 Well, thanks for being here everybody. So this is part of what we call the open source on ramp So this is a group of talk meant for people who are new to the topic So in this case the topic will be getting started with Kubernetes. We have two great speakers to get you started with that Mason who is from Gretel and Kim who is from digital ocean. So without further ado, I'll turn it over to them Okay, okay good my mic's working. Yay. Well, welcome everyone. Thanks for having us My name is Mason. I'm the lead developer advocate at Gretel.ai And I'm Kim Schlesinger. I'm a cloud native developer advocate at digital ocean and before Mason was at Gretel He was a developer advocate at digital ocean, which is why we're giving this talk together. We used to be colleagues Yes, yes, a lot of fun old times, but now this time today. We're gonna talk about getting started with Kubernetes, so we're gonna move the first thing we're gonna do is do just a brief introduction of the application and what we're doing And verification of the of your environment. So just show of hands. How many people are actively going to be participating Following along executing the code with us. Okay, so what we're gonna do is we're going to Come around for the first 10 15 minutes and see Make sure that your those that want to participate have a functioning environment because you need to have a couple things Installed will help you get them installed if you don't if you're not already connected to the the conference Wi-Fi Go ahead and do that and then after that We're gonna talk really quickly about a one-time secret app that I've already deployed and we're just gonna have you build inside of Docker if we had more time we'd have you build it but I don't have the time to dive deep into cryptography today and also it's for a clock I don't have the brainpower to dive deep deep into cryptography today we're gonna build that application as a flask application and You have the option to upload it to Docker I already have it in Docker hub because if you want to fight conference Wi-Fi while trying to upload a Docker hub You know the Saints be with you, but it's not gonna be fun I had to install homebrew earlier on my laptop on conference Wi-Fi and that took about 30 minutes So good luck Then I'm gonna we're gonna turn it over to Kim and Kim is gonna walk you through all the magical Kubernetes stuff of spinning up a cluster deploying the application Configuring your application to be highly available and then we have a quiz at the very end where we have some wonderful swag That we're gonna give away. There's also swag on the back chair in the back corner that you can take with you Yes, so first thing we're gonna do is Verification environment so if everyone who is doing this or anyone who wants to take a picture This code is the workshop. This is where all of the source code is So ever you can you could do this entire workshop without me or Kim if you go to this page It's wonderful And then we do want to say hi to those of us who are joining virtually We're happy to have you here and so during this Verification time Mason and I will be available to help also Otto who's in the audience. Can you can you wave? So Otto will also be able to help and when it comes time to apply digital ocean credits Otto will be the person that you want to talk to if you're watching online And you're on the virtual platform if you send a direct message to Otto And tell him the email address you used for your digital ocean account. He can apply the credits that way and If for some reason you can't get those credits applied right now I have some information in the repo where you can email me after and I'll apply the credits after the fact Digital ocean does billing monthly so you won't be charged right away for that Yes, if you are gonna participate you do need a digital your unless you plan on spinning up your own Kubernetes cluster on your Local environment you will need a you will need a digital ocean account We're gonna be spinning this up through the digital ocean Kubernetes service It's just an easy way to get a really vanilla Kubernetes cluster running I'm gonna pass it off to Mason. Okay. Well, the only thing we have to do now is we have to get our environments set up so in reality if you have Docker installed and you're participating you're good because we're gonna do everything in Docker like we're not going to execute anything locally So Python 3.7 the Dockerman will take care of that also a good tool to have would be have to some sort of tool that you can submit post requests With JSON as the payload through so if you want to do this with curl 100% you can do with curl I like HTTP IE if you've never seen it. You should definitely check it out It's a very straightforward Basically like kind of like curl, but it lets you do stuff like this which I will zoom in if I can Where instead of having to actually like write the JSON and such or anything with the tokens You can just set key value pairs and it will translate it for you So this is a great tool for testing or if you have something like postman or anything like that That will be more than enough to get get us through it You'll need a digital ocean account And if you want to upload your own Docker image and deploy it to Kubernetes today you can we also will have the exact same Docker Image already uploaded on my Docker hub so you don't have to fight Conference Wi-Fi trying to upload a Docker image so of those of you who are participating who does not have a functioning environment where docker is working You okay, so we're Kim and I are going to split up And we're going to help the people that need that for those of you that are here I Don't know you can dance or you can this is this is an interactive workshop So we're gonna try to get these people set up as quickly as possible And then we'll be back to it you can cut our mics We'll come back when I'll let you know when it's time to turn it back on Account where you've had one in the past and you need credits Otto is the person to Take care of that. He has to manually enter your email address to apply those credits. So Yeah, why don't you go to him? Okay Okay, I think we have everyone good so moving forward We'll go ahead and give everyone like a minute to get back to their place and stuff is fine Okay, thank you for your patience Okay, so just quick poll of the audience. How many people have built a docker container before any sort of container before okay? Good. It's a great number. How many people have deployed something to Kubernetes before? Okay, great number any other questions you want me to ask? We're good. Okay, so And I actually forgot one on my list here. You need to have cube cuddle and cube CTL installed But we'll get to that later. It's relatively easy to install So the next thing we're going to do in the whole part that I'm going to do right now is we're going to talk about a one-time secret app that In a longer workshop, we would have had time to build from scratch But today I'm just going to show you the source code We're going to kind of walk through what it does the architecture of it And then we're going to go for and then you can use the the docker container that we provide or you can build one yourself Okay, so who here is familiar with the concept of a one-time secret app or knows what what that is Does anyone ever use one-time-secret com or something like that? Okay, so a one-time-secret application It's actually a really useful tool for most Most companies say you say you're working in an IT department and you need to be able to give Someone like a new password, but we're all remote now We don't really have a great way of just delivering these and sending it over Slack or something isn't the best thing to do So what we can do is we can create a secret here So we can just say hello OSS summit or something like that And then we can create a passphrase. We'll just say I don't know cheese That'll be my passphrase and what we do is we create this secret link And then what I can do is I can send them this one time this link which has a you know unique idea at the end and Basically has a secret and it will be you know secret for seven days or however long we have it So we open this up We paste it It's gonna ask us for the password This is something that I could call someone over and be like hey the password is cheese or I guess you could send that to them On Slack it kind of defeats the purpose, but at least it's not credentials in the wild This is this secret is only valid once so now if I type the word cheese. I Can see the message and now the message can never be viewed again. That link is a dead link It's never coming back the password is gone And this is just a great way to be able to set stuff up To be able to send people Privileged information that you don't want to send in plain text But you also don't want them to be able to linger somewhere on the internet forever So what we're gonna do today is We're going to wonder why that went away Is we're going to build a We're gonna build a rest API for this so I'm not a front-end developer You don't get fancy JavaScript with Mason you get Python APIs and the command line as it should be And if you disagree we can talk about it later I'm joking, but if you would like to see the code all of the code is at this website grtl.ai Slash os s 2022 dash k8s dash workshop It's also in the do dash community org You'll find it as soon as you look at for it on github, but essentially that's just a short link to it And it's in the Python directory So if I've are if I've helped you set up you already have it set up But you basically you need to be able to download that code and run it So let's look at that code before we move forward. So we have a Python directory And we're gonna make that a little bit bigger because that's really difficult to read Okay, are we gonna be really fancy and hit the dot and open up the web editor? See if it works Again conference Wi-Fi always fun to test conference Wi-Fi during live during presentations. So Python Okay, so we have the application So for actually first, let's talk about just the endpoints of this application So this application is extremely simple Open preview we went all the way around to just open the preview something that we could have read in markdown on the thing So here we go. We've come full circle so this API will have two to eight to endpoints post and Both of them are post one is secrets and then that doesn't even show up or I forgot to put there And then one is secrets with an ID. So when you post a value to the secrets endpoint without an ID at the end So local host 8080 slash secrets you'll supply it with a message a passphrase and then an optional expiration time Okay, this expiration time is what we saw. You know, I want this password to I want this to expire in seven days. We don't want to keep this around forever So when we post this in it will take it encrypt the encrypt the message with the passphrase and then return to you a unique ID which will use in the decrypt process Which is the post secrets down here where you will do secrets slash that ID and then provide at the passphrase and you get you get it back Is it everyone got everyone good? We got thumbs up before good thumbs down if we're not we good fantastic. Okay It's really not that complicated of an app, but it can get kind of messy really quick Luckily, I actually abstracted out all of the cryptography stuff because I did not want to have to talk about that in public I don't think I could it's beyond my beyond what I can do. Okay. Are we gonna scroll today? We're not gonna scroll today Okay, so what we're gonna do is this path this this is a great Opportunity for us to use a database like Redis. So for those of you that don't know Redis is a key value store database Basically, I'm not gonna somewhat of a no sequel. I think it is a no sequel database I'm not a database person if I say things that are false about databases. Please don't flog me. Um, I Work in networks and DevOps. I don't like databases, but I do like Redis because Redis is easy It's key value store. So we're basically gonna have the password and we're going to have the message and the password and what we're going to do is we're going to encrypt the Password the message with the passphrase and then we're going to take the Shaw of the password and keep that And that's what we're gonna use is our lookup identifier. So the key Shut up I Move my wrist like this and it bumps the the crown and it talks So anyway, we're gonna take the Shaw of the password that will be our lookup key So whenever someone submits something we're gonna look it up based on that on that lookup We're gonna take that password shot and if we find something Hey, that someone was potentially using the right link with the right password We're good and then we're going to decrypt it and then the other thing that we can do is with the Scroll is just not gonna work today. What we're going to do is We're going to take advantage of the fact that Redis has The ability to expire seek expire things in the database on its own using set EX So instead of us having to implement this whole time check system to see is this valid or is this not We're just gonna let the database do it That's called not doing work You don't need to do because somebody else already did it and they probably did it better than you did So never re-implement sorts in the standard API or the standard library whenever I speak at colleges I tell them that all the time. Yes, we know your data structure professor made you implement bubble sort You are never going to implement bubble sort in your life And if you do you should reevaluate your life choices so Okay, so basically what we're gonna do is just a little bit of boilerplate as you can see I committed with my debug statements here because I was Having problems We're gonna validate to make sure that the message in the passphrase are in the in the data If the expiration time is set then what we're going to do is we're going to take it It expiration time is expressed here in seconds If the expiration time is not set, we're going to set it to 604,800 which I believe is a week In seconds, don't quote me on that We're going to create a unique ID. I'm gonna make this a little bit bigger too because I still can't read it And that needs to go away. Yes, that makes life a whole lot easier I still wish you would scroll the way I wanted you to but we can't have everything can we So we're gonna create a unique ID So whenever you create the password whenever you create this send this password in to be created It's gonna be a unique ID so someone can access it. We're going to use a library that I wrote to basically Well, no, this is where we're gonna to get the shot of the password of the passphrase She says that's what's gonna be our key in redis Then we're gonna use the same library to encrypt the message with the passphrase We're gonna set you're gonna do redis dot set ex which will set the shod password the encrypted text the cypher text and then it will set a default It'll either set the default expiration time or we'll set an expiration time that you have chosen So we're gonna do that do a set ex and then we're gonna return true and the ID The ID is what's gonna be used in the decryption process because you're gonna go to slash secret slash ID to access the unique data at that ID Have I lost anybody or everybody is there anybody still with me? Any questions about about just the architecture of the application? This is one of my favorite applications. It's more fun. So many people do like oh, we're all gonna make wordle now I'm like no, I'm gonna make a one-time secret. I don't want to make wordle like I already don't get the wordles Right as it is. Why would I want to make another app that I can't win at? These are the jokes if you don't laugh, it's gonna be a long presentation Okay, so this the decryption process is basically the same but in reverse We're going to take the ID and we're gonna take the passphrase Then what we do is we de we we will take the passphrase. We'll get the data out of What did I do here? We get the okay? So what we did is we stored the shaw also in the data We'll get the data out We'll compare the shaws to make sure that they're the same when the shaws if the shaws are the same that means hey You actually have stumbled you have stumbled across a password that is the valid pet like this is real You're not just you know banging up against the door saying whoever's gonna let you in We will delete the delete it from the database and it's actually pretty funny because this is probably a weird Part of the application because we delete it before we even like return it back So basically someone tried to get it if if line 92 fails it deletes the app and they don't get it But we'll just we'll call that we'll call it a demo app not ready for prod So we take the shaw we get it if it's the same we use that same pass we use the password They provide it to decrypt it and then we return back the plain text Pretty straightforward right any questions before I move on And well, I'm gonna demo like this in action like I know I'm talking and like waving my hands You're gonna see how it actually works now the question is how do I get out of? This and go back to the github view because I don't use the VS code. Oh back the back button will work. No, it didn't Is it dot dot? Oh, I thought we would have been made sense It would have got me like I don't want the editor anymore. There we go. Okay The other things that we have in here are a G unicorn config and this is an interesting Discussion when you deploy Python applications A lot of people maybe tempted you maybe attempted to use like flask run when you're running a Python application inside of a container That's still not secure and it's like not in any way thread safe So like don't do it like you should still even if you're running in a container I know most of us got away from using whizgies and stuff because we wasn't wasn't the easiest time to deploy Python Don't use flask run still set up a G unicorn set up multiple workers that way you can at least do something in parallel I mean like right now our Docker containers are only gonna have one core Like we're only we're gonna be running them on one core droplets But if you're running them on multi core droplets We would want to take advantage of that and even still even if you're running it on a one core drop You can still run to maybe even four node workers Without worrying about that, you know the core because you're you know, they're all gonna be doing their own thing in Parallel so it's not that big of an issue processes remain to made to multi-process the the TLDR of that statement was don't use flask run in Docker use G unicorn Maybe use mod whizgy. I wouldn't Even if you have what Yeah, uh, well, so are you running Apache in the same container as the application? Are you running are you running like in it? Okay, if you're doing get inside the same containers the application then however you use Apache and whizgy to get it But most people will run Docker containers and they run like an engine x proxy above it And then they they route it through but they're still running the flask run and like I haven't I don't I don't know Yeah, Apache would be yeah, I I Would I wouldn't I would still run it I would I actually I would still just to be safe because I don't the flask run stuff offers no Security whatsoever like they say it when you run it do not use this in prod We can't guarantee this is safe We can't guarantee that the CSRF is gonna work properly like just don't do it so on a on a just a safety note I would do it. I would do it to be safe safe better safe and sorry to be honest I will also not claim to be a professional expert in Python pack Deployment but from the people that I've met who write flask they definitely say don't ever use The don't use flask run in prod. I hang out with him at PyCon every year, so they're pretty cool people Okay, and then the last thing we have is our Docker file so What we have here is we have from Python and I made a mistake. I didn't pin my Python version I'm gonna cause an outage Whoever he who does not pin his prod does not pin his things causes outages Or they they who did not he or she doesn't matter whatever you want to be if you don't pin your stuff You're gonna cause an outage. Um, I have lived many a life of an as an SRE of people who did not pin packages And then wonder why their app didn't work yesterday So don't do that We're gonna set some environment variables setting the DB host the port the password and then SSL equals true if you're running this locally like if say you install Redis on your local machine and You are not testing this on like a production grade Redis server You're gonna want to turn that SSL off for the local local host stuff because it will just sit there and hang because you didn't set up Any of the certs or any of that stuff Ask me how I know that as I sit there wondering why my app is it working for 30 minutes until I realized it's SSL Just hanging Do a really quick run make dirt. We're gonna make make a directory for the application We're gonna set it as our work working directory We're gonna add all of the stuff in our current directory into that application directory. We're gonna pip install our requirements If you can use a virtual environment here if you want that is one of the biggest debates So should we use virtual environments in Docker? Docker is already an isolated environment virtual on virtual seems to me to be overly redundant You do what you want to do. I don't I am on the no. We don't need virtual environments in Docker Some people agree with me some people throw pitchforks at me. It's whatever you want to do You're gonna expose 8080 whatever port you want But we need to expose the ports for Kubernetes later and then we're just gonna run the gunicorn command We're gonna bind it to 0.0.0.0 which in reality because we have this in our gunicorn config We didn't need to do the command line arcs here, but either way and then we're gonna run the application Any questions before I move forward fantastic So the next thing we're gonna do is we're going to build this application Also for those of you that don't know control l Is a shorthand for clear As I say it and it doesn't work because it wants to make me a liar right in front of everybody. Thank you. I appreciate that Yeah, I need to increase the size. How do I On it my term We'll command plus work command plus works. We here we go Okay, so we need to go into code Do community OSS python, okay So we're in python. We're in the python directory And all we're gonna do here is we're just gonna do a docker build So if you've never seen docker build before As I went over the docker file, but I'll say it again docker file is a way of defining your container So where we've defined the container that we need to deploy to to kubernetes So what we're gonna do now is we're gonna do a docker build and it's going to set all of these things So docker build Now you can be a little bit more Like verbose with with your naming schema here Like if you are gonna upload this to say a docker hub repository So say like my username is mason and my docker hub repository is ots I would want to do something like mason slash ots here. You can also Retroactively add tags to an image after the fact so you can push it. We're gonna do neither here We're just going to do build ots. I'm gonna say dot for the current directory So look in the current directory for the docker file and let's build it Now I've already built this on my machine because whenever I built it earlier We are not having a day with the scroll bar Something is up with this. I think the whole computer just boomed Python and docker not the greatest. That's a lie. There he goes. Okay. Something is really upset with my laptop Come on This is gonna be fun We're gonna pretend like we saw it work and we're not gonna ask too many questions. So I think that's a terrible color But we see enough of it. We see the five we see the five layers run So basically it does the run from the docker io python. So basically pulls down the pulls down the image from Docker hub so the python image is directly from docker hub like docker hub maintains as what is known as a base set of library images Or they help maintainers of those projects maintain it So whenever python sets out a new release python builds the docker image uploads it to docker hub It's part of a let's call the base library of docker Then all of those environment variables were set. We run the makedir slash app to create it We've created a directory inside of our docker file. We add all of the code to the docker file We've run pip install and now it's ready to go like everything's ready whenever we execute it It's going to run that command and the application is going to run Now what we have to do though is we have to set up Our docker file now we have to connect it to a redis database. So for those of you who are We are having interesting issues with the laptop today The trackpad has revolted Like none of my key swipes are working. It's not even clicking Okay I know how to do this you hold the pillow over it until it goes We do a hard restart which doesn't even seem to be working. Okay, there we go Okay, anyway while we're here Isn't that so tranquil It's you're kidding me. Do you want to use my computer? It's trying to update You love me Okay. No, we're good. We're good. I was like I saw the line come across as like you are absolutely kidding me Like like I understand being upset that I've told you no on updating for the last three days But doing it in the middle of a presentation seems a little bit passive aggressive Um, I would like to speak to apple. I would like to speak to the apple people immediately So, okay That's fun. Here we go. We get to start it all over. What's up? You are welcome to follow along. I know I go fast. I can go slower if you'd like me to go slower I'm trying not to take up all of kim's time Because the kubernetes stuff is actually the way more fun stuff at the end of the day I have a docker image ready on docker hub that she's going to use that you're going to deploy to kubernetes This is just me having something to do As kim does all the important stuff. So let's see if mac is going to work again We're going to hit plus maybe it was the zoom in maybe zoom is just too much to render for a mac I'm sorry. I'm being a little bit salty, but I'm thinking I'm like to think it's funny Okay, so let's go back to the docker build Docker build and now I can't type Yay Okay, we have to start docker. Okay. Now we wait on that to go I could just I can't even do a docker pool without the docker daemon running So I was like I could just pull it off the pull it off my repository, but Okay, so the next thing we're going to do is we're going to run. I'm my part is almost done We're going to run the docker. I'm going to show you it working I'm going to show you like run the post api commands and then kim is going to do the kubernetes part So if you're here for the kubernetes part you had to deal with me for a little bit I'm sorry, but it's coming up soon as soon as the docker daemon decides it wants to run Okay, so we did the docker build I for some reason like to re-verify things The docker build is running. Okay, so now we're going to do a docker run And I think that's the stuff we used earlier. So that's fine. So for those of you that are doing this yourselves That needs to be way bigger Can I make that bigger? Does notepad let me make things bigger Heading there we go. Okay, that's Wow For those of you that are here. I can't make what do you say kim make it? Yeah increase the font size Which is what like command plus or something. Okay. Okay. So for those of you that are here that are running this And it's going to be deleted after this. So don't think you're going to steal my redis database. Those of you with cameras Okay, this is the database that we're using right now. It's a live database. I'm going to delete it at this ends at 5 35 It will be deleted at 5 36. So I'm not saying do your worst, but do your worst Um, please don't I'd like to get through this So we're going to connect it to a redis database that is running on digital ocean because When you work there you get credits Um, and that works out pretty nicely so Let's Where'd it go? Where'd my docker thing go? Okay, so let's run this Okay, so now we have a functioning one running It's and then how do I add a new New tab, okay There we go so We're going to go back to hopefully safari github Safari is running and in the python directory we have everything running So Okay, now we have our sample. So we have an entire sample So we're going to have the ht. We're going to use http Which for those of you that have never seen http before it's It's basically just like curl But does all it does all the difficult parts of curl of post request much easier So we're going to paste this command here Okay, and this is running on Come on since this is running on localhost We're going to run it really quickly and hit enter Now I could have changed message with a message in passphrase with your passphrase I didn't feel like it. So we've sent it in and now it's set there in redis So now we have our key values to pair in redis. We have an id and what we can do is we can now take We're going to take that exact same one that we used we're going to take this id We're going to copy it I paste it And we don't need the message part anymore what we did we do need the passphrase We hit enter and as you see we get our message back. So it's a working one The other thing we can do is we can do expiration I'm not going to spell this right, but we're going to try it live. We'll set it to 15 seconds Okay, so then basically what will happen is by the time I get this copy and paste it and over there It's going to say no your your secret has expired So at least we know that that section has worked So our message is basically the same as it was It's the same stuff But by the time I get here and paste this in because doing stuff on a trackpad does not equal speed And we don't need the expiration time for this last one I'm just making sure I've met let 15 seconds pass It basically says the secret has either never existed or is already used So the so that was us seeing we used the the mechanism in redis to time it out And now the secret was automatically deleted So from there we go back to safari We go back to the no we go back to this to our slides Okay, so we've built the docker image and now if you have your own docker pre-built Um, like if you have your own docker hub and you've already set everything up You can do a docker push from here Docker push in the name of it too like so this was mine was called mm egger Uh one time secret so I could do a docker push to that And it would upload as a docker hub and that is where my story ends Because now it is on docker hub and now it's ready to be uh ingested by the kubernetes manifest whenever we deploy kubernetes So now i'm going to turn it over to kim who is going to come up here and finish and do the kubernetes part of the segment Can you hear me now? Yeah, give mason a round of applause. Thanks mason All right, so what mason just showed us is like how do you develop an application locally? How do you uh run it on your local machine? How do you use docker to containerize that application? Make an image of it and then push that image up to a container registry like docker hub What i'm going to show you now is like the next part uh that happens when you have spun up a kubernetes cluster So first thing we're going to do is we're going to spin up an actual cluster Then what we're going to do is we are going to deploy the application that mason built And then we're going to configure that application to be highly available And then at the end we'll do a review and conclusion so If you go to the github repository the os s 2022 getting started with kubernetes We're going to be working through the readme in the kubernetes directory. So you want to go to that And you have two options if you're trying to follow along with me, which I invite you to do The first one is spin up a kubernetes cluster using digital oceans manage kubernetes There may be some hiccups with this one And then the second is there's this really nice option where you can use kubernetes in the browser And it's this at this link. It's called killer kota And so once you go to killer kota and you log in you actually get access to a kubernetes cluster Where your terminal is in the browser and your editor is in the browser So this is a great way to experiment with kubernetes The only downside of killer kota is there's one part of the tutorial that you can't do on that And that's exposing the application to the internet But I would encourage you to follow along either with digital ocean kubernetes or with killer kota So for this section if you're using the digital ocean kubernetes Instance you'll need a digital ocean account, which I think a lot of you have installed And then you'll also need this tool. It's called doctal. It's the digital ocean command line tool It's going to get us our command line connected to our digital ocean account So there's installation instructions at the link You'll also need cube control. That's the kubernetes command line tool That's how you communicate with a kubernetes cluster from your command line And uh, if you'd like, uh, http httpi Oh That's weird Maybe I didn't get that right. Um, oh, I can change that But that's what mason was using to send the post request Was http pi Oh, there it is So, uh, I'm going to give you just a couple of minutes to try and get these things installed If you're not able to get them installed and running during the live workshop, that's no problem We've got all the instructions for how to do this in the tutorial. Uh, so you're welcome to do it, uh When you have a little bit more time. So installing doctal, uh cube control and optionally http http they have a they have a They do have a pronunciation guide but I keep going to the wrong link So All right, so, um, if you are still installing those things no problem I'm just going to show you what we're going to do So step number one is you want to create a kubernetes cluster You can either do that by having killer kota do it for you or you create a digital ocean kubernetes cluster So the way that you do that Is you go to the digital digital ocean control panel. That's not the one I want So it's at cloud.digitalocean.com And on the left side, you're going to go to the kubernetes tab And you're going to create a cluster I already have a cluster up and running in here. It was to prepare for this workshop. So i'm going to create a new cluster And let's use this blue create cluster button And you need to give digital ocean some information about what you want to be true for that cluster So the first thing is you have to choose a data center region For the purposes of this exercise, I would choose a data center. That's geographically closest to your location So we're in austin texas in the us right now I think san francisco is the closest data center But if you're in europe, you have the options of london, amsterdam and frankfurt if you're in asia Singapore and bangalore So pick a data center that's close to you And then it's a selective version. This defaults to the most recent available version of kubernetes So I would leave it as default unless you have some reason for needing a different version of kubernetes And the next thing is choosing the cluster capacity So kubernetes has a control plane and then it also has worker nodes And so you have an opportunity to name those worker nodes I'm just going to name this Let's see open source summit node And then you can pick your virtual machine type at digital ocean. We call those droplets I'm just going to leave it on default since this is a test cluster Well, it gives you the information about how much it's going to cost you per month And then how many worker nodes you want up and running Um, and then down here it says create cluster on a high availability control plane I would do that because it's going to spin up your cluster faster And then it tells you how much you're going to pay each month and then to finalize you get to name your cluster So I'm going to say open source summit demo cluster You can pick one of these projects to put it in I'll just leave it in sami shark And then you're going to kick you're going to click create cluster So what's happening now is my cluster is creating and this takes a few minutes to happen So the next thing that I need to do is I need to configure doctal So that doctal can talk with my digital ocean account. So first thing is I'm going to create an api token So if you go to the api part of the digital ocean cloud console And I'm going to create a new token. So generate new token. This is open source summit demo You get to specify Some information about that token you want both read and write permissions. I'm going to generate that token You're going to show you're going to be shown that token once so copy it on your clipboard If if you mess it up, it's no problem. You can just delete that token and create a new one But you only get this once And then I'm going to use doctal to authenticate to my digital ocean account I wonder you can't see it doesn't You can't see all of my terminal. That's all right. We'll figure it out. All right. So you do doctal off a knit And Yeah, it says, uh, please give me your Do token and I've got that on my clipboard So I pasted that and clicked enter and it said I'm validating that token To make sure that you're actually connected to your digital ocean account Um, if you run doctal account get you should see some account information So doctal account get I'd said doctal twice doctal account get Beautiful so it just says here's your email address. Here's how many VMs you get with your account. Um, and are you an active user of digital ocean beautiful, so I've got doctal installed my Doctal is connected with my digital ocean account and let's go look and see if our kubernetes cluster is up and running So this is in the sammy shark project All right, so I'm looking at my open source summit demo cluster And we've got a progress bar up here. It looks like it's still spinning up But uh, the next thing that we need to do is we need to download Our kube config file And so what that does is it allows you to use kube control to authenticate to your cluster So you can run kubernetes commands from your command line So the way that you do that with digital oceans if you scroll down Let's see If you go to connecting to kubernetes There are two ways to do this the automated way, which is the easiest in the manual way So if you just grab this doctal command And you paste that in your terminal It says hey, I added these cluster credentials to your kube config file Um, and I set your context to that particular cluster So back to the cluster to see if it's still spinning up still in progress Um, if your cluster is still spinning up, no problem I'm going to switch to a cluster that I already have up and running and let's take a look at that So if I say kube control config get contexts These are all of the kubernetes clusters that I can authenticate to I want to use my prep cluster, so I'm going to grab that name And I'm going to switch to that so kube control config use context And it says hey, I switched to that cluster that you've already used And so once your kubernetes cluster is already spun up you want to verify that you can actually connect And the way I like to do that is I just say kube control. That's the kubernetes command line tool get nodes Ah, we got a yay And so this is what you should see I have a list of those three worker nodes Um, and uh, you can tell I spun this up two days ago It tells you the name of the nodes whether or not they're ready and then the version of kubernetes that they're running We're running kubernetes version 120 28. So we just did a ton of things there I created a digital ocean kubernetes cluster I used doctal to download the kubernetes config file And then I used kube control to make sure that I can connect to my cluster If you're following along with killer kota Go to tab one and I'll make this bigger and you can do the exact same thing you can say kube control get nodes And you can see Okay That's a little better you can see I have a control plane node and one called node zero one So I can connect to this kubernetes cluster as well All right So let's beautiful take a look. All right, so We've got our kubernetes cluster up and running and the next thing is we want to deploy uh, mason's one time secret application into the kubernetes cluster And so this is the docker hub and this is mason's account on docker hub And this is the one time secret image that he built on his computer and pushed to this container registry So if I go to tags Um, it tells me the docker command to pull down this image. Um, but what I really want is, uh, the name of his, uh Docker hub account and then the name of the application and then it looks like the tag has the date on it. So We're gonna have a quiz in a few minutes. So in kubernetes You want things to be highly available and one way you can do that is have multiple replicas of your application running So instead of having just one of the one time secret app running in the kubernetes cluster We want to have three and here's how you do that in kubernetes Actually, let's do it up here So if you go into the manifest file These are all gamel files that um are going to create kubernetes resources And a deployment is the way that you want to set up more than one replica of an application running So if you take a look at this Uh, this is my deployment. You see the kind here and I've got some other information I'm saying. Hey, I want three replicas If you just wanted one replica you would put that number there if you wanted 10 replicas running you'd put that there And then this online 21 is really important. This is the image that we're pulling down This is mason's image. Um, if you push your container image to the docker hub You would change it to the address for your image So I've got mason's there and I have the latest tag which is 22 6 20 And then I'm got all those environment variables that we saw in the docker file in here This is a terrible practice to have your password up in your github repo But I want you to have the opportunity to run this application and see it work So all right, so I've got that deployment And we want to put that in our kubernetes cluster But what we want to do next is we want to create a namespace So if I go to my command line if I say cube control get ns that stands for namespaces So these four namespaces come by default with kubernetes One is called default and then we have cube node lease cube public and cube system In general you want to create a different namespace for the applications that you're running And so we're going to create a namespace where we're going to put the one time secret application And I want to call it app namespace. So I've got a manifest for that It's called namespace yaml and you've probably heard of infrastructure as code and uh, one of the things that has to be true is you have to be able to Store your configuration in files that can be saved and managed with git Well, this is how one way you can do that in kubernetes is through yaml So instead of typing cube control create namespace. I'm going to say hey kubernetes Will you create whatever resource is defined in that file which is called a namespace yaml So here's how that works. You say cube control apply And then let me see if I get the directory path, right? So kubernetes No, it doesn't look like it Where am I am I? No, I'm in the right spot. Okay. So I'm going to say cube control apply the file called kubernetes And it's in the manifest directory and it's called namespace.yaml And kubernetes says hey, I created that app namespace You can verify that by running cube control get namespaces And you see I've got my app namespace there But there's nothing in there So let's put three replicas of the one time secret app in there So we already looked at the deployment.yaml That's where we're going to create they're called pods three kubernetes pods Inside the app namespace and I have the namespace specified here So I'm going to run a similar command cube control apply the file In the manifest directory called deployment And kubernetes says I created that deployment And I want to check do I have three replicas running and the way I do that as I say cube control Get me all the pods in the namespace called app namespace You see I've got Three different pods running they're all one time secret pods But they all have different unique IDs at the end And they're running so that is good to go And so this is actually kubernetes has grabbed the image from mason's docker hub And it has created those containers inside the kubernetes cluster. So we're getting closer But you might ask like how can you check that that these are working? And so right now these pods or these replicas of the application are only available in the kubernetes cluster And so we have to do something in the kubernetes cluster to test the application And so the way that we're going to do that is I have another yaml file. It's called utilities And so this is also a deployment this deployment is only going to spin up one replica And uh utilities is a project that a friend of mine and he's been built It's a container that has a lot of tools that are helpful for us like curl W get things like that so you can test inside your kubernetes cluster And so what we're going to do is we're going to spin up this new container called utilities Then we're going to install HTTP the project and then we're going to make those post requests inside the kubernetes cluster So here's how that works first thing i'm going to do cube control apply the file in kubernetes manifest called utilities And that should be in the App namespace so cube control get pods from the namespace app namespace All right, so I've got my utilities pod here And the next thing i'm going to do which I think is the coolest thing you can do in kubernetes I think some other people might disagree I'm actually going to exec into that pod and so i'm going to run a command that's going to open up a shell inside that pod So I can run commands inside that pod and all this is in the tutorial so uh Well, let's actually look at it All right, so exec there we go. So we're going to exec into the pod. So it's this command you say cube control exec Give me an interactive terminal. You have to paste in the specific name of your utilities pod Which is going to be different than mine. It needs to happen in the app namespace Namespace and then you're going to say hey drop me into a shell where I can run commands so Let's see cube control exec it Oh, that's way too much, but that's okay I copied the whole line not just the name In the namespace app namespace And then I'm going to say bin shell Okay, so you see my uh command line prompt has changed. It's changed from the Zsh Theme that I have with the green arrow and now I just have this hash hash sign And so if you list what's in here I'm inside that utilities container and I have all of these things that have already been installed But I want to install uh http And the way I'm going to do that is run this extremely long command And this will take a couple of minutes because it's actually installing http in this particular container And so we'll let that happen But once that's installed, um, I want to make a post request to one of those pods And so let me open a new tab In order to make a post request so when mason did it He was saying local host and then the port was 8080 And so I'm not going to use local host because this pod these containers are in my kubernetes cluster So I need to get the ip address of my pods And so that the way that you do that is you say cube control get pods from the namespace app namespace And you say, uh, give me the output in the wide format. So it's going to give you more information than normal All right, so I have my three one time secret containers and I have my utilities container and I have the ip addresses Um of those containers So if you're familiar with ip addresses anything that starts with 10 is a private ip address So it's only available in the kubernetes cluster Which is why we had to spin up that container inside of the cluster And so I'm going to grab I'm going to grab one of these ip addresses because I'm going to need that for the post request All right, so it looks like http got installed in this container if I run http I should see the command menu beautiful all right, so If you scroll down this Test right should look familiar. This is pulled directly from the docker tutorial So I'm going to say http post I'm going to replace this with the ip address I just found need port 8080 To the secrets endpoint and then I'm going to say Message your message and the passphrase so let's do that So http post and then the ip address Port 8080 secrets and its message equals high Uh, we'll say oss And then the passphrase I do like the passphrase cheese, so we'll do that Hey, this is awesome So I sent that post request from a different container to one of those pods and it said Hey, I created that one-time secret for you So we can run the other command which is to uh pass the id so http. Oh, I think I Http post. Oh, this is always a mess. Um All right ip address port secrets and then the id And then I also have to give it the passphrase pass phrase equals cheese I do need post again. Thank you. I'm going to cancel that Um, so we'll do http post and then we'll paste all that Show me that json Hey So yeah, this is cool So I have this application deployed in my kubernetes cluster I can access and like make post requests to the application from inside the kubernetes cluster But the more interesting part is you want this to be available to you on the internet And so the way that you do that in kubernetes Is something called a kubernetes service So this is a nice diagram that shows three of the kubernetes service types This is on the quiz at the end so pay attention. So one service type is cluster ip It's just when you need things in your kubernetes cluster to communicate with one another internally So you don't need it out on the internet node port is when you actually open a specific port on a specific vm And uh, that sort of defeats the purpose of kubernetes because you want your VMs to be able to go down or be upgraded and go away And so the port's going to be changing. So you want that to be dynamic But load balancer. This is the good one What the load balancer service does is whatever cloud provider you're using digital ocean aws gcp It spins up a load balancer from your cloud provider and gives you an external endpoint That allows traffic from the internet to come into your kubernetes cluster And so let's create a kubernetes service Um, guess what it's it's in the manifest. So let's take a look at the service manifest All right, so we go to service dot yaml Pretty simple Actually, I hate when people say that I think kubernetes is hard. Uh, not that many lines of yaml So this is a service. I'm naming it ots service one time secret service I'm asking this service to be created in the app namespace If I put it in another namespace, it wouldn't work Um, this is important I'm saying to the service so the service gets a stable ip address and then the service load balances to those three containers that we created The way that the service knows which containers to talk to is this particular set of lines the selector and the app And the name of my app and the deployment is ot s and i'm saying hey the app That's where you want to send traffic to And then uh target port like mason had localhost 8080. I had that ip address 8080 We're going to use the 8080 port and then type load balancer. So i'm going to create this service I'm going to exit out of my utilities pod See my command line Terminal prompt has changed And so cube control apply the file in kubernetes manifests the one called service And services um take a few minutes to spin up and give you that external ip But let's see what we've got so far. So i'm going to say hey kubernetes, uh Should say cube control get the svc for services Uh dash capital a means all namespaces All right, so if you see um, I have the app namespace the ots service. Oh you can't see it That's too big All right, so if you see uh the app namespace the ots service There's the cluster ip. So that's the private ip in the kubernetes cluster and then external ip is pending So digital ocean is actually creating me a load balancer and it's going to give me an ip address Let's look back at our digital ocean account and and see that so if I go to My networking tab And if I go to load balancers Um It's still creating but this is the load balancer that I just spun up by applying that service Um So oh it's so close look at it Go go go And so what I want to show you is um, I want to show you and you can do it on your computer too But I want to make that post request Not from inside the kubernetes cluster, but from my local machine And get those kinds of responses back from the one time secret app So If this progress bar is correct, we're really really close Go go go and we'll just run this command again And see if we have an external ip not yet Not yet Okay This says I'm awesome. Okay. It's actually giving me the ip address 146 194 13. Let's see All right, I think that's going to be the ip address of this. We'll give it just a minute All right Well, nonetheless, um, let's grab this ip address and so Uh, my command prompt is my computer. So I'm not in my kubernetes cluster right now But I do have http installed. So there's proof of that So, uh, let's let's make a request so http post and then I'm going to give the ip address Because in the service I told you the target port I specified that I don't have to have 80 80 So secrets and then uh, we've got message The to the internet And then the passphrase is going to be gouda Oh, no, I missed a I missed something What did I miss? Oh, thank you The exclamation point is to the oh, yeah All right, so this is from my computer I made this request to that ip address and it worked I got this id and to prove it. I'm going to make a post request I'm going to Take out the message and I need to Uh, add the unique id to that post request and the passphrase Well, that didn't work Maybe I did something wrong. Hey Actually, it did work because now I said that secret's already been read. So, um That means we got that service on the internet. Let's see if that service Um If the ip address gets listed so before it said pending now the external ip has this ip address And the next step in your kubernetes journey is you would set up something called an ingress controller Where you could have a domain name like OSS conference is great com and then you could have that domain name point to this particular ip address So that would be the next step. Okay. That was a total whirlwind But let's just review what we've done. So you created an app with mason you Made an image you pushed that image to a container registry docker hub is one There's other ones quay a digital ocean as a container registry Then we spun up a digital ocean account And uh, we created a kubernetes cluster and then we deployed. Hey, we got it We deployed three replicas of the one-time secret app to that kubernetes cluster We made sure that the app was working internally in the cluster And then we exposed the application via a load balancer service so that internet traffic could meet that And this is the very end So if you would like to play we have three prizes So this is actually a quiz. There's only five questions So what you can do on your phone or your laptop and if you're watching online, please do this as well Go to kahoot.it And then enter the game pin 640 54 89 And uh, we have a quiz About what we just covered and we'll have a leaderboard We've got a third place prize a second place prize and the first place prize is this wonderful sammy plush All right, beautiful. We've already got two people Love it Um, if you go to kahoot.it It'll ask you for a game pin. It'll look like oh, I should I should I should not Not show you the game pin. Oh, thank you whoever kim rocks is All right Beautiful Also, I am hungry Whoever is hungry Excellent. All right cheese Okay, we're having a really good participation on this particular quiz All right, it looks like we're about ready to start. Um All right, you can still join But let's get started So this is the open source summit getting started with kubernetes workshop quiz All right, so this is from mason's portion What is the dockerfile directive for declaring an environment variable? So in your dockerfile How do you declare an environment variable? Is it arg? Is it env Someone's chuckling is it var Or is it env underscore Var wow, good job everybody the correct answer is env 17 people got it right. It's like nine people got it wrong. And so you may be wondering How oh I haven't shown you this yet All right, so this is the leaderboard So we've got joe in first place chuckles in second place Blub in third place and so with kahoot The accuracy of the response is important. You have to get the answer right but speed is also important So joe must have gone the fastest, which is why he's at the top So you want to be correct and you want to be fast to get on the leaderboard So let's go on to the next question true or false This is the command to push an image to the docker registry True or false docker push the name of your image and then the tag True or false. This is the command to push an image to the docker registry Docker push name colon and then the tag All right, that was true All right, the leaderboard joe still in first damien moved up into second and chuckles has moved to third All right. Good job shoyer is the highest climber next question into the kubernetes Which kubernetes resource allows you to declare the number of pod replicas? So which of those manifests Where where did I declare the number of pod replicas? Was it a kubernetes deployment? a load balancer a service or a stateful set Which kubernetes resource allows you to declare the number of pod replicas All right, excellent. Most of you got it. It is a deployment So that was the thing we created that spun up three replicas of the one-time secret app a deployment And that's a part of the highly available part of kubernetes All right, damien has moved into first shoyer into second and ho ho into third All right two more questions. Which type of load balancer exposes an application to the internet? So that was the The image I showed you which type of load balancer exposes an application to the internet. Is it a load balancer a node port A cluster ip or an external name this question is worded incorrectly. That's my bad It's which type of service exposes an application to the internet But yes, it's it's load balancer. Well, that one was close. So the second most Voted was cluster ip that's just for communicating workloads inside of kubernetes So load balancer is the one where you get a nice ip address from your cloud provider All right Ho ho has moved into first Moz into second and damien into third one final question When connecting a service with a pod Which label must match so when connecting a service with the pod Which label must match is it the name label? Or the app label The name label or the app label? Oh, it is the app label all right, so leaderboard So in third place you get a Charger from digital ocean is chuckles if you're in the room you can come grab this after In second place is maz a digital ocean water bottle and in first place Ho ho you've earned this samey plushy. Thanks so much for coming y'all Give mason another round of applause We've got some stickers in the back come see our digital ocean booth We'd like some more swag or to chat and then mason and i will be here For a little bit if you have questions. Thanks so much