SlideShare ist ein Scribd-Unternehmen logo

Production grade edge computing on Kubernetes OSS EU 2018

Steve Wong
Steve Wong

Production Grade Edge Computing on Kubernetes Presentation at Open Source Summit Europe October 2018

Technologie
1 von 17
Downloaden Sie, um offline zu lesen
Production Grade Edge Computing Using Kubernetes Steve Wong @cantbewong Open Source Community Relations Engineer VMware Open Source Summit Europe October 23, 2018
2 Abstract ​Some applications benefit from moving closer to data ingest, or the user. Edge reduces local processing latency, and supports isolated operation. It also has challenges compared to the pooled resources, and single point of management of centralized clouds. You won’t achieve the Google Borg experience at an edge location - nor are you likely to need it. But with planning it is possible to achieve edge deployments that are secure, with predictable performance and “highly available enough” considering constraints on money, physical space, power, etc. Steve will provide specific recommendations related to architecture, networking, storage, patching, logging, disaster recovery, and remote manageability - based on using Kubernetes, and other open source tools and technology. This is a rapidly changing space, and Steve will also touch on some interesting proposals and work underway in the space.
Agenda 3 ​Production Grade Kubernetes ​What Does It Mean? ​Critical Components in a Kubernetes Cluster ​Architecture of the control plane ​Impacts of Limited Resources at an Edge location ​Making the best of limited budget and facilities ​Kubernetes Configuration ​Defaults may not be appropriate for edge ​Security ​Considerations for edge ​Disaster Recovery & Backup ​Planning checklist ​Futures
4 What does it mean to be “Production Grade”? When you deploy to edge, you own 100% of this • The installation is secure • The deployment is managed with a repeatable and recorded process • Performance is predictable and consistent • Updates and configuration changes can be safely applied • Logging and monitoring is in place to detect and diagnose failures and resource shortages • Service is “highly available enough” considering available resources, including constraints on money, physical space, power, etc. • A recovery process is available, documented, and tested for use in the event of failures Photo attribution: By Tony Webster from Portland, Oregon, United States (212 days without recordable incident) [CC BY 2.0 (https://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons
5 Kubernetes Cluster Architecture Kubernetes = a distributed system with a control plane and clustered worker nodes 
6 Control Plane Critical components component role effect of loss etcd Maintains state for all Kubernetes objects Loss of storage catastrophic. Loss of quorum = Kubernetes loses control plane. Read only API calls might continue to work. Existing workloads may continue to run. API server Provides API used internally and externally Can’t start, stop, update pods, services, replication controllers. Scheduler and Controller Manager down. Workloads continue if not dependent on API calls (operators, customer controllers, CRDs, etc.) scheduler Places pods on nodes No pod placements, priority, preemption. controller manager Runs many controllers Core control loops that regulate state cease
7 Keeping critical components available Recommendations: • Use redundancy • Hardware • Software • Enable rapid recovery • Backups • DR plans • Training and documentation • Security • Monitoring, Metrics, Logging • Automate operations • Installs • Updates The Risks: • Hardware failures • Software bugs • Bad updates • Human errors • Network outages • Intentional attacks • Overloaded systems resulting in resource exhaustion • Power, Cooling losses • Weather
8 On-premises deployments have finite resources even in public clouds, budget may limit what you choose to consume Dreams & Goals Resources a tricky balance Drawing attribution: By Б.Золзаяа [CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0)], from Wikimedia Commons
9 Kubernetes on a single hardware host Operating on the edge in more ways than one Minimum • Hardware • Dual disks – mirrored • Dual fans • UPS Recommended • Hypervisor • 3 node Kubernetes control plane • Resource governance • Hardware • Dual Power Supplies • ECC memory • 3 disks
10 Kubernetes on dual hardware hosts etcd quorum must be an odd number • No real availability advantage to splitting etcd across 2 nodes - put all etcd instances on one node Shared storage is advantageous for availability of control plane and workloads • External storage may be expensive • Software Defined storage will generally require a witness “2+1”
11 Kubernetes on 3 or more hardware hosts recommendation Put a control plane instance with etcd on each of 3 nodes • Loss of a node reduces capacity but does not bring down Kubernetes, and is recoverable
12 Kubernetes configuration settings Protect the system from resource overloads Throttle things like : • API call rates • Pods per node Reserve for system daemons Recommended for predictable, repeatable behavior: • Explicitly state resources on container specs • Explicitly configure out of resource behavior on nodes • Use namespace quotas
13 Security Recommendations • Certificates • Lock down worker nodes • Use an image repository with governance & security features • Utilize Pod Security Policies • Use RBAC to drive authorization decisions and enforcement • Consider physical security at edge locations • Storage encryption • Protection from attachment of malicious devices • Avoid use of plain text credentials (access key, token, passwords) • Consider security features when you choose your network solution • Logging and monitoring/metrics can contribute to security
14 Disaster Recovery Redundancy can help reduce outages but failures can still occur DR plan elements: • Backups • Availability of replacements • A planned process • People to carry it out • Training • Documentation of the procedure (runbooks) • Automation can help Backup concerns • etcd • Stateful workload storage • Certificates and keypairs • DNS records • IP/subnet assignments • Config files • Service accounts and creds Photo attribution: US Air Force photo, B-24 in cloud with flak, No. 2 engine smoking
15 Final Thoughts + Roadmap Kubernetes can be applied to edge – but doing so requires some care Join the Kubernetes Edge IoT working group to get involved • https://groups.google.com/forum/#!forum/kubernetes-wg-iot-edge Photo attribution: By Matti Blume [CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0)], from Wikimedia Commons There is opportunity to improve this • Issues with scale • Issues with control plane to worker node connectivity
Thank You
Questions Deck is here: More detailed coverage can be found in this blog post: https://kubernetes.io/blog/2018/08/03/out-of-the-clouds-onto-the-ground-how-to-make-kubernetes-pro duction-grade-anywhere/ Contact me later: Twitter: @cantbewong Kubernetes Slack: steve-wong ​References:

Empfohlen

Why you need a private container image registry SCALE 2019
Why you need a private container image registry SCALE 2019Why you need a private container image registry SCALE 2019
Why you need a private container image registry SCALE 2019Steve Wong
 
OSS Japan 2019 service mesh bridging Kubernetes and legacy
OSS Japan 2019 service mesh bridging Kubernetes and legacyOSS Japan 2019 service mesh bridging Kubernetes and legacy
OSS Japan 2019 service mesh bridging Kubernetes and legacySteve Wong
 
Learn how to use Harbor
Learn how to use HarborLearn how to use Harbor
Learn how to use HarborSteve Wong
 
Kubernetes Disaster Recovery - Los Angeles K8s meetup Dec 10 2019
Kubernetes Disaster Recovery - Los Angeles K8s meetup Dec 10 2019Kubernetes Disaster Recovery - Los Angeles K8s meetup Dec 10 2019
Kubernetes Disaster Recovery - Los Angeles K8s meetup Dec 10 2019Steve Wong
 
Docker Meetup 08 03-2016
Docker Meetup 08 03-2016Docker Meetup 08 03-2016
Docker Meetup 08 03-2016Docker
 
DockerCon EU 2015: The Latest in Docker Engine
DockerCon EU 2015: The Latest in Docker EngineDockerCon EU 2015: The Latest in Docker Engine
DockerCon EU 2015: The Latest in Docker EngineDocker, Inc.
 
Configuration Management and Transforming Legacy Applications in the Enterpri...
Configuration Management and Transforming Legacy Applications in the Enterpri...Configuration Management and Transforming Legacy Applications in the Enterpri...
Configuration Management and Transforming Legacy Applications in the Enterpri...Docker, Inc.
 
DCSF 19 Kubernetes and Container Storage Interface Update
DCSF 19 Kubernetes and Container Storage Interface UpdateDCSF 19 Kubernetes and Container Storage Interface Update
DCSF 19 Kubernetes and Container Storage Interface UpdateDocker, Inc.
 

Empfohlen

Why you need a private container image registry SCALE 2019
Why you need a private container image registry SCALE 2019Why you need a private container image registry SCALE 2019
Why you need a private container image registry SCALE 2019Steve Wong
 
OSS Japan 2019 service mesh bridging Kubernetes and legacy
OSS Japan 2019 service mesh bridging Kubernetes and legacyOSS Japan 2019 service mesh bridging Kubernetes and legacy
OSS Japan 2019 service mesh bridging Kubernetes and legacySteve Wong
 
Learn how to use Harbor
Learn how to use HarborLearn how to use Harbor
Learn how to use HarborSteve Wong
 
Kubernetes Disaster Recovery - Los Angeles K8s meetup Dec 10 2019
Kubernetes Disaster Recovery - Los Angeles K8s meetup Dec 10 2019Kubernetes Disaster Recovery - Los Angeles K8s meetup Dec 10 2019
Kubernetes Disaster Recovery - Los Angeles K8s meetup Dec 10 2019Steve Wong
 
Docker Meetup 08 03-2016
Docker Meetup 08 03-2016Docker Meetup 08 03-2016
Docker Meetup 08 03-2016Docker
 
DockerCon EU 2015: The Latest in Docker Engine
DockerCon EU 2015: The Latest in Docker EngineDockerCon EU 2015: The Latest in Docker Engine
DockerCon EU 2015: The Latest in Docker EngineDocker, Inc.
 
Configuration Management and Transforming Legacy Applications in the Enterpri...
Configuration Management and Transforming Legacy Applications in the Enterpri...Configuration Management and Transforming Legacy Applications in the Enterpri...
Configuration Management and Transforming Legacy Applications in the Enterpri...Docker, Inc.
 
DCSF 19 Kubernetes and Container Storage Interface Update
DCSF 19 Kubernetes and Container Storage Interface UpdateDCSF 19 Kubernetes and Container Storage Interface Update
DCSF 19 Kubernetes and Container Storage Interface UpdateDocker, Inc.
 
Effective Data Pipelines with Docker & Jenkins - Brian Donaldson
Effective Data Pipelines with Docker & Jenkins - Brian DonaldsonEffective Data Pipelines with Docker & Jenkins - Brian Donaldson
Effective Data Pipelines with Docker & Jenkins - Brian DonaldsonDocker, Inc.
 
Docker for any type of workload and any IT Infrastructure
Docker for any type of workload and any IT InfrastructureDocker for any type of workload and any IT Infrastructure
Docker for any type of workload and any IT InfrastructureDocker, Inc.
 
How to be successful running Docker in Production
How to be successful running Docker in ProductionHow to be successful running Docker in Production
How to be successful running Docker in ProductionDocker, Inc.
 
Kubernetes - Sailing a Sea of Containers
Kubernetes - Sailing a Sea of ContainersKubernetes - Sailing a Sea of Containers
Kubernetes - Sailing a Sea of ContainersKel Cecil
 
Production Ready Containers from IBM and Docker
Production Ready Containers from IBM and DockerProduction Ready Containers from IBM and Docker
Production Ready Containers from IBM and DockerDocker, Inc.
 
Net core, mssql, container und kubernetes
Net core, mssql, container und kubernetesNet core, mssql, container und kubernetes
Net core, mssql, container und kubernetesThomas Fricke
 
Continuous delivery of microservices with kubernetes - Quintor 27-2-2017
Continuous delivery of microservices with kubernetes - Quintor 27-2-2017Continuous delivery of microservices with kubernetes - Quintor 27-2-2017
Continuous delivery of microservices with kubernetes - Quintor 27-2-2017Arjen Wassink
 
DCSF19 How Docker Simplifies Kubernetes for the Masses
DCSF19 How Docker Simplifies Kubernetes for the Masses DCSF19 How Docker Simplifies Kubernetes for the Masses
DCSF19 How Docker Simplifies Kubernetes for the Masses Docker, Inc.
 
Compare Docker deployment options in the public cloud
Compare Docker deployment options in the public cloudCompare Docker deployment options in the public cloud
Compare Docker deployment options in the public cloudSreenivas Makam
 
In-Cluster Continuous Testing Framework for Docker Containers
In-Cluster Continuous Testing Framework for Docker ContainersIn-Cluster Continuous Testing Framework for Docker Containers
In-Cluster Continuous Testing Framework for Docker ContainersNeil Gehani
 
CI, CD with Docker, Jenkins and Tutum
CI, CD with Docker, Jenkins and TutumCI, CD with Docker, Jenkins and Tutum
CI, CD with Docker, Jenkins and TutumSreenivas Makam
 
What’s New in Docker - Victor Vieux, Docker
What’s New in Docker - Victor Vieux, DockerWhat’s New in Docker - Victor Vieux, Docker
What’s New in Docker - Victor Vieux, DockerDocker, Inc.
 
Security best practices for kubernetes deployment
Security best practices for kubernetes deploymentSecurity best practices for kubernetes deployment
Security best practices for kubernetes deploymentMichael Cherny
 
Platform as a Service with Kubernetes and Mesos
Platform as a Service with Kubernetes and Mesos Platform as a Service with Kubernetes and Mesos
Platform as a Service with Kubernetes and Mesos Miguel Zuniga
 
containerd the universal container runtime
containerd the universal container runtimecontainerd the universal container runtime
containerd the universal container runtimeDocker, Inc.
 
Docker 101 Checonf 2016
Docker 101 Checonf 2016Docker 101 Checonf 2016
Docker 101 Checonf 2016Patrick Chanezon
 
DCSF19 CMD and Conquer: Containerizing the Monolith
DCSF19 CMD and Conquer: Containerizing the Monolith DCSF19 CMD and Conquer: Containerizing the Monolith
DCSF19 CMD and Conquer: Containerizing the Monolith Docker, Inc.
 
Kubernetes laravel and kubernetes
Kubernetes laravel and kubernetesKubernetes laravel and kubernetes
Kubernetes laravel and kubernetesWilliam Stewart
 
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov Docker, Inc.
 
Introducing LinuxKit
Introducing LinuxKitIntroducing LinuxKit
Introducing LinuxKitDocker, Inc.
 
OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius Schumacher
OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius SchumacherOSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius Schumacher
OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius SchumacherNETWAYS
 
Rapid_Recovery-T75-v2204j.pdf
Rapid_Recovery-T75-v2204j.pdfRapid_Recovery-T75-v2204j.pdf
Rapid_Recovery-T75-v2204j.pdfTony Pearson
 

Weitere ähnliche Inhalte

Was ist angesagt?

Effective Data Pipelines with Docker & Jenkins - Brian Donaldson
Effective Data Pipelines with Docker & Jenkins - Brian DonaldsonEffective Data Pipelines with Docker & Jenkins - Brian Donaldson
Effective Data Pipelines with Docker & Jenkins - Brian DonaldsonDocker, Inc.
 
Docker for any type of workload and any IT Infrastructure
Docker for any type of workload and any IT InfrastructureDocker for any type of workload and any IT Infrastructure
Docker for any type of workload and any IT InfrastructureDocker, Inc.
 
How to be successful running Docker in Production
How to be successful running Docker in ProductionHow to be successful running Docker in Production
How to be successful running Docker in ProductionDocker, Inc.
 
Kubernetes - Sailing a Sea of Containers
Kubernetes - Sailing a Sea of ContainersKubernetes - Sailing a Sea of Containers
Kubernetes - Sailing a Sea of ContainersKel Cecil
 
Production Ready Containers from IBM and Docker
Production Ready Containers from IBM and DockerProduction Ready Containers from IBM and Docker
Production Ready Containers from IBM and DockerDocker, Inc.
 
Net core, mssql, container und kubernetes
Net core, mssql, container und kubernetesNet core, mssql, container und kubernetes
Net core, mssql, container und kubernetesThomas Fricke
 
Continuous delivery of microservices with kubernetes - Quintor 27-2-2017
Continuous delivery of microservices with kubernetes - Quintor 27-2-2017Continuous delivery of microservices with kubernetes - Quintor 27-2-2017
Continuous delivery of microservices with kubernetes - Quintor 27-2-2017Arjen Wassink
 
DCSF19 How Docker Simplifies Kubernetes for the Masses
DCSF19 How Docker Simplifies Kubernetes for the Masses DCSF19 How Docker Simplifies Kubernetes for the Masses
DCSF19 How Docker Simplifies Kubernetes for the Masses Docker, Inc.
 
Compare Docker deployment options in the public cloud
Compare Docker deployment options in the public cloudCompare Docker deployment options in the public cloud
Compare Docker deployment options in the public cloudSreenivas Makam
 
In-Cluster Continuous Testing Framework for Docker Containers
In-Cluster Continuous Testing Framework for Docker ContainersIn-Cluster Continuous Testing Framework for Docker Containers
In-Cluster Continuous Testing Framework for Docker ContainersNeil Gehani
 
CI, CD with Docker, Jenkins and Tutum
CI, CD with Docker, Jenkins and TutumCI, CD with Docker, Jenkins and Tutum
CI, CD with Docker, Jenkins and TutumSreenivas Makam
 
What’s New in Docker - Victor Vieux, Docker
What’s New in Docker - Victor Vieux, DockerWhat’s New in Docker - Victor Vieux, Docker
What’s New in Docker - Victor Vieux, DockerDocker, Inc.
 
Security best practices for kubernetes deployment
Security best practices for kubernetes deploymentSecurity best practices for kubernetes deployment
Security best practices for kubernetes deploymentMichael Cherny
 
Platform as a Service with Kubernetes and Mesos
Platform as a Service with Kubernetes and Mesos Platform as a Service with Kubernetes and Mesos
Platform as a Service with Kubernetes and Mesos Miguel Zuniga
 
containerd the universal container runtime
containerd the universal container runtimecontainerd the universal container runtime
containerd the universal container runtimeDocker, Inc.
 
DCSF19 CMD and Conquer: Containerizing the Monolith
DCSF19 CMD and Conquer: Containerizing the Monolith DCSF19 CMD and Conquer: Containerizing the Monolith
DCSF19 CMD and Conquer: Containerizing the Monolith Docker, Inc.
 
Kubernetes laravel and kubernetes
Kubernetes laravel and kubernetesKubernetes laravel and kubernetes
Kubernetes laravel and kubernetesWilliam Stewart
 
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov Docker, Inc.
 
Introducing LinuxKit
Introducing LinuxKitIntroducing LinuxKit
Introducing LinuxKitDocker, Inc.
 

Was ist angesagt? (20)

Effective Data Pipelines with Docker & Jenkins - Brian Donaldson
Effective Data Pipelines with Docker & Jenkins - Brian DonaldsonEffective Data Pipelines with Docker & Jenkins - Brian Donaldson
Effective Data Pipelines with Docker & Jenkins - Brian Donaldson
 
Docker for any type of workload and any IT Infrastructure
Docker for any type of workload and any IT InfrastructureDocker for any type of workload and any IT Infrastructure
Docker for any type of workload and any IT Infrastructure
 
How to be successful running Docker in Production
How to be successful running Docker in ProductionHow to be successful running Docker in Production
How to be successful running Docker in Production
 
Kubernetes - Sailing a Sea of Containers
Kubernetes - Sailing a Sea of ContainersKubernetes - Sailing a Sea of Containers
Kubernetes - Sailing a Sea of Containers
 
Production Ready Containers from IBM and Docker
Production Ready Containers from IBM and DockerProduction Ready Containers from IBM and Docker
Production Ready Containers from IBM and Docker
 
Net core, mssql, container und kubernetes
Net core, mssql, container und kubernetesNet core, mssql, container und kubernetes
Net core, mssql, container und kubernetes
 
Continuous delivery of microservices with kubernetes - Quintor 27-2-2017
Continuous delivery of microservices with kubernetes - Quintor 27-2-2017Continuous delivery of microservices with kubernetes - Quintor 27-2-2017
Continuous delivery of microservices with kubernetes - Quintor 27-2-2017
 
DCSF19 How Docker Simplifies Kubernetes for the Masses
DCSF19 How Docker Simplifies Kubernetes for the Masses DCSF19 How Docker Simplifies Kubernetes for the Masses
DCSF19 How Docker Simplifies Kubernetes for the Masses
 
Compare Docker deployment options in the public cloud
Compare Docker deployment options in the public cloudCompare Docker deployment options in the public cloud
Compare Docker deployment options in the public cloud
 
In-Cluster Continuous Testing Framework for Docker Containers
In-Cluster Continuous Testing Framework for Docker ContainersIn-Cluster Continuous Testing Framework for Docker Containers
In-Cluster Continuous Testing Framework for Docker Containers
 
CI, CD with Docker, Jenkins and Tutum
CI, CD with Docker, Jenkins and TutumCI, CD with Docker, Jenkins and Tutum
CI, CD with Docker, Jenkins and Tutum
 
What’s New in Docker - Victor Vieux, Docker
What’s New in Docker - Victor Vieux, DockerWhat’s New in Docker - Victor Vieux, Docker
What’s New in Docker - Victor Vieux, Docker
 
Security best practices for kubernetes deployment
Security best practices for kubernetes deploymentSecurity best practices for kubernetes deployment
Security best practices for kubernetes deployment
 
Platform as a Service with Kubernetes and Mesos
Platform as a Service with Kubernetes and Mesos Platform as a Service with Kubernetes and Mesos
Platform as a Service with Kubernetes and Mesos
 
containerd the universal container runtime
containerd the universal container runtimecontainerd the universal container runtime
containerd the universal container runtime
 
Docker 101 Checonf 2016
Docker 101 Checonf 2016Docker 101 Checonf 2016
Docker 101 Checonf 2016
 
DCSF19 CMD and Conquer: Containerizing the Monolith
DCSF19 CMD and Conquer: Containerizing the Monolith DCSF19 CMD and Conquer: Containerizing the Monolith
DCSF19 CMD and Conquer: Containerizing the Monolith
 
Kubernetes laravel and kubernetes
Kubernetes laravel and kubernetesKubernetes laravel and kubernetes
Kubernetes laravel and kubernetes
 
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov
 
Introducing LinuxKit
Introducing LinuxKitIntroducing LinuxKit
Introducing LinuxKit
 

Ähnlich wie Production grade edge computing on Kubernetes OSS EU 2018

OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius Schumacher
OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius SchumacherOSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius Schumacher
OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius SchumacherNETWAYS
 
Rapid_Recovery-T75-v2204j.pdf
Rapid_Recovery-T75-v2204j.pdfRapid_Recovery-T75-v2204j.pdf
Rapid_Recovery-T75-v2204j.pdfTony Pearson
 
Red Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftRed Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftKangaroot
 
The ultimate Kubernetes Deployment Checklist - Infra to Microservices
The ultimate Kubernetes Deployment Checklist - Infra to MicroservicesThe ultimate Kubernetes Deployment Checklist - Infra to Microservices
The ultimate Kubernetes Deployment Checklist - Infra to MicroservicesPrakarsh -
 
Privacy preserving public auditing for regenerating-code-based
Privacy preserving public auditing for regenerating-code-basedPrivacy preserving public auditing for regenerating-code-based
Privacy preserving public auditing for regenerating-code-basedNagamalleswararao Tadikonda
 
From Containerized Application to Secure and Scaling With Kubernetes
From Containerized Application to Secure and Scaling With KubernetesFrom Containerized Application to Secure and Scaling With Kubernetes
From Containerized Application to Secure and Scaling With KubernetesShikha Srivastava
 
DockerCon Europe 2018 Monitoring & Logging Workshop
DockerCon Europe 2018 Monitoring & Logging WorkshopDockerCon Europe 2018 Monitoring & Logging Workshop
DockerCon Europe 2018 Monitoring & Logging WorkshopBrian Christner
 
How to accelerate docker adoption with a simple and powerful user experience
How to accelerate docker adoption with a simple and powerful user experienceHow to accelerate docker adoption with a simple and powerful user experience
How to accelerate docker adoption with a simple and powerful user experienceDocker, Inc.
 
Cloud computing infrastructure
Cloud computing infrastructure Cloud computing infrastructure
Cloud computing infrastructure Dr. Anita Goel
 
Terrascan - Cloud Native Security Tool
Terrascan - Cloud Native Security Tool Terrascan - Cloud Native Security Tool
Terrascan - Cloud Native Security Tool sangam biradar
 
Building Blocks for Hybrid IT
Building Blocks for Hybrid ITBuilding Blocks for Hybrid IT
Building Blocks for Hybrid ITRightScale
 
DockerCon 2016 - Structured Container Delivery
DockerCon 2016 - Structured Container DeliveryDockerCon 2016 - Structured Container Delivery
DockerCon 2016 - Structured Container DeliveryOscar Renalias
 
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...Codit
 
Kubernetes – An open platform for container orchestration
Kubernetes – An open platform for container orchestrationKubernetes – An open platform for container orchestration
Kubernetes – An open platform for container orchestrationinovex GmbH
 
Vietnam Global Azure Bootcamp 2019 - Security on Azure Kubernetes Services wi...
Vietnam Global Azure Bootcamp 2019 - Security on Azure Kubernetes Services wi...Vietnam Global Azure Bootcamp 2019 - Security on Azure Kubernetes Services wi...
Vietnam Global Azure Bootcamp 2019 - Security on Azure Kubernetes Services wi...Duc Lai Trung Minh
 
Kubernetes on the Edge / 在邊緣的K8S
Kubernetes on the Edge / 在邊緣的K8SKubernetes on the Edge / 在邊緣的K8S
Kubernetes on the Edge / 在邊緣的K8SYi-Fu Ciou
 
Build cloud native solution using open source
Build cloud native solution using open source Build cloud native solution using open source
Build cloud native solution using open source Nitesh Jadhav
 

Ähnlich wie Production grade edge computing on Kubernetes OSS EU 2018 (20)

OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius Schumacher
OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius SchumacherOSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius Schumacher
OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius Schumacher
 
Rapid_Recovery-T75-v2204j.pdf
Rapid_Recovery-T75-v2204j.pdfRapid_Recovery-T75-v2204j.pdf
Rapid_Recovery-T75-v2204j.pdf
 
Red Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftRed Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShift
 
The ultimate Kubernetes Deployment Checklist - Infra to Microservices
The ultimate Kubernetes Deployment Checklist - Infra to MicroservicesThe ultimate Kubernetes Deployment Checklist - Infra to Microservices
The ultimate Kubernetes Deployment Checklist - Infra to Microservices
 
Privacy preserving public auditing for regenerating-code-based
Privacy preserving public auditing for regenerating-code-basedPrivacy preserving public auditing for regenerating-code-based
Privacy preserving public auditing for regenerating-code-based
 
From Containerized Application to Secure and Scaling With Kubernetes
From Containerized Application to Secure and Scaling With KubernetesFrom Containerized Application to Secure and Scaling With Kubernetes
From Containerized Application to Secure and Scaling With Kubernetes
 
DockerCon Europe 2018 Monitoring & Logging Workshop
DockerCon Europe 2018 Monitoring & Logging WorkshopDockerCon Europe 2018 Monitoring & Logging Workshop
DockerCon Europe 2018 Monitoring & Logging Workshop
 
How to accelerate docker adoption with a simple and powerful user experience
How to accelerate docker adoption with a simple and powerful user experienceHow to accelerate docker adoption with a simple and powerful user experience
How to accelerate docker adoption with a simple and powerful user experience
 
Univa Presentation at DAC 2020
Univa Presentation at DAC 2020 Univa Presentation at DAC 2020
Univa Presentation at DAC 2020
 
Cloud computing infrastructure
Cloud computing infrastructure Cloud computing infrastructure
Cloud computing infrastructure
 
Terrascan - Cloud Native Security Tool
Terrascan - Cloud Native Security Tool Terrascan - Cloud Native Security Tool
Terrascan - Cloud Native Security Tool
 
Building Blocks for Hybrid IT
Building Blocks for Hybrid ITBuilding Blocks for Hybrid IT
Building Blocks for Hybrid IT
 
DockerCon 2016 - Structured Container Delivery
DockerCon 2016 - Structured Container DeliveryDockerCon 2016 - Structured Container Delivery
DockerCon 2016 - Structured Container Delivery
 
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...
 
Kubernetes – An open platform for container orchestration
Kubernetes – An open platform for container orchestrationKubernetes – An open platform for container orchestration
Kubernetes – An open platform for container orchestration
 
Vietnam Global Azure Bootcamp 2019 - Security on Azure Kubernetes Services wi...
Vietnam Global Azure Bootcamp 2019 - Security on Azure Kubernetes Services wi...Vietnam Global Azure Bootcamp 2019 - Security on Azure Kubernetes Services wi...
Vietnam Global Azure Bootcamp 2019 - Security on Azure Kubernetes Services wi...
 
Kubernetes on the Edge / 在邊緣的K8S
Kubernetes on the Edge / 在邊緣的K8SKubernetes on the Edge / 在邊緣的K8S
Kubernetes on the Edge / 在邊緣的K8S
 
Build cloud native solution using open source
Build cloud native solution using open source Build cloud native solution using open source
Build cloud native solution using open source
 
Designing Scalable Applications
Designing Scalable ApplicationsDesigning Scalable Applications
Designing Scalable Applications
 
Anil Info
Anil InfoAnil Info
Anil Info
 

Mehr von Steve Wong

Kubernetes for IoT and Edge - Instrument Society of America Meeting
Kubernetes for IoT and Edge - Instrument Society of America MeetingKubernetes for IoT and Edge - Instrument Society of America Meeting
Kubernetes for IoT and Edge - Instrument Society of America MeetingSteve Wong
 
KubeCon China June 2019 - Survey of Kubernetes related solutions for IoT and ...
KubeCon China June 2019 - Survey of Kubernetes related solutions for IoT and ...KubeCon China June 2019 - Survey of Kubernetes related solutions for IoT and ...
KubeCon China June 2019 - Survey of Kubernetes related solutions for IoT and ...Steve Wong
 
SCALE 16x on-prem container orchestrator deployment
SCALE 16x on-prem container orchestrator deploymentSCALE 16x on-prem container orchestrator deployment
SCALE 16x on-prem container orchestrator deploymentSteve Wong
 
Introduction to Apache Mesos and DC/OS
Introduction to Apache Mesos and DC/OSIntroduction to Apache Mesos and DC/OS
Introduction to Apache Mesos and DC/OSSteve Wong
 
Open Source Summit NorthAmerica 2017 Stateful Apps in Containers
Open Source Summit NorthAmerica 2017 Stateful Apps in ContainersOpen Source Summit NorthAmerica 2017 Stateful Apps in Containers
Open Source Summit NorthAmerica 2017 Stateful Apps in ContainersSteve Wong
 
Smart Cities and IOT: with opportunity comes risk
Smart Cities and IOT: with opportunity comes riskSmart Cities and IOT: with opportunity comes risk
Smart Cities and IOT: with opportunity comes riskSteve Wong
 
Open Source Storage Summit Tokyo 2016 - Storage for Containers
Open Source Storage Summit Tokyo 2016 - Storage for ContainersOpen Source Storage Summit Tokyo 2016 - Storage for Containers
Open Source Storage Summit Tokyo 2016 - Storage for ContainersSteve Wong
 
Heresey in the church of 12 factors
Heresey in the church of 12 factorsHeresey in the church of 12 factors
Heresey in the church of 12 factorsSteve Wong
 

Mehr von Steve Wong (8)

Kubernetes for IoT and Edge - Instrument Society of America Meeting
Kubernetes for IoT and Edge - Instrument Society of America MeetingKubernetes for IoT and Edge - Instrument Society of America Meeting
Kubernetes for IoT and Edge - Instrument Society of America Meeting
 
KubeCon China June 2019 - Survey of Kubernetes related solutions for IoT and ...
KubeCon China June 2019 - Survey of Kubernetes related solutions for IoT and ...KubeCon China June 2019 - Survey of Kubernetes related solutions for IoT and ...
KubeCon China June 2019 - Survey of Kubernetes related solutions for IoT and ...
 
SCALE 16x on-prem container orchestrator deployment
SCALE 16x on-prem container orchestrator deploymentSCALE 16x on-prem container orchestrator deployment
SCALE 16x on-prem container orchestrator deployment
 
Introduction to Apache Mesos and DC/OS
Introduction to Apache Mesos and DC/OSIntroduction to Apache Mesos and DC/OS
Introduction to Apache Mesos and DC/OS
 
Open Source Summit NorthAmerica 2017 Stateful Apps in Containers
Open Source Summit NorthAmerica 2017 Stateful Apps in ContainersOpen Source Summit NorthAmerica 2017 Stateful Apps in Containers
Open Source Summit NorthAmerica 2017 Stateful Apps in Containers
 
Smart Cities and IOT: with opportunity comes risk
Smart Cities and IOT: with opportunity comes riskSmart Cities and IOT: with opportunity comes risk
Smart Cities and IOT: with opportunity comes risk
 
Open Source Storage Summit Tokyo 2016 - Storage for Containers
Open Source Storage Summit Tokyo 2016 - Storage for ContainersOpen Source Storage Summit Tokyo 2016 - Storage for Containers
Open Source Storage Summit Tokyo 2016 - Storage for Containers
 
Heresey in the church of 12 factors
Heresey in the church of 12 factorsHeresey in the church of 12 factors
Heresey in the church of 12 factors
 

Kürzlich hochgeladen

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Kürzlich hochgeladen (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

Production grade edge computing on Kubernetes OSS EU 2018

  • 1. Production Grade Edge Computing Using Kubernetes Steve Wong @cantbewong Open Source Community Relations Engineer VMware Open Source Summit Europe October 23, 2018
  • 2. 2 Abstract ​Some applications benefit from moving closer to data ingest, or the user. Edge reduces local processing latency, and supports isolated operation. It also has challenges compared to the pooled resources, and single point of management of centralized clouds. You won’t achieve the Google Borg experience at an edge location - nor are you likely to need it. But with planning it is possible to achieve edge deployments that are secure, with predictable performance and “highly available enough” considering constraints on money, physical space, power, etc. Steve will provide specific recommendations related to architecture, networking, storage, patching, logging, disaster recovery, and remote manageability - based on using Kubernetes, and other open source tools and technology. This is a rapidly changing space, and Steve will also touch on some interesting proposals and work underway in the space.
  • 3. Agenda 3 ​Production Grade Kubernetes ​What Does It Mean? ​Critical Components in a Kubernetes Cluster ​Architecture of the control plane ​Impacts of Limited Resources at an Edge location ​Making the best of limited budget and facilities ​Kubernetes Configuration ​Defaults may not be appropriate for edge ​Security ​Considerations for edge ​Disaster Recovery & Backup ​Planning checklist ​Futures
  • 4. 4 What does it mean to be “Production Grade”? When you deploy to edge, you own 100% of this • The installation is secure • The deployment is managed with a repeatable and recorded process • Performance is predictable and consistent • Updates and configuration changes can be safely applied • Logging and monitoring is in place to detect and diagnose failures and resource shortages • Service is “highly available enough” considering available resources, including constraints on money, physical space, power, etc. • A recovery process is available, documented, and tested for use in the event of failures Photo attribution: By Tony Webster from Portland, Oregon, United States (212 days without recordable incident) [CC BY 2.0 (https://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons
  • 5. 5 Kubernetes Cluster Architecture Kubernetes = a distributed system with a control plane and clustered worker nodes 
  • 6. 6 Control Plane Critical components component role effect of loss etcd Maintains state for all Kubernetes objects Loss of storage catastrophic. Loss of quorum = Kubernetes loses control plane. Read only API calls might continue to work. Existing workloads may continue to run. API server Provides API used internally and externally Can’t start, stop, update pods, services, replication controllers. Scheduler and Controller Manager down. Workloads continue if not dependent on API calls (operators, customer controllers, CRDs, etc.) scheduler Places pods on nodes No pod placements, priority, preemption. controller manager Runs many controllers Core control loops that regulate state cease
  • 7. 7 Keeping critical components available Recommendations: • Use redundancy • Hardware • Software • Enable rapid recovery • Backups • DR plans • Training and documentation • Security • Monitoring, Metrics, Logging • Automate operations • Installs • Updates The Risks: • Hardware failures • Software bugs • Bad updates • Human errors • Network outages • Intentional attacks • Overloaded systems resulting in resource exhaustion • Power, Cooling losses • Weather
  • 8. 8 On-premises deployments have finite resources even in public clouds, budget may limit what you choose to consume Dreams & Goals Resources a tricky balance Drawing attribution: By Б.Золзаяа [CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0)], from Wikimedia Commons
  • 9. 9 Kubernetes on a single hardware host Operating on the edge in more ways than one Minimum • Hardware • Dual disks – mirrored • Dual fans • UPS Recommended • Hypervisor • 3 node Kubernetes control plane • Resource governance • Hardware • Dual Power Supplies • ECC memory • 3 disks
  • 10. 10 Kubernetes on dual hardware hosts etcd quorum must be an odd number • No real availability advantage to splitting etcd across 2 nodes - put all etcd instances on one node Shared storage is advantageous for availability of control plane and workloads • External storage may be expensive • Software Defined storage will generally require a witness “2+1”
  • 11. 11 Kubernetes on 3 or more hardware hosts recommendation Put a control plane instance with etcd on each of 3 nodes • Loss of a node reduces capacity but does not bring down Kubernetes, and is recoverable
  • 12. 12 Kubernetes configuration settings Protect the system from resource overloads Throttle things like : • API call rates • Pods per node Reserve for system daemons Recommended for predictable, repeatable behavior: • Explicitly state resources on container specs • Explicitly configure out of resource behavior on nodes • Use namespace quotas
  • 13. 13 Security Recommendations • Certificates • Lock down worker nodes • Use an image repository with governance & security features • Utilize Pod Security Policies • Use RBAC to drive authorization decisions and enforcement • Consider physical security at edge locations • Storage encryption • Protection from attachment of malicious devices • Avoid use of plain text credentials (access key, token, passwords) • Consider security features when you choose your network solution • Logging and monitoring/metrics can contribute to security
  • 14. 14 Disaster Recovery Redundancy can help reduce outages but failures can still occur DR plan elements: • Backups • Availability of replacements • A planned process • People to carry it out • Training • Documentation of the procedure (runbooks) • Automation can help Backup concerns • etcd • Stateful workload storage • Certificates and keypairs • DNS records • IP/subnet assignments • Config files • Service accounts and creds Photo attribution: US Air Force photo, B-24 in cloud with flak, No. 2 engine smoking
  • 15. 15 Final Thoughts + Roadmap Kubernetes can be applied to edge – but doing so requires some care Join the Kubernetes Edge IoT working group to get involved • https://groups.google.com/forum/#!forum/kubernetes-wg-iot-edge Photo attribution: By Matti Blume [CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0)], from Wikimedia Commons There is opportunity to improve this • Issues with scale • Issues with control plane to worker node connectivity
  • 17. Questions Deck is here: More detailed coverage can be found in this blog post: https://kubernetes.io/blog/2018/08/03/out-of-the-clouds-onto-the-ground-how-to-make-kubernetes-pro duction-grade-anywhere/ Contact me later: Twitter: @cantbewong Kubernetes Slack: steve-wong ​References: