We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

"Kubernetes The Hard Way" on openSUSE Cloud environment

00:00

Formal Metadata

Title
"Kubernetes The Hard Way" on openSUSE Cloud environment
Alternative Title
Let's build your own cloud
Title of Series
Number of Parts
40
Author
Contributors
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
"Kubernetes" is one of the most popular and famous container orchestration open source software. And now, there are so many Kubernetes environments and deployment tools such as SUSE CaaS Platform, minikube, kubeadm, Rancher, GKE/AKS/EKS, etc. So, we can use or build a Kubernetes cluster with them very easily. However, it also prevents opportunities to understand Kubernetes technologies themselves from people who want to know the architecture itself. Therefore, if a Kubernetes cluster gets something wrong, it would be tough challenge to resolve it without such knowledge. For such a situation, here is a very good exercise document - "Kubernetes The Hard Way[0]" which is a tutorial for setting up Kubernetes the hard way on Google Cloud Platform(GCP). People can learn internal architecture of Kubernetes from that. In this session, attendees will get an opportunity to know how to set up a Kubernetes cluster on not only GCP but also an openSUSE OpenStack cloud based on the tutorial, and, will get to know its technology deeply. "Kubernetes The Hard Way"[0] has 14 chapters right now. And it's written for the GCP basically. However, it works on the other clouds (e.g. openSUSE OpenStack Cloud) with some modifications. Kubernetes The Hard Way outlines: 1. Prerequisites 2. Installing the Client Tools 3. Provisioning Compute Resources 4. Provisioning a CA and Generating TLS Certificates 5. Generating Kubernetes Configuration Files for Authentication 6. Generating the Data Encryption Config and Key 7. Bootstrapping the etcd Cluster 8. Bootstrapping the Kubernetes Control Plane 9. Bootstrapping the Kubernetes Worker Nodes 10. Configuring kubectl for Remote Access 11. Provisioning Pod Network Routes 12. Deploying the DNS Cluster Add-on 13. Smoke Test 14. Cleaning Up
Linker (computing)FreewareTwitterBit rateAddress spaceWeb pageSlide ruleEmailComputer animation
SoftwareOpen sourceProgrammer (hardware)Core dumpBusiness clusterComponent-based software engineeringArchitectureTowerScripting languageRevision controlPublic-key infrastructureClient (computing)Computer networkDirect numerical simulationCluster analysisTransport Layer SecurityPublic key certificateAuthenticationConfiguration spaceComputer fileEncryptionControl flowPlane (geometry)Vertex (graph theory)Remote Access ServiceSoftware testingCluster analysisProcess (computing)Product (business)Projective planeProof theoryOpen sourceGame controllerRemote procedure callEnterprise architectureComputer architectureSoftwareBootstrap aggregatingRouter (computing)Revision controlNumberClient (computing)Component-based software engineeringComputer fontSoftware developerKey (cryptography)Frame problemSoftware testingPoint (geometry)Computer programDivisor (algebraic geometry)Computer fileAuthenticationDirect numerical simulationScripting languageCloud computingSoftware engineeringPublic key certificateCore dumpGoodness of fitReading (process)Computer animation
GoogolPartial derivativeSoftware development kitInstallation artTime zoneMusical ensembleCloud computingComputer animation
GoogolComputing platformGame controllerStructural loadNumbering schemeBusiness clusterComputer architectureComponent-based software engineeringComputer hardwareSoftwareFood energyRevision controlAutomationHard disk driveIntelSoftware maintenanceSlide ruleVertex (graph theory)BootingComputer networkGroup actionInformation securityImage resolutionDirect numerical simulationSoftware maintenanceSemiconductor memoryBuildingGame controllerDifferent (Kate Ryan album)Group actionFood energyRevision controlComponent-based software engineeringComputer hardwareInstance (computer science)Vertex (graph theory)Computer architecture1 (number)Right angleStructural loadServer (computing)Electronic program guideComputer programSlide ruleBootingSoftwareInformation securityBefehlsprozessorSocial classRoutingForm (programming)Standard deviationModal logicPoint (geometry)Computing platformCloud computingCluster analysisAnalytic continuationComputer animation
BootingComputer networkInformation securityGroup actionImage resolutionDirect numerical simulationStructural loadIntegrated development environmentVolumeOpen sourceCodeSlide ruleInformationIRIS-TComputer hardwareInformation securityComputer architectureInformationSoftware testingIntegrated development environmentFreewareTwitterComputerImage resolutionStructural loadCluster analysisVolume (thermodynamics)SoftwareCodeWeb serviceDirect numerical simulationLastteilungEnterprise architectureProduct (business)Mobile appComputer programRight angleMultiplication signOpen sourceLimit (category theory)Patch (Unix)Theory of relativityScripting languageMessage passingProjective planeComputer configurationProxy serverError messageMathematicsOctaveService (economics)Point (geometry)Wave packetComputer clusterLiquidGoodness of fitSlide ruleComputer animation
InformationSlide ruleVideoconferencingComputer animation
Transcript: English(auto-generated)
OK, so I talk about Kubernetes the hard way. I'm Masayuki Igawa. I'm working for Suzu right now. And my SMS things or email address is on that.
And also, this slide can be downloaded at the URL. This is my GitHub account. And you can find this PDF file on that page.
Let's get started. Here's the agenda. Who am I? Today's goal. And what's Kubernetes the hard way? Yeah. And Kubernetes the hard way on GCP, Google Cloud Platform.
And I also run the Kubernetes the hard way on OpenStack Cloud. And the conclusion. Yeah, disclaimer. And who am I? Who I am? So I'm working for Suzu, as I already mentioned.
But previously, I worked at HPE, here at Parker Enterprise. I also was in a traditional IT Japanese company for decades. And for now, I'm working for Suzu for OpenStack Cloud product
team. And I'm in the quality engineering team right now. And the title is Senior Software Engineer. And I also open source programmer.
I'm working for OpenStack QA, upstream things, and also downstream things. And I also call review of these product software projects. Yeah, here's my related book.
And the hobby is there, biking, clouds, reading clouds, OpenStack, and a diet. That's the other thing. And today's goal is like this. Understand Kubernetes the hard way. What is Kubernetes the hard way?
I will talk about it. I will explain about that later. And motivate to do Kubernetes the hard way by yourself, if you want. I hope so that. So do you feel like about Kubernetes
when you use the Kubernetes cluster with the deployment tools like Kubernetes, or MiniKube, Rancher, or GKE, or AKS like this, or it's like magic. What's going on inside?
Maybe, yeah, it's really easy to build with Kubernetes or like that deployment too. It's really good, awesome, great. But we cannot understand the internally of the Kubernetes itself.
So I feel like it's like magic. And what's going on? So I'd like to know the internally. So if you want to know its components and architecture, I already said to know the internal Kubernetes thing.
And also, if you want to debug it and also build a Kubernetes cluster as you like, as you want, or feel that's too easy, like with using the Kubernetes
or some other deployment tools, it should be very easy. But it's too easy. And to understand the Kubernetes in detail, I think it's very hard to understand
using the Kubernetes deployment tools because it's really easy, easy step, like one command or two command line. That's it. So if you want to understand the Kubernetes itself in detail or if you want to build a Kubernetes
cluster in a harder way, Kubernetes is the harder way. So do you know the Kubernetes hard way already? How many? Oh, someone knows.
Good. But I will talk about Kubernetes hard way, generally, basic. So this is, yeah, I'll talk about this. So what is Kubernetes hard way? So it's a bootstrap Kubernetes the hard way on the GCP cloud,
GCP. But there is no script, actually. So there is no automatic command like that. So tutorial for Kubernetes, and it's Apache license version 2. And it's just document, documentations.
So document consists of 14 chapters. And the components versions are like this. The Kubernetes 1.12, actually, the latest is now 1.14.
But if storing Kubernetes is 1.12, 0.0. And container D, and the gVisor, and the CNI container networking, eta3d, and the core DNS version is like this. So actually, gVisor's version is Git.
Yeah. The outline is like this. This is a 14th chapter of Kubernetes the hard way. The first is a prerequisites, and installing the client
tools, and provisioning the compute resources using the Google Cloud Platform. And provision certificates, making the certificates for putting it, and generating some configuration
files for authentication, and generating data for some configuration on the keys. And from number seven, chapter seven,
we actually bootstrapping the eta3d, and control plane, and work on those. And at number 10, configuring kubectl for remote access, making the setting file or configuration files
as setting files. And provisioning the port network routers, and deploying the DNS cluster. And then number 13, smoke test. And number 14 is very important,
because if we don't clean up the things, we need to pay a lot of money to Google. And this is the first one, prerequisites.
I don't know if you can see the cost. The cost is very cheap, actually. If you want to use Google Cloud Platform, it's only about $5.39 per day dollars for that.
It's not so expensive, I think. And I also used the Google Cloud Platform. Yeah, actually, the Kubernetes hardware works on the Google Cloud Platform, basically.
But I could run the Kubernetes hardware on my OpenStack private cloud with some tricks. But first, I will talk about Google Cloud Platform,
on the Google Platform things. And I used it. And one standard one instance is 1 vCPU, and the memory is 3.75 gigabytes by 6. And I used for three controller nodes and three worker nodes.
And the first load of answer, I used that. So building the Kubernetes clusters, the architecture will be like this.
Three worker nodes, that contains a controller, run C or something on the container D or like that. And I also created three controller nodes. It contains a S3 and a Kubernetes API server,
or like that. And I also use a load of answer on GCP. So here's a summary on GCP. The Kubernetes is the hardware.
So it's only about 2.5 hours. I mean, 2 and 1 half hours. The cost is less than $1. It's very cheap, and it says Kubernetes is the hardware. But just for me, it's not so hardware.
It's not so hard itself, actually. I just took 2 and 1 half hours. That's it. Yeah, actually, I saw some warnings, but I don't care about that. So that's it.
But I actually wanted to run the Kubernetes hardware on my OpenStack cloud. Because my hobby is building OpenStack or cloud internally.
So this is the hardware in my house. So the left one is my old cloud. It's three new servers.
I bought it very cheap as a second hand. And I mounted it on the lock rack server. I bought it locked from IKEA. So the right side is a newer one.
It's very small, and quiet, and low energy. So the first old one is that very noisy, and consuming a lot of electricity.
So it means costly to run and maintain the servers. But newer ones are smaller, quiet, and low energy. And performance is also better than the old ones. This is an Asrock Disc Mini 310.
The size is like this, not so big. It's like an Intel NUC. But this is not an Intel NUC. But that size is almost the same. It has a standalone 3.2 gigabytes,
and the memory is 16 gigabytes. And the SSD is 120 gigabytes. And I built OpenStack cloud on that right side servers.
I use OpenSUSE 15. It's not latest, actually. But yeah, I use that. And the OpenStack version is Rocky. The components is Nova Glass Cinder, Keystone Neutron. That's it. It's very small cloud.
And I follow the OpenStack installation guide. It's very useful and well-documented. There is no program building the cloud.
And I also automate it with Ansible to build the OpenStack cloud. The cost is like that, not so cheap. It's actually expensive for me. So building, doing the Kubernetes hardware
in the OpenStack cloud is some challenges, actually. So it can be run in OpenStack cloud. I can run that. I could run that.
But there are some challenges exist. And so especially the cost is most program. Initial and maintenance costs are required. It's very expensive compared to the TCP, actually.
And building the OpenStack cloud is also hard. So I got some problems. The main problem is the controller node was unstable with SSD. So the problem is SSD is not good quality, what I used.
So I replaced the SSD to Samsung M2 SSD. The problem was gone. But I need to rebuild sometimes. So I took a lot of hours to rebuild it.
So I automated it with Ansible. So that's why I used Ansible. It's very useful to do something repeatable. And there are a lot of differences
between TCP and OpenStack. OpenStack is the next slide. So basically, the command is different. So on the GCP, we use gcloud command.
But in OpenStack, we use OpenStack command. So if you want to boot an instance, the command is different. And the configured network is different. The security group is also different. So I need it to translate from gcloud command
to OpenStack command, OpenStack command. And I need it to do that.
Host name resolution is required. So you maybe need DNS in that cloud. Or maybe you need to, let's say, host changes to resolve the host name
to run the Kubernetes the hardware on that OpenStack cloud. And load balancer is also required. So maybe you need to use Octavio as a load balancer as a service project in OpenStack.
So that's the first option. But I use Nginx as a load balancer. And maybe you can also use HAProxy for that.
So this is a summary of what I do. So run and customize it on your environment. It's really good to know the architecture of the Kubernetes
or OpenStack or computer systems. And the trial and error is really good to exercise, to know the whole architecture or Kubernetes itself. And I also made a bash script
to run the Kubernetes the hardware. This is not so important itself, but writing the bash script, it's a really good exercise for me. So I did that. And the Kubernetes hardware is only for learning,
not for production, because there is some limitation or some lacking, something like HA or process the volume or something, other things is not exist in Kubernetes the hardware.
So if you want to run the Kubernetes cluster, I recommend you use some other deployment tool, like Kubernetes or something like that. And Kubernetes itself is also open source.
So we can read the code and write a patch or submit a patch or submit an issue or like that. We can participate, join the community, open source community for that.
It's really good to learn the whole of the community or software or architecture for that. And there are some books already. Yeah, maybe you know that already,
Kubernetes Up and Running or the Kubernetes book or Kubernetes.io is also a good resource to know the Kubernetes itself, I think. Yeah. OK, that's it. It's very short.
But there is information about my slides is there. Contact information is there. So Masayuki-ji is my free node, GitHub, Twitter, and liquid training account. The Kubernetes hardware itself is on that. So if you are interested in that,
you can access and check it. Thank you. So any comments or questions or something?
OK. Sorry, I can't hear that. Test? OK. My name is Alexander.
I'm a freelancer. So what is your experience with Kubernetes in the relation of security? What did you find out about configuring security in Kubernetes? Security of Kubernetes?
Yes. Good question. But I actually don't recognize or face a security issue on that, because I just follow the instructions. And I don't run the Kubernetes on the production environment
or something like that. So I didn't find any security program on that right now. So basically, you don't think that security will be a big thing?
Or maybe you know how much time probably somebody should spend in the configuring security in Kubernetes. I didn't face the security things, issues right now.
So I don't know what the security issues, the standard point of the security. So sorry, I probably don't understand what your question is.
I mean, think about like companies middle-sized companies in enterprise. And they're thinking about switching to this Kubernetes stuff and to run their production apps in this environment. So it's always interesting to know what kind of preparations somebody
should do to make stuff secure. So yeah, actually, I didn't run the Kubernetes on the mic for production environment. But basically, there is a lot of things to do.
That is not only Kubernetes, but also web services. I mean, we need to care about security update. And we need to care about security
or something other things. We need to care about that. But I didn't find the Kubernetes itself security issues on that. So sorry. No problem. Thank you.
So any other question? OK, thank you very much.