4. 4
โข Monolith application to microservices
โข Teams were were working in silos more collaborative
โข Buy vs. Build
โข Cloud Native
โข Twelve Factor Apps
CONTAINER JOURNEY
5. 5
Application Archaeology: Accelerating App Modernization at DICKโS
Sporting Goods
Today 4:20pmโ5:30pm 16AB
Pivotal Vanguard Customer Deep Dive Expedition: Pearls of Wisdom
Wednesday 4:20pmโ5:30pm. 17AB
Multi-cloud Deployments
Thursday. 9:15am Main Stage
#DSGTECH
7. 7
PKS WORKLOADS
โข Not all applications fit the same mold
โ Applications with custom containers
โ Not twelve factor
โ Applications that need persistent storage
โข Kafka
โข ELK
โข RabbitMQ
8. 8
โข Infrastructure as a code
โข Easy auditing
โข Predefined access control
โข Build repeatable PKS clusters
โข No snowflakes of servers, all the configurations are version
controlled
โข Minimal administration of the cluster
โข Delegated access control
REQUIREMENTS
9. 9
โข Cloud Provider - vSphere, Azure, GCP, AWS
โข Active Directory LDAP Integration for user access control
โข Git as a source code repository
โข Concourse pipeline
โข PKS
SOLUTION
10. 10
ACCESS WORKFLOW
Create and
configure
LDAP groups
Configure
UAA > LDAP
in the PKS tile
Map LDAP
group to UAA
scope using
UAAC
Create a
service user
account in
UAA
Log in to the PKS CLI
as a Cluster Admin
Run pks get-
credentials to
generate kubeconfig
Use kubectl to
create a Admin
ClusterRoleBinding
Run pks get-
kubeconfig
targeting the cluster
PKS CLI generates
kubeconfig
Use kubectl to
access the cluster
Operator
Concourse
PipelineDeveloper
PKS
INSTALL
PKS
CLUSTER
CREATION
PKSCLUSTER
DAYTODAY
ACTIVITY
11. 11
ACCESS WORKFLOW
Create and
configure
LDAP groups
Configure
UAA > LDAP
in the PKS tile
Map LDAP
group to UAA
scope using
UAAC
Create a
service user
account in
UAA
Log in to the PKS CLI
as a Cluster Admin
Run pks get-
credentials to
generate kubeconfig
Use kubectl to
create a Admin
ClusterRoleBinding
Run pks get-
kubeconfig
targeting the cluster
PKS CLI generates
kubeconfig
Use kubectl to
access the cluster
Operator
Concourse
PipelineDeveloper
PKS
INSTALL
PKS
CLUSTER
CREATION
PKSCLUSTER
DAYTODAY
ACTIVITY
12. 12
LDAP STRUCTURE
LDAP Groups and Uses structure for PKS
integration:
pks-managerpks-cluster-admin pks-cluster-ro
pksadmin@dsgtech.co pksreader@dsgtech.copksdeveloper@dsgtech.co
K8s
Operator
K8s
Developer
K8s
Viewer
13. 13
ACCESS WORKFLOW
Create and
configure
LDAP groups
Configure
UAA > LDAP
in the PKS tile
Map LDAP
group to UAA
scope using
UAAC
Create a
service user
account in
UAA
Log in to the PKS CLI
as a Cluster Admin
Run pks get-
credentials to
generate kubeconfig
Use kubectl to
create a Admin
ClusterRoleBinding
Run pks get-
kubeconfig
targeting the cluster
PKS CLI generates
kubeconfig
Use kubectl to
access the cluster
Operator
Concourse
PipelineDeveloper
PKS
INSTALL
PKS
CLUSTER
CREATION
PKSCLUSTER
DAYTODAY
ACTIVITY
14. 14
UAA CONFIGURATION
โข Enable created clusters to use
UAA as the OIDC provider.
Login to Ops Manager and perform following
configurations on PKS UAA:
โข Configure PKS UAA to use LDAP
Server as external authentication
mechanisms.
15. 15
ACCESS WORKFLOW
Create and
configure
LDAP groups
Configure
UAA > LDAP
in the PKS tile
Map LDAP
group to UAA
scope using
UAAC
Create a
service user
account in
UAA
Log in to the PKS CLI
as a Cluster Admin
Run pks get-
credentials to
generate kubeconfig
Use kubectl to
create a Admin
ClusterRoleBinding
Run pks get-
kubeconfig
targeting the cluster
PKS CLI generates
kubeconfig
Use kubectl to
access the cluster
Operator
Concourse
PipelineDeveloper
PKS
INSTALL
PKS
CLUSTER
CREATION
PKSCLUSTER
DAYTODAY
ACTIVITY
16. 16
MAP LDAP GROUP
โข Grant pks.clusters.admin scope to PKS Operators team by
Log In as a UAA .
uaac group map --name pks.clusters.admin
CN=pks-cluster-admin,OU=Groups,DC=dsgtech,DC=co
17. 17
ACCESS WORKFLOW
Create and
configure
LDAP groups
Configure
UAA > LDAP
in the PKS tile
Map LDAP
group to UAA
scope using
UAAC
Create a
service user
account in
UAA
Log in to the PKS CLI
as a Cluster Admin
Run pks get-
credentials to
generate kubeconfig
Use kubectl to
create a Admin
ClusterRoleBinding
Run pks get-
kubeconfig
targeting the cluster
PKS CLI generates
kubeconfig
Use kubectl to
access the cluster
Operator
Concourse
PipelineDeveloper
PKS
INSTALL
PKS
CLUSTER
CREATION
PKSCLUSTER
DAYTODAY
ACTIVITY
18. 18
AUTOMATION SERVICE
ACCOUNT
โข Grant Enterprise PKS Access to a user by Log In as a UAA
Admin.
uaac user add srv-pksadmin --email
srv-pksadmin@dsgtech.com -p <password>
uaac member add pks.clusters.admin srv-pksadmin
22. 22
ACCESS WORKFLOW
Create and
configure
LDAP groups
Configure
UAA > LDAP
in the PKS tile
Map LDAP
group to UAA
scope using
UAAC
Create a
service user
account in
UAA
Log in to the PKS CLI
as a Cluster Admin
Run pks get-
credentials to
generate kubeconfig
Use kubectl to
create a Admin
ClusterRoleBinding
Run pks get-
kubeconfig
targeting the cluster
PKS CLI generates
kubeconfig
Use kubectl to
access the cluster
Operator
Concourse
PipelineDeveloper
PKS
INSTALL
PKS
CLUSTER
CREATION
PKSCLUSTER
DAYTODAY
ACTIVITY