Yet Another K8s Installer
Download as PPTX, PDF0 likes171 views
This document discusses different Kubernetes installers including kubeadm, kops, and CFCR. It provides an overview of each installer's workflow, advantages, and challenges. The key takeaways are that kubeadm focuses on securely bootstrapping clusters, kops manages the full cluster lifecycle especially on AWS, and CFCR leverages BOSH for production-grade operations but requires BOSH experience. Future installers to watch include Kubespray and Cluster API.
Yet Another K8s Installer
- 1. Yet Another k8s Installer By Urvashi Reddy @youreddy
- 2. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Introduction Urvashi Reddy Software Engineer at Pivotal on the CFCR team Based in San Francisco, CA 2
- 3. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Cloud Foundry Container Runtime BOSH deployed Kubernetes Cluster
- 4. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ CFCR is one of 60+ Kubernetes installers
- 5. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Kubernetes on BOSH makes CFCR unique
- 6. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 1.What problems are other installers hitting? 2.Where are they advancing?
- 7. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Agenda ● Quick Kubernetes Overview ● Installer Expectations ● kubeadm | kops | CFCR ● What's Next? 7
- 9. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Kubernetes open-source platform for managing containerized workloads and services
- 10. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Kubernetes ✔ Developers containers ✔ Abstractions and APIs ✔ Rich feature set
- 11. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ But installing k8s can be tricky and that's where the installers come in.
- 13. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Installer Expectations ● Easy to use ● Conformance certification ● Reproducible clusters ● Reliable upgrades ● Production ready ● Multi Cloud
- 15. kubeadm "bootstrap a minimum viable Kubernetes cluster that conforms to best practices"
- 16. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ kubeadm Workflow: Create your own machines and use the kubeadm cli to configure the cluster. ● Download dependencies on each machine ○ base software: docker, kubeadm, kubelet, kubectl ● Run kubeadm init on master node ● Run kubeadm join on worker nodes ● kubectl apply -f <pod-network.yml>
- 17. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ kubeadm Advances: Secure bootstrapping process ● Bootstrap cluster with tokens and certificates ○ TLS Bootstrap ○ Node Restriction
- 18. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ kubeadm Challenges: Day 2 ● Upgrade ○ kubeadm upgrade for kubernetes system components ○ independently upgrade base software and manage versions ● Backups ○ Follow the ETCD guidelines for disaster recovery
- 20. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ kops Workflow: Manage full cluster lifecycle with kops cli ● Download kops cli ● Configure DNS for the cluster ● Cloud storage for state store ● kops create cluster --zones ● kops edit cluster ● kops update cluster
- 21. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ kops Advances: Reproducible clusters ● Cluster spec is like a BOSH manifest ● Terraform scripts ● Edit instance groups with kops edit ig ○ like a BOSH cloud-config ○ AWS Auto Scaling groups ○ GPU
- 22. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ kops Challenges: Support for most cloud providers are in alpha and beta ● Some of the fancy features are currently only supported for AWS ● Recent shift to etcd-manager using k8s-bundle
- 23. CFCR BOSH deployed Kubernetes Cluster
- 24. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ CFCR Workflow: Use bosh cli with the provided default manifest and any other customizations in the form of ops-files. ● Create a new BOSH Director or use existing ● Clone kubo-release & kubo-deployment ● Upload stemcells & releases ● Configure a cloud-config bosh update-cloud-config ● bosh deploy -d cfcr cfcr.yml -o manifest/ops-files/${iaas}/cloud-provider.yml ...
- 25. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ CFCR Advances: Day 2 ● Manage all dependencies and versions ● Backup and restore support for ETCD bbr backup & bbr restore ● Certificate generation and management with Credhub credhub find ● Multiple masters with internal BOSH DNS ● BOSH Resurrector
- 26. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ CFCR Challenges: Key functionality comes from the BOSH layer ● Familiarity with BOSH workflows ● TLS Bootstrap for Node Restriction ● BOSH drain lifecycle ● CNI pluggability
- 27. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Recap kubeadm securely bootstraps clusters with new k8s features but the day 2 experience could be improved kops manages the full cluster lifecycle. It's best at AWS and still stabilizing support for other providers CFCR manages full cluster lifecycle with day 2 in mind with a lot of the heavy lifting done by BOSH which requires users to be comfortable with the platform
- 28. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Takeaways as a CFCR Developer ● Benefit a lot from the BOSH platform ● Other installers are more comfortable incorporating Kubernetes alpha features
- 29. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ What's next? ● Kubespray ● Cluster API
- 30. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Thank you! #cfcr channel cfcr@pivotal.io Me: Urvashi Reddy | @youreddy
- 31. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Resources https://kubernetes.io/blog/2016/09/how-we-made-kubernetes-easy-to-install https://dzone.com/articles/kops-vs-kubeadm-whats-the-difference https://github.com/kubernetes-incubator/kubespray/blob/master/docs/comparisons.md https://www.altoros.com/blog/a-multitude-of-kubernetes-deployment-tools-kubespray-kops-and-kubeadm/ https://github.com/kubernetes/kops/blob/master/docs/addons.md https://github.com/kubernetes/kubeadm/blob/master/docs/design/design_v1.10.md https://github.com/kubernetes/kops/blob/master/docs/etcd/roadmap.md