k8s vs cfThrough the eyes of the user
HELLO!Ivan BorshukovChaosGroup@botu6aa
What is it?
k8sopen-source system for automating deployment, scaling, and management of containerized applications
What is it?
cfcode-centric platform thatruns code in any language or framework in the cloud and manages its lifecycle
k8s● Open-source● Lifecycle● Containers
What is it?
cf
● Open-source● Lifecycle● Applications
Abstractions
k8sContainerPodReplica SetDeploymentDaemon SetVolume
Abstractions
cfApplicationService
● Container● Pod - group of one or more containers with
shared storage/network● Replication Controller - ensures that a
specified number of pod replicas are running at any one time
● Deployment - provides declarative updates for Pods and Replica Sets.
Kubernetes Abstractions 101
● Service - defines a logical set of Pods and a policy by which to access them
● Volume● ConfigMap - configuration key/value pairs● Secret - sensitive data● Label & Label selector● And more...
Kubernetes Abstractions 101 (continued)
Kubernetes Abstractions 101
User Interaction
● CLI - both CF and k8s● Web interface (limited functionality) - k8s
User Interaction
K8s
Hello, World!
$ kubectl run hello-k8s --image=hello
# or
$ kubectl apply -f descriptor.yml
# or
$ kubectl create -f descriptor.yml
CF
Hello, World!
$ cf push
Running your application
cf● Blocks until app is
started● Gives you logs
k8s● Eventually starts your
containers● You need to take care
of what’s happening
k8s● Container image● ConfigMap● Secret● Volume
Configuring your application
cf● Env variables
k8s● Creating a Service
○ ENV variables○ DNS
● IaaS specific
Accessing your application
cf● https://myapp.cfapps.i
o
k8s● Direct● Using a Service
App to App communication
cf● https://myapp.cfapps.i
o
k8s● Volumes (IaaS-specific)● User-provided service● Self-hosted service
Storing state
cf● Marketplace● User-provided service
Storing state
k8s
Viewing logs
cf
$ kubectl logs $ cf logs
k8s
Attaching to your Application (ssh)
cf
$ kubectl exec
$ kubectl \ port-forward
$ cf ssh
k8s● Labels
○ env=test○ env=prod○ env=prod
● Namespaces
Environment isolation
cf● Organizations and
spaces
K8s Labels
k8s● Global or namespace● User-described, based
on rules
Role-based access control
cf● Global, org or space● Predefined roles
K8s roles example
rules:- apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"]
- apiGroups: [""] resources: ["configmaps"] resourceNames: ["my-config"] verbs: ["get"]
k8s● Memory & CPU● Request resources● Limit resources
Resource restriction
cf● Memory
K8s resource: request & limit
containers: - name: frontend image: wordpress resources: requests: memory: "64Mi" cpu: "250m" limits: memory: "128Mi" cpu: "500m"
k8s● Restart on crash with
backoff● Liveness probes - is app alive● Readiness probes - is app
ready to serve requests● Customizable - TCP, HTTP,
custom command
Health management
cf● Restart on crash● Health checks - TCP, HTTP,
PID
Readiness & Liveness
livenessProbe: exec: command: - cat - /tmp/healthy initialDelaySeconds: 5 periodSeconds: 2
Running locally
k8s
$ minikube start
$ minikube addons \ enable efk
Attaching to your Application (ssh)
cf
$ vagrant up$ bosh target$ bosh deploy
Containers
k8s● User provided● Privileged● Root● Stateless or stateful
Containers
cf
● Platform-created● Non-privileged● Rootless● Stateless
Usage Scenarios
k8s● Out of the box support● 3rd party components
integration (e.g. Prometheus)
Application Monitoring using PULL
cf
● Different URL for each app instance (hack)
Multiple processes
cf
● Multiple processes?
k8s● Pods - group of one or
more containers with shared storage & network
● Sidecar - extend and enhance the "main" container
K8s Sidecar
● Ambassador - proxy a local connection to the world
K8s Ambassador
● Adapter - standardize and normalize output
K8s Adapters
k8sStateful & Feature-rich
cfStateless & Simple
THANKS!Any questions?
Credits
Special thanks to all the people who made and released these awesome resources for free:✘ Presentation template by SlidesCarnival✘ Photographs by Unsplash