Containers No, Not Your Mama's Tupperware - Ell Marquez

their patience as we get starting to have hopefully you're all in the right room this is containers and no we won't be talking about your mama step water my name is el marques and I'm a technical trainer for the Rackspace private cloud I also do a lot of community evangelism a lot of just going out and recruiting new people to the industry so normally this is where speaker gives you their street cred right like they give you their alphabetical pedigree you know I haven't RHCs a Norwich de and none of that matters today I stand before you a newbie I am brand new to containers and the way that they say it is the best way

to learn something is to get up and teach it right put your money where your mouth is so that's what I'm here to do today there are times that throughout this you may have a question that I don't know the answer to so this is where I ask you how many of you have experience with like lxd docker kubernetes all right you see these guys that raise their hands especially my friend there in the back these are gonna be our subject matter experts so you know what if you have a question don't feel like I might go and ask that I'm gonna embarrass her like I'm okay being embarrass we have people here we're here to learn so we're gonna

do today is we're gonna start a journey and this hold hot got started when I was asked to write a course on getting served not certified in kubernetes not a big ass except for the fact that I had no idea what kubernetes was so I went to our subject matter experts and I said what is kubernetes means that container orchestration and of you hear the crickets or we have no idea what that means can I get more well you know it helps orchestrate your Linux containers quicker you literally define what I'm asking you with the words that I ask you to define that's what I do I don't see my journey hey so what is

commands well it has to do with docker and some ports but honestly you can use any form of containerization technology behind it so we'll be addressing both docker and Alex deep as well as other forms of machine containers but our journey really needs to begin with virtualization because it's what most people are accustomed to so the journey today begins with a simple computer when you go out and you buy a computer took our tech snob hats and put them away from those people it really doesn't matter what the OSS they buy it because they have applications that they want to use so it could be Windows it could be Linux it could be Mac OS it doesn't

matter but then you have a few of us who may be software developers they may be deploying and testing code they may be like me and I work off of a Mac from work but I work in OpenStack so I have a Linux box and then came the time that everybody in my house Wow I didn't want to be left out I wanted to play too so I got a Windows box then I started learning in my career and I needed a development center and I needed a laptop to be able to travel with and then suddenly I wanted to do a multi node deployment so my office ended up looking like this it can't be the only one in

this room who hasn't room in their house that looks like this right so what happens when you start needing to travel when you want to be able to develop when you when you go I have seen a few of you walking around with two laptops in your backpack like more power to you but I turned to virtualization so what is virtualization well that is key I would say that virtualization by itself is actually not a technology it's more of a concept it's separating the underlying hardware from the operating system it's done through the use of hypervisor technology so we take the computer that we have and yes this is back to the basics to some of you but

it's important to understand these concepts before understanding the separation that occurs in containers take a type 2 hypervisor and you install that on top of the operating system so here I have Mac and on top of that I have VirtualBox running and in my ritual and Bob's environment I have two different virtual machines each running its own operating system so I actually do have one running Windows and I have another one running Linux each one supports its own binaries and each one has their own applications what does this enable me to do this enables me to use one of my boxes as my OpenStack deployment because OpenStack releases every six months so every six months I

have to learn something from the bottom up and I'm gonna pose this environment we're talking I'm gonna be celebrating when I go more than 24 hours without a kernel panic so I can't do that and they come up here and present and go all right guys I don't know what's going on with my computer I need that separation occurring so what happens though if I am let's say working for a larger company where I have need to have even more separation so I can do something like a server on servers we generally installed type 1 hypervisor --zz now type 1 hypervisor x' because they don't have that level of operating system in between are generally agreed upon to

have higher performance availability and security so let's get to the separation when we we create these virtual machines really just create another set of machines it's basically you can kind of treat a virtual machines like its own computer the issue is that it requires that resources be allocated to it from the host machine so let's just say that I went down to Goodwill and I got this server and it has 16 gigs for the brain so I allocate a VM with 8 I allocate another one with 4 everything is going according to plan but what happens what I now need to duplicate that original VM now this is where some people pop their collars and they tell

me oh L it's simple all you do is you configure your hypervisor to allow over allocation of resources oh yeah don't you turn off one of the computers you wait for it to release its resources back and then you create you can imagine that if you're running multiple environments if you're testing and spinning up code and making changes this gets to be a long and tedious process we go back to the spinning and chairs look and we're waiting for our code to compile nobody wants that so that waste of time that kind of stressful situation is what led to the development of infrastructure as a service companies support as we know it now the cloud McCloud was great right

this enabled us to have resources whenever we want it done and we could just spin them up and delete them without having to manage all of that infrastructure but we still had an issue and that was under utilization of resources you had to buy these cloud servers in a predefined size we wanted more for our money and that in my opinion not an expert here but in my opinion is what led to the development of containerization if you go out and you look about containers and you especially if you're looking in a docker they represent containers it's like these big metal containers that are meant to go across the ocean and survive that's not what a container it when you

think about containers I want you to think about Tupperware but no not your mom I'm talking about that cheap piece of plastic Tupperware that you get at HEB when you buy the lunch meat and then you throw your lunch in it you're getting your trunk for a week so you just kind of throw it away and pretend that never existed that's what it contains but due to the lack of what a kind of a predefined definition of what a container is most people think of containers is like this brand new technology it's new and it's exciting not containers actually began their development with the chroot command in 1982 or in sorry 1978 and it was adopted

later by BSD in 1982 containers have been on this earth longer than I have so

we had the development of the jell command most limited there's no this then we had the exciting stuff happened we had Google get involved and Google has some deep pockets they began their work with processed containers in 2006 now do not get me wrong Google was not the only company that was actually developing and helping to spur containerization technology but they were by far the loudest they were the ones willing to go to conferences to talk to open it up to open source so if you are a little bit of a nerd like me and you're willing to read my papers I encourage you to go out and seek the board papers Borg as in Star Trek and

just delve into them it is a great story I thought I read it as a story it is a white paper but what didn't cause and what the need was within Google that caused them to put so much money into the work of process containers those of you that know about kubernetes kubernetes is actually the open source software version of their board project so sometime around 2008 I believe Google and all the other companies go to the Linux kernel summit and they sit down and they start hashing this out what do we really need what is the use case what are you doing for this and the result ended up being Linux namespaces they were adopted into

the Linux kernel and so basically of your Linux kernel and your namespaces live within it the namespaces work very similar to a type 2 hypervisor because what they do is they restrict the resources that a process to has to on the host so where I'm gonna kind of go open source community here who can tell me what a process is and explain it to me like I'm five it gets scary right when you're new even the simplest thing you've been using forever when you get called upon it just kind of starts giving you that like I know but I don't know how to say it I put this slide in because I want to challenge you guys that when someone

comes to you and they're new to this technology and they ask you a question remember that moment because think about how much vulnerability it took for them to come up and admit that they didn't know all right that's just my little preaching there so what's the process alright so process is a set of instructions for your computer to perform so it's basically taking a list saying computer I want you to do 1 2 3 or 4 go and prosper but Linux is a multiprocessor operating system which means it's going to be doing this more what more than one process at a time which means that a lot of these processes belong to the same application

now it would not really suit as well if our application couldn't talk to itself it could report back to itself so we use Linux namespaces in order to provide a separation for these processes from the global environment it becomes how we secure our multi-user multi application environment and so when I say namespace every when I say containers this is what I'm talking about we all get to this point all right cool people are actually naughty alright so we begin first with our inter process communication names now this mess but this namespace does is it offers a message queue for each process to be able to communicate and receive messages outside of its own container so we have process a running

and one container process be running the container they belong to the same application so because they have a shared namespace they're able to communicate with one another as containers need to be ephemeral this means I need to be able to get a container kill it off put a brand-new one in its place and I need my application to act like absolutely nothing happened we needed the UTS namespace this is called the unix time sharing namespace now what it does is allows for isolation of host names for each container now some of you thinking all right cool the process has a host name like whoop-dee-doo what does that mean what means that you're not having to reprogram your code every single time

you can now use commands like host name or you name as unique identifiers for that container so next we needed our mount namespace our mouth namespace does pretty much what the name implies it controls what filesystem mount points were visible to each container now mostly people use Linux know that normally when you mount our unmount a filesystem it's going to be presented and affect your entire global environment what the mountain namespace did is that provided a way for you to say you know what only container a has access to this USB disk or only to this you know NAT server whatever you're using and ok so after that we needed a way for us to isolate

our processes the PIM namespace allowed for each container to have its own process ID numbers this did was it healthy and it systems need to have hid one within each container the pin namespace allowed us to have the functionality of being able to develop on this computer shut down the process within the container move it to another computer spin it back up and ensure that we didn't have pin number conflict now that we had the ability to have pin 1 we needed the ability to have a root user within that computer without having to give route access to our entire computer so this became the last night to kind of thought this became our new security

feature which allowed us each container to have its own UID and GID user IDs and group user IDs so let's say that we were to have a security breach and we were to have an application or a person be able to break out of the container this would ensure that they would then become just a nobody user within our hosts now I know in this room a lot of you are sitting there thinking well I could do this and I could do that yes attacks are getting smarter so with this we've had that mean we're talking this is the bottom of our building here you know we go from namespaces to our docker files to our kubernetes

containers to our key visors to our cotta containers so I don't want you to understand believe that just because you use a namespace you're suddenly secure right putting that out there ok so next we needed a way to our last namespace is we needed a way to have networking so we have our network namespace our network namespace creates another copy of our network stack this means every single namespace it's gonna have a network namespace will have its own routing tables its own firewall rules and its own network devices it's important though to note that currently mi-joo this could change probably within the next two to three weeks because development is occurring here you can only have one network device per network

namespace so you're gonna have to start using things like virtual virtual tunnels to be able to connect between network namespaces just wanted to get that out there you can also use bridging as most of you know but I know that like everything I've just said might have just gone over some of your heads might have been like alright I get it I don't even know it's important so normally this is when I would drop into a demo but you all know that the Wi-Fi has been kind of questionable here so this is why I'm in this day let's pretend together we are now logged into my boom - 1604 cloud server and the first thing I'm gonna

list out our IP table rules yes nothing much going on here it's just a simple cloud server but I do have felt abandoned all some of you may have used it felt to ban scans or logs and bans IPS that show malicious signs such as too many password failures all right so then once I get here I'm able to go in and I use the IP net and s network namespace ad just telling it to add and the name of my new network name space is going to be sampled when you go out and you try this by yourself that you can use any naming convention that you want I'm just not very creative alright so

then we do in p9 ms and it listed out what this actually did though is it actually created a mount point inside of bar run net NS and at which network namespace after I already told you so that there is actually a way for my network namespace to exist even though I'm not running any processes into it so if that's how that exists without any processes in it alright that's pretty cool but what the interesting thing is I can actually drop into that network namespace so once I do that I have executed in my network namespace being the name sample a bash shell I want you to notice that would happen is as soon as I win

some kind of off the example here but what happened is I became the root user now if you recall every network namespace has its own IP table rules so if you look here and you compare them to the one from our machine you can see that this network namespace did not inherit the felt to ban application so this means that if you had applica if you had networking already set up to allow certain ports to go into your host this doesn't mean that they would be able to reach your namespace it has its own its own set of rules all right so if I do an IPA you can see that I actually do have networking available in this box

I can bring it up the reason I do this is all right so in this box you can't really see it too well but I'm logged in as a root user so I jump over and now I am actually just on my sample box I am not in the network namespace and I can actually start pinging that network namespace so I kind of have my own little machine inside of my machine without running a virtual machine without running an actual docker container this is the beginning of kind of where the story starts all right cool so then I go back and I have my network IP addresses one thing that I do want to mention that I started to earlier sorry

I'm looping back his luck say that I come in and I set up this container to allow for a webserver so I allow 80 and 443 get my website going and everything going I'm good right no because my host machine still can't accept that traffic so my container is completely or my namespace I'm sorry is completely isolated despite what rules I've said here all right so when I exit my container I can list out my key table rules but this actually I wish I could tell you I did it on purpose but I forgot that the moment I left my container I lost that root access so this is an example of what would happen

if you were in a container and able to break out you wouldn't inherit those abilities we use this a lot in applications such as OpenStack applications like a software such as OpenStack what we can do is we can have a whole rack of servers which are running the OpenStack software we spin up VMs within it and we can allow whatever range of IP table rules networking communication to occur within those VMs not configure the hosts and we basically have a standalone environment that we never have to allow access to from the outside world okay so the next thing I want to show you guys that's my IP table rules is you've homework everybody always asked me after I get

done with this talk is how do I get started working with containers like my companies using if they want me to learn I don't even know where to start spin up a Linux server go into LS go into LS going to proc do an LS and I want you to be able to explain to me what these directories are most of you are like all right what's the PS those are my processes okay cool but how many of you have actually gone into the name space directory means put it out you can't see you two out here but I have my UTS my user my pin my net get to the point where you can explain this to I'm

not even gonna five-year-old so you can explain this to a ten-year-old if you get to the point where you can tell them what is occurring inside of this directory and why I went into stuff stealth is a directory that allows you to get information of the process that you are currently using or who you currently are hey you get to this point and you can explain this to your boss you are above I would say 90% of the people who are currently involved in the container community that's how you get started all right so now that I've laid the groundwork for you we can jump into what we know as containers so let's talk about machine containers machine

containers are referred to as operating system containers because they're a method of actually instead of virtualizing the hardware we're now separating it and virtualizing the OS they differ from machine containers in this way or I'm sorry virtual machines so like I said in my previous example I have my Mac I get VirtualBox I can have a lineage container a Linux VM and I can have a Windows VM no problem you cannot at this time do that with machine containers Microsoft is doing some amazing things currently with add your containers but they're not quite there yet so currently if you use machine containers you'll be limited to the Linux OS but it does mean that I could have let's say my boon to

1604 cloud server be running a boon to 14 what LTS I believe be running an alpine container and be running a CentOS container no problem let's see that at work all right so I'm going to be using a what is it a program called lxd Alex T is an extension of Linux containers and you can use is you can do a Lexi list cool I have no containers the command that you're gonna use is Alexei launch then I am using Ubuntu 1604 I've said this like 15 times so at this point you guys probably know that is these exact same image as the server that I am on once again I'm not very creative the name is a boon

to container I do LXE list and you can see my machine container is up and running it's as simple as that to get started using containers all right I can do at sea or cat at the issues and you see that I am a fact using the same that that is in fact my operating system so like I did with a network namespace I am going to I'm sorry jumping ahead of my son so like I said before you don't have to use the same OS you notice the command changed here it's Alexi launch images the reason I had to put the word images now is I am no longer using the image that my server is um is built from

so I have Alpine 33.5 named Alpine container do an Alex e-list cool boom - 1604 cloud server running two different machine containers I can now actually execute an ash shell the reason I do not use bash is Alpine Linux is a tiny tiny version of Linux that is so small that it not incorporate bash into it naturally so when I do an app show I can say Who am I and apparently I'm the user but that is the root user I can once again cat Etsy you choose and prove to you that I in fact and now using Alpine Linux 3.5 so maybe a baby saying you know what I really don't need this at my

system like I am working with micro services I'm working with these simple little scripts that all I need is just a small isolated environment so I can run the script see what actually occurs without having to spin up an entire virtual machine right application containers are probably what you're interested in application containers are also referred to as process containers because we like having a lot of names for things in the tech world this is a way to provision a standalone environment for a single process and you guys may have actually only heard of one of them and that is docker that is because docker is the world's leading software platform and it was developed to build a single application Linux

containers and so with docker it differs a little bit from machine containers because let's say I want to run a web server application so I might have three containers one which has Apache one which has MySQL and the other which is run Java is before you notice that within our machine containers all three of these applications would be running within the same container any questions to this point quite you can't ask questions I promise all right so some of you may be asking them all right how do we get to the point where I'm running Apache or I'm running Java without having an operating system like how does that work what occurs through the use of the docker

image now a docker image is is a series of read-only layers stacked on top of each other and it begins with a base image so base image could be Sint OS it could be a boon - it could be something custom made by your company currently primarily Linux images like I said adjure is doing some amazing things right now and what docker does is it puts a read/write layer I'm sorry on top of your you only learn and so it makes use of a copy on write strategy or as we love acronyms in this tech world we call it cat well Cal says is that all of the processes and applications are going to be sharing the same binaries and

libraries and application files until one of them needs to make a change once that application a needs to make a change it will make its own copy on this readwrite layer and it will make changes here but all of the other applications and processes that are using that library will would continue using that base image layer so changes and copies are only made when an application actually needs to so let's say for example alpine linux because i love using it and we put our rewrite layer on top of it and i want to update it any changes that occur would be written on this layer this point though i must add a some of you hopefully are asking like

where do I even get a base image how do I get started in this process we do so by going to the darker story this is where you can get a plethora of images I might not have to say it in this room but I think I would be negligent not to just because an image is available on the docker store does not mean it as a trusted source I am NOT responsible for what you do so if you want to play around go to a company that you trust would that be a red hat with a view sent to us whether it be Alpine pull your image then your gonna create an Alpine a

docker file with the docker file is alright docker what do I want you to do so in this docker file this is really simple if you decide to go play with it you can run this exact same thing and get it running off the ground all I'm saying is hey from the docker hub because I haven't defined anything else pull the latest version of Alpine now there if you go into the docker hub you can see that they offer a history of different versions you can just replace latest with whatever you want I want you to then go and update it and then I want you to add H top now just looking at this docker file can anyone tell me how

many rewrite layers are gonna be either so rewrite layer yeah there you got to read write layers are generated by the issuing of a run command every single time you see run that's gonna be another layer that I'm building onto it you can see that here all right the Kommandant you're gonna use once you get that docker file written is gonna be sudo docker bill and that dot is just present working directory take the docker file out of this present record directly am working directory and from it we're going to so we say hey dr. do that docker goes back and reads our file and it starts working so from the Alpine library it pulls the latest image

pull complete so that's one action that it took and it gives me my new base image that is the ID from any base image step two so now I'm in another layer is it runs that update I want you to notice though it says running in it created another container based off that base image that we just pulled to do this work in once that's completed it removes that container and my next room command builds another container for this to occur you can kind of see the latency starting to build here especially if you're running a lot of commands alright once that has been removed it is built successfully one thing though that I do want to note is the

image that I have highlighted here is only available in your cache because you actually never told docker that you needed this image it's just one of the process or one of the steps that has to be taken to get you to what you want it so it's kind of interesting and the reason I bring it up that is in your cache is if let's say you decide to create another image taking the exact same step with the exact same based image it we're actually a curse quicker because it already has it stored in a local cache I said that enough times there okay once it's completed we've successfully built and we now have two images the base image that we pulled and

the one that we wanted it to create if you're like me and you're a visual learner this is what we did Alpine update H tub yay new image but as I had I stood up here in kind of those out for you hopefully some of you are getting into scripting or already script you could do something simple like this and just to cut down on your run commands despite the fact that I have now run three quote-unquote Linux commands I only used one run command so that image will only have the base layer which is already on my system and the one container that it's gonna need to build cool so why does this matter well

you can use it more than just building images you can use docker to run just single little bits of applications so one of the ways that I like to show this is through a program or an image called well saying how many of you have used Linux cousing I go look up Linux cafe it's fine it's something to entertain your kids with and make them think that you you know do amazing things as I know the Linux admin or whatever you do alright so I run and what you're telling you here is docker go to the docker hub from the docker hub and the docker repository right it's going from the docker repository pull the image well

sing and well sama say hey say cow say hello world now I paused it here because I want to show you if I was doing this live we would have to sit here and wait for every single one of those layers to pull now imagine if you're automating this across hundreds of servers or thousands of containers it's definitely gonna add to your latency so I'd encourage you if you don't script to at least play around become a little bit of a bash monkey there and play around with it and try to get your container I'm sorry your images as small as you can but what since completed we have our well sting hello well so at this point

I've been talking for good half hour we've covered virtualization we've covered machine containers we've covered application containers we've gone into docker and how docker images built that's a lot of stuff so at this point you may be wondering if I have all of this available to me why do I even need kubernetes like why is kubernetes the new heart right now lay aside imagine it took me about half an hour to get here to build you guys through this imagine if you have an infrastructure that goes across multiple cities states countries with hundreds of servers thousands of virtual machines I mean terms just spun up there two million virtual machine and I was like three years ago I don't even know where

they are now you imagine trying to automate this using ansible through danceable but that's just gonna be a lot of work there so that's what kind of crew Nettie's does kubernetes becomes our container orchestration hey took me half an hour to get you there but now you understand what container orchestration is so let's say that I have an application let's say that I'm using and I'm not gonna pick on a company cloud service a I have three cloud servers predominantly when I was building my application it would be written to the environment in which I was working in inter vendor lock-in it became very difficult for me to switch from pod computing a to cloud computing

B because I would have to write my code I'd have to get everybody back in their kubernetes offers a way to be able to kind of break apart from container um from that vendor lock-in because I now write my application to work with my docker images my lxd images whatever technology you're using and so when I'm ready to maybe I don't have any I'm not leaving cloud server maybe I'm just increasing my presence I can now move my application from one cloud computing company or one OpenStack bill to another and it all starts with setting a desired state now some of those of you that came in because your company is interested in kubernetes and that's what you're

interested this is the part where you start listening because what you want to walk away with is understanding the difference between your desired state and your observed state kubernetes the entire job all it actually really does is it sits there and it watches your system and it says does this system live up to the rules and the regulations that I have been given that it should live up to I'll get into what that actually means though so the kubernetes maintains a control plane record of kubernetes objects on this and it runs in a continuous loop to manage those object states it begins with the base unit of deployment in kubernetes this is where we get our

vocabulary in base unit of in kubernetes is the pot you can think of a pod is kind of just like a small server living inside of what is known as a node we'll get to that in just a second so even if let's say you want to run a tiny little script inside of one little container if you're using kubernetes it's going to make it inside of a pot it does so because it can use this pod as a base unit of replication so every time you say you know what I want 15 versions of this script running it can just go and create that exact same pod over and over again now if you're deploying multiple

containers inside of a pod so I have let's say three processes running like I do here they need a way to be able to communicate with each other enter your network name space all kubernetes does is it's making use of those Linux namespaces that we covered at the beginning in order to help communication occur between these containers inside of the pot now I did say that a pod exists inside of a node inside of kubernetes two more terms you need to know and that is master node and worker node what a worker node is is it could be a virtual server it could be a physical server it can be whatever it is that you want to

use but it works kind of like a you could be it like this IBM it what it does is it allows a place for you to be able to have all of your containers existing inside of those pods and it has different applications inside of it different api's that allow it to communicate with the server going like yep I've got you know 14 pods running hey this one pod broke it allows that communication to occur to the master server the master node which is what I told you guys about as end users of kubernetes you will only ever communicate with a master node the master node is what takes your instruction and it checks its

environment of worker nodes so one thing I should have mentioned I'm sorry is you can't have and you will have you should have multiple worker nodes I mean you should have maybe one man stir and hundreds of workers and what the master does is it combines all of its resources into what we know as a cluster so you don't actually ever need to care where your application is running as long as it's running right so it's a collection of processes running behind a single node those of you in larger corporations your company may have multiple servers configured as masters only one is actually acting as a master the others are called leaders they're just sitting there waiting for

the master to die off and as soon as it does or something happens they hold a little election one comes up and it says alright I'm the master now it's there for redundancy so I've given you guys all the terminology if you have any questions on that please ask I know I went through it kind of quick but I know everybody just kind of gets bored with the vocab lesson so let's pull it all together I have my master node I have my work now I told you guys that it's really just kind of silly to have one worker node you're not really using kubernetes so we're gonna expand our environment into three notes but I look

that's us right there and we want to have more than one version of our application running so we issue an API command or we can use a lot of the services such as CTL or a GUI if that's what you have access to to tell our worker node hey you it our sites getting kind of popular I want two versions of my web app running right now so kubernetes goes ahead and sets up that work but let's say that you know what my first picture I'm building this in my office and my roommate has decided to go in and sweep and he unplugs one of my machines right that's wayne kubernetes says you know my job was to ensure that

there were two versions of that app running and it moves it to another system all right so let's go ahead back in - um we're server so you can tell maybe it's a little small I'm actually logged into a different server this is the master node of my kubernetes cluster and what I'm gonna be showing you guys today is a way to interact with it using the cubed CTL command cube CTL just makes the API calls to the master to get the information that I need back really simply so the command is as simple as cube CTL get nodes those are the nodes I don't actually have to go out and do the authentication and put

authentication string and send out an API call every single time I want information I would be negligent to tell you guys or juggling not to tell you guys that there is a GUI available for kubernetes I just thought it would be a little silly for me to sit here and do command line for everything else and be like alright guys watch me push these buttons so we're teach you a little bit of command line here all right like I said cube CTL is super simple hey I want to know what pods I have in my environment it's what do CTL get pods this is also written by I believe Linux admins and if anybody knows a Linux admin we are the

laziest of the lazy and if we can script it we will so you can actually use kill cube CTL get Pio because pods was too long all right all right now we talked about namespaces so if I do cube CT I'll get an S one thing I want to point out these aren't your Linux namespaces kubernetes also uses the term namespaces to differ the way that it differentiates is name spaces within kubernetes are a way for you to give have multiple environments within your company so let's say that you know what I do have limited resources I only have X amount of computers and we all kind of share them through the use of kubernetes I could

have one environment for my development team one environment from my prod team and one environment for my team who perhaps sections off things that have been compromised and does investigations and each one of those environments can actually share me can actually have the same names so instead of let's say I have my practice namespace I contain if I created Ella's container one I couldn't create another L containers one however that name could exist within any other one of my namespaces that it's clear as matter did that make sense so if something happens I can be moving my server around without them without being afraid of you know the name clash all right let's see if there was anything

else that I wanted to point out oh one important thing that I learned the hard way when you go out and practice this if you kill off your namespace everything that lives in that namespace will be gone and you will not be able to get it back that was a lesson hard learned all right so if I do cube CTL get pods and you notice that when I did it first it said that I didn't have any resources but now when I tagged on that all namespaces suddenly I do have a pot up and running that's because whenever you use whenever we just go in and it's just your basic build it's automatically gonna put you into the default namespace

if you create any resources and you don't tell it what name to put it in it's automatically gonna put it into that default namespace I put Leah that I want to use kubernetes and I like the web app example I don't tell you guys I decide that I want to run a web app this isn't an image or anything like I said I'm not creative that's just my naming convention but I'm going to be using the image engine X and because I'm pretending it's a web app here I'm going to be exposing port 80 on the container now if I were to run this could you from the outside world connect to this box or connect to this web

server no because my actual machine hasn't been that I would need to set the application rules to my machine room my container is exposed but I haven't allowed traffic in from the outside world it can't get to it and in samples of things like OpenStack that's fine because I'm having all my communication happen internally okay so I do my cube CT elves get pods and cool there's my pod up and running let's say that you know I closed my lid here I go on and I come back another day and I'm looking at this and I wait I was there any web outlet I don't even remember I was doing to delete the pod should be

simple enough right cube CTL delete pod and I do the name we do it get pods to confirm accept that my app is still there maybe tell me what happened so not a restart it created a whole new one because if you look at the name it step I know but it's important it didn't restart it it actually did do it instead it went in and it deleted that container but then I created a new but a new one because I told it that that's what I wanted it to do all right that goes back to our desired state and observe state now there's actually a lot more to it what I actually did was I

didn't create a pot I kind of went behind I created a deployment which is what tells kubernetes to get that going but kubernetes within itself is a monster on its own I guess I got a little nervous today and I talked a little faster than I usually do because normally I am like at time but I do want to offer the ability to you guys if you want to know more about not containerization kubernetes by itself how you get an app and you get it running we have a class going on next Wednesday normally we sell it but it's not your guy's fault but I couldn't get everything into one so if you want to

attend it it's how to get a Hello roll up and running in kubernetes feel free to go to training at Rackspace comm use that promo code and you can take the course for free it's free sorry percent free you can hazy okay all right cool do we have any questions oh sorry sorry I thought people were done taking pictures

so it's about hour-long webinar you can attend it from your desk I don't know I'd have to ask my I mean if I guess that's depends on your boss

[Music]

yes public service announcement yes

and we'll go over one question that I generally get that I think is actually really important is most people always ask me you know like why would I use a container instead of a virtual machine or why would I use an application container instead of a machine container and I don't think it's a valid question because the answer is use all of them so one thing that I do when I'm going out there and pulling images that I don't know first of all I'm using might like what I call my partner computer the one that always gets reimaged anyways because I'm going to break it and then I have a virtual machine running they end

up having an application which I'm sorry a machine container inside of that or something like Potter containers and I'm running it inside of that so I'm like sandbox in my sandbox for my sandbox I so there are it's really important to know that this technology is not use one or another like all of this is nested virtualization so don't ever feel like you have to pick one you know you have to use docker I've used docker on top of my lxd container before just go have fun that's my big messages go and play with this and break it and delete it and start over yes it is I believe next Wednesday at 10 a.m. we do to this code will actually

work for the second one but you've already sat through it we have another one understanding containerization so if you know somebody maybe from your company that might have wished they could have been here today you can give him this code that way is this Wednesdays coming up and they can use the codes check the website to make sure I haven't

[Music]

[Applause]