Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Kubernetes 1.12 Update and Container Security with Liz Rice


Published on

The latest Kubernetes and Cloud Native Meetup took place in Montreal on October 4th, 2018. Ayrat Khayretdinov introduced the latest highlights from the Cloud Native landscape and Liz Rice discussed various ways that DevOps engineers can implement security into their applications.

Published in: Technology
  • Be the first to comment

Kubernetes 1.12 Update and Container Security with Liz Rice

  1. 1. Kubernetes and Cloud Native Meetup in Montréal Bienvenue ! Welcome!
  2. 2. Merci à nos commanditaires !
  3. 3. Joignez-vous au Slack K8s Canada
  4. 4. Get Involved! ● We need your support! ○ Montréal, Toronto, Ottawa, Québec, Kitchener-Waterloo ● Submit a talk ● Sponsor! Reach us on ● Help plan an event
  5. 5. Montreal Pop-up K8s Meetup 2018 ● CNCF and K8s 1.12 Update with Archy Khayretdinov ● Securing Your Container Deployment with Liz Rice Agenda
  6. 6. Page 6 1st Speaker Archy CNCF Ambassador
  7. 7. Announcements
  8. 8. @cloudops_ Announcements
  9. 9. @cloudops_
  10. 10. Kubernetes Certified Service Provider A pre-qualified tier of vetted service providers who have deep experience helping enterprises successfully adopt Kubernetes through support, consulting, professional services and/or training. Benefits ● Placement at the top of ● Monthly private meetings with cloud native project leaders, TOC members, and representatives from the Governing Board ● Access to leads from the for end users looking for support Requirements ● Three or more certified engineers ● Demonstrable activity in the Kubernetes community including active contribution ● Business model to support enterprise end users
  11. 11. Ateliers pratiques agnostiques en septembre Montréal, Québec, Toronto, Ottawa et en ligne Approfondissez vos connaissances de conteneurs, microservices et leurs écosystèmes. ● Docker et Kubernetes (3 jours) ● Kubernetes sur Google Cloud (2 jours) ● Kubernetes sur Azure (2 jours) ● Kubernetes sur AWS (2 jours)
  12. 12. CNCF Update
  13. 13. @cloudops_ Keynotes - CNCF Project Update
  14. 14. Cloud Native Computing Foundation15
  15. 15. Rook: Sandbox -> Incubation CN Orchestrator for distributed storage systems
  16. 16. ● v0.7 released Feb 21, v0.8 released July 18 ○ 545 commits total ● Instituted formalized project governance policies, added a new maintainer ● Rook Framework for Storage Providers ○ Makes Rook a general cloud-native storage orchestrator ○ Supports multiple new storage solutions with reusable specs, logic, policies ○ CockroachDB and Minio orchestration released in v0.8 ○ NFS, Cassandra, Nexenta, Alluxio ongoing ● Ceph support graduated to Beta maturity ● Automatic horizontal scaling by the Ceph operator ● Improved security model and support for OpenShift ● Numerous other features and improvements Progress Since Sandbox Entry 17
  17. 17. Adopters: Production Usage 18 There are additional adopters of Rook, especially those with on-premise deployments, that are not ready to share the details of their usage publicly at this time.
  18. 18. Centre of Excellence in Next Generation Networks 19 ● 20 bare-metal nodes providing 100TB, with more being added ● Heterogeneous mix of nodes with high disk density as well as compute-focused nodes ● Several databases, web applications, and a self-hosted file sharing solution “Rook is giving us a big head start in deploying cloud-native Ceph...having an operator that can help deploy and manage Ceph in a cloud-native environment is an ideal us the ability to leverage both the storage and the extra compute capabilities of the storage-dense nodes” Raymond Maika, Cloud Infrastructure Engineer at CENGN
  19. 19. Cloud Native Computing Foundation20
  20. 20. Cortex Horizontally Scalable, Multi-tenant Prometheus
  21. 21. What is Cortex? Horizontally Scalable, Multi-tenant Prometheus ● SaaS monitoring system, compatible with Prometheus ○ On-Demand “Prometheus instances” ○ Provides complete Prometheus monitoring system that is API and PromQL compatible ● HA, Horizontally scalable, Long-term storage ● Multitenant ○ One cohesive system, not pod-per-client ○ Tenancy encoded throughout the architecture and into the data storage layer ● Cortex is Cloud Native ○ Microservices-oriented architecture ○ DHT-based ingestion tier and stateless query tier ○ Deployed with Kubernetes; delegates orchestration of components to K8s ○ Backed by NOSQL storage - DynamoDB, Bigtable, Cassandra
  22. 22. Adopters End Users ~1 million samples/s ~60 million timeseries
  23. 23. Alternatives ● Prometheus + InfluxDB ○ From InfluxData ● Prometheus + Thanos ○ From Improbable ○ Long-term storage, global query view ● Timbala ○ By Matt Bostock ○ Replication, global query view ● M3DB ○ From Uber ○ Automatic scaling
  24. 24. Cloud Native Buildpacks
  25. 25. © 2018 Cloud Native Computing Foundation26 Buildpacks An opinionated solution for building apps from source code, primarily used on Heroku and Cloud Foundry (by Pivotal, IBM, SAP, SUSE, GE, 18F & others). Also available on Gitlab, Knative, Deis, Dokku, and Drie. Values • Designed for App Developers • Source Centric • App Aware • Composable • Operator-friendly What it can do • Produce OCI images that can be managed by Helm, stored in Harbor, and deployed to Kubernetes
  26. 26. TiKV An Open-Source Distributed Transactional Key-Value Store
  27. 27. An open-source distributed transactional key-value database ● Scheduling and Auto-Balancing ● Multi-Raft ● Dynamic Range-based Partition ○ Split / Merge / Leader transfer (how we resolve hot spots) ● ACID Transaction ○ 2-Phase Commit with Optimistic Lock ● Written in Rust (No GC stoptime / No runtime cost) ● Inspired by Google Spanner and compliment Vitess TiKV
  28. 28. Comparison Cassandra MongoDB TiKV Auto-scaling Y Optional Y ACID transaction N Maybe? Y Strong consistency replication Optional N Y Geo-based replication N N Y Self-healing N N Y SQL Compatibility Partial (CQL) N Complete (with TiDB)
  29. 29. Who’s Using TiKV? 200+ Companies
  30. 30. K8s 1.12
  31. 31. Page ● The third release in 2018!!! ● Release link: Kubernetes 1.12
  32. 32. Page ● Graduation of existing features ● Kubelet TLS Bootstrap (Stable) ● Kubelet certificate rotation (Beta) ● Network Policy Egress| IPblock (Stable) ● VPA and HPA with Arbitrary/Custom Metrics (Beta) ● Encryption at rest via KMS (Vault, GCP, Azure, AWS) ● Volume Topology aware dynamic provisioning (Beta) ● New Features ● Volume Snapshots Functionality (Alpha) ● Support multiple runtimes via RuntimeClass (Alpha) Kubernetes 1.12 (Major Themes)
  33. 33. Cloud Providers
  34. 34. Page ● Support for Azure Virtual Machine Scale Sets (VMSS) ● Cluster autoscaler support (Stable) ● Azure availability zone support (alpha) Kubernetes 1.12 (Azure)
  35. 35. Page Google
  36. 36. KubeCons 2018
  37. 37. Cloud Native Computing Foundation38 2018-19 KubeCon + CloudNativeCon • China – Shanghai: November 14-15, 2018 – General session CFP closed! – Intro and Deep Dive Sessions CFP • North America – Seattle: December 11 - 13, 2018 – CFP open until August 12, 2018 – Intro and Deep Dive Sessions CFP • Europe – Barcelona: May 21 - 23, 2019
  38. 38. @cloudops_ Announcing Speaker
  39. 39. Page Welcome Today’s Speaker
  40. 40. Page41 Welcome Today’s Speaker Liz Rice Technology Evangelist Program co-chair of the KubeCon & CloudNativeCon
  41. 41. Page Welcome Today’s Speake