From KubeCon / CloudNativeCon 2019 customer stories, case studies, use cases - RECAP. Kubernetes & CNCF project use cases summary presented in Bangalore CNCF Meetup.
A Secure and Reliable Document Management System is Essential.docx
Β
Cloud Native Use Cases from KubeCon 2019
1. 1
Cloud Native Use Cases
From KubeCon 2019 San Diego β A Recap
by Krishna Kumar,
https://www.meetup.com/Bangalore-CNCF-Meetup
2. 2
KubeCon/CloudNativeCon 2019 San Diego
β
The largest CNCF Event Ever!!
β
November 2019 at San Diego, US
β
12000+ Attendees
β
100+ of vendors
β
100+ announcements
β
300+ sessions/presentations
β
CNCF: 20+ projects; 500+
members; 100+ big vendors
β
In 2019 β> 200+ members joined
β Videos & Slides from the event:
https://github.com/cloudyuga/kubecon19-NA#case%20studi
es
https://www.youtube.com/playlist?list=PLj6h78yzYM2ND
s-iu8WU5fMxINxHXlien
Top10 Announcements:
1. Helm 3 is Launched
2. AWS, Intuit and WeaveWorks Collaborate on Argo
Flux
3. Confidential Computing for Kubernetes from
Microsoft
4. Red Hat Launches CodeReady Workspaces 2.0
5. Mirantis Launches Kubernetes as a Service (KaaS)
6. OβReilly Acquires Katacoda
7. Portworx Launches PX-Autopilot
8. Diamanti Announces Spektra Hybrid Cloud Solution
9. Buoyant Announces Dive, a SaaS Control Plane for
Kubernetes
10.Rancher Extends Kubernetes to the Edge
https://www.forbes.com/sites/janakirammsv/2019/11/24/10-most-interesting-ann
ouncements-from-kubecon--cloudnativecon-2019/#38d26962583b
3. 3
Whatwehavetoday.....? β
KubeCon 2019 San Diego Quick Recap of some case studies:
(1) Cruise - Multi tenancy
(2) Slack - DB Migration toVitess
(3) Yahoo - Istio & k8s on Prem
(4) Gusto - Moving a startup to k8s
(5) Reddit - k8s in production
(6) Tinder - Moving to k8s journey
(7) Spotify - Envoy migration
(8) Airbnb - Scaling 1000s of nodes in multicluster
(9) Ebay - Setup Search on k8s
(10) Uber - Kubernetes Migration Journey
(11) Lyft β Large scale stateful workloads in k8s
(12) GrapeUp - Continous deployments to Car
(13) Planet Scale - DB Service on k8s
(14) Sales Force - Enterprise Cloud
(15) Goldman Sachs - k8s Policy & OPA implementation
(16) Fidelity - Finance grade K8s with GitOps
(17) FreddiMac β Istio Journey Brownfield to GreenField
(18) Govt of Ottawa - Moving Legacy to Cloud
(19) Min of Def. Israel - AI in k8s production
(20) Dept of Def. US - Moved to k8s & Istio
4. 4
Cruise β Multi tenancy
β
Building autonomous vehicle
β
Clusters β 12- 26
β
Large Cluser β 1000 nodes β 64 or 32 vCPU each
β
Using Gsuite & GKE. Use tools Daytona, Vault, Krail, Isopod, Juno β proprietary
β
Built a scalable multi tenant system with shared clusters mostly. Downtime & cost both low.
β
Domain isolation β Environmental vs. Organizational. Project based namespaces.
β
Permission isolation β RBAC & Google group; Secrets at application level;
β
System isolation β machine, nodepool, cluster, network
β
Resource isolation β Storage volumes & quotas
β
Network isolation β Shared Tunnels (NAT gateways); Shared observability logs
β
More here: https://www.youtube.com/watch?v=m19D9vZ1QFQ
5. 5
Slack β DB Migration toVitess
β
Migrating datasets to Vitess β Database clustering Mysql with horizontal scaling
β
Storage 7.5+PB; Queries 53+ billion;
β
Small shards vs. Big shards ; Durability through replication
β
Fault tolerance & Isolation β blast radius minimum; isolated topologies
β
Moved from Single Cell to multiplel cell
β
More here: https://www.youtube.com/watch?v=aTItjMJE17c
6. 6
Yahoo β Istio & k8s on Prem
β
990+ apps; 1k+ stateful apps; 18 prod clusters (9 prod & 9 canary); 7 DC; 2900+ nodes; 1.5M+ RPS on Ingress
β
The orange blocks in picture Yahoo built. E,g: Authenz β identity service ; Auth Webhook;
β
Mapped RBAC in Athenz domoain.
β
Soft multi tenancy β isolated namesapces β some dedicated cluster only -
β
Istio β Network transparent to applications β mutual TLS -
β
K8s identity provider for every pod idenity β envoy RBAC β SPIFFE X509 -
β
Proprietary tempalte and template engine β create expanded YAML ist β In CI/CD pipeline
β
Developers are happy & Efficeint deployment mechanism in place.
β
More here: https://www.youtube.com/watch?v=fEaVU1i-fOQ
β
7. 7
Gusto β Moving a startup to k8s
β
Gusto - 100K customers - Payroll management
β
GoSpotcheck β 200K task / day
β
A Heroku PaaS platform in place initially and moved to GKE evntually. AWS to Google cloud β Heroku to k8s
β
20 months total duration β started with 2 guys
β
Containerizing existing apps started with Trail & Error!
β
Use terraform for GKE cluster. Use Docker Hub extensively.
β
Rails, Ambassador, Envoy, GRPC, SuperGloo, Harness for CD, No spinnaker, Login with Sumo from traditional env.
β
Developers are happy - Moved a monolithic in 6 weeks window β very efficient
β
Management happy - Saved from $110K+/month to $40K/month
β
More here: https://www.youtube.com/watch?v=AqMxaxJsJKY
8. 8
Reddit β k8s in production
β
Home for discussion for web
β
330M+ monthly users; 16M+ posts/month
β
30K k8s users/community β r/kubernetes
β
Org wide onboarding process initiated successfully. Empowered service owners to design their own.
β
Moved to AWS Multi AZ from single AZ cluster for reliability and better traffic. Mirrored clusters prevented outage.
β
CDN + LB handle unhealthy clusters. 19 clusters - OPA running in all.
β
Spinnaker + Autogenerated Helm charts + templates based YAML + Terraform β to Sync clusters
β
Dev env: Started with Skaffold + minikube. Now Remote dev clusters & starklark resource generator
β
More here: https://www.youtube.com/watch?v=WTbIBqNcjoQ
9. 9
Tinder β Moving to k8s journey
β
Tinder is a app for Meeting new people
β
Legacy : AWS instances + Puppet + prometheus. 30 source repo with various languages
β
2000 nodes + 18000 cores + 6 Control plane, 30K pods, 130K container
β
750K samples/sec Prometheus + 5TB day og ingetion AWS K8s
β
Terraform + kube-aws + peered VPC + Endpoints ELB
β
1000+ Pods CoreDNS Daemonsets, One Envoy in AZ, Frontend TCP ELB, 2-6 sidecar per pod, Thanos
β
Issues faced: ARP exhuastion, DNS timeouts, unbalanced load, etc.
β
Planning multicluster deployment from CI/CD and also prometheus logs across clusters
β
More here: https://www.youtube.com/watch?v=o3WXPXDuCSU
10. 10
Spotify β Envoy migration
β
Audio streaming platforms β 248M users β 8M+ RPS - 1200 microS - 3B+ playlists
β
GCP β US, Europe, Asia
β
Nginx & haproxy based environment moved to envoy
β
Migration is transparent β shift slowly to Edge β almost zero downrime
β
GCP LB + you need to know the traffic flow well for zero downtime
β
Rate limiting & Auth schems needs to look
β
Achieved automated migration with reliable strategy
β
More here: https://www.youtube.com/watch?v=I_oa8l0j-yM
11. 11
Airbnb β Scaling 1000s of nodes in multicluster
β
Massive k8s adoption from Legacy β not greenfield; 1200 services
β
2.4K nodes at Airbnb now (Alibaba did a 10K nodes cluster)
β
EC2, Chef, Terraform, inhouse Kubegen β Convert airbnb config to k8s config
β
Etcd v3, not using KubeFed now. Kops, kubeadm, helm, Deploy < 10 min.
β
Smartstack servicemesh - Equivalent to various VPC CNIs (AWS, Lyft).
β
Service placement in random cluster; Up to 400 node cluster is usually used.
β
Now --> 22 cluster types; 36 clusters; 7000+ nodes
β
More here: https://www.youtube.com/watch?v=ay7NibpRAYU
12. 12
Ebay β Setup Search on k8s
β
Own search engine called Kasini. 1.4B+ listerners + 300K QPS/day
β
40% Data Center is for search purpose; Web , DB, Hadoop, AI
β
60+ production cluster, 2k+ node clusters β 160K+ pods, 30K+ hosts
β
Selected K8s for speed, scale, flexible, Automate
β
Matrics deployment Operator; Mutating Webhook; Multi cluster support;
β
Performance exploration in comparison with Baremetal β Kernel, CPU turbo boost, Networking ipvlan
β
More here: https://www.youtube.com/watch?v=chGN44Kqpd8
β
13. 13
Uber β Kubernetes Migration Journey
β
Multi region & Multi zone β Baremetal Mesos to k8s movement β needed sidecar kind of pod
β
15M+ trips per day - 65 countries/700 cities - 1K microservices - 10K instances - 100K service containers per cluster -
β
1M+ batch containers - 35+ clusters - 5K+ builds per day - Cluster larger than 5K nodes β Kafka, Elastic, SPIRE
β
Benchmarked: etcd 50K writes & 150K reads / sec & value size > 256 bytes - 40K pods in 8K nodes can in 30 sec.
β
Peleton custom scheduler from Uber as k8s plugin. 1m/1k containers launched per day/sec. Also share for Mesos.
β
Large volume of batch workload; stateless and batch on shared cluster; Distributed deep learning on GPU.
β
More here: https://www.youtube.com/watch?v=91c3iUI2K7M
14. 14
Lyft β Large Scale Stateful Workloads in k8s
β
Flyte β Custom orchestrator for data pipeline, Data science jobs, ETL, Backup, Ride Simulations,
β
Serverless, REST/gRPC, Multi tenant, Run on AWS & Google
β
Flyte worklfow is k8s custom resource, Several other CRDs like Spark;
β
1000s of containers started /min, 10M+ containers / month, High API server load ~90/min,
β
Use Resource Quota, Periodics GC of CRDs, reduce number of etcd writes,
β
Performance β discoverbale task & Node affinity; Cost optimization β QoS, Bube-batch scheduler,
β
Scaling beyond single cluster to meet SLO, Flyteadmin intelligently distributes workloads
β
More here: https://www.youtube.com/watch?v=ECeVQoble0g
15. 15
GrapeUp β Continous deployments to Car
β
Tried, KubeEdge - https://kubeedge.io/en/, k3s - https://k3s.io/ and then modified model.
β
Custom car controller - used digital twin patterns
β
Rsocket (byte stream transport), Custom docker ima ges
β
From Jenkin direct deployment to car using digital twin pattern
β
More here https://www.youtube.com/watch?v=zmuOxFp3CAk
16. 16
Planet Scale β DB Service on k8s
β
Planetscale CNDb β Cloud native database β built on top of Vitess & MySQL.
β
Journey - Inconsitent deployment to containers; stateful workload to stateless world
β
Vitess β a great management system for large one distributed system β mainly SQL β but challenge to configure
β
Wrote a Vitess Operator; etcd use this operator; Lots of autoprovisioning including Grafana plugin.
β
Planetscale cluster CRDs + lots of meta infra built on,
β
Prometheus, Grafana, Using proxy OpenResty instead of Nginx
β
Looking Multi cloud clusters β master in AWS and replica in GCP, BYOD k8s,
β
More here: https://www.youtube.com/watch?v=469NOldFOgw
17. 17
SalesForce β Enterprise Cloud
β
Private DC, BareMetal, Internal PKI with mTLS, OPA, RBAC
β
Each tenant has namesapce, Internal secret management system
β
Container image scanning for forensic
β
Jsonnet in Git, Operator CRD, Spinnaker template, helm charts
β
Kubernetes history visualization tool β Sloop. Its opensouce!
β
TestBed to Canary to production β deployment model
β
More here: https://www.youtube.com/watch?v=M5H4SrUM5BU
18. 18
Goldman Sachs β K8s Policy & OPA implementation
β
12 clusters + Running on VM + 150 namespace per cluster
β
Prometheus, Grafana, Ceph, Rook, CoreDNS, OPA
β
Tenant at namespace level, Group Roles, RBAC, Quotas, NFSShares, Ngnix
β
OPA controls --> Prohibit changes Admission Control & Provisioning with Resources
β
24 rules/namespace, culster state fix 5 min; Weekly maintenanceOffload all decisions to
OPA - any env changes that will be handled.
β
5 min turnaround for global application policy implementation (version controlled)
β
More here: https://www.youtube.com/watch?v=lYHr_UaHsYQ
19. 19
Fidelity β Finance grade K8s with GitOps
β
Hightly Regulated industry β Policy & Security
β
FIDEKS β Custom Augmented k8s platform, Helm, Flux CD deply workload,
β
Rollout of updates using GitOps β standard workflow with git repo.
β
AWS, EKSManager, EKSctl, EKS Connect,
β
Flux Helm operator, AD group, Jenkin, Cucumber,
β
More here: https://www.youtube.com/watch?v=9xIG4lze7Uo
20. 20
Freddie Mac β Istio Journey Brownfield to Greenfield
β
Istio Journey
β
β’
600+ Application, Legacy apps, CI/CD pipelines, GitOps
β’
VMWare, Jave, SQL, NoSQL, HW loadbalancer initially
β’
Service side car mix and match, PKI, HA Autoscaling, traffic flow control
β’
Istio β zero trust, DNS aware, m-TLS, Security as code, Cloud LBs,
β’
Centralized compliance, Locality aware multi AZ k8s, Istio based not HWLB
β’
Not ORG CA but intermediate CA and put in FIPS compliant HW not in memory
β’
More here: https://www.youtube.com/watch?v=Rako7zKXquU
21. 21
Govt of Ottawa β Moving Legacy to Cloud
β
Support federal government workers, their concerns, etc.
β
Need to Migrate old linux servers - 17K+ employees - 120+ business lines - 400+ apps (Java, .NET, perl)
β
GitOps + FluxCD + Smart templates - Azure App servuce and VMs are still in use
β
Looking forwad β Corporate container security standards; cloud governance; Automation tooling
β
More here: https://www.youtube.com/watch?v=oBuOf-IvHWQ
22. 22
MoD Israel β AI in k8s production
β
Self Service Cloud experience for data scientists
β
Multi tenancy with Openshift + AutoML setup + Ceph, PostgreSQL, JupyterHub, RabitMQ
β
Working with several ML communities
β
Open Data Hub β Reference Architecture for ML Service β Deploy several components using
the Open data Hub operator
β
CI/CD with production for AI workloads achieved
β
More here: https://www.youtube.com/watch?v=LnXlZN8J6w0
23. 23
DoD US β Moved to k8s & Istio
β
Lots of silos in DoD.
β
DoD DevSecOps is open source now, Centralized artifactory repo, zero trust security,
β
Knative, OPA, EFK,
β
STIG Complaince & OpenSCAP, Twistlock, Anchore,
β
K8s is adopted in figher planes and running smooth!!!
β
More here: https://www.youtube.com/watch?v=YjZ4AZ7hRM0
24. 24
If you are looking for Latest Open source News Weekly,
Click here:
https://github.com/krishna-mk/Top-10-OpenSource-News-Weekly