Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Kube Your Enthusiasm

94 views

Published on

Presented by Paul Czarkowski at the Fedex Cloud-Native Conference in Pittsburgh on July 12th, 2019.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Kube Your Enthusiasm

  1. 1. © Copyright 2018 Pivotal Software, Inc. All rights Reserved. Paul Czarkowski pczarkowski@pivotal.io Twitter: @pczarkowski Kube Your Enthusiasm
  2. 2. © Copyright 2018 Pivotal Software, Inc. All rights Reserved. Paul Czarkowski pczarkowski@pivotal.io Twitter: @pczarkowski Kube Your Enthusiasm
  3. 3. Cover w/ Image Topics ■ Platforms ■ Containers ■ Kubernetes ■ Helm ■ Spinnaker ■ Operators ■ Pivotal Container Service ■ Cloud Native Operations
  4. 4. Platforms
  5. 5. What is a platform ? https://en.wikipedia.org/wiki/Computing_platform
  6. 6. Software runs on a platform
  7. 7. Platforms abstract complexity
  8. 8. Different platforms abstract differently
  9. 9. Hardware IaaS CaaS PaaS FaaS HPE, Dell, IBM, Lenovo AWS, Microsoft Azure, GCP, VMware PKS, GKE, OpenShift, AWS Fargate, Kubernetes PCF, Azure App Service, Heroku AWS Lambda, Azure Functions, OpenWhisk, kubeless, PFS
  10. 10. A modern software platform provides API driven compute resources.
  11. 11. API Users Storage Compute NetworkDatabase AccessArtifacts Creative Commons [1] Jon Trillana [2] Simon Child 1 2
  12. 12. API Users Systems Admin Network Engineer SecurityDBA QA Storage Admin
  13. 13. Traditional Ticket Based Human Toil IaaS Hardware Platform PXE boot ? 15 More Control Less Control Less Efficiency More Efficiency
  14. 14. Traditional Ticket Based Human Toil Build App Artifact Container Runtime Container Hosts Infrastructure Platform Infrastructure As Code IaaS API Config Management IaaS Hardware Platform PXE boot ? 16 More Control Less Control Less Efficiency More Efficiency
  15. 15. Traditional Ticket Based Human Toil Build App Artifact App → to the Platform Container Runtime Container Hosts PaaS Application Platform Infrastructure Platform Application Platform Infrastructure As Code IaaS API CF APIConfig Management IaaS Hardware Platform PXE boot ? 17 More Control Less Control Less Efficiency More Efficiency
  16. 16. Traditional Ticket Based Human Toil Build App Artifact Build App Container(s) App → to the Platform Container Runtime Container Hosts CaaS Container Orchestrator PaaS Application Platform Infrastructure Platform Container Platform Application Platform Infrastructure As Code More Control Less Control Less Efficiency More Efficiency IaaS API CF API K8s API Config Management Deployment Manifest IaaS Hardware Platform PXE boot ? 18
  17. 17. Traditional Ticket Based Human Toil Build App Artifact Build App Container(s) App → to the Platform Container Runtime Container Hosts CaaS Container Orchestrator PaaS Application Platform Infrastructure Platform Container Platform Application Platform Infrastructure As Code More Control Less Control Less Efficiency More Efficiency IaaS API CF API K8s API Config Management Deployment Manifest IaaS Hardware Platform PXE boot ? 19 ????? PaaS Application Platform Function Platform ??? API
  18. 18. Traditional Ticket Based Human Toil Build App Artifact Build App Container(s) App → to the Platform Container Runtime Container Hosts CaaS Container Orchestrator PaaS Application Platform Infrastructure Platform Container Platform Application Platform Infrastructure As Code More Control Less Control Less Efficiency More Efficiency IaaS API CF API K8s API Config Management Deployment Manifest IaaS Hardware Platform PXE boot ? 20 ????? PaaS Application Platform Function Platform ??? API
  19. 19. Traditional Ticket Based Human Toil Build App Artifact Build App Container(s) App → to the Platform Container Runtime Container Hosts CaaS Container Orchestrator PaaS Application Platform VMware aws/gce/azure Pivotal Container Service Pivotal App Service Infrastructure As Code Pivotal Cloud Foundry 2.0 More Control Less Control Less Efficiency More Efficiency IaaS API CF API K8s API Config Management Deployment Manifest IaaS Dell Or whatever PXE boot ? 21 ????? PaaS Application Platform Pivotal Function Service ??? API
  20. 20. Build App Container(s) CaaS Container Orchestrator Pivotal Container Service Pivotal Cloud Foundry 2.0 More Control Less Control Less Efficiency More Efficiency K8s API Deployment Manifest 22
  21. 21. APP APP APP APP Gitlab Concourse Spinnaker
  22. 22. Containers
  23. 23. Saurabh Gupta. "Containers and Pivotal Cloud Foundry" 2016.
  24. 24. FROM maven:3.6-jdk-11-slim as BUILD COPY . /src WORKDIR /src RUN mvn install -DskipTests FROM openjdk:11.0.1-jre-slim-stretch EXPOSE 8080 WORKDIR /app ARG JAR=hello-0.0.1-SNAPSHOT.jar COPY --from=BUILD /src/target/$JAR /app.jar ENTRYPOINT ["java","-jar","/app.jar"]
  25. 25. $ docker build -t paulczar/hello . $ docker push paulczar/hello $ docker pull paulczar/hello $ docker run -d -p 8080:8080 paulczar/hello
  26. 26. Kubernetes
  27. 27. Hardware IaaS CaaS PaaS FaaS Strategic goal: Push as many workloads as technically feasible to the top of the platform hierarchy Higher flexibility and less enforcement of standards Lower development complexity and higher operational efficiency
  28. 28. Vs
  29. 29. Vs
  30. 30. Worker Master API Server Users Control Plane Data Plane etcd Cloud Ctrl Manager Kubelet kube-proxy docker Scheduler Controller Manager
  31. 31. Master Master Master API Server Users Control Plane Data Plane etcd Cloud Ctrl Manager Worker Kubelet kube-proxy docker Scheduler Controller Manager Worker Kubelet kube-proxy docker Worker Kubelet kube-proxy docker Flannel Flannel Flannel
  32. 32. Controllers
  33. 33. Desired State Actual State
  34. 34. Unix Philosophy: Do one thing. Do it well.
  35. 35. $ kubectl
  36. 36. Imperative $ kubectl run hello --image=paulczar/go-hello-world $ kubectl scale hello --replicas=3 $ kubectl create service clusterip hello --tcp=80:80
  37. 37. Declarative $ kubectl apply -f hello-world.yaml
  38. 38. Declarative Vs Imperative
  39. 39. manifests
  40. 40. Imperative apiVersion: v1 kind: Pod metadata: name: hello spec: containers: - image: paulczar/go-hello-world imagePullPolicy: Always name: hello
  41. 41. Resources
  42. 42. ● Pods ● Services ● Volumes
  43. 43. POD
  44. 44. one or more containers that share a network and storage
  45. 45. the minimum scalable unit of your application
  46. 46. MASTER Node 1 Node 2 Node 3 Node 4 hello kubelet kubelet kubelet kubelet Scheduler Pod Name: hello Image: hello1
  47. 47. MASTER Node 1 Node 2 Node 3 Node 4 hello kubelet kubelet kubelet kubelet Scheduler hello Pod Name: hello Image: hello1
  48. 48. MASTER Node 1 Node 2 Node 3 Node 4 hello kubelet kubelet kubelet kubelet Scheduler Pod Name: hello Image: hello1
  49. 49. Replica Set
  50. 50. MASTER Node 1 Node 2 Node 3 Node 4 hello-a kubelet kubelet kubelet kubelet Scheduler Controller Manager Replica Set Name: hello Image: hello1 Size: 3 hello-ghello-s Pod Name: hello-a Image: hello1 Pod Name: hello-b Image: hello1 Pod Name: hello-c Image: hello1
  51. 51. MASTER Node 1 Node 2 Node 3 Node 4 hello-a kubelet kubelet kubelet kubelet Scheduler Controller Manager Replica Set Name: hello Image: hello1 Size: 3 hello-ghello-s hello-d Pod Name: hello-a Image: hello1 Pod Name: hello-b Image: hello1 Pod Name: hello-d Image: hello1
  52. 52. MASTER Node 1 Node 2 Node 3 Node 4 hello-a kubelet kubelet kubelet kubelet Scheduler Controller Manager Replica Set Name: hello Image: hello1 Size: 5 hello-ghello-s hello-d hello-t hello-z Pod Name: hello-a Image: hello1 Pod Name: hello-a Image: hello1 Pod Name: hello-a Image: hello1 Pod Name: hello-a Image: hello1 Pod Name: hello-a Image: hello1
  53. 53. MASTER Node 1 Node 2 Node 3 Node 4 kubelet kubelet kubelet kubelet Scheduler Controller Manager Replica Set Name: hello Image: hello1 Size: 0
  54. 54. Deployment
  55. 55. MASTER Node 1 Node 2 Node 3 Node 4 hello-A-c kubelet kubelet kubelet kubelet Scheduler Controller Manager Deployment Name: hello Image: hello1 Size: 3 hello-A-ghello-A-s Replica Set Name: hello-A Image: hello1 Size: 3
  56. 56. MASTER Node 1 Node 2 Node 3 Node 4 hello-A-c kubelet kubelet kubelet kubelet Scheduler Controller Manager Deployment Name: hello Image: hello2 Size: 3 hello-A-ghello-A-s Replica Set Name: hello-A Image: hello1 Size: 3 Replica Set Name: hello-B Image: hello2 Size: 3 hello-B-g hello-B-r hello-B-c
  57. 57. MASTER Node 1 Node 2 Node 3 Node 4 kubelet kubelet kubelet kubelet Scheduler Controller Manager Deployment Name: hello Image: hello2 Size: 3 Replica Set Name: hello-A Image: hello1 Size: 0 Replica Set Name: hello-B Image: hello2 Size: 3 hello-B-g hello-B-r hello-B-c
  58. 58. StatefulSet
  59. 59. MASTER Node 1 Node 2 Node 3 Node 4 hello-1 kubelet kubelet kubelet kubelet Scheduler Controller Manager StatefulSet Name: db Image: hello1 Size: 3 Pod Name: hello-1 Image: hello1
  60. 60. MASTER Node 1 Node 2 Node 3 Node 4 hello-1 kubelet kubelet kubelet kubelet Scheduler Controller Manager StatefulSet Name: hello Image: hello1 Size: 3 hello-2 Pod Name: hello-1 Image: hello1 Pod Name: hello-2 Image: hello1
  61. 61. MASTER Node 1 Node 2 Node 3 Node 4 hello-1 kubelet kubelet kubelet kubelet Scheduler Controller Manager StatefulSet Name: hello Image: hello1 Size: 3 hello-3hello-2 Pod Name: hello-1 Image: hello1 Pod Name: hello-2 Image: hello1 Pod Name: hello-3 Image: hello1
  62. 62. MASTER Node 1 Node 2 Node 3 Node 4 db-1 kubelet kubelet kubelet kubelet Scheduler Controller Manager StatefulSet Name: db Image: cassandra Size: 3 db-3db-2 Pod Name: hello-a Image: Pod Name: hello-b Image: Pod Name: db-1 Image: ... vol vol vol Pod Name: hello-a Image: Pod Name: hello-b Image: PVC Name: db-1 Image: ...
  63. 63. $ kubectl
  64. 64. $ kubectl run hello --image=paulczar/hello -- port=8080
  65. 65. ● kubectl run created a deployment “deployments.apps/hello” NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE deployment.apps/hello 1 1 1 1 1m ● The deployment created a replicaset “replicaset.apps/hello-64f6bf9dd4” NAME DESIRED CURRENT READY AGE replicaset.apps/hello-64f6bf9dd4 1 1 1 1m ● Which created a pod “pod/hello-64f6bf9dd4-tq5dq” NAME READY STATUS RESTARTS AGE pod/hello-64f6bf9dd4-tq5dq 1/1 Running 0 2s
  66. 66. $ kubectl scale --replicas=3 deployment/hello
  67. 67. $ kubectl scale --replicas=3 deployment/hello deployment.extensions/hello scaled $ kubectl get all NAME READY STATUS RESTARTS AGE pod/hello-64f6bf9dd4-2bndq 1/1 Running 0 15m pod/hello-64f6bf9dd4-4kq9l 0/1 ContainerCreating 0 2s pod/hello-64f6bf9dd4-8lkcs 1/1 Running 0 5s NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE deployment.apps/hello 3 3 2 3 16m NAME DESIRED CURRENT READY AGE replicaset.apps/hello-64f6bf9dd4 3 3 2 16m
  68. 68. $ kubectl edit deployment hello ... spec: containers: - env: - name: MESSAGE value: HELLO I LOVE YOU!!!! image: paulczar/go-hello imagePullPolicy: Always name: hello
  69. 69. $ kubectl get all NAME READY STATUS RESTARTS AGE pod/hello-5c75b546c7-4lwnn 1/1 Running 0 1m pod/hello-5c75b546c7-bwxxq 1/1 Running 0 1m pod/hello-5c75b546c7-sl2pg 1/1 Running 0 1m NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE deployment.apps/hello 3 3 3 3 23m NAME DESIRED CURRENT READY AGE replicaset.apps/hello-5c75b546c7 3 3 3 1m replicaset.apps/hello-64f6bf9dd4 0 0 0 23m
  70. 70. $ kubectl port-forward deployment/hello 8080 Forwarding from 127.0.0.1:8080 -> 8080 $ curl localhost:8080 <html><head><title>HELLO I LOVE YOU!!!!</title></head><body>HELLO I LOVE YOU!!!!!</body></html>
  71. 71. Service
  72. 72. $ kubectl expose deployment hello --type=LoadBalancer --port 80 --target-port 8080
  73. 73. kubectl expose deployment hello ● creates a service with a ClusterIP that acts as an internal loadbalancer to all pods in the “hello” deployment --type=LoadBalancer ● Creates a NodePort ● Configures a LoadBalancer to access the pods via the NodePort $ kubectl get services NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello LoadBalancer 10.39.248.123 35.184.17.129 80:30468/TCP 5m $ curl 35.184.17.129 <html><head><title>HELLO I LOVE YOU!!!!</title></head><body>HELLO I LOVE YOU!!!!!</body></html>
  74. 74. Service track Pods based on metadata and provides connectivity and service discovery (DNS, Env variables) for them. Type ClusterIP (default) exposes service on a cluster-internal IP. Container Container Pod app=bacon Container Container Pod app=bacon Service app=bacon 10.3.55.7
  75. 75. Service track Pods based on metadata and provides connectivity and service discovery (DNS, Env variables) for them. Type NodePort extends ClusterIP to expose services on each node’s IP via a static port. Container Container Pod app=bacon Container Container Pod app=bacon Service app=bacon 10.3.55.7 192.168.0.5:4530 K8s Worker K8s Worker 192.168.0.6:4530
  76. 76. Service track Pods based on metadata and provides connectivity and service discovery (DNS, Env variables) for them. Type LoadBalancer extends NodePort to configure a cloud provider’s load balancer using the cloud-controller-manager. Container Container Pod app=bacon Container Container Pod app=bacon Service app=bacon 10.3.55.7 192.168.0.5:4530 K8s Worker K8s Worker 192.168.0.6:4530 Load Balancer 33.6.5.22:80
  77. 77. Ingress a controller that manages an external entity to provide load balancing, SSL termination and name-based virtual hosting to services based on a set of rules. Ingress Service app=bacon https://example.com Service app=eggs /bacon /eggs
  78. 78. Volume
  79. 79. Container Container Pod Volume Is [effectively] a Directory, possibly with data in it, available to all containers in a Pod. Usually Shares lifecycle of a Pod (Created when Pod is created, destroyed when Pod is destroyed). Persistent Volumes outlive Pods. Can be mounted from local disk, or from a network storage device such as a EBS volume, iscsi, NFS, etc.
  80. 80. Config Map / Secret
  81. 81. $ kubectl create configmap hello --from-literal=’message=Hello S1T’
  82. 82. kubectl create configmap hello --from-file=index.html ● creates a configmap called “hello” containing the contents index.html $ kubectl get configmap hello -o yaml apiVersion: v1 kind: ConfigMap metadata: name: hello data: index.html: "<html>n<head>nt<title>Hello to my friends</title>n</head>n<body>ntHello to my friendsn</body>n</html>nn"
  83. 83. kubectl create secret generic hello --from-file=index.html ● creates a secret called “hello” containing a base64 hash of contents index.html $ kubectl get secret hello -o yaml apiVersion: v1 kind: Secret metadata: name: hello data: index.html: PGh0bWw+CjxoZWFkPgoJPHRpdGxlPkhlbGxvIHRvIG15IGZyaWVuZHM8L3RpdGxlPgo8L2hlYWQ+Cjxib2R5 PgoJSGVsbG8gdG8gbXkgZnJpZW5kcwo8L2JvZHk+CjwvaHRtbD4KCg==
  84. 84. Provides key-value pairs to be injected into a pod much like user-data is injected into a Virtual Machine in the cloud. Allows you to do last minute configuration of applications running on Kubernetes such as setting a database host, or a admin password. ConfigMaps store values as strings, Secrets store them as byte arrays (serialized as base64 encoded strings). Secrets are [currently] not encrypted by default. This is likely to change. Can be injected as files in a Volume, or as Environment Variables. ConfigMaps/Secrets (user-data)
  85. 85. Helm
  86. 86. Helm is the best way to find, share, and use software built for Kubernetes @pczarkowski
  87. 87. custom load balancer Chart.yaml Values.yaml templates/ ci services db
  88. 88. Discover & launch great Kubernetes-ready apps Search charts 231 charts ready to deploy Wordpress, Jenkins, Kubeless... Secure | https://hub.kubeapps.com @pczarkowski
  89. 89. apiVersion: v1 kind: ConfigMap metadata: name: {{ .Chart.name }}-cm data: db: {{ .Value.db }} apiVersion: apps/v1beta1 kind: Deployment metadata: name: {{ .Chart.name }}-app labels: app: {{ .Chart.name }} ... ... spec: containers: - image: paulczar/hello name: hello volumeMounts: - name: config mountPath: /etc/hello volumes: - name: config configMap: name: {{ .Chart.name }}-cm apiVersion: v1 kind: Service metadata: name: {{ .Chart.name }}-svc labels: app: {{ .Chart.name }}-world spec: ports: - port: {{ .Value.port }} protocol: TCP targetPort: 8080 selector: app: {{ .Chart.name }}-world type: NodePort @pczarkowski
  90. 90. $ helm install --name staging . --set db=’user:pass@staging.mysql/dbname’ $ helm install --name production . --set db=’user:pass@production.mysql/dbname’ @pczarkowski
  91. 91. $ helm create
  92. 92. Spinnaker
  93. 93. https://medium.com/netflix-techblog/announcing-ribbon-tying-the-netflix-mid -tier-services-together-a89346910a62
  94. 94. https://giphy.com/gifs/frustrated-keyboard-g8GfH3i5F0hby @pczarkowski
  95. 95. https://unsplash.com/photos/WHWYBmtn3_0 @pczarkowski
  96. 96. + @pczarkowski
  97. 97. APP APP APP APP Gitlab Concourse Spinnaker @pczarkowski
  98. 98. Cluster Management ● Server Group ● Cluster ● Applications ● Load Balancer ● Firewall Pipelines ● Pipeline ● Stage ● Deployment Strategies @pczarkowski
  99. 99. Multi-Cloud Inventory ● Server Group ● Cluster ● Applications ● Load Balancer ● Firewall Actions and Reactions ● Pipeline ● Stage ● Deployment Strategies @pczarkowski
  100. 100. @pczarkowski
  101. 101. Cluster Management ● Server Group ● Cluster ● Applications ● Load Balancer ● Firewall Deployment Management ● Pipeline ● Stage ● Deployment Strategies Deployment Strategies
  102. 102. Spinnaker Cloud API App App App @pczarkowski
  103. 103. @pczarkowski
  104. 104. Halyard https://en.wikipedia.org/wiki/Halyard
  105. 105. @pczarkowski
  106. 106. Extending Kubernetes
  107. 107. Watchers Watch the Kubernetes API for changes to resources and perform arbitrary actions.
  108. 108. Watchers Prometheus watches Services and Pods for certain annotations ...
  109. 109. Watchers Spring Cloud Kubernetes watches Services and Endpoints to do service discovery on kubernetes.
  110. 110. It also watches and reads ConfigMaps to allow for dynamic configuration of your applications.
  111. 111. Dynamic Access Control After a request is authorized it goes through Admission Control
  112. 112. Dynamic Access Control Image Policy Webhook
  113. 113. Dynamic Access Control Admission Webhook
  114. 114. Dynamic Access Control Initializers
  115. 115. Custom Controllers Kubernetes functionality is implemented using controllers.
  116. 116. Custom Controllers The External DNS Controller
  117. 117. Custom Controllers The Cert Manager Controller
  118. 118. Operators
  119. 119. Operators GCP Cloud Compute Operator https://github.com/paulczar/gcp-cloud-compute-operator
  120. 120. Operators https://github.com/paulczar/gcp-cloud-compute-operator
  121. 121. Pivotal Container Service
  122. 122. > kubectl Storage NetworkingCompute Kubernetes Dashboard Dev / Apps IT / Ops App User Kubernetes is a Runtime for Containerized Workloads
  123. 123. Storage NetworkingCompute Dev / Apps App User IT / Ops > kubectl Kubernetes Dashboard Load Balancing / Routing Container Image Registry App Monitoring App Logging OS Updates OS Images K8S Updates K8S Images Log & Monitor Recover & Restart Backup & Restore External Data Services Cluster Provisioning Provision & Scale Command Line / API Management GUI Monitoring GUI ...but Kubernetes alone is not enough for enterprises
  124. 124. Storage NetworkingCompute Pivotal Container Service (PKS) provides what’s missing Dev / Apps App User IT / Ops > kubectl Kubernetes Dashboard Load Balancing / Routing Container Image Registry OS Updates OS Images K8S Updates K8S Images Log & Monitor Recover & Restart Backup & Restore External Data Services Cluster Provisioning Provision & Scale App Logging PKS Control Plane > pks Operations Manager vRealize Operations* *integration GCP Service Broker
  125. 125. Storage NetworkingCompute Dev / Apps App User IT / Ops > kubectl Kubernetes Dashboard Load Balancing / Routing Container Image Registry K8S Updates Log & Monitor Backup & Restore External Data Services Cluster Provisioning App Logging PKS Control Plane GCP Service Broker > pks Operations Manager vRealize Operations* *integration on any Cloud
  126. 126. Embedded OS (Windows & Linux) NSX-T CPI (15 methods) v1 v2 v3 ... CVEs Product Updates Java | .NET | NodeJS Pivotal Application Service (PAS) Application Code & Frameworks Buildpacks | Spring Boot | Spring Cloud | Steeltoe Elastic | Packaged Software | Spark Pivotal Container Service (PKS) >cf push >kubectl run YOU build the containerWE build the container vSphere Azure & Azure StackGoogle CloudAWSOpenstack Pivotal Network “3Rs” Github Concourse Concourse Pivotal Services Marketplace Pivotal and Partner Products Continuous delivery Public Cloud Services Customer Managed Services OpenServiceBrokerAPI Repair — CVEs Repave Rotate — Credhub
  127. 127. BOSH Reliable and consistent operational experience for any cloud. BOSH Harbor NSX-T Kubernetes K8s Cluster K8s Cluster K8s Cluster PKS Control Plane Use the PKS CLI and API to create, operate, and scale your clusters. VMware GCP Azure Openstack AWS PKSControlPlane Built with open-source Kubernetes Constant compatibility with the latest stable release of Google Kubernetes Engine—no proprietary extensions. Harbor An enterprise-class container registry. Includes vulnerability scanning, identity management, and more. NSX-T Network management, security, and load balancing out-of-the-box with VMware NSX-T. Multi-cloud, multi-hypervisor. Enterprise-Grade Kubernetes
  128. 128. What PKS adds to Kubernetes PKS value-added features Built into Kubernetes Multi-container pods Stateful Sets of pods Persistent disks Single tenant ingress Pod scaling and high availability Rolling upgrades to pods Cluster provisioning and scaling Embedded, hardened Operating System Monitoring and recovery of cluster VMs and processes Rolling upgrades to cluster infrastructure Secure multi-tenant ingress Secure container registry
  129. 129. PKS Vision To provide enterprise customers with the ability to safely and efficiently deliver container services on their preferred infrastructure so that they can excel in their market with a cloud native platform
  130. 130. PKS does for your Kubernetes what Kubernetes does for your apps
  131. 131. Operational Efficiency ● Employ 500:1 developer to operator ratio ● Perform zero-downtime upgrades ● Runs the same way on every public/private cloud Developer Productivity Comprehensive Security ● Accelerate feedback loops by improving delivery velocity ● Focus on applications, not infrastructure ● Give developers the tools and frameworks to build resilient apps ● Adopt a defense-in-depth approach ● Continuously update platforms to limit threat impact ● Apply the 3 R’s → repair, repave, rotate ● Run platforms that stays online under all circumstances ● Scale up and down, in and out, through automation ● Deploy multi-cloud resilience patterns High Availability Platform Team Delivering Real Value
  132. 132. Opsing the PKS
  133. 133. BOSH Pivotal Container Service Platform Ops Pivotal Ops Manager PKS tile upload and config Pivotal Network Install Installing PKS NSX-T
  134. 134. PKSControlPlane GCP Service Broker Harbor BOSH Pivotal Container Service Platform Ops deploy Install Pivotal Ops Manager Installing PKS NSX-T
  135. 135. … or ... Pivotal NetworkConcourse pipelinePlatform Ops Execute Verify pre-reqs Provision infrastructure Download binaries Install Product Config Install PKS
  136. 136. PKS User Interaction ● The PKS Management VM runs the PKS API together with the Broker, UAA and a MySQL DB. ● ● The PKS API orchestrates the initial kubernetes cluster deployments and scaling of those clusters. ● A single PKS VM can manage hundreds of Kubernetes cluster. ● The PKS CLI is a single binary that can be installed on a Mac, Windows, or Linux to drive the PKS API. PKS CLI PKS Management VM PKS API
  137. 137. Creating a new K8s Cluster Platform User PKSControlPlane CLI API PKS CREATE CLUSTER BOSH deploy Kubernetes cluster Create Harbor NSX-T GCP SB Master Worker WorkerWorker etcd Worker Master etcd
  138. 138. Deploying a Kubernetes Cluster via PKS BOSH PKS CONTROL PLANE PKS API MySQL PivotalOpsManager Master / etcd Worker 1 Worker 2 cluster UAA BROKER
  139. 139. Availability Zone B Availability Zone A Health Management and HA (1) Kubelet watches and restart containers Kubelet Kube-proxy Pod Pod K8s Node Pod API Server Kube Scheduler K8s Master Controller Manager Bosh agent Bosh agent Bosh Health Manager Watches and restarts VMs Availability Zone A Availability Zone B 4 levels of built-in High Availability (2) BOSH agent watches and restarts processes (3) BOSH HM watches and restarts VMs (4) BOSH distributes deployments across AZs
  140. 140. Multi-Tenancy PKSControlPlane Kubernetes cluster Kubernetes cluster Harbor GCP SB NSX-T BOSH Kubernetes cluster Master Worker Worker etcd Worker Master etcd Worker How to isolate and secure access from different tenants?
  141. 141. Deployment Topologies & Multi-Tenancy Multi-cluster Single cluster K8s Cluster A K8s Cluster BOSH Namespace A Namespace B Namespace C BOSH K8s Cluster B K8s Cluster C NSX-T cluster-based namespace-based PKSControlPlane PKSControlPlane
  142. 142. Multiple Kubernetes clusters deployed and managed independently by BOSH Independent networks with independent policies. Each cluster has a separate Master and Workers, with possibly different configs and resources (volumes, namespaces, policies, affinity rules) Provides complete isolation for multiple tenants Single Kubernetes cluster deployed by BOSH Different tenants use different Kubernetes Namespaces NSX-T is used to logically isolate each tenant’s network (Namespace) Provides logical multi-tenant isolation for managing a single cluster Multi-cluster Single cluster cluster-based namespace-based Deployment Topologies & Multi-Tenancy
  143. 143. Scaling a Kubernetes Cluster Platform User PKSControlPlane CLI API PKS SCALE CLUSTER BOSH deploy Kubernetes cluster Scale Harbor NSX-T GCP SB Master Worker WorkerWorker etcd Worker Master etcd Worker
  144. 144. A new security patch is released for Kubernetes. Pivotal releases a new CVE for PKS within a few hours. The Platform Operator can then apply the CVE with no platform downtime.
  145. 145. BOSH Pivotal Container Service Platform Ops Pivotal Ops Manager PKS tile upload and config Pivotal Network Update Platform Ops updates PKS New!! PKSControlPlane GCP Service Broker Harbor NSX-T Kubernetes cluster Master Worker WorkerWorker etcd Worker Master etcd Worker
  146. 146. PKSControlPlane GCP Service Broker Harbor BOSH Pivotal Container Service Platform Ops deploy Update Pivotal Ops Manager Platform Ops updates PKS Rolling Updates NSX-T Kubernetes cluster Master Worker WorkerWorker etcd Worker Master etcd Worker
  147. 147. … or ... Pivotal NetworkConcourse pipelinePlatform Ops Execute Verify pre-reqs Verify current install Download updated binaries Rolling Updates Config Update PKS
  148. 148. Ghost Clusters
  149. 149. Eat your own Dog Food.
  150. 150. Identify Candidates for PKS 1
  151. 151. BUCKET 1 Independent Software Vendor (ISV) COTS BUCKET 2 Middleware Vendor BUCKET 3 .NET Core or .NET (Windows Server) BUCKET 4 Legacy Java BUCKET 5 Modern Java Application Prioritization Criteria Vendor provided software (ISV or COTS) or no access to source code IBM Websphere, Weblogic, Mulesoft, TIBCO etc 3-5 years old Java (under 7 years old) Java (Spring / NO Application Server Specific libraries) Vendor provides PCF buildpack, docker images or kubernetes artifacts Vendor provides PCF buildpack, docker images, kubernetes artifacts Access to source code Access to source code Access to source code Vendor availability to support the migration Vendor availability to support the migration Limited or no Windows dependencies Linux or Windows Server Linux Server Limited or no access to the code Example Example ISV product. Depends on MySQL DB and stores large files on disk. Example app that is built on WebSphere. No dependency on WebSphere libraries. Example app. 4 services built using .NET core and uses Microsoft SQL Server. Example app uses Java EE, fronted by API gateway ISV product, uses OracleDB. Example App uses Spring Boot, 6 Microservices, some legacy data sources but there are behind an API. Application 1 ? Application 2 ? Application n…? First Round: App Portfolio Identification by Bucket
  152. 152. TIME Methodology TECHNICALQUALITY BUSINESS VALUEWORSE BETTER WORSEBETTER Tolerate Invest MigrateEliminate * Gartner’s TIME methodology for Application Portfolio Rationalization TECHNICAL QUALITY - Technical Debt Level BUSINESS VALUE - Revenue / Cost Impact Identify top 10s list
  153. 153. TIME Methodology TECHNICALQUALITY BUSINESS VALUEWORSE BETTER WORSEBETTER Tolerate Invest MigrateEliminate * Gartner’s TIME methodology for Application Portfolio Rationalization TECHNICAL QUALITY - Technical Debt Level BUSINESS VALUE - Revenue / Cost Impact Identify top 10s list
  154. 154. Cloud Native Operations
  155. 155. Source: "It's All About Delivering: A Journey From AWS to Cloud Foundry," Daniel Basten, Talanx, s1p 2018.
  156. 156. Sources: "Sky is the Limit for Cloud Foundry at AirFrance-KLM," Nathan Wattimena & Fabien Lebrere, AirFrance-KLM, Oct. 2018.; “Why Change? Small batch thinking,” Coté, Sep. 2018; "Transformation Digitale de la Direction Enterprise France," Philippe Benaben, Gan Zifroni, Nicolas Gilot, Orange France, July 2018.
  157. 157. APP APP APP APP Gitlab Concourse Spinnaker
  158. 158. https://medium.com/netflix-techblog/how-we-build-code-at-netflix-c5d9bd727f15
  159. 159. APP APP APP APP Gitlab Concourse Spinnaker
  160. 160. APP APP APP APP Gitlab Concourse Spinnaker
  161. 161. You’re no longer an IT team
  162. 162. You’re a Platform Team
  163. 163. You’re a Product Team The Platform is your product
  164. 164. Infra Services App Platform Change!!! Platform Team Application Team Build common services for App Teams Take business requirements and turn them into features IaaS Virtual Infrastructure Physical Infrastructure Abstract infrastructure complexity with easy consumption DBaaSELK App2App1 App3 Middleware ML Creds/CertsMessaging ??? Container Services Container Hosts | Kubernetes Infrastructure Team
  165. 165. Measure AUTOMATE Share CULTURE LEAN LEAN
  166. 166. https://youtu.be/McV0Q5GY-fM
  167. 167. http://engineering.pivotal.io/post/transformation-roi/
  168. 168. Source: "Adopting PCF At An Automobile Manufacturer," Thomas Seibert and Gregor Zurowski, s1p 2017.
  169. 169. PLATFORM VALUE STREAM AND METRICS REPLATFORM > MODERNIZE > OPTIMIZE ESTABLISH, MEASURE AND UPDATE KEY OBJECTIVES AND RESULTS (OKRs) SPEED & AGILITY STABILITY SCALABILITY SAVINGS $SECURITY 40-60%* More Projects With Same Staff Millions Annual Savings on HW, SW and Support 25-50%* Fewer Support Incidents 40%* Faster Patching Delivery @ Zero Downtime -90%* Time to Scale $ $ % Measure and Share
  170. 170. Sample CIO Dashboard 60 Days Avg Lead Time 500 Stories per week 10% Apps on a CD Pipeline to Prod 15ms Avg Response Time YTD 60 Mins MTTR YTD 20% % of Systems Patched YTD 125 Mins Total Impacted User Minutes YTD 20 Releases in last month Speed Stability & Security
  171. 171. Transforming How The World Builds Software © Copyright 2019 Pivotal Software, Inc. All rights Reserved.

×