PE Managed Infrastructure

with Kubernetes (aka k8s)

Project Jupiter

Why?

• MYOB is growing in size where it is not scalable to help all teams learn the intricacies of AWS, Networking, Security etc
• Centralising effort means we can all get the benefit of a single teams work
• An MI platform can be used as a base to automate best patterns and practices behind the scenes for developers to not have to care about 
• Scales of Economy*

* Buzzword

Why Kubernetes?

• Started by Google from a decade worth of experience running containers 'at scale'*
• Has been around since mid-2014 so relatively mature
• Dogfed api - we can harness the same API all internal k8s components use 
• Provides extensibility with custom objects and patterns to automate our custom best practices

* Buzzword

Kubernetes concepts

• You have a docker workload; we have compute resources for you
• You tell us how you want your workload run on our compute resources via yaml files
• These yaml files specify Kubernetes objects that declaratively represent types of workloads and lifecycles of those workloads
• You no longer need to care about servers; Serverless!!!!*

* Buzzword

Kubernetes objects

• Pods
  • The fundamental unit of work
• Replica sets
  • Make sure a set number of pods are always running
• Deployments
  • Create a HA rolling update of replica sets
• Services
  • Provide a static address for a grouping of pods inside the cluster
• Ingresses
  • Expose a service to the outside world over http(s)

My app

Lets deploy a simple web app.

What I have:

• A docker image
• A kubernetes yaml file
• Kubeternes kubectl cli tool

A Docker image

• Logs to stdout/stderr
• Can run anything you can run in linux docker containers
• Can have a web healthcheck endpoint or have a healthcheck script

A kubernetes yaml file

Contains the following Kubernetes objects:

• Deployment
• Service
• Ingress

---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: example-nginx
  namespace: default
  labels:
    k8s-app: example-nginx
spec:
  replicas: 2
  selector:
    matchLabels:
      k8s-app: example-nginx
  template:
    metadata:
      labels:
        k8s-app: example-nginx
        name: example-nginx
    spec:
      containers:
      - image: nginx
        resources:
          requests:
            cpu: 50m
            memory: 128Mi
        name: example-nginx
        ports:
        - containerPort: 80
          name: web

---
apiVersion: v1
kind: Service
metadata:
  name: example-nginx
  namespace: default
spec:
  selector:
    k8s-app: example-nginx
  ports:
  - port: 80
    targetPort: 80

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: example-nginx
  namespace: default
spec:
  tls:
  - hosts:
    - example-nginx.jupiter.platform.myob.com
    secretName: mytlssecret
  rules:
  - host: example-nginx.jupiter.platform.myob.com
    http:
      paths:
      - backend:
          serviceName: example-nginx
          servicePort: 80

Kubeternes kubectl cli tool

Push my request to the cluster for it to action, then wait for the update to be stable.

kubectl apply -f my-k8s-file.yml

kubectl rollout status deployment/<my-deployment>

Lets do it!

Jupiter features roadmap

• Logs pushed to sumo logic for searching
• Supports AWS IAM Roles at the Pod level for access to AWS resources
• L7 load balancing/routing and SSL
• Supports different workloads:
  • Web apps
  • Workers
  • Scheduled jobs
• Team isolation with:
  • namespaces
  • network policies
• Internal service discovery via DNS

When?

soon