Kubernetes in Highly Restrictive Environments

•Als PPTX, PDF herunterladen•

0 gefällt mir•358 views

Installing Kubernetes is easy. Ensuring it complies with your organization’s enterprise governance and security requirements isn’t. How do you use the technologies while meeting enterprise security requirements? We'll summarize common prerequisites for running Kubernetes in production, and how to leverage fine-grained controls and separation of responsibilities to meet enterprise governance and security needs. This deck includes basic requirements for audit, security, authentication, authorization, integration with existing identity broker, logging, and monitoring. Additionally, we'll go into whether cloud-hosted Kubernetes cover these requirements, how to integrate a compliant Kubernetes installation with their existing cloud infrastructure and how to handle cross-team communication (network/compute/storage/security). Since on-premise Kubernetes deployments have their challenges, limitations of a bare-metal installation, interactions with vSphere’s API, achieving HA, reliability and disaster recovery, as well as handling OS upgrades, security patches, and Kubernetes upgrades are also considered.

Technologie

Kubernetes in Highly Restrictive Environments
Oleg Atamanenko | Team Lead, Architect

Introductions
Oleg Atamanenko
Team Lead, Architect
 Working w/ Kubernetes since its release in 2015
 Part of the team who built Kublr—an enterprise
ready container management platform
 Twitter @real_atamanenko; @kublr
Like what you hear? Tweet at us!

Automation
Ingress
Custom
Clusters
Infrastructure
Logging Monitoring
Observability
API Usage
Reporting
RBAC IAM
Air Gap TLS
Certificate
Rotation
Audit
Storage Networking
Container
Registry
CI / CD App Mgmt
Infrastructure
Container Runtime Kubernetes
OPERATIONS SECURITY &
GOVERNANCE
What’s Kublr?
@real_atamanenko; @kublr

Creating a Production-Grade Kubernetes Cluster
1. Install with kops/kubeadm/…
2. …
3. Done?
@real_atamanenko; @kublr

Creating a Production-Grade Kubernetes Cluster
Unfortunately, it’s not that easy!
@real_atamanenko; @kublr

What We’ll Discuss Today
1. Requirements
2. Managed solutions and their limitations
3. Cross-team responsibilities
4. On-premises struggles
5. What to do next?
@real_atamanenko; @kublr

Requirements
Security
Audit
Logging Collections
Observability / monitoring
Isolated environment support
Integration with existing tooling
@real_atamanenko; @kublr

Requirements | Security
Integration with Identity
Broker
Fine-grained role-based access
control (RBAC)
Authentication
Authorization
Storing secrets
Internal CA
@real_atamanenko; @kublr

Requirements | Audit
Kubernetes API server audit
Audit support for the logging and monitoring
dashboards
Audit support for the cluster provisioning tool
(cluster install, update, upgrade, delete)
@real_atamanenko; @kublr

Requirements | Logging
Integration with existing logging solution
RBAC for application logs across teams
• per project
• per team
• per environment
@real_atamanenko; @kublr

Requirements | Monitoring
Integration with existing solution
RBAC for application metrics across teams
• per project
• per team
• per environment
@real_atamanenko; @kublr

Requirements | Isolated Environment
Where to get the required OS packages?
How to provide the required Docker
containers?
Binary repository?
@real_atamanenko; @kublr

Requirements | Support Existing Tooling
Integration with existing processes and
tools for deployment, logging and
monitoring
@real_atamanenko; @kublr

Now that the functional
requirements are met, what’s next?
@real_atamanenko; @kublr

What are Your Options?
Managed Kubernetes from public cloud
providers
Home grown solution
3rd party vendor
@real_atamanenko; @kublr

Managed Solutions and Their Limitations
May not meet your requirements and/or regulations
No access to master nodes
No or limited capability to customize K8S configuration
No access to the logs from the master
May not support on-prem installations
@real_atamanenko; @kublr

Home Grown Solutions
Will cover your needs
Requires extra time and efforts that could
be spent on innovation
With 4 major releases per year, it’s REALLY
hard to keep up with upstream Kubernetes!
@real_atamanenko; @kublr

3rd Party Vendor
Will cover most of your needs
Custom development still may be required
Choose wisely!
@real_atamanenko; @kublr

Cross-Team Responsibilities
Large organizations often separate teams by:
• Compute
• Network
• Storage
• Security
Paradigm shift towards Kubernetes
deployments
@real_atamanenko; @kublr

On Premises Struggles
Pure bare metal limitations
vSphere API interactions
Realizing HA for Kubernetes
Disaster recovery
OS upgrades
Security updates
Kubernetes upgrades
Air-gap/offline mode
@real_atamanenko; @kublr

Best Practices for Security
Utilize RBAC
SELinux/seccomp
PodSecurityPolicies
NetworkPolicy
Admission Web Hooks
@real_atamanenko; @kublr

What’s Next?
Infrastructure as a code
Immutable Infrastructure
CI/CD for infrastructure
GitOps
@real_atamanenko; @kublr

Q&A
Take Kublr for a test drive!
kublr.com/deploy
Free non-production license.
@real_atamanenko; @kublr

Stay in touch! Signup for our
newsletter at kublr.com
Oleg Atamanenko
Team Lead, Architect
oatamanenko@kublr.com
@real_atamanenko
Kublr | kublr.com
@kublr

Weitere ähnliche Inhalte

Was ist angesagt?

Advanced Scheduling in Kubernetes

Kublr

While developers see and realize the benefits of Kubernetes, how it improves efficiencies, saves time, and enables focus on the unique business requirements of each project; InfoSec, infrastructure, and software operations teams still face challenges when managing a new set of tools and technologies, and integrating them into existing enterprise infrastructure. This is especially true for environments where security and governance requirements are so strict as to come into conflict with the cloud-native reference architectures. During his presentation, Oleg will outline a plan that leverages open source cloud-native technologies while meeting enterprise security and governance requirements. He’ll summarize common prerequisites for running Kubernetes in production, and how to leverage fine-grained controls and separation of responsibilities to meet enterprise governance and security needs; what’s needed for a general architecture of a centralized Kubernetes operations layer based on open source components such as Prometheus, Grafana, ELK Stack, Keycloak, etc. The presentation will cover basic requirements for audit, security, authentication, authorization, integration with existing identity management, logging, and monitoring. Additionally, the audience will learn whether cloud-hosted Kubernetes cover these requirements, how to integrate a compliant Kubernetes installation with their existing cloud infrastructure, the limitations of a bare-metal installation, interactions with vSphere’s API, achieving HA, reliability and disaster recovery, as well as handling OS upgrades, security patches, and Kubernetes upgrades.

Centralizing Kubernetes Management in Restrictive Environments

Kublr

K8s Pod Scheduling - Deep Dive. By Tsahi Duek.

Cloud Native Day Tel Aviv

Enabling support for data processing, data analytics, and machine learning workloads in Kubernetes has been one of the goals of the open source community. During this online meetup we discussed the growing use of Kubernetes for data science and machine learning workloads. We examined how new Kubernetes extensibility features such as custom resources and custom controllers are used for applications and frameworks integration. Apache Spark 2.3.’s native support is the latest indication of this growing trend. We demoed a few examples of data science workloads running on Kubernetes clusters setup by our Kublr platform

Kubernetes data science and machine learning

Kublr

Centralizing Kubernetes and Container Operations

Kublr

Kubernetes is a fast-paced project and things move really fast. In deploying applications, you have several options like raw YAML files, Helm, or Operator but what are the pros and cons of each? This talk will explore the right ways to manage your production applications through seamless installation, the patch fixes, and upgrades. Several demos will be used on a live cluster to illustrate how things can be done the right way that makes life very easy for the DevOps.

Managing kubernetes deployment with operators

Cloud Technology Experts

From a skunk-works project to running the entire enterprise While developers see and realize the benefits of Kubernetes, how it improves efficiencies, saves time, and enables focus on the unique business requirements of each project; InfoSec, infrastructure, and software operations teams still face challenges when managing a new set of tools and technologies, and integrating them into an existing enterprise infrastructure. In this meetup, Chris, CTO at Tigera, and Oleg, CTO at Kublr, discussed the evolution of your Kubernetes cluster - from a skunk-works project to running the entire enterprise.

The Evolution of your Kubernetes Cluster

Kublr

In this meetup, Oleg, CTO at Kublr, walks you through the basics of K8s persistence management functionality and how it can be used to simplify managing persistent applications across different environments - in the cloud or on premise. Oleg will use a demo environment with clusters in different clouds to show K8s persistence in practice. We will cover: • Persistent data abstractions in K8s: persistent volumes (PV) and their attributes • PV specifics in different clouds • Using PV in K8s: persistent volume claims (PVC) and storage classes (SC) • Automatic volume provisioning • Persistence and scheduling interrelationships • Practical examples Kubernetes (K8s) is a powerful and flexible open source container orchestration system. The power of K8s comes from its modularity and simplicity of basic concepts. Each of these basic concepts build on the other and, from the most basic elements to more advanced ones, each is responsible for its own well-defined logic and behavior.

Kubernetes persistence 101

Kublr

Meeting the Needs of Enterprise Governance and Security Installing Kubernetes is easy. Ensuring it complies with your organization’s enterprise governance and security requirements isn’t. During this webinar, Oleg will explain how to use Kubernetes while meeting enterprise requirements. In this technically-focused talk, he’ll summarize common prerequisites for running Kubernetes in production, and how to leverage fine-grained controls and separation of responsibilities to meet enterprise governance and security needs. The presentation will include basic requirements for audit, security, authentication, authorization, integration with existing identity management, logging, and monitoring. Because on-premise Kubernetes deployments don’t come without their challenges, Oleg will cover the limitations of a bare-metal installation, interactions with vSphere’s API, achieving HA, reliability and disaster recovery, as well as handling OS upgrades, security patches, and Kubernetes upgrades. He’ll close with a quick outlook of what’s next, including infrastructure as code, immutable infrastructure, and GitOps.

How to Run Kubernetes in Restrictive Environments

Kublr

Is advanced scheduling in Kubernetes achievable? Yes, however, how do you properly accommodate every real-life scenario that a Kubernetes user might encounter? How do you leverage advanced scheduling techniques to shape and describe each scenario in easy-to-use rules and configurations? Oleg Chunikhin addressed those questions and demonstrated techniques for implementing advanced scheduling. For example, using spot instances and cost-effective resources on AWS, coupled with the ability to deliver a minimum set of functionalities that cover the majority of needs – without configuration complexity. You’ll get a run-down of the pitfalls and things to keep in mind for this route.

Implement Advanced Scheduling Techniques in Kubernetes

Kublr

GlueCon kubernetes & container engine

brendandburns

AWS Summit Singapore 2019 | Autoscaling Your Kubernetes Workloads

AWS Summits

Effective Kubernetes - Is Kubernetes the new Linux? Is the new Application Se...

Wojciech Barczyński

Openstack days sv building highly available services using kubernetes (preso)

Allan Naim

Orchestrating Microservices with Kubernetes

Weaveworks

Running I/O intensive workloads on Kubernetes, by Nati Shalom

Cloud Native Day Tel Aviv

Go fit perfectly inside containers, you can ship apps as tiny images on k8s, distributing them across the globe. Gianluca will show how InfluxData debugs containers running on Kubernetes to allow sysadmins and developers to troubleshoot and replicate issues using core dump, debuggers, and logs. Go applications are perfect to be run inside a container. You can build a single binary, a tiny Docker image and you can ship them on your Kubernetes cluster. A successful production environment requires stability and simplicity, it needs to be easy to troubleshoot and operators need to be able to get all the information developers will need to fix a bug. During this talk, Gianluca will share what influxData is doing to allow developers and system administrator to work together, understanding problems running live at scale on Kubernetes and how to escalate them down to Software Engineer using logs, delve, gdb, core dumps, and traces to replicate and fix issues.

Kubernetes debug like a pro

Gianluca Arbezzano

How to integrate Kubernetes in OpenStack: You need to know these project

inwin stack

Kubernetes (K8s) is a powerful, flexible and portable open source framework for distributed containerized applications delivery and management. An important part of the services provided by most Kubernetes clusters is the containers’ networking stack. In most cases and for many applications it “just works”, but this seeming simplicity is backed by a complex stack of technologies that provide many capabilities beyond the basics. This presentation accompanies the meetup and webinar where Oleg Chunikhin, CTO at Kublr, shows how Kubernetes networking stack works, describes main components, interfaces and extensibility options. What is covered: - general notions of Kubernetes networking - Pods and Network Policies - implementation of Kubernetes networking - CNI, CNI plugins, and Linux network namespaces - some Kubernetes CNI providers: Calico, Weave, Flanel, and Canal - K8S networking extensibility for advanced and “exotic” use-cases with Multus CNI plugin as an example

Kubernetes Networking 101

Kublr

Kubernetes basics and hands on exercise

Cloud Technology Experts

Was ist angesagt? (20)

Advanced Scheduling in Kubernetes

Centralizing Kubernetes Management in Restrictive Environments

K8s Pod Scheduling - Deep Dive. By Tsahi Duek.

Kubernetes data science and machine learning

Centralizing Kubernetes and Container Operations

Managing kubernetes deployment with operators

The Evolution of your Kubernetes Cluster

Kubernetes persistence 101

How to Run Kubernetes in Restrictive Environments

Implement Advanced Scheduling Techniques in Kubernetes

GlueCon kubernetes & container engine

AWS Summit Singapore 2019 | Autoscaling Your Kubernetes Workloads

Effective Kubernetes - Is Kubernetes the new Linux? Is the new Application Se...

Openstack days sv building highly available services using kubernetes (preso)

Orchestrating Microservices with Kubernetes

Running I/O intensive workloads on Kubernetes, by Nati Shalom

Kubernetes debug like a pro

How to integrate Kubernetes in OpenStack: You need to know these project

Kubernetes Networking 101

Kubernetes basics and hands on exercise

Ähnlich wie Kubernetes in Highly Restrictive Environments

Kubernetes for Startups

Argonaut

01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware

VMUG IT

The addition of Kubernetes support to Docker Enterprise Platform presents deployments with interesting new abstractions for application connectivity. Users and Operators are often challenged with rationalizing how pod networking (with CNI plugins like Calico or Flannel), Services (via kube-proxy) and Ingress work in concert to enable application connectivity within and outside a cluster. Similarly, given the dynamic and transient nature of containerized microservice workloads, how to leverage scalable and declarative approaches like network policies to express segmentation and security primitives. This session provides an illustrative walkthrough of these core concepts by going through common deployment architectures providing design, operations, and scale considerations based on experience from numerous production deployments. The session will also showcase how to complement application and operations workflows with policy-driven business, compliance and security controls typically required in enterprise production deployments.

Demystifying container connectivity with kubernetes in docker

Docker, Inc.

Demystifying Application Connectivity with Kubernetes in the Docker Platform

Nicola Kabar

Cloud Native Night May 2017, Mainz: Talk by Giant Swarm (@giantswarm). Join our Meetup: www.meetup.com/cloud-native-night Abstract: At Giant Swarm, we manage Kubernetes clusters for customers 24/7, both on-premises and in the cloud. That means we do not just set something up and hand it over, but we actually take care that it’s operational and up-to-date at all times. This presentation demonstrates how Giant Swarm are using Operators to codify all operational tasks of managing Kubernetes cluster and distributed applications on top. The operators manage PKI infrastructures, networks, VMs and storage both on-premises and in the cloud.

Running Kubernetes in Kubernetes

QAware GmbH

There is a major shift in web and mobile application architecture from the ‘old-school’ one to a modern ‘micro-services’ architecture based on containers. Kubernetes has been quite successful in managing those containers and running them in distributed computing environments. Now enabling Big Data and Machine Learning on Kubernetes will allow IT organizations to standardize on the same Kubernetes infrastructure. This will propel adoption and reduce costs. Kubeflow is an open source framework dedicated to making it easy to use the machine learning tool of your choice and deploy your ML applications at scale on Kubernetes. Kubeflow is becoming an industry standard as well! Both Kubernetes and Kubeflow will enable IT organizations to focus more effort on applications rather than infrastructure.

Modern big data and machine learning in the era of cloud, docker and kubernetes

Slim Baltagi

At Giant Swarm, we manage Kubernetes clusters for customers 24/7, both on-premises and in the cloud. That means we do not just set something up and hand it over, but we actually take care that it’s operational and up-to-date at all times. In this talk Timo explains how Giant Swarm are using Operators to codify all operational tasks of managing Kubernetes cluster and distributed applications on top. The operators manage PKI infrastructures, networks, VMs and storage both on-premises and in the cloud. There have been a lots of challenges and learnings in the past year and Timo would like to share them with you.

OSDC 2017: Automating Kubernetes Cluster Operations with Operators by Timo De...

NETWAYS

OSDC 2017 - Timo Derstappen - Automating kubernetes cluster operations with o...

NETWAYS

The Reality of DIY Kubernetes vs. PKS

VMware Tanzu

Operations practices have historically lagged behind development. Agile and Extreme Programming have become common practice for development teams. In the last decade, the DevOps and SRE movements have brought these concepts to operations, borrowing heavily from Lean principles such as Kanban and Value Stream Mapping. So, how does all of this play out if we’re using Kubernetes? In this class, Paul Czarkowski, Principal Technologist at Pivotal, will explain how Kubernetes enables a new cloud-native way of operating software. Attend to learn: ● what cloud-native operations are; ● how to build a cloud-native CI/CD stack; and ● how to deploy and upgrade an application from source to production on Kubernetes. Presenter: Paul Czarkowski, Principal Technologist, Pivotal Software

Cloud-Native Operations with Kubernetes and CI/CD

VMware Tanzu

Docker Swarm vs. Kubernetes Which is the best

Calidad Infotech

✭✭ NOTE: a revised version of this lab is available at https://www.slideshare.net/williamyeh/rd-kubernetes-gdg-cloud-kh-201908-version ✭✭ 90-Minute Workshop held at Taiwan Cloud Edge Summit 2019 (台灣雲端大會). * 課程簡介 Kubernetes 是目前雲端環境的顯學。可是，傳統的程式，並不是原封不動搬上去，就能夠自動享受 Kubernetes 所宣稱的種種好處。新的環境，不僅需要新的 Ops 思維，也需要新的 Dev 思維。我們將以一個半小時的時間，從軟體研發者的角度，探討軟體的設計該做哪些最起碼的改變，從實作中體驗 Kubernetes 引進的新觀念及新效益。 * 課程目標從實例中體驗，傳統 web 應用程式在搬上 Kubernetes 時，可能會經歷哪些架構面的調整，才能享受新架構的效益： - 容器化 - 微服務 - 組態管理 - 多重環境管理：本機端與雲端（以 GKE 為例）

給 RD 的 Kubernetes 初體驗

William Yeh

Consul connect

jabizz

There are several application platforms in the modern-day world that one can use for cloud services, DevOps services, and application & software testing. Amidst all the application platforms, the one platform that has stood out is “Kubernetes.” Kubernetes is one of the best next-generation application platforms and will be in trend in 2023. In this… Continue reading Why is Kubernetes considered the next-generation application platform?

Why is Kubernetes considered the next generation application platform

Calidad Infotech

Using Kubernetes for orchestration? Great—we hope things are running smoothly. The thing about Kubernetes, though, is that it tends to surprise you—throwing curveballs just when you think you've finally mastered the art of container management. And those curveballs usually come at you when you try to scale up. So, how can you scale K8s without striking out due to speed and reliability (not to mention sanity) issues? Join Guy Menahem, solution architect at Komodor, as he shares some of the hard lessons he learned from his own experiences with Kubernetes, including: - The “phantom” challenges of working with K8s - The five key factors you can’t ignore when scaling K8s - Best practices and tools for a smooth-running K8s system

5 things we learned not to ignore while scaling kubernetes webinar dev ops.co...

Komodor

Deploying your first application with Kubernetes

OVHcloud

SlideTeam presents Kubernetes Docker Container Implementation Ppt PowerPoint Presentation Slide Templates. This PPT slideshow is an ideal virtual expression of the fundamentals of Kubernetes. The smart data-visualizations make this PowerPoint presentation easy-to-understand and perfect to introduce your audience to the container orchestration system. Use our PPT theme to communicate the definition and need for containers or virtual private servers. Communicate the container, and microservices architecture using cutting-edge graphics. Explain the need for and benefits of Kubernetes for an organization. Elucidate the features, architecture, use cases, installation roadmap, and the 30-60-90 day plan in Kubernetes. Use the neat tabular format to compare Kubernetes with docker swarm based on various parameters. Familiarize your viewers with the various components of Kubernetes. Elaborate on what is Kubelet, Kubectl, and Kubeadm with the help of labeled diagrams. This presentation acquaints your audience with the significance of Kubernetes in management, scaling, automating, and deploying computer applications. Hit the download icon and start personalization. https://bit.ly/2L0Ojdu

Kubernetes Docker Container Implementation Ppt PowerPoint Presentation Slide ...

SlideTeam

Kubernetes Community Growth and Use Case

Chris Gaun

Consul connect

momenton_slides

oci-container-engine-oke-100.pdf

NandiniSinghal16

Ähnlich wie Kubernetes in Highly Restrictive Environments (20)

Kubernetes for Startups

01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware

Demystifying container connectivity with kubernetes in docker

Demystifying Application Connectivity with Kubernetes in the Docker Platform

Running Kubernetes in Kubernetes

Modern big data and machine learning in the era of cloud, docker and kubernetes

OSDC 2017: Automating Kubernetes Cluster Operations with Operators by Timo De...

OSDC 2017 - Timo Derstappen - Automating kubernetes cluster operations with o...

The Reality of DIY Kubernetes vs. PKS

Cloud-Native Operations with Kubernetes and CI/CD

Docker Swarm vs. Kubernetes Which is the best

給 RD 的 Kubernetes 初體驗

Consul connect

Why is Kubernetes considered the next generation application platform

5 things we learned not to ignore while scaling kubernetes webinar dev ops.co...

Deploying your first application with Kubernetes

Kubernetes Docker Container Implementation Ppt PowerPoint Presentation Slide ...

Kubernetes Community Growth and Use Case

Consul connect

oci-container-engine-oke-100.pdf

Mehr von Kublr

Container Runtimes and Tooling, v2

Kublr

Container Runtimes and Tooling

Kublr

Submariner enables direct networking between Pods and Services in different Kubernetes clusters, either on-premises or in the cloud. As Kubernetes gains adoption, teams are finding they must deploy and manage multiple clusters to facilitate features like geo-redundancy, scale, and fault isolation for their applications. With Submariner, your applications and services can span multiple cloud providers, data centers, and regions. Submariner is completely open source, and designed to be network plugin (CNI) agnostic. Submariner Provides: cross-cluster L3 connectivity using encrypted VPN tunnels; service Discovery across clusters; subctl, a friendly deployment tool; support for interconnecting clusters with overlapping CIDRs

Kubernetes in Hybrid Environments with Submariner

Kublr

Rook turns distributed storage systems into self-managing, self-scaling, self-healing storage services. It automates the tasks of a storage administrator: deployment, bootstrapping, configuration, provisioning, scaling, upgrading, migration, disaster recovery, monitoring, and resource management. Rook uses the power of the Kubernetes platform to deliver its services via a Kubernetes Operator for each storage provider. Oleg Chunikhin, Co-Founder and CTO @ Kublr.com, will present an introduction to storage management on k8s using Rook and Ceph.

Intro into Rook and Ceph on Kubernetes

Kublr

This presentation provides an overview of how Kubernetes capabilities can be used to simplify use of hybrid infrastructure rather than complicate it. It covers the general challenges posed by hybrid multi-site architectures, including provisioning and operations, ingress traffic management, network connectivity, and distributed data management. The presentation reviews using AWS and Azure as examples how each of these challenges can be addressed with Kubernetes and various Kubernetes controllers used as an infrastructure abstraction layer.

Hybrid architecture solutions with kubernetes and the cloud native stack

Kublr

An application path to production does not end with a deployment, even if you are using Kubernetes (K8s) as your application deployment platform. Reliable BCDR (backup and disaster recovery) plan and framework is a must for any production-ready system. This presentation accompanies meetups and webinars in which Oleg Chunikhin, CTO at Kublr, shows how Velero BCDR framework works and demonstrates how it can be used to backup and recover realistic applications running on Kubernetes in different clouds and environments. What is covered: - general notions of Kubernetes applications BCDR - Velero BCDR framework - demo Velero BCDR for stateful applications running on AWS and Azure clouds - demo Velero BCDR using Strimzi / Kafka cluster and ArgoCD CI/CD manager as example application

Multi-cloud Kubernetes BCDR with Velero

Kublr

Kubernetes Ingress 101

Kublr

Kubernetes 101: Intro to Kubernetes namespaces, workloads, and architecture In this webinar Oleg, CTO at Kublr, will explain the basics of Kubernetes, a powerful and flexible open-source container orchestration system: what it is, how it works, and the main entities Kubernetes users work with. Containers are taking over the IT world, and while building and running them locally is simple, running them in production on a distributed infrastructure is much more involved. Oleg will show how Kubernetes can help orchestrating containers across multiple compute nodes and clouds. We will cover: - distributed container orchestration - architecture of Kubernetes clusters - important Kubernetes objects: namespaces, pods, services - overview controllers: deployment, daemonset, stateful set

Kubernetes 101

Kublr

Setting up CI/CD Pipeline with Kubernetes and Kublr step by-step

Kublr

Self-healing does not equal self-healing. There are multiple layers to it, whether a self-healing infrastructure, cluster, pods, or Kubernetes. Kubernetes itself ensures self-healing pods. But how do you ensure your applications, whose reliability depends on every single layer, are truly reliable? This presentation covers the different self-healing layers, what Kubernetes does and doesn't do (at least not by default), and what you should look out for to ensure true reliable applications. Hint: infrastructure provisioning plays a key role.

How Self-Healing Nodes and Infrastructure Management Impact Reliability

Kublr

In a microservices world, applications consist of dozens, hundreds, or even thousands of components. Manually deploying and verifying deployment quality in production is virtually impossible. Kubernetes, which natively supports rolling updates, enables blue-green application deployments with Spinnaker. However, gradual rollouts is a feature that doesn't come out-of-the-box but can be achieved by adding Istio and Prometheus to the equation. During this meetup, Slava Koltovich, CEO of Kublr, and Oleg Atamanenko, Senior Software Architect, discussed canary release implementations on Kubernetes with Spinnaker, Istio, and Prometheus. They examined the role of each tool in the process and how they are all connected. During a demo, they demonstrated a successful and a failed canary release, and how these tools enable IT teams to properly roll out changes to their customer base without any downtime.

Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus

Kublr

Mehr von Kublr (11)

Container Runtimes and Tooling, v2

Container Runtimes and Tooling

Kubernetes in Hybrid Environments with Submariner

Intro into Rook and Ceph on Kubernetes

Hybrid architecture solutions with kubernetes and the cloud native stack

Multi-cloud Kubernetes BCDR with Velero

Kubernetes Ingress 101

Kubernetes 101

Setting up CI/CD Pipeline with Kubernetes and Kublr step by-step

How Self-Healing Nodes and Infrastructure Management Impact Reliability

Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus

Kürzlich hochgeladen

AXA XL - Insurer Innovation Award Americas 2024

The Digital Insurer

The action of the next cyber saga takes place in the mystical lands of the Asia-Pacific region, where the main characters began their digital activities in the middle of 2021 and qualitatively strengthened it in 2022. Corporate espionage, document theft, audio recordings, and data leaks from messaging platforms were all a matter of one day for Dark Pink. Their geographical focus may have started in the Asia-Pacific region, but their ambitions knew no bounds, targeting a European government ministry in a bold move to expand their portfolio. Their victim profile was as diverse as a UN meeting, targeting military organizations, government agencies, and even a religious organization. Because discrimination is not a fashionable agenda. In the world of cybercrime, they serve as a reminder that sometimes the most serious threats come in the most unassuming packages with a pink bow.

Cyberprint. Dark Pink Apt Group [EN].pdf

Overkill Security

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

In the thrilling conclusion to 2023, ransomware groups had a banner year, really outdoing themselves in the "make everyone's life miserable" department. LockBit 3.0 took gold in the hacking olympics, followed by the plucky upstarts Clop and ALPHV/BlackCat. Apparently, 48% of organizations were feeling left out and decided to get in on the cyber attack action. Business services won the "most likely to get digitally mugged" award, with education and retail nipping at their heels. Hackers expanded their repertoire beyond boring old encryption to the much more exciting world of extortion. The US, UK and Canada took top honors in the "countries most likely to pay up" category. Bitcoins were the currency of choice for discerning hackers, because who doesn't love untraceable money?

Ransomware_Q4_2023. The report. [EN].pdf

Overkill Security

MINDCTI Revenue Release Quarter One 2024

MIND CTI

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

ICT role in 21st century education and its challenges

rafiqahmad00786416

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

CNIC Information System with Pakdata Cf In Pakistan

danishmna97

Manulife - Insurer Transformation Award 2024

The Digital Insurer

Kürzlich hochgeladen (20)

AXA XL - Insurer Innovation Award Americas 2024

Cyberprint. Dark Pink Apt Group [EN].pdf

presentation ICT roal in 21st century education

Ransomware_Q4_2023. The report. [EN].pdf

MINDCTI Revenue Release Quarter One 2024

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Boost Fertility New Invention Ups Success Rates.pdf

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

ICT role in 21st century education and its challenges

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Corporate and higher education May webinar.pptx

Apidays New York 2024 - The value of a flexible API Management solution for O...

How to Troubleshoot Apps for the Modern Connected Worker

AWS Community Day CPH - Three problems of Terraform

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

CNIC Information System with Pakdata Cf In Pakistan

Manulife - Insurer Transformation Award 2024

Kubernetes in Highly Restrictive Environments

1. Kubernetes in Highly Restrictive Environments Oleg Atamanenko | Team Lead, Architect

2. Introductions Oleg Atamanenko Team Lead, Architect  Working w/ Kubernetes since its release in 2015  Part of the team who built Kublr—an enterprise ready container management platform  Twitter @real_atamanenko; @kublr Like what you hear? Tweet at us!

3. Automation Ingress Custom Clusters Infrastructure Logging Monitoring Observability API Usage Reporting RBAC IAM Air Gap TLS Certificate Rotation Audit Storage Networking Container Registry CI / CD App Mgmt Infrastructure Container Runtime Kubernetes OPERATIONS SECURITY & GOVERNANCE What’s Kublr? @real_atamanenko; @kublr

4. Creating a Production-Grade Kubernetes Cluster 1. Install with kops/kubeadm/… 2. … 3. Done? @real_atamanenko; @kublr

5. Creating a Production-Grade Kubernetes Cluster Unfortunately, it’s not that easy! @real_atamanenko; @kublr

6. What We’ll Discuss Today 1. Requirements 2. Managed solutions and their limitations 3. Cross-team responsibilities 4. On-premises struggles 5. What to do next? @real_atamanenko; @kublr

7. Requirements @real_atamanenko; @kublr

8. Requirements Security Audit Logging Collections Observability / monitoring Isolated environment support Integration with existing tooling @real_atamanenko; @kublr

9. Requirements | Security Integration with Identity Broker Fine-grained role-based access control (RBAC) Authentication Authorization Storing secrets Internal CA @real_atamanenko; @kublr

10. Requirements | Audit Kubernetes API server audit Audit support for the logging and monitoring dashboards Audit support for the cluster provisioning tool (cluster install, update, upgrade, delete) @real_atamanenko; @kublr

11. Requirements | Logging Integration with existing logging solution RBAC for application logs across teams • per project • per team • per environment @real_atamanenko; @kublr

12. Requirements | Monitoring Integration with existing solution RBAC for application metrics across teams • per project • per team • per environment @real_atamanenko; @kublr

13. Requirements | Isolated Environment Where to get the required OS packages? How to provide the required Docker containers? Binary repository? @real_atamanenko; @kublr

14. Requirements | Support Existing Tooling Integration with existing processes and tools for deployment, logging and monitoring @real_atamanenko; @kublr

15. Now that the functional requirements are met, what’s next? @real_atamanenko; @kublr

16. What are Your Options? Managed Kubernetes from public cloud providers Home grown solution 3rd party vendor @real_atamanenko; @kublr

17. Managed Solutions and Their Limitations May not meet your requirements and/or regulations No access to master nodes No or limited capability to customize K8S configuration No access to the logs from the master May not support on-prem installations @real_atamanenko; @kublr

18. Home Grown Solutions Will cover your needs Requires extra time and efforts that could be spent on innovation With 4 major releases per year, it’s REALLY hard to keep up with upstream Kubernetes! @real_atamanenko; @kublr

19. 3rd Party Vendor Will cover most of your needs Custom development still may be required Choose wisely! @real_atamanenko; @kublr

20. Cross-Team Responsibilities Large organizations often separate teams by: • Compute • Network • Storage • Security Paradigm shift towards Kubernetes deployments @real_atamanenko; @kublr

21. On Premises Struggles Pure bare metal limitations vSphere API interactions Realizing HA for Kubernetes Disaster recovery OS upgrades Security updates Kubernetes upgrades Air-gap/offline mode @real_atamanenko; @kublr

22. Best Practices for Security Utilize RBAC SELinux/seccomp PodSecurityPolicies NetworkPolicy Admission Web Hooks @real_atamanenko; @kublr

23. What’s Next? Infrastructure as a code Immutable Infrastructure CI/CD for infrastructure GitOps @real_atamanenko; @kublr

24. Q&A Take Kublr for a test drive! kublr.com/deploy Free non-production license. @real_atamanenko; @kublr

25. Stay in touch! Signup for our newsletter at kublr.com Oleg Atamanenko Team Lead, Architect oatamanenko@kublr.com @real_atamanenko Kublr | kublr.com @kublr

Hinweis der Redaktion

There are a lot of options available, some common open source tools are kops, kubeadm. Let’s use one of those and run our production workload for it. Probably. Some times. Maybe.

Kubernetes in Highly Restrictive Environments

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Kubernetes in Highly Restrictive Environments

Ähnlich wie Kubernetes in Highly Restrictive Environments (20)

Mehr von Kublr

Mehr von Kublr (11)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Kubernetes in Highly Restrictive Environments

Hinweis der Redaktion