Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Delivering-Off-The-Shelf Software with Kubernetes- November 12, 2020

Slides from the Northeast Fall Webinar Series on November 12, 2020. Presented by Bon Sethi & Dodd Pfeffer, VMware

  • Be the first to comment

Delivering-Off-The-Shelf Software with Kubernetes- November 12, 2020

  1. 1. Confidential │ ©2020 VMware, Inc. Modern “off-the-shelf” software supply chain Dodd Pfeffer Solutions Engineer Bon Sethi Solutions Engineer
  2. 2. Confidential │ ©2020 VMware, Inc. 2 ● Containerized Applications ● The Shelf in Off-the-shelf ● Application Provisioning Primer ● Enterprise Container Registry ● Populating your Registry ● Cluster LCM for Purpose built Kubernetes Runtimes ● Mananaging all these clusters ● Application and cluster Observability ● Wrap-up Agenda
  3. 3. Confidential │ ©2020 VMware, Inc. 3 Containers are the Future Container use is skyrocketing and is projected to grow at 64% CAGR through 2022. By 2022, organizations will deploy containers primarily in the data center. Source: Worldwide Container Infrastructure Software Forecast, 2018–2022, IDC, Dec 2018 77%64%
  5. 5. Confidential │ ©2019 VMware, Inc. 5 Open Source Popularity 313K+ OSS components 100M+ repositories downloaded on average last year by enterprises* hosted on GitHub, with over 40M contributors** *Sonatype Software Supply Chain 2019 Report **
  6. 6. Confidential │ ©2019 VMware, Inc. 6 Production-ready containers for popular open source software Tanzu Application Catalog Golden Image Support Proof of Provenance Proof of Testing Use Tanzu Application Catalog and deploy open source with confidence: Align Developers and IT around velocity, stability, and security
  7. 7. Confidential │ ©2020 VMware, Inc. 7 Ubiquitous runtime built on open source technologies and deployed across clouds Tanzu Kubernetes Grid Tanzu Kubernetes Grid Simplified installation Automated multi-cluster ops Integrated platform services
  8. 8. 8Confidential │ ©2019 VMware, Inc. Helm
  9. 9. 9 Overview Helm is the first application package manager running on top of Kubernetes. It allows describing the application structure through convenient helm-charts and managing it with simple commands.
  10. 10. 10 Why Helm Deployment using kubectl Deployment using Helm
  11. 11. 11 Why use Helm ● Quick app portability ● Better testing ● Easy dev onboarding ● Rollbacks are easy Deploy crazy microservices architectures
  12. 12. 12 Helm Charts What is a Chart? A chart is a set of information necessary to create a Kubernetes application, given a Kubernetes cluster: ● A chart is a collection of files organized in a specific directory structure ● The configuration information related to a chart is managed in the configuration ● Finally, a running instance of a chart with a specific config is called a release Helm manages Kubernetes resource packages through Charts.
  13. 13. 13Confidential │ ©2019 VMware, Inc. Carvel
  14. 14. Confidential │ ©2020 VMware, Inc. 14 Packaging and Deployment on Kubernetes Carvel Tools Author Configuration Package and Distribute Customize Configuration Deploy to Cluster ytt kbld + imgpkg ytt kapp
  15. 15. 15Confidential │ ©2019 VMware, Inc. Operators
  16. 16. What Is A Kubernetes Operator? Custom Resource Definition (CRD) Custom Controller Kubernetes Operator Custom Resource Definition = Definition of New Object Managed Thru Kubernetes API Custom Controller = Manages the Lifecycle of Custom Resource defined by the CRD Operator Pattern
  17. 17. Custom Resource Detail • Resource is an endpoint in the Kubernetes API that stores a collection of API Objects of a certain kind • Example: /api/v1/namespaces/{namespace}/pods • Custom Resource is an extension of the Kubernetes API that is not necessarily available in a default Kubernetes installation. • Example: /apis/*/myobjects/ • Custom Controller inspects state declared through Custom Resource and tries to keep Current State in Sync • Provides Top Level Support through kubectl. Kubectl get my-custom-object object-name Extend Set of Objects Kubernetes can manage kubectl apply –f myobject.yaml Supervisor Cluster Master myobject1 API Master myobject Custom Resource Definition myobject Operator Namespace Object Controller User NamespaceObject Custom Resources myobject2 myobject3 • Watches etcd through API Master • Detects change in Desired State • Handles CRUD operations on custom objects • Provides API endpoint for Custom Object • Defines things like Roles, Rolebindings, Service Account, Config Maps, Secrets kubectl apply –f customresourcedefinition.yaml kubectl apply –f service-account.yaml Kubectl apply –f config-map.yaml Kubectl apply –f rolebindings.yaml Kubectl apply –f Object-controller.yaml Define the Custom Object Create Instance of Object • Instances of the object deployed here Custom Resource Definition
  18. 18. 18 Tanzu Kubernetes Cluster Tanzu Cluster Controller Cluster API Controllers Pod Pod Tanzu Kubernetes Grid Cluster API Provider VM Operator Pod Pod Tanzu Kubernetes Cluster Resource Cluster Resource Machine Resources VirtualMachine ResourcesNode VM Node VM Node VM AuthCNICSI vCenter UI Integration UI Integration UI Integration Supervisor Cluster ESXi ESXi ESXi ESXi …… Custom Resources Developer Self Service Tanzu Kubernetes Grid Give me a cluster: 3 Nodes Kubernetes 1.16 Machine Class: Guarantee-Small Networking: Calico Ctrl VM Ctrl VM Ctrl VM
  19. 19. 19Confidential │ ©2019 VMware, Inc. Where to images? Enterprise Container Registry - Harbor
  20. 20. Project Harbor An open source enterprise-class registry server. Initiated by VMware China, adopted by users worldwide. Integrated into Tanzu Kubernetes Grid. Apache 2 license. #CNA1632GU CONFIDENTIAL 20
  21. 21. Key Features User management & access control • RBAC: admin, developer, guest • AD/LDAP integration Policy based image replication Notary Vulnerability Scanning Web UI Audit and logs Restful API for integration Lightweight and easy deployment #CNA1632GU CONFIDENTIAL 21
  22. 22. Shipping Images in Binary Format for Consistency #CNA1632GU CONFIDENTIAL 22 Dev Registry CI Git Test Registry images images images Staging Registry images images Production Registry images Images are synchronized between environments by using Harbor registry.
  23. 23. 23Confidential │ ©2019 VMware, Inc. Thank You