The overall evolution towards microservices has caused a lot of IT leaders to radically rethink architectures and platforms. One can hardly keep up with the rapid onslaught on new distributed technologies. The same people who just asked yesterday "how can we deploy Docker containers?", are now asking "how can we operate Kubernetes-as-a-Service on-premise?", and are about to start asking "how can we operate the open source frameworks of our choice, such as Spark, TensorFlow, HDFS, and more, as a service across hybrid clouds?”. This session will discuss: Challenges of orchestrating and operating
7. ETCD 01
MASTER 01
etcd
LoadBalancer
WORKER 01
API Server
Scheduler
Controller
Manager
Kubectl
Kubelet Kube Proxy
Container Engine (Docker,
CRI-O)
Pod Pod Pod
HTTPS
HTTPS
HTTPS
HTTPS
8. Deploying Kubernetes
1. Prerequisites
2. Installing the Client Tools
3. Provisioning Compute Resources
4. Provisioning the CA and Generating TLS Certificates
5. Generating Kubernetes Configuration Files for Authentication
6. Generating the Data Encryption Config and Key
7. Bootstrapping the etcd Cluster… 3x for HA
10. Bootstrapping the Kubernetes Control Plane… 3x for HA
13. Bootstrapping the Kubernetes Worker Nodes
14. Configuring kubectl for Remote Access
15. Provisioning Pod Network Routes
16. Deploying the DNS Cluster Add-on… Deploying other Add-ons
20. Smoke Test
21. Cleaning Up
Running on your own
14. Why Services?
14
Microservice Display
1. Microservice records
running activity
2. Data written to
Kafka topic
3. Data analyzed Flink 4. Results stored in
Cassandra
7. Reminder displayed
using Microservice
15. Why Services?
Source Code
Control
Build and Test Release
Deploy, Monitor
and Log
Automatically trigger CI/CD
pipeline based on code
check-in.
Start automated build and test,
including functional, security
and performance tests.
Update artifact repository with
latest successful code artifacts
and pull newest images
Deploy applications to container
orchestration and watch with
monitoring and logging
CONTINUOUS INTEGRATION (CI) CONTINUOUS DEPLOYMENT (CD)
Marathon
16. Why Services?
Continuous Integration
Monitoring & Operations
Distributed Data
Storage and
Streaming
Data Preparation
and Analysis
Storage of trained
Models and
Metadata
Use trained Model
for Inference
Distributed
Training using
Machine Learning
Frameworks
Data & Streaming
Model
Engineering
Model
Management
Model Serving
Model
Training
Management
22. Deploying Kubernetes
1. Prerequisites
2. Installing the Client Tools
3. Provisioning Compute Resources
4. Provisioning the CA and Generating TLS Certificates
5. Generating Kubernetes Configuration Files for Authentication
6. Generating the Data Encryption Config and Key
7. Bootstrapping the etcd Cluster… 3x for HA
10. Bootstrapping the Kubernetes Control Plane… 3x for HA
13. Bootstrapping the Kubernetes Worker Nodes
14. Configuring kubectl for Remote Access
15. Provisioning Pod Network Routes
16. Deploying the DNS Cluster Add-on… Deploying other Add-ons
20. Smoke Test
21. Cleaning Up
Running on your own
$ dcos package install
kubernetes
on
23. Encrypted Communication
1. Generate certificates and keys using DC/OS PKI
2. Store certificates in DC/OS Secret Store
3. Distribute certificates and keys to data services
4. Apply security configuration
5. Perform rolling restart of the service
Each data service has its own distinct security procedure, which sometimes change per version
Kafka Cassandra Elastic Spark HDFS
35. Resource Quota
35
• Share resources between
multiple services
• No static partitioning
• One role per job/entity
• Use quota per role
• Min and Max resource
allocation