DRUPAL AND CONTAINER

ORCHESTRATION:
Using Kubernetes to Manage All the Things

Presented by
Shayan Sarkar | Booz Allen Hamilton
Will Patterson | Booz Allen Hamilton

Innovation center, Washington, D.C. DRUPAL GOVCON 2017

WHAT HAS DOCKER DONE FOR US?
• Continuous delivery
- Deliver software more often and with less errors
- No time spent on dev-to-ops handoffs
• Improved Security
- Containers help isolate each part of your system and provides
better control of each component of your system
• Run anything, anywhere
- All languages, all databases, all operating systems
- Any distribution, any cloud, any machine
• Reproducibility
- Reduces the times we say “it worked on my machine”

#BoozAllen #Drupal4Gov 1
WHAT DOES KUBERNETES DO?
• Kubernetes is an open-source system for automating deployment,
scaling, and management of containerized applications.

• Improves reliability
- Continuously monitors and manages your containers
- Will scale your application to handle changes in load
• Better use of infrastructure resources
- Helps reduce infrastructure requirements by gracefully scaling up
and down your entire platform
• Coordinates what containers run where and when across your system
• How do all the different types of containers in a system talk to each
other?
• Easily coordinate deployments of your system
- Which containers need to be deployed
- Where should the containers be deployed

#BoozAllen #Drupal4Gov 2
THE POD IS THE CORE KUBERNETES COMPONENT

• The Pod is the core component of Kubernetes

• Collection of 1 or more containers
• Each pod should focus on one container, however sidecar containers
can be added to enhance features of the core container

spec:
template:
spec:
containers:
- name: drupal
image: cr.io/repo/mydrupal:v1

#BoozAllen #Drupal4Gov 3
PODS CAN HANDLE SCALING AND DEPLOYMENTS

• Once Kubernetes understands what is in a pod, multiple

management features are available:

• System Performance
- Scale up/down the number of pods based on CPU load or
other criteria

• System Monitoring
- Probes to check the health of each pod
- Any unhealthy ones get killed and new pod is put into service

• Deployments
- Deploy new versions of the container
- Control traffic to the new pods to test the new version
o Blue/Green deployments
o Rolling deployments

#BoozAllen #Drupal4Gov 4
KUBERNETES SERVICES TIE TOGETHER THE PODS
• Kubernetes Services are used to control communications with the
pods
- Load balance the requests
- Don’t send traffic to the unhealthy ones
- Only talk to the correct version

apiVersion: v1
kind: Service
metadata:
name: drupal
spec:
selector:
app: drupal
ports:
- name: http-port
port: 80
type: LoadBalancer

#BoozAllen #Drupal4Gov 5
SERVICES STRUCTURE ALLOW MULTIPLE COMPONENTS

• With the Service architecture Kubernetes handles things

that you often might have to worry about
- Service discovery
- Load balancing
- Scaling

• Service discovery allows each pod just needs to call the

name of the service it wants to talk to

• Services have multiple options

- Session based load balancing
- Single port based services
- External Services

• The Service architecture of Kubernetes can be scaled up to

handle as many services as you would like for your system

#BoozAllen #Drupal4Gov 6
WHERE IS THE INFRASTRUCTURE?

• You don’t have to worry about the infrastructure

• The entire design of pods and services is described

with YAML files
• Nothing in deployments, pod management, service
discovery, monitoring, etc required any knowledge
about how many servers, IP addresses, load balancers,
or anything else with the infrastructure
• Behind the scenes, Kubernetes is aware of all of the
servers available, load balancers, application gateways
and will configure them automatically according to
what is in the YAML files

#BoozAllen #Drupal4Gov 7
DRUPAL EXAMPLES

#BoozAllen #Drupal4Gov 8
DEPLOYMENT
apiVersion: extensions/v1beta1
• Deployment—connects a Pod with replication control and
kind: Deployment
metadata:
rollout management
name: drupal - Synchronizes app configuration across instances
spec: - Production deploys are as simple as updating an image tag
template: - No more bouncing apache on a dozen servers
spec:
• Contains a Pod spec
containers:
- name: drupal
image: cr.io/repo/mydrupal:v1
ports:
containerPort: 80

#BoozAllen #Drupal4Gov 9
AUTOSCALING
apiVersion: autoscaling/v1
• Realizes the promise of the cloud: scales your app in response
kind: HorizontalPodAutoscaler
spec:
to load, in real time
scaleTargetRef: • Kubernetes tracks resource utilization
apiVersion: extensions/v1beta1
kind: Deployment
• Responds by adding or removing pods to the Replica Set
name: drupal • Kubernetes core supports CPU utilization
minReplicas: 2
maxReplicas: 10
• Other resources are available via add-ons
targetCPUUtilizationPercentage: 50 • Pod autoscaling != node autoscaling
• Node autoscaling for GCE and AWS as add-ons

#BoozAllen #Drupal4Gov 10
SERVICE
apiVersion: v1
• curl http://drupal/cron.php
kind: Service
metadata: • Manages ports and internal IP’s with domain name resolution
name: drupal
• Opens ports on agent nodes
spec:
selector: • Manages load balancing between pods
app: drupal
• Provisions cloud provider load balancer
ports:
- name: http-port • Exposes pods to Kubernetes service discovery
port: 80
type: LoadBalancer

#BoozAllen #Drupal4Gov 11
EXTERNAL SERVICE
kind: Service
• Use RDS and provider services when possible
apiVersion: v1
metadata: • No need to hard code external services in your application
name: mysql-service
• Adds an external resource to Kubernetes service discovery
spec:
type: ExternalName
externalName: mysql.example.com
ports:
- port: 3306

#BoozAllen #Drupal4Gov 12
DEPLOYMENT: CONFIGURATION MANAGEMENT
apiVersion: extensions/v1beta1 * $databases['default']['default'] = array(
kind: Deployment * 'driver' => 'sqlite',
spec: * 'database' => '/path/to/databasefilename',
replicas: 2 * );
template: * @endcode
spec: */
containers: $databases['default']['default'] = array(
- name: drupal 'driver' => 'mysql',
image: cr.io/repo/mydrupal:v1 'database' => 'mydrupaldb',
ports: 'username' => getenv('DB_USERNAME'),
containerPort: 80 'password' => getenv('DB_PASSWORD'),
env: 'host' => getenv('DB_HOSTNAME'),
- name: DB_HOSTNAME );
value: mysql-service
- name: DB_PASSWORD /**
valueFrom: * Access control for update.php script.
secretKeyRef: *
name: mysql-service-secrets * If you are updating your Drupal installation using
key: password * are not logged in using either an account with the
imagePullSecrets: * updates" permission or the site maintenance account
- name: registrykey * created during installation), you will need to modify

#BoozAllen #Drupal4Gov 13
DEPLOYMENT: VOLUMES
apiVersion: extensions/v1beta1
• Manages networked drives across containers and VM’s
kind: Deployment
spec: • volumeMounts sets the mount path and references a named
replicas: 2 volume
template:
spec:
• Volumes can be defined as
containers: - Pre-created named volumes
- name: drupal - Dynamically provisioned Persistent Volume Claims
image: cr.io/repo/mydrupal:v1
ports:
containerPort: 80
volumeMounts:
- name: my-drupal-volume
mountPath: /drupal-7.56/sites/files
volumes:
- name: my-drupal-volume
azureFile:
secretName: azure-storage-secret
shareName: <pre-existing-file-share>
readOnly: false

#BoozAllen #Drupal4Gov 14
NOTHING IS EASY

#BoozAllen #Drupal4Gov 15
LESSONS LEARNED
• Kubernetes is open source and fast moving. Cloud provider specific
integrations might trail a couple versions.
- Ingress Controllers
- Managed Disks
• While the Infrastructure is generally transparent, you still need to
ensure that the cloud provider implemented Kubernetes support in a
manner that meets your system needs
- Internal vs External load balancers
- Cluster Scaling
• Leverage the strength of the open source community.

#BoozAllen #Drupal4Gov 16
GETTING STARTED
Install local utilities: kubectl and minikube
https://kubernetes.io/docs/tasks/tools/install-kubectl/

Checkout the Kubernetes docs

https://kubernetes.io/docs/home/

Unified Logging with Fluentbit

http://fluentbit.io/documentation/0.11/kubernetes/

Syslog, Docker, and Drupal

https://github.com/BradJonesLLC/docker-drupal

#BoozAllen #Drupal4Gov 17
QUESTIONS?
J OI N U S AT T HE B OOZ A L L EN E X PO B OOTH
ADDITIONAL RESOURCES

• Red Hat OpenShift : Enterprise implementation of Kubernetes

- https://www.openshift.com/
• Kops : Kubernetes cluster management utility
- https://github.com/kubernetes/kops

Booz Allen’s Drupal.org Profile: https://www.drupal.org/booz-allen-hamilton

Join the Conversation…

…And Come Visit Our Booth!
#BoozAllen #Drupal4Gov 19
FOR MORE INFORMATION…

Today’s Speakers – Please visit our booth for further Q&A:

• Shayan Sarkar, Solution Architect, [email protected]
• Will Patterson, Drupal Developer, [email protected]

Please contact Booz Allen’s Strategic Innovation Group for more information on our Drupal practice:
• Arash Farazdaghi, Solution Architect, [email protected]
• Eric Robbins, Solution Architect, [email protected]
• Craig Warsaw, Principal Solution Architect, [email protected]

Join the Conversation…

…And Come Visit Our Booth!
#BoozAllen #Drupal4Gov 20