SlideShare a Scribd company logo

5 - Hands-on Kubernetes Workshop:

Kangaroot
Kangaroot

Get an intro on Kubernetes and how to deploy through Rancher. Discover how to start your CI/CD flow and integrate your build tools within Kubernetes. We'll show you how to secure your environment and manage your logging and monitoring.

Software
1 of 27
Download to read offline
Open19 k8s workshop Part 1: Kubernetes deployment & management K8S & Rancher - concepts
Historically - from bare-metal installations (90's), - through virtualized deployments (2000's), - to containerized deployments (now)
Enablers: - cloud computing -> cloud providers ! - scale: dynamic scaling on global level. - security - availability: from rack to data center to global region - features (paas): - app: databases - app: file services - infra: dns, certificates
Enablers – contd. - infrastructure as code (eg terraform, ansible) - (TF) cloud provider infrastructure (firewall rules, load balancers, networks) - (TF) virtual servers - (TF/Ans) supporting services: file services, database services - (Ans) os provisioning
Enablers – contd…. - docker: a bundle of packaged dependencies - pets vs cattle: microservices: - deployable - upgradable - scaleable - recoverable - container registries: - docker hub - standalone registry - in-cluster registry - cloud provider registry
Bringing it together: orchestration - go beyond a simple ‘docker run’ - scheduling in function of: - load - availability - rolling updates
Kubernetes (K8S): a container orchestrator Roles - etcd: key-value store db to hold configuration - availability and cluster quorum - backups & restores - bottlenecks & scaling ! - control plane: - api service to access the cluster - scheduling logic - management layer !
K8S Roles – contd. - worker nodes: - run the actual workloads - can scale dynamically, leveraging cloud services
so cluster composition for a basic cluster: - 3 etcd nodes due to quorum requirements. - at least 2 (but we might as well combine with etcd roles and use 3) CP nodes - 2 or more workers (if possible using auto-scaling) - Do not combine worker with cp/management role. - So a total of 5 nodes per cluster seems sensible for testing.
K8s: application perspective - declarative syntax: YAML - unit of work: the pod - deployments, stateful sets, daemonsets
K8s: storage – some thoughts - try to leverage cloud provider storage api's when possible ( while avoiding vendor lock-in) - traditional storage can be challenging (nfs, iscsi) - storage vendors can provide storage provisioners through the CSI - try to keep microservices stateless wherever possible - currently an evolving topic (see CSI)
Storage model: abstraction layers - Persistent Volumes: leverages a storage provisioner to reserve actual storage on a physical device. - Persistent Volume Claims: try to claim a created PV for use by one or more pods - Storage Classes: more dynamic way of mapping PVC's to actual storage …and: - software-defined: configmaps Useful for: injecting variables into a container, injecting a config file
Networking: the cluster network - SDN drivers: choices - in-cluster communication: pod-to-pod & dynamic ip's - accessing apps in-cluster: services - service discovery: dns - try to use tags as selectors when possible (more dynamic)
Accessing apps outside of the cluster - nodeports: - bound to a socket (same on every node) - for tcp/udp services, eg smtp - functionality implemented within k8s
Accessing apps: ingress - ingress rules: - add layer-7 logic (use case: http) - choice of provisioner: eg nginx - needs some kind of ingress provisioner as a third-party component, popular: nginx. but also eg haproxy, F5, ...
Accessing apps… - easy & cheap: dns rr - in-app provisioned cloud lb - on-prem or separately managed lb
Security boundaries - namespaces administratively separating privileges on objects - network policies: securing network communications within the cluster network - RBAC - ingress: for application access, API server: for management. - so foresee separate incoming paths for both
K8s: bringing it together - app: combination of components - pods, services and a deployment model (eg deployments) - persistent storage if needed - a way to access the app: in-cluster <-> outside of cluster - configuration objects (configmaps, static config files) - scaling & security logic - health checks - ...
Rolling out your app - set of yml files (or one big yml file), similar to docker compose - k8s package manager: helm - helm can be integrated into your deployment strategy - can work with variables & tags, supports concept of upgrades & rollbacks - hierarchy: <docker image> -> <container> -> <pod> -> <deployment> -> <ingress> -> helm chart.
Missing link: management - kubectl: provided by kubernetes for most os's, but cli only - managing the components can be challenging: - k8s through api using kubectl: learning curve, visibility challenges - etcd: actual data has to be managed using etcdctl (eg backups/restores) - vendor-specific management layers on top of k8s: eg openshift (RedHat)
Vendor-agnostic solution: rancher labs - cloud providers (as vm or as paas) or on-prem deployments - supported linux os's: centos, ubuntu, ... - Hardened and slimmed-down os: RancherOS -> this is what is used for a dynamic cloud provider rollout, if you decide not to use paas.
Rancher – contd. - adds authentication layer: eg openldap, AD, Azure AD, ... - abstracts away cluster deployment, upgrades & backups - abstracts away complexity of yaml objects, - eg easy for creating yaml templates - learn by doing: create a rancher workload, underlying yaml will be generated for needed linked objects such as services, then inspect or export the yaml for re-use
Rancher – cntd. - kubernetes clusters are rolled out within containers (but can also be imported) - provides cli tools, a web gui and a rest API - provides some out-of the box additional functionality such as: - an nginx ingress daemonset. - helm charts
rancher - contd. - Can be installed as standalone docker instance or within a HA cluster - Access: should be deployed as part of the management plane -> so together with API server. - adds concept of 'projects' (as a grouping of namespaces) to the security/deployment model. - gui shortcuts to eg container logs, shell exec, kubectl desribe
Missing link – logging/monitoring - Rancher adds some performance monitoring but it is very basic - Cloud-native solution: prometheus - can be rolled out on a separate machine or within one or more clusters - helm chart for Prometheus icw Grafana is available (but you can also download k8s charts and integration apps at Grafana)
prometheus - built for dynamic cloud environments: - can eg leverage kubernetes metadata to discover new pods - can use data exported by the cloud provider to discover vm's - can use DNS data to discover new hosts/vm's/pods - but can also use a static configuration.
monitoring - make sure to monitor both within Kubernetes and on infrastruture level. - logging solution: ELK, splunk, syslog, fluentd, kafka

Recommended

7 - Monitoring Kubernetes with Elastic
7 - Monitoring Kubernetes with Elastic7 - Monitoring Kubernetes with Elastic
7 - Monitoring Kubernetes with Elastic
Kangaroot
 
4 - Customer story: Telenet
4 - Customer story: Telenet4 - Customer story: Telenet
4 - Customer story: Telenet
Kangaroot
 
3 - Delen Private Bank: FOSS adventures in a Cloud Native world
3 - Delen Private Bank: FOSS adventures in a Cloud Native world3 - Delen Private Bank: FOSS adventures in a Cloud Native world
3 - Delen Private Bank: FOSS adventures in a Cloud Native world
Kangaroot
 
OSDC 2018 | Three years running containers with Kubernetes in Production by T...
OSDC 2018 | Three years running containers with Kubernetes in Production by T...OSDC 2018 | Three years running containers with Kubernetes in Production by T...
OSDC 2018 | Three years running containers with Kubernetes in Production by T...
NETWAYS
 
Intro to creating kubernetes operators
Intro to creating kubernetes operators Intro to creating kubernetes operators
Intro to creating kubernetes operators
Juraj Hantak
 
Scale into Multi-Cloud with Containers
Scale into Multi-Cloud with ContainersScale into Multi-Cloud with Containers
Scale into Multi-Cloud with Containers
Imesh Gunaratne
 
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...
NETWAYS
 
High Availability - Brett Thurber - ManageIQ Design Summit 2016
High Availability - Brett Thurber - ManageIQ Design Summit 2016High Availability - Brett Thurber - ManageIQ Design Summit 2016
High Availability - Brett Thurber - ManageIQ Design Summit 2016
ManageIQ
 

Recommended

7 - Monitoring Kubernetes with Elastic
7 - Monitoring Kubernetes with Elastic7 - Monitoring Kubernetes with Elastic
7 - Monitoring Kubernetes with Elastic
Kangaroot
 
4 - Customer story: Telenet
4 - Customer story: Telenet4 - Customer story: Telenet
4 - Customer story: Telenet
Kangaroot
 
3 - Delen Private Bank: FOSS adventures in a Cloud Native world
3 - Delen Private Bank: FOSS adventures in a Cloud Native world3 - Delen Private Bank: FOSS adventures in a Cloud Native world
3 - Delen Private Bank: FOSS adventures in a Cloud Native world
Kangaroot
 
OSDC 2018 | Three years running containers with Kubernetes in Production by T...
OSDC 2018 | Three years running containers with Kubernetes in Production by T...OSDC 2018 | Three years running containers with Kubernetes in Production by T...
OSDC 2018 | Three years running containers with Kubernetes in Production by T...
NETWAYS
 
Intro to creating kubernetes operators
Intro to creating kubernetes operators Intro to creating kubernetes operators
Intro to creating kubernetes operators
Juraj Hantak
 
Scale into Multi-Cloud with Containers
Scale into Multi-Cloud with ContainersScale into Multi-Cloud with Containers
Scale into Multi-Cloud with Containers
Imesh Gunaratne
 
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...
NETWAYS
 
High Availability - Brett Thurber - ManageIQ Design Summit 2016
High Availability - Brett Thurber - ManageIQ Design Summit 2016High Availability - Brett Thurber - ManageIQ Design Summit 2016
High Availability - Brett Thurber - ManageIQ Design Summit 2016
ManageIQ
 
Web後端技術的演變
Web後端技術的演變Web後端技術的演變
Web後端技術的演變
inwin stack
 
VietOpenStack meetup 7th High Performance VM
VietOpenStack meetup 7th High Performance VMVietOpenStack meetup 7th High Performance VM
VietOpenStack meetup 7th High Performance VM
Vietnam Open Infrastructure User Group
 
OSDC 2018 | Self Hosted bare Metal Kubernetes for SMEs by Thomas Hoppe
OSDC 2018 | Self Hosted bare Metal Kubernetes for SMEs by Thomas HoppeOSDC 2018 | Self Hosted bare Metal Kubernetes for SMEs by Thomas Hoppe
OSDC 2018 | Self Hosted bare Metal Kubernetes for SMEs by Thomas Hoppe
NETWAYS
 
Docker for HPC in a Nutshell
Docker for HPC in a NutshellDocker for HPC in a Nutshell
Docker for HPC in a Nutshell
inside-BigData.com
 
OSDC 2018 | Monitoring Kubernetes at Scale by Monica Sarbu
OSDC 2018 | Monitoring Kubernetes at Scale by Monica SarbuOSDC 2018 | Monitoring Kubernetes at Scale by Monica Sarbu
OSDC 2018 | Monitoring Kubernetes at Scale by Monica Sarbu
NETWAYS
 
Episode 4: Operating Kubernetes at Scale with DC/OS
Episode 4: Operating Kubernetes at Scale with DC/OSEpisode 4: Operating Kubernetes at Scale with DC/OS
Episode 4: Operating Kubernetes at Scale with DC/OS
Mesosphere Inc.
 
Implementing an Automated Staging Environment
Implementing an Automated Staging EnvironmentImplementing an Automated Staging Environment
Implementing an Automated Staging Environment
Daniel Oliveira Filho
 
Kubernetes - A Short Ride Throught the project and its ecosystem
Kubernetes - A Short Ride Throught the project and its ecosystemKubernetes - A Short Ride Throught the project and its ecosystem
Kubernetes - A Short Ride Throught the project and its ecosystem
Maciej Kwiek
 
Introduction to Container Storage Interface (CSI)
Introduction to Container Storage Interface (CSI)Introduction to Container Storage Interface (CSI)
Introduction to Container Storage Interface (CSI)
Idan Atias
 
(Open)Stacking Containers
(Open)Stacking Containers(Open)Stacking Containers
(Open)Stacking Containers
Ken Thompson
 
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike PlaceOSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
NETWAYS
 
HPC in a Box - Docker Workshop at ISC 2015
HPC in a Box - Docker Workshop at ISC 2015HPC in a Box - Docker Workshop at ISC 2015
HPC in a Box - Docker Workshop at ISC 2015
inside-BigData.com
 
OpenShift Application Development | DO288 | Red Hat OpenShift
OpenShift Application Development | DO288 | Red Hat OpenShiftOpenShift Application Development | DO288 | Red Hat OpenShift
OpenShift Application Development | DO288 | Red Hat OpenShift
Global Knowledge Technologies
 
AWS Lambda and serverless Java | DevNation Live
AWS Lambda and serverless Java | DevNation LiveAWS Lambda and serverless Java | DevNation Live
AWS Lambda and serverless Java | DevNation Live
Red Hat Developers
 
OSDC 2018 | Ops hates containers. Why? by Martin Alfke
OSDC 2018 | Ops hates containers. Why? by Martin AlfkeOSDC 2018 | Ops hates containers. Why? by Martin Alfke
OSDC 2018 | Ops hates containers. Why? by Martin Alfke
NETWAYS
 
Deploy prometheus on kubernetes
Deploy prometheus on kubernetesDeploy prometheus on kubernetes
Deploy prometheus on kubernetes
Cloud Technology Experts
 
OpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryOpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service Delivery
Mirantis
 
Episode 2: Deploying Kubernetes at Scale
Episode 2: Deploying Kubernetes at ScaleEpisode 2: Deploying Kubernetes at Scale
Episode 2: Deploying Kubernetes at Scale
Mesosphere Inc.
 
Docker Workshop
Docker WorkshopDocker Workshop
Docker Workshop
Alex Baretto
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep dive
Winton Winton
 
CoreOS and cloud provider integration: simple cloud-init example at Exoscale
CoreOS and cloud provider integration: simple cloud-init example at ExoscaleCoreOS and cloud provider integration: simple cloud-init example at Exoscale
CoreOS and cloud provider integration: simple cloud-init example at Exoscale
Antoine COETSIER
 
Kubernetes Administration from Zero to Hero.pdf
Kubernetes Administration from Zero to Hero.pdfKubernetes Administration from Zero to Hero.pdf
Kubernetes Administration from Zero to Hero.pdf
ArzooGupta16
 

More Related Content

What's hot

Docker for HPC in a Nutshell
Docker for HPC in a NutshellDocker for HPC in a Nutshell
Docker for HPC in a Nutshell
inside-BigData.com
 
OSDC 2018 | Monitoring Kubernetes at Scale by Monica Sarbu
OSDC 2018 | Monitoring Kubernetes at Scale by Monica SarbuOSDC 2018 | Monitoring Kubernetes at Scale by Monica Sarbu
OSDC 2018 | Monitoring Kubernetes at Scale by Monica Sarbu
NETWAYS
 
Episode 4: Operating Kubernetes at Scale with DC/OS
Episode 4: Operating Kubernetes at Scale with DC/OSEpisode 4: Operating Kubernetes at Scale with DC/OS
Episode 4: Operating Kubernetes at Scale with DC/OS
Mesosphere Inc.
 
Introduction to Container Storage Interface (CSI)
Introduction to Container Storage Interface (CSI)Introduction to Container Storage Interface (CSI)
Introduction to Container Storage Interface (CSI)
Idan Atias
 
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike PlaceOSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
NETWAYS
 

What's hot (20)

Web後端技術的演變
Web後端技術的演變Web後端技術的演變
Web後端技術的演變
 
VietOpenStack meetup 7th High Performance VM
VietOpenStack meetup 7th High Performance VMVietOpenStack meetup 7th High Performance VM
VietOpenStack meetup 7th High Performance VM
 
OSDC 2018 | Self Hosted bare Metal Kubernetes for SMEs by Thomas Hoppe
OSDC 2018 | Self Hosted bare Metal Kubernetes for SMEs by Thomas HoppeOSDC 2018 | Self Hosted bare Metal Kubernetes for SMEs by Thomas Hoppe
OSDC 2018 | Self Hosted bare Metal Kubernetes for SMEs by Thomas Hoppe
 
Docker for HPC in a Nutshell
Docker for HPC in a NutshellDocker for HPC in a Nutshell
Docker for HPC in a Nutshell
 
OSDC 2018 | Monitoring Kubernetes at Scale by Monica Sarbu
OSDC 2018 | Monitoring Kubernetes at Scale by Monica SarbuOSDC 2018 | Monitoring Kubernetes at Scale by Monica Sarbu
OSDC 2018 | Monitoring Kubernetes at Scale by Monica Sarbu
 
Episode 4: Operating Kubernetes at Scale with DC/OS
Episode 4: Operating Kubernetes at Scale with DC/OSEpisode 4: Operating Kubernetes at Scale with DC/OS
Episode 4: Operating Kubernetes at Scale with DC/OS
 
Implementing an Automated Staging Environment
Implementing an Automated Staging EnvironmentImplementing an Automated Staging Environment
Implementing an Automated Staging Environment
 
Kubernetes - A Short Ride Throught the project and its ecosystem
Kubernetes - A Short Ride Throught the project and its ecosystemKubernetes - A Short Ride Throught the project and its ecosystem
Kubernetes - A Short Ride Throught the project and its ecosystem
 
Introduction to Container Storage Interface (CSI)
Introduction to Container Storage Interface (CSI)Introduction to Container Storage Interface (CSI)
Introduction to Container Storage Interface (CSI)
 
(Open)Stacking Containers
(Open)Stacking Containers(Open)Stacking Containers
(Open)Stacking Containers
 
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike PlaceOSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
 
HPC in a Box - Docker Workshop at ISC 2015
HPC in a Box - Docker Workshop at ISC 2015HPC in a Box - Docker Workshop at ISC 2015
HPC in a Box - Docker Workshop at ISC 2015
 
OpenShift Application Development | DO288 | Red Hat OpenShift
OpenShift Application Development | DO288 | Red Hat OpenShiftOpenShift Application Development | DO288 | Red Hat OpenShift
OpenShift Application Development | DO288 | Red Hat OpenShift
 
AWS Lambda and serverless Java | DevNation Live
AWS Lambda and serverless Java | DevNation LiveAWS Lambda and serverless Java | DevNation Live
AWS Lambda and serverless Java | DevNation Live
 
OSDC 2018 | Ops hates containers. Why? by Martin Alfke
OSDC 2018 | Ops hates containers. Why? by Martin AlfkeOSDC 2018 | Ops hates containers. Why? by Martin Alfke
OSDC 2018 | Ops hates containers. Why? by Martin Alfke
 
Deploy prometheus on kubernetes
Deploy prometheus on kubernetesDeploy prometheus on kubernetes
Deploy prometheus on kubernetes
 
OpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service DeliveryOpenStack: Changing the Face of Service Delivery
OpenStack: Changing the Face of Service Delivery
 
Episode 2: Deploying Kubernetes at Scale
Episode 2: Deploying Kubernetes at ScaleEpisode 2: Deploying Kubernetes at Scale
Episode 2: Deploying Kubernetes at Scale
 
Docker Workshop
Docker WorkshopDocker Workshop
Docker Workshop
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep dive
 

Similar to 5 - Hands-on Kubernetes Workshop:

Create a Varnish cluster in Kubernetes for Drupal caching - DrupalCon North A...
Create a Varnish cluster in Kubernetes for Drupal caching - DrupalCon North A...Create a Varnish cluster in Kubernetes for Drupal caching - DrupalCon North A...
Create a Varnish cluster in Kubernetes for Drupal caching - DrupalCon North A...
Ovadiah Myrgorod
 
Storage as a service OpenStack
Storage as a service OpenStackStorage as a service OpenStack
Storage as a service OpenStack
openstackindia
 
Designing Lean CloudStack Environments for the Edge - IndiQus - CloudStack E...
Designing Lean CloudStack Environments for the Edge - IndiQus - CloudStack E... Designing Lean CloudStack Environments for the Edge - IndiQus - CloudStack E...
Designing Lean CloudStack Environments for the Edge - IndiQus - CloudStack E...
ShapeBlue
 

Similar to 5 - Hands-on Kubernetes Workshop: (20)

CoreOS and cloud provider integration: simple cloud-init example at Exoscale
CoreOS and cloud provider integration: simple cloud-init example at ExoscaleCoreOS and cloud provider integration: simple cloud-init example at Exoscale
CoreOS and cloud provider integration: simple cloud-init example at Exoscale
 
Kubernetes Administration from Zero to Hero.pdf
Kubernetes Administration from Zero to Hero.pdfKubernetes Administration from Zero to Hero.pdf
Kubernetes Administration from Zero to Hero.pdf
 
Create a Varnish cluster in Kubernetes for Drupal caching - DrupalCon North A...
Create a Varnish cluster in Kubernetes for Drupal caching - DrupalCon North A...Create a Varnish cluster in Kubernetes for Drupal caching - DrupalCon North A...
Create a Varnish cluster in Kubernetes for Drupal caching - DrupalCon North A...
 
Why kubernetes for Serverless (FaaS)
Why kubernetes for Serverless (FaaS)Why kubernetes for Serverless (FaaS)
Why kubernetes for Serverless (FaaS)
 
Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
Kubernetes for Serverless - Serverless Summit 2017 - Krishna KumarKubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
 
Kubernetes Application Deployment with Helm - A beginner Guide!
Kubernetes Application Deployment with Helm - A beginner Guide!Kubernetes Application Deployment with Helm - A beginner Guide!
Kubernetes Application Deployment with Helm - A beginner Guide!
 
Storage as a service OpenStack
Storage as a service OpenStackStorage as a service OpenStack
Storage as a service OpenStack
 
CD in kubernetes using helm and ksonnet. Stas Kolenkin
CD in kubernetes using helm and ksonnet. Stas KolenkinCD in kubernetes using helm and ksonnet. Stas Kolenkin
CD in kubernetes using helm and ksonnet. Stas Kolenkin
 
KubeCon 2017: Kubernetes from Dev to Prod
KubeCon 2017: Kubernetes from Dev to ProdKubeCon 2017: Kubernetes from Dev to Prod
KubeCon 2017: Kubernetes from Dev to Prod
 
Kubernetes extensibility
Kubernetes extensibilityKubernetes extensibility
Kubernetes extensibility
 
1. CNCF kubernetes meetup - Ondrej Sika
1. CNCF kubernetes meetup - Ondrej Sika1. CNCF kubernetes meetup - Ondrej Sika
1. CNCF kubernetes meetup - Ondrej Sika
 
Horizontal scaling with Galaxy
Horizontal scaling with GalaxyHorizontal scaling with Galaxy
Horizontal scaling with Galaxy
 
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"
Ivan Zhuravel and Ihor Khlaponin "DC/OS vs Kubernetes. Let the Fight Begin!"
 
Containers and workload security an overview
Containers and workload security an overview Containers and workload security an overview
Containers and workload security an overview
 
Designing Lean CloudStack Environments for the Edge - IndiQus - CloudStack E...
Designing Lean CloudStack Environments for the Edge - IndiQus - CloudStack E... Designing Lean CloudStack Environments for the Edge - IndiQus - CloudStack E...
Designing Lean CloudStack Environments for the Edge - IndiQus - CloudStack E...
 
Linux Containers and Docker SHARE.ORG Seattle 2015
Linux Containers and Docker SHARE.ORG Seattle 2015Linux Containers and Docker SHARE.ORG Seattle 2015
Linux Containers and Docker SHARE.ORG Seattle 2015
 
Kubernetes extensibility: crd & operators
Kubernetes extensibility: crd & operators Kubernetes extensibility: crd & operators
Kubernetes extensibility: crd & operators
 
Kubernetes extensibility: CRDs & Operators
Kubernetes extensibility: CRDs & OperatorsKubernetes extensibility: CRDs & Operators
Kubernetes extensibility: CRDs & Operators
 
Flying Server-less on the Cloud with AWS Lambda
Flying Server-less on the Cloud with AWS LambdaFlying Server-less on the Cloud with AWS Lambda
Flying Server-less on the Cloud with AWS Lambda
 
Dockerization of Azure Platform
Dockerization of Azure PlatformDockerization of Azure Platform
Dockerization of Azure Platform
 

More from Kangaroot

Deploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native KubernetesDeploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native Kubernetes
Kangaroot
 
Cloud demystified, what remains after the fog has lifted.
Cloud demystified, what remains after the fog has lifted. Cloud demystified, what remains after the fog has lifted.
Cloud demystified, what remains after the fog has lifted.
Kangaroot
 

More from Kangaroot (20)

So you think you know SUSE?
So you think you know SUSE?So you think you know SUSE?
So you think you know SUSE?
 
Live demo: Protect your Data
Live demo: Protect your DataLive demo: Protect your Data
Live demo: Protect your Data
 
RootStack - Devfactory
RootStack - DevfactoryRootStack - Devfactory
RootStack - Devfactory
 
Welcome at OPEN'22
Welcome at OPEN'22Welcome at OPEN'22
Welcome at OPEN'22
 
EDB Postgres in Public Sector
EDB Postgres in Public SectorEDB Postgres in Public Sector
EDB Postgres in Public Sector
 
Deploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native KubernetesDeploying NGINX in Cloud Native Kubernetes
Deploying NGINX in Cloud Native Kubernetes
 
Cloud demystified, what remains after the fog has lifted.
Cloud demystified, what remains after the fog has lifted. Cloud demystified, what remains after the fog has lifted.
Cloud demystified, what remains after the fog has lifted.
 
Zimbra at Kangaroot / OPEN{virtual}
Zimbra at Kangaroot / OPEN{virtual}Zimbra at Kangaroot / OPEN{virtual}
Zimbra at Kangaroot / OPEN{virtual}
 
NGINX Controller: faster deployments, fewer headaches
NGINX Controller: faster deployments, fewer headachesNGINX Controller: faster deployments, fewer headaches
NGINX Controller: faster deployments, fewer headaches
 
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQLKangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
 
Do you want to start with OpenShift but don’t have the manpower, knowledge, e...
Do you want to start with OpenShift but don’t have the manpower, knowledge, e...Do you want to start with OpenShift but don’t have the manpower, knowledge, e...
Do you want to start with OpenShift but don’t have the manpower, knowledge, e...
 
Red Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftRed Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShift
 
There is no such thing as “Vanilla Kubernetes”
There is no such thing as “Vanilla Kubernetes”There is no such thing as “Vanilla Kubernetes”
There is no such thing as “Vanilla Kubernetes”
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
 
Hashicorp Vault - OPEN Public Sector
Hashicorp Vault - OPEN Public SectorHashicorp Vault - OPEN Public Sector
Hashicorp Vault - OPEN Public Sector
 
Kangaroot - Bechtle kadercontracten
Kangaroot - Bechtle kadercontractenKangaroot - Bechtle kadercontracten
Kangaroot - Bechtle kadercontracten
 
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8
 
Kangaroot open shift best practices - straight from the battlefield
Kangaroot open shift best practices - straight from the battlefieldKangaroot open shift best practices - straight from the battlefield
Kangaroot open shift best practices - straight from the battlefield
 
Kubecontrol - managed Kubernetes by Kangaroot
Kubecontrol - managed Kubernetes by KangarootKubecontrol - managed Kubernetes by Kangaroot
Kubecontrol - managed Kubernetes by Kangaroot
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platform
 

Recently uploaded

%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
masabamasaba
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 

Recently uploaded (20)

%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 

5 - Hands-on Kubernetes Workshop:

  • 1. Open19 k8s workshop Part 1: Kubernetes deployment & management K8S & Rancher - concepts
  • 2. Historically - from bare-metal installations (90's), - through virtualized deployments (2000's), - to containerized deployments (now)
  • 3. Enablers: - cloud computing -> cloud providers ! - scale: dynamic scaling on global level. - security - availability: from rack to data center to global region - features (paas): - app: databases - app: file services - infra: dns, certificates
  • 4. Enablers – contd. - infrastructure as code (eg terraform, ansible) - (TF) cloud provider infrastructure (firewall rules, load balancers, networks) - (TF) virtual servers - (TF/Ans) supporting services: file services, database services - (Ans) os provisioning
  • 5. Enablers – contd…. - docker: a bundle of packaged dependencies - pets vs cattle: microservices: - deployable - upgradable - scaleable - recoverable - container registries: - docker hub - standalone registry - in-cluster registry - cloud provider registry
  • 6. Bringing it together: orchestration - go beyond a simple ‘docker run’ - scheduling in function of: - load - availability - rolling updates
  • 7. Kubernetes (K8S): a container orchestrator Roles - etcd: key-value store db to hold configuration - availability and cluster quorum - backups & restores - bottlenecks & scaling ! - control plane: - api service to access the cluster - scheduling logic - management layer !
  • 8. K8S Roles – contd. - worker nodes: - run the actual workloads - can scale dynamically, leveraging cloud services
  • 9. so cluster composition for a basic cluster: - 3 etcd nodes due to quorum requirements. - at least 2 (but we might as well combine with etcd roles and use 3) CP nodes - 2 or more workers (if possible using auto-scaling) - Do not combine worker with cp/management role. - So a total of 5 nodes per cluster seems sensible for testing.
  • 10. K8s: application perspective - declarative syntax: YAML - unit of work: the pod - deployments, stateful sets, daemonsets
  • 11. K8s: storage – some thoughts - try to leverage cloud provider storage api's when possible ( while avoiding vendor lock-in) - traditional storage can be challenging (nfs, iscsi) - storage vendors can provide storage provisioners through the CSI - try to keep microservices stateless wherever possible - currently an evolving topic (see CSI)
  • 12. Storage model: abstraction layers - Persistent Volumes: leverages a storage provisioner to reserve actual storage on a physical device. - Persistent Volume Claims: try to claim a created PV for use by one or more pods - Storage Classes: more dynamic way of mapping PVC's to actual storage …and: - software-defined: configmaps Useful for: injecting variables into a container, injecting a config file
  • 13. Networking: the cluster network - SDN drivers: choices - in-cluster communication: pod-to-pod & dynamic ip's - accessing apps in-cluster: services - service discovery: dns - try to use tags as selectors when possible (more dynamic)
  • 14. Accessing apps outside of the cluster - nodeports: - bound to a socket (same on every node) - for tcp/udp services, eg smtp - functionality implemented within k8s
  • 15. Accessing apps: ingress - ingress rules: - add layer-7 logic (use case: http) - choice of provisioner: eg nginx - needs some kind of ingress provisioner as a third-party component, popular: nginx. but also eg haproxy, F5, ...
  • 16. Accessing apps… - easy & cheap: dns rr - in-app provisioned cloud lb - on-prem or separately managed lb
  • 17. Security boundaries - namespaces administratively separating privileges on objects - network policies: securing network communications within the cluster network - RBAC - ingress: for application access, API server: for management. - so foresee separate incoming paths for both
  • 18. K8s: bringing it together - app: combination of components - pods, services and a deployment model (eg deployments) - persistent storage if needed - a way to access the app: in-cluster <-> outside of cluster - configuration objects (configmaps, static config files) - scaling & security logic - health checks - ...
  • 19. Rolling out your app - set of yml files (or one big yml file), similar to docker compose - k8s package manager: helm - helm can be integrated into your deployment strategy - can work with variables & tags, supports concept of upgrades & rollbacks - hierarchy: <docker image> -> <container> -> <pod> -> <deployment> -> <ingress> -> helm chart.
  • 20. Missing link: management - kubectl: provided by kubernetes for most os's, but cli only - managing the components can be challenging: - k8s through api using kubectl: learning curve, visibility challenges - etcd: actual data has to be managed using etcdctl (eg backups/restores) - vendor-specific management layers on top of k8s: eg openshift (RedHat)
  • 21. Vendor-agnostic solution: rancher labs - cloud providers (as vm or as paas) or on-prem deployments - supported linux os's: centos, ubuntu, ... - Hardened and slimmed-down os: RancherOS -> this is what is used for a dynamic cloud provider rollout, if you decide not to use paas.
  • 22. Rancher – contd. - adds authentication layer: eg openldap, AD, Azure AD, ... - abstracts away cluster deployment, upgrades & backups - abstracts away complexity of yaml objects, - eg easy for creating yaml templates - learn by doing: create a rancher workload, underlying yaml will be generated for needed linked objects such as services, then inspect or export the yaml for re-use
  • 23. Rancher – cntd. - kubernetes clusters are rolled out within containers (but can also be imported) - provides cli tools, a web gui and a rest API - provides some out-of the box additional functionality such as: - an nginx ingress daemonset. - helm charts
  • 24. rancher - contd. - Can be installed as standalone docker instance or within a HA cluster - Access: should be deployed as part of the management plane -> so together with API server. - adds concept of 'projects' (as a grouping of namespaces) to the security/deployment model. - gui shortcuts to eg container logs, shell exec, kubectl desribe
  • 25. Missing link – logging/monitoring - Rancher adds some performance monitoring but it is very basic - Cloud-native solution: prometheus - can be rolled out on a separate machine or within one or more clusters - helm chart for Prometheus icw Grafana is available (but you can also download k8s charts and integration apps at Grafana)
  • 26. prometheus - built for dynamic cloud environments: - can eg leverage kubernetes metadata to discover new pods - can use data exported by the cloud provider to discover vm's - can use DNS data to discover new hosts/vm's/pods - but can also use a static configuration.
  • 27. monitoring - make sure to monitor both within Kubernetes and on infrastruture level. - logging solution: ELK, splunk, syslog, fluentd, kafka