Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

3 - Delen Private Bank: FOSS adventures in a Cloud Native world


Published on

Let's listen to Delen Private Bank's Cloud Native experiences. Besides server automation, new challenges arise with Kubernetes and CI/CD.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

3 - Delen Private Bank: FOSS adventures in a Cloud Native world

  1. 1. 11 FOSS adventures in a cloud-native world
  2. 2. 2 Agenda • Delen Private Bank • History • We felt the need for … server automation • Experiments in cloud-native land • And then the next big thing happens: k8s • Resulting in… lots of challenges again • Gluing & stitching stuff together: CI/CD • Are we there yet?
  3. 3. 3 Who is Delen Private Bank? Independent Belgian asset management firm Our focus: discretionary management and succession planning. Our aim: protect wealth of our clients and achieve sustainable asset growth, over the generations. our 5 core values: sustainable, prudent, personal, family-oriented and efficient. Key Figures 37,7 billion assets under management (2018, Delen Group) 390 staff members 100 relationship managers 11 offices in Belgium Best Digital Private Bank Award in 2017 and 2018
  4. 4. 4 Who am I? DevOps lead @ Delen Private Bank 15+ years in IT Former virtualization consultant
  5. 5. 5 History Main platform MS based VDI Email, file, supporting databases AD Custom apps But important UNIX background Main db Lots of COBOL programs MQ backend system …
  6. 6. 6 We felt the need… UNIX = scripted/bootstrapped Windows/Linux platform: Manual deployments based on VMware templates Manual selection of IPs in DNS Documentation! … We needed something better to deploy and configure our VMs Chef? Puppet? Ansible? SCCM? DSC? Chocolatey? Yum/apt local repo? Server deployment & config? IPAM DHCP for all servers? “IaC”? = Documentation? Git integration Desired State Config
  7. 7. 7 We felt the need… We choose (wisely?): Ansible Internal yum package manager DSC Chocolatey Infoblox for IPAM/DNS registry Custom written deployment tool ‘VITO’ Db containing servers Targets VMware and AHV (Nutanix) Query via dynamic inventory Python Script feeding Ansible Train the whole team to use Ansible and git Perfect! Time to settle down, relax & drink some coffee
  8. 8. 8 Experiments in cloud-native land The world moves fast… very fast! Need faster deployments New projects (fully container based) New developers with new needs Micro services approach Docker time! So… no rest for the wicked. We had to redo our homework! Docker for Windows on our VDI Development environment with containers Started of with some dedicated docker hosts using VSTS/Azure DevOps for build and deployment Management hell! We need something to manage the micro service sprawl Docker Swarm? Mesos? K8s/OpenShift? Very young back then
  9. 9. 9 And then the next big thing happens: k8s Reinvent everything… again! (remember virtualization anyone?) Fast moving target ó Bank We needed a platform to run k8s Rancher: open & free + Kubecontrol support @ Kangaroot Linux/Ansible: deploy k8s host (RancherOS/CoreOS?) Terraform: cluster config settings (nginx, …) We needed a container registry & pipeline to build our images Azure Container Registry (ACR) and Azure DevOps We needed storage integration and provisioning CSI for Nutanix We needed network integration Infoblox / external-dns We needed decent monitoring Prometheus We needed a logging system Elastic
  10. 10. 10 K8s overview
  11. 11. 11 K8s challenges Cloud-native system ó run on-premise Complex system to run / expertise needed to run on-prem Containers ó VMs Same story all over again! Storage & backup/restore Networking: containers can use host egress firewall rules Control ingress & egress traffic Control CPU & memory limits Secrets, certificates & such Vault integration Certificate provisioning for ingress controllers Monitoring Logging
  12. 12. 12 Resulting in… lots of challenges again ‘Overnight’ a lot of new (to be supported) technology! Kafka, Rabbit MQ Zookeeper, Etcd Mongodb, ravendb, postgresql Redis Nginx … Linux containers with all sorts of languages: .net core, python, java, go, … Get some support please! Helm charts DBs still running on VMs Backup challenge Extend PVC? App consistent backups?
  13. 13. 13 Gluing and stitching stuff together: CI/CD Sorry, no Jenkins, not even Jenkins X J Build & release process: Azure DevOps Build & release agents/pools on-prem : ADO agent Linux & Windows hosts do the job Helm chart or deployment.yaml configured during release time Always use build numbers, not :latest! Integrated unit testing
  14. 14. 14 Are we there yet? Build up more operational experience (together with Kangaroot and kubecontrol customers) K8s 1.14: Windows containers (Rancher 2.3 full support) Security RedHat Clair (Rancher 2.3) Aqua/ Twistlock Root-less containers … Helm charts & repos Slowly maturing Helm charts for own Micro Services Limits CPU/Mem/security/…
  15. 15. 15 Are we there yet? Certificate struggle & automation Service Mesh & network automation External-DNS Istio CoreDNS (Default in new k8s clusters, remove kube-dns)
  16. 16. 16 Are we there yet? DRP plan = very important Multi tenant K8s cluster Harbor Gotchas: CSI iSCSI volumes Distributed tracing gVisor/ katacontainers? Best of both worlds? LB with F5 Watch further evolution of tools Improvements & new builds almost daily! Take Terraform to the next level LBNL: bare metal kubernetes
  17. 17. 17 Questions? See you @ KubeCon