Оркестрация на контейнери с kubernetes

Martin Vladev @ SAP

За SAP

82 400SAP служители

130държави

320 000клиента в 190 страни

#1компания за бизнес софтуер в света

€10.8 млрдгодишни приходи за 2015

€2.85 млрдинвестиции в R&D за 2015

Cloud Computing

Docker

• An implementation of the Container idea• A Package format• Resource Isolation• an ecosystem – Docker Hub, Swarm,

Compose etc

VM

Docker

Resource IsolationImplemented by a number of Linux APIs:• cgroups: Restrict resources a process can consume• CPU, memory, disk IO, ...

• namespaces: Change a process’s view of the system• Network interfaces, PIDs, users, mounts, ...

• capabilities: Limits what a user can do• mount, kill, chown, ...

• chroots: Determines what parts of the filesystem a user can see

What we need?• Scheduling: Where should my containers run?• Lifecycle and health: Keep my containers running despite

failures• Discovery: Where are my containers now?•Monitoring: What’s happening with my containers?• Auth{n,z}: Control who can do things to my containers• Aggregates: Compose sets of containers into jobs• Scaling: Making jobs bigger or smaller

kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications.

Key Features• Horizontal scaling• Automated rollouts and rollbacks• Storage orchestration• Self-healing• Service discovery and load balancing• Secret and configuration management• Batch execution• Automatic binpacking

Kubernetes in SAP

http://kubernetes.io/case-studies/

SAP subsidiary company

Concepts• Container: A sealed application package (Docker or

equivalent)• Pod: A small group of tightly coupled Containers• Labels: Identifying metadata attached to objects• Selector: A query against labels, producing a set result• Controller: A reconciliation loop that drives current state

towards desired state• Service: A set of pods that work together

Architecture

API Server

Scheduler

Control Manager

etcdKube Proxy

Kubelet

kubectl, REST, etc

internet

Control loops

Drive current state => desired stateAct independentlyAPIs - no shortcuts or back doorsObserved state is truthRecurring pattern in the system

Example: ReplicationController

Services

Labels

DEMO

Q&A