and Mirroring
Editor's Notes
- #10: Rancher API Server Rancher API server is built on top of an embedded Kubernetes API server and etcd database. It implements the following functionalities: User Management Rancher API server manages user identities that correspond to external authentication providers like Active Directory or GitHub. Authorization Rancher API server manages access control and security policies. Projects A project is a group of multiple namespaces and access control policies within a cluster. Nodes Rancher API server tracks identities of all the nodes in all clusters. Cluster Controller and Agents The cluster controller and cluster agents implement the business logic required to manage Kubernetes clusters. The cluster controller implements the logic required for the global Rancher install. It performs the following actions: Configuration of access control policies to clusters and projects. Provisioning of clusters by calling: The required Docker machine drivers. Kubernetes engines like RKE and GKE. A separate cluster agent instance implements the logic required for the corresponding cluster. It performs the following activities: Workload Management, such as pod creation and deployment within each cluster. Application of the roles and bindings defined in each cluster’s global policies. Communication between clusters and Rancher Server: events, stats, node info, and health. Authentication Proxy The authentication proxy forwards all Kubernetes API calls. It integrates with authentication services like local authentication, Active Directory, and GitHub. On every Kubernetes API call, the authentication proxy authenticates the caller and sets the proper Kubernetes impersonation headers before forwarding the call to Kubernetes masters. Rancher communicates with Kubernetes clusters using a service account.
- #11: https://rancher.com/5-keys-running-workloads-resiliently-rancher-docker-part-1/