vendredi 18 août 2017

Kubernetes Ingress, Nginx Controller, Blue-Green Deployment


This post describes how we use Kubernetes Ingress to create multiple deployments that allow blue-green deployments.We run Kubernetes on AWS.

Initially we took the approach of creating our services with the type LoadBalancer that create AWS ELBs for each service. With the multiplication of services, the number and cost of ELB grew quickly. We also had to make sure that our Route53 records match their respective ELBs, it was error prone and costly.

Enter Kubernetes Ingress, here is what we have now:
- Services of type ClusterIP for each of our deployments
- Nginx Ingress Controller
- Service of type LoadBalancer for Nginx Ingress Controller
- Ingress resources to define the routing of the requests by the nginx ingress controller to the right service

In our case the routing is based on host names. With that solution, our Route53 records all refer to the same ELB which delegates the requests to the nginx ingress controller service.

Blue Green Deployment

To do a blue/green deployment:
  • First update the deployment (green) that is inactive/not used with the new version
  • Wait until the green deployment is ready 
  • Update the service selector to make it use the green deployment
  • Scale down the previous deployment "blue" to zero replicas

Here you go, the service is now sending client requests to the new version of the application.

References

https://kubernetes.io/docs/concepts/services-networking/ingress/
https://github.com/kubernetes/ingress/blob/master/controllers/nginx/README.md
https://github.com/kubernetes/ingress/tree/master/examples/aws/nginx

mercredi 26 avril 2017

Kubernetes Flash Cards

While learning to use Kubernetes, I figured I could make flash cards of the concepts. Here are the first ones. What do you think?




Pushing to docker registry running in Kubernetes cluster from Docker Mac


Goal

Push local images from Docker Mac to a remote Docker registry running in a Kubernetes cluster on AWS

Solution


Get ip of your machine (thats the one that docker engine can reach)
$ local_ip=$(ipconfig getifaddr en0)


Define registry.example.com as  in /etc/hosts

  local_ip registry.example.com


Alias lo0 with registration.example.com defined as local_ip in hosts


https://docs.docker.com/docker-for-mac/networking/#use-cases-and-workarounds


I WANT TO CONNECT FROM A CONTAINER TO A SERVICE ON THE HOSTThe Mac has a changing IP address (or none if you have no network access). Our current recommendation is to attach an unused IP to the lo0 interface on the Mac; for example: sudo ifconfig lo0 alias 10.200.10.1/24, and make sure that your service is listening on this address or 0.0.0.0 (ie not 127.0.0.1). Then containers can connect to this address.
$ sudo ifconfig lo0 alias registration.example.com/24

Tunnel :5000 to registry DNS 

$ ssh -N -p 22 user@bastion -L local_ip:5000:registry.example.com:5000


Add local_ip:5000 to docker daemon config insecure registries;

save and restart docker daemon

Push to registration.example.com

$ docker tag example-base registration.example.com:5000/example-base
$ docker push registry.example.com:5000/example-base

References

https://github.com/moby/moby/issues/29608
https://docs.docker.com/docker-for-mac/networking/#use-cases-and-workarounds