Download to read offline
Uploaded byDevOpsDays DFW
Cavemen to Captains - Using Kubernetes to Evolve DevOps Adoption
Our goal at Verizon is to create a shared multi-tenant container platform to: Accelerate our public cloud migration strategy Improve developer velocity Realize cost savings by reducing infrastructure spend Optimize resource utilization Enhance security, monitoring and governance framework that provides visibility from development to production We achieved our goals by embracing open source Kubernetes and extending it to deploy a platform that provides a common set of components that are shared across the entire Verizon Enterprise. The talk will highlight and share our experiences on Deployment Securing helm deployments in a multi-tenant environment Manage Authentication & authorization (RBAC) for multi-tenant platform for large enterprise by leveraging kubectl plugins Logging Support for diverse logging implementations for both brown(legacy) and green field applications Configuration management using Custom Resource Definitions (CRD) Load Balancing Efficiently using Ingress objects to manage cost and to provide end to end automation Security Effectively using tools early on in the development process Establishing container image management, scanning and runtime protection policies
Cavemen to Captains - Using Kubernetes to Evolve DevOps Adoption
- 1. Cavemen to Captains UsingKubernetes to Evolve DevOps Adoption © Verizon 2018, All Rights Reserved. Information contained herein is provided AS IS and subject to change without notice. All trademarks used herein are properties of their respective owners.
- 2. © Verizon 2018,All Rights Reserved. Information contained herein is provided AS IS and subject to change without notice. All trademarks used herein are properties of their respective owners. About Us Ragu Srinivasan Ramesh Podila ● Architects Behind Verizon’s Container Strategy ● Oversaw the Development of a Robust Developer Driven Community Around Container Technologies ● Launched a Developer-centric Shared Multi-tenant Platform for Containers at Verizon ● Inner-Sourcing!
- 3. © Verizon 2018,All Rights Reserved. Information contained herein is provided AS IS and subject to change without notice. All trademarks used herein are properties of their respective owners. Our Goal ● Accelerate Public Cloud Adoption ● Maximize Resource Utilization ● Improve Developer Velocity ● Automation ● Standardization ● Enhance Security, Monitoring & Governance Framework
- 4. © Verizon 2018,All Rights Reserved. Information contained herein is provided AS IS and subject to change without notice. All trademarks used herein are properties of their respective owners. Our Challenges ● Large Enterprise ● Developers Across Continents ● Wide Variance in Developer Skill Set ● Support for Brown and Green Field Applications ● Regulatory Compliance
- 5. © Verizon 2018,All Rights Reserved. Information contained herein is provided AS IS and subject to change without notice. All trademarks used herein are properties of their respective owners. Our Principles Security ● No Compromises ● No Shortcuts ● Predictable Security Posture Development ● Focus on Delivering Business Value ● Consistent Developer Experience Platform Architecture ● Multi-Tenant Platform ● Cloud Agnostic ● Embrace Open Source ● Provide a Comprehensive List of Features
- 6. © Verizon 2018,All Rights Reserved. Information contained herein is provided AS IS and subject to change without notice. All trademarks used herein are properties of their respective owners. Our Solution *Image source: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png
- 7. © Verizon 2018,All Rights Reserved. Information contained herein is provided AS IS and subject to change without notice. All trademarks used herein are properties of their respective owners. How Can K8S Help? Everything as Code ● Declarative Object Configuration ● Code Contracts ● Automation to Fulfill the Contract Extensible Automation ● Kubectl Plugins ● Custom Resource Definitions ● Dynamic Admission Controls
- 8. © Verizon 2018,All Rights Reserved. Information contained herein is provided AS IS and subject to change without notice. All trademarks used herein are properties of their respective owners. AuthN & AuthZ ● Solves for SSO ● Integrates with Existing Corporate LDAP Infrastructure ● Outputs kubeconfig File ● Native Integration with K8S RBAC ● Solves for Access Control in a Multi-tenant Platform ● Same Process for Automated Deployment Kubectl Plugins
- 9. © Verizon 2018,All Rights Reserved. Information contained herein is provided AS IS and subject to change without notice. All trademarks used herein are properties of their respective owners. ● Need for Supporting Multiple Logging Solutions ● Extending Kubernetes APIs using CRDs ● Providing Automation Using CRD Controllers ● 3 Birds - 1 Stone ○ Developer Velocity ○ Automation ○ Operations Log Config Custom Resource Def
- 10. © Verizon 2018,All Rights Reserved. Information contained herein is provided AS IS and subject to change without notice. All trademarks used herein are properties of their respective owners. ● Native K8S Concepts to Automate Ingress L7 Load Balancing ● K8S Services to Provide Service Discovery and Load Balancing ● Using L4 Load Balancing and Ingress Software Load Balancers Help Reduce Cloud LB Spend ● CRDs Can Help Evolve This Much Further Ex: Automating SubDomain Provisioning Ingress & LoadBalancers Custom Resource Def
- 11. © Verizon 2018,All Rights Reserved. Information contained herein is provided AS IS and subject to change without notice. All trademarks used herein are properties of their respective owners. ● Tag All Resources Using Labels ● Enforce a Predefined Set of Labels For ○ Monitoring ○ Compliance ○ Cost Tracking ● Implemented Using Admission Webhooks ● Might Evolve to Become the Most Important Governance Tool Governance Dynamic Adm Control
- 12. © Verizon 2018,All Rights Reserved. Information contained herein is provided AS IS and subject to change without notice. All trademarks used herein are properties of their respective owners. Security ● Tight Integration with Policy Enforcement Tools Right from the First Build ● Consistent Security Posture Across Environments ● RBAC Enforcement at Every Level of Access to the Platform
- 13. © Verizon 2018,All Rights Reserved. Information contained herein is provided AS IS and subject to change without notice. All trademarks used herein are properties of their respective owners. Streamlined Cloud Adoption ● Consistent Cluster Deployments ● Predictable Security Posture ● Efficient Use Of Tools Early On In The Development Lifecycle ● Cloud Agnostic Migration Path ● Intuitive Developer Experience ● Declarative Object Configuration ● Automation
- 14. Thank You © Verizon2018, All Rights Reserved. Information contained herein is provided AS IS and subject to change without notice. All trademarks used herein are properties of their respective owners.