Kubernetes (K8s)
Toolbox to fail or succeed for beginners
Demi Ben-Ari @ Panorays

Some important things
● What I’m not: Docker / Kubernetes / Security Expert
● What you won’t be after this talk: Docker / Kubernetes / Security Expert
● What you will be after this talk?
● Happier people (Because I’ve stopped talking)
● You’ll know what was our problem and our way of solution
● You’ll know where to search and learn more things
● The answer to the “What’s the meaning of life?” (42)

About Us
Demi Ben-Ari, Co-Founder & VP R&D @ Panorays
● Google Developer Expert
● Co-Founder of Communities:
○ “Big Things” - Big Data, Data Science, DevOps
○ Google Developer Group Cloud
○ Ofek Alumni Association
In the Past:
● Sr. Data Engineer - Windward
● Team Leader & Sr. Java Software Engineer,
Missile defence and Alert System - “Ofek” – IAF

What do we do at Panorays?

How Do Hackers Get to Third Parties?
Supplier
Employees
IT & Network Application
- Confidential -7p.
52% by the
Human Factor

What makes Panorays different?
360
360⁰ full perimeter overview
Comprehensive outside-in simulated hacker
view and inside-out view.
No false positives
You and suppliers can dispute or validate
findings.
Complete third-party management
Panorays works with suppliers to close cyber
gaps.

- Confidential -
Inside-OutOutside-In
BIG DATA
ACTIONABLE INSIGHTSCONTEXT-BASED RATINGS
Under the Hood

A bit about history

Applications Changing
Loosely
Coupled
Services
Many Small Servers
~2000 Today
Monolithic
Big Servers
Slow
changing
Rapidly
updated

Solution: Docker Containers
Static
Website
Web
Front End
Background
Workers
User DB
Analytics
DB
Queue
API
Endpoint
Any App Anywher
e
Composable Dynamic Portable

Solution: Docker Containers
• Packages up software binaries and dependencies
• Isolates software from each other
• Container is a standard format
• Easily portable across environment
• Allows ecosystem to develop around its standard
Container

Docker Fundamentals

Docker Basics
Docker Image
The basis of a Docker container
Docker Container
The standard unit in which the application service resides
Docker Engine
Creates, ships and runs Docker containers deployable on physical or virtual host
locally, in a datacenter or cloud service provider
Docker Registry
On-premises registry for image storing and collaboration

What’s an Image?
● An image is a collection of files +
some meta data.
(Technically: those files form the root
filesystem of a container.)
● Images are made of layers,
conceptually stacked on top of each
other.
● Each layer can add, change, and
remove files.
● Images can share layers to optimize
disk usage, transfer times, and
memory use.

What is a Container?
● Standardized packaging for software and
dependencies
● Isolate apps from each other
● Share the same OS kernel
● Works for all major Linux distributions
● Containers native to Windows Server 2016

Containers vs. VMs

Like: Object Oriented Programming
● Images are conceptually similar to classes.
● Layers are conceptually similar to inheritance.
● Containers are conceptually similar to instances.

Hypervisor
OS OS
OS
Container Host
OS

Why Services and Microservices
Can work so Well

Monolith’s Weaknesses
● Team members can’t see the whole picture
● Unnecessary interdependencies are inevitable
● Deployments become scary
● Lump-Sum Technical Debt
● Limited Fault Isolation

https://www.coscale.com/hs-fs/hubfs/Blog_Pictures/2016_06/monolithic_vs_microservices.jpg

We’ve created a “Microlith”

Small & Simple things are hard to break
● More Stable
● Easier to Debug / Fix
● Easier to Test

Which size is right?

Which size is right?
● How big is your team?
● What is your application like?
● What are the distinct pieces?
● What dat and / or logic must remain together?
● Can some parts be asynchronous?
● What pieces, when separated, will lower complexity and increase stability?

Weaknesses with Microservices
● DevOps skills are a must
● Orchestration becomes much more complex
● Architecture costs more of you time
● Testing can be more difficult
● Thinking more & build better software is mandatory

Community
Top 0.01% of all
GitHub projects
1,200+ external
projects based on
k8s
Companies
Contributing
Companies
Using
1,000+
unique contributors
15,000+ people
signed up for k8s
meetups

Kubernetes (Openhub)
https://www.openhub.net/p/kubernetes

Kubernetes
● Greek for “Helmsman”; also the root of the
words “governor” and “cybernetic”.
● Manages container clusters
● Inspired and informed by Google’s
experience and an internal system (Borg)
● Supports multiple cloud and bare-metal
environments
● 100% Open source, written in Go
● Manage applications, not Machines

Cattle vs. Pets
CattlePet
• Has a name
• Is unique or rare
• Personal Attention
• If it gets ill, you make it better
• Has a number
• One is much like any other
• Run as a group
• If it gets ill, you make hamburgers

Kubernetes Terminology
● Deployment
● Service
● ReplicaSet
● Pod
● Volume
● Label
● Selector
● ConfigMap
● Secret
● DaemonSet
● Stateful Set
● Job
● Liveness Probe
● Readiness Probe

Why Kubernetes fits Microservices
pattern?

Breaking a Monolith to Microservices

Identify Discrete Datasets
● Data is the centre of any application
● Decoupled data is as important as decoupled code
● Datasets often relate to departments of the business

What’s in it for you?

Containers are not enough - what about?
● Scaling up and down
● Scheduling
● Resiliency
● Redundancy
● Service Discovery
● Rolling out & back
● Access control
● Configs & Secrets

Advance stages of Implementation
● https://github.com/helm/helm
● https://helm.sh/
● https://coreos.com/operators/
● The Operator Framework is an open source
project that provides developer and runtime
Kubernetes tools, enabling you to accelerate the
development of an Operator. The Operator
Framework includes:
https://kubernetes.io/docs/reference/tools/

Resources
Learn More
● Links
○ http://kubernetes.io
○ Kubernetes documentation
○ Kubernetes user guide and troubleshooting guide
○ Kubernetes Github Repository
● Videos:
○ Kubernetes Cluster Federation Sneak Peek: https://www.youtube.com/watch?v=86jZdmAjWns
Ask Questions
● Kubernetes on Stackoverflow: http://stackoverflow.com/questions/tagged/kubernetes
Keep in Touch
● @kubernetesio: https://twitter.com/kubernetesio
● #kubernetes-users on Slack: http://slack.kubernetes.io
● Kubernetes-dev Google Group: https://groups.google.com/forum/#!forum/kubernetes-dev

Conclusions
● If you have a possibility -> Don’t implement distributed systems
● Kubernetes is a great container orchestration tool
● Installing it on bare metal is not that fun - but also possible
● “Perfect” is the enemy of “Working” / “Giving Value”
● It might be a steep learning curve.

Questions

Thank You