SlideShare a Scribd company logo

Women Who Code Connect 2018 Conference

S
Supriya Premkumar

This document summarizes a presentation about abstracting application deployment using Kubernetes. It introduces Kubernetes concepts like pods, services, deployments and secrets. It explains how Kubernetes uses a desired state architecture with masters and nodes. It also provides an anatomy of a Kubernetes config file and discusses managing Kubernetes objects through imperative and declarative approaches. Finally, it outlines a non-exhaustive production readiness checklist for Kubernetes.

Engineering
1 of 16
Download to read offline
Women Who Code CONNECT 2018 Abstracting application deployment using kubernetes Supriya Premkumar Stanford Linear Accelerator Center.
Who am I? ❖ Software Engineer @ Stanford Linear Accelerator Center ❖ Work on all things infra ❖ Superpowers someday? + = ?
Evolution of “unit of management” Machine Application Increasing Application Complexity Standalone Servers VMs Containers
Today’s application requirements - Pick All! ❖ Discovery/Load Balancing. ❖ (Auto)-Scaling. ❖ Self Healing. ❖ Rolling upgrade/downgrades ❖ Resource pinning/consolidation. ❖ Health monitoring. ❖ Secret Management. ❖ Underlying infrastructure agnostic. No more “Works on my machine!”
I think Kubernetes is basically…
Kubernetes concepts | Architecture ❖ Desired State Architecture. Object state stored in etcd. ❖ Master Node: ❖ kube-api-server: ❖ validate/configure data. ❖ kube-controller-manager: ❖ implements control or “are we there yet” loop. ❖ kube-scheduler: ❖ honors scheduling requirements. ❖ Non-Master Node: ❖ kubelet: ❖ ensures all managed containers are up and running. ❖ kube-proxy: ❖ TCP/UDP proxy, does load balancing 3 Master, 5 Node k8s cluster
Kubernetes Concepts | Objects ❖ Pod: ❖ Basic unit of scheduling. Can have one or more containers. - a.k.a “ an instance” of your application. ❖ Ephemeral. ❖ Service: ❖ Provide an abstraction over pods and a policy to access them. ❖ Volume: ❖ Since pods are ephemeral. The application instances may not be. ❖ Apps need access to a kind of `file system` to preserve state and share some of it with other pods. ❖ Namespace: ❖ Scoping isolation between different pods. ❖ Cluster-ception!
Kubernetes Concepts | Controller Objects ❖ ReplicaSet: ❖ You can say “I want X number of Y pods” ❖ Deployment: ❖ A higher level abstraction than ReplicaSet. ❖ Declarative app state. Controller moves the app to desired state. ❖ Manages replicas, supports roll over and roll back ❖ StatefulSet: ❖ Similar to deployment, but for stateful applications. Has strong pod affinity. ❖ Used for persistent storage, network resources, ordered scaling etc.. ❖ DaemonSet: ❖ You can say “I want my pod to run on all the nodes” ❖ Used for “daemony” things like monitoring each node, collecting logs etc… ❖ As new nodes are added, daemon sets are automatically scheduled. ❖ Job: ❖ Used for run to completion/batch workloads.
Kubernetes Concepts | Labels & Selectors ❖ Labels: ❖ key-value metadata added to objects. ❖ Selector: ❖ filter for labels with a certain match criteria. ❖ And the force is eternal…
My view of Kubernetes Objects pod, service, replica set, deployment
One missing piece… ❖ Secrets: ❖ Allows secure sharing of confidential data to apps that need them. ❖ Auth Tokens, Keys and passwords, image pull creds. ❖ Share the secrets as env variables or volumes.
Anatomy of a config file ❖ Use yamls to describe the desired state. ❖ Kind: Object Type ❖ Name: Object Name ❖ Spec: Desired State. Specifies: ❖ container image. ❖ container ports ❖ replicas. ❖ labels & selectors.
Managing Kubernetes Objects ❖ Imperative Commands: ❖ “Do this right now.” ❖ Imperative With Config Files: ❖ “Do what is specified in this file.” ❖ Works on a set of config files, which can be version controlled. ❖ Suitable for prod. ❖ Config files as the single source of truth. ❖ Declarative with config directories recursively ❖ “Do everything that is specified in this directory” ❖ Harder to debug and understand how we got into this state.
A Non-Exhaustive Prod Ready Kubernetes Checklist ❖ Ensure standard code hygiene is maintained. Validate user input, use least privilege. a.k.a follow OWASP Guidelines ❖ Validate your container image. Check for vulns and analyze image layers. ❖ Run non-privileged containers unless you absolutely sure that you need CAP_SYSADMIN on your containers. ❖ Configure security context for your pod. Use seccomp and no_new_privs to automatically enforce things. ❖ Lock down access to api server, Implement RBAC on your cluster, Have Auth&Auth configured (correctly) ❖ Set Resource quotas for your workloads. ❖ Monitor and track valuable metrics. (both for cluster and your app.) ❖ Have a strong telemetry story. ❖ Since upgrading is so easy, don’t be afraid to roll out security patches.
“Lets see some of these in action!”

Recommended

Securing Containers From Day One | null Ahmedabad Meetup
Securing Containers From Day One | null Ahmedabad MeetupSecuring Containers From Day One | null Ahmedabad Meetup
Securing Containers From Day One | null Ahmedabad MeetupKumar Ashwin
 
Amazon SWF and Gordon
Amazon SWF and GordonAmazon SWF and Gordon
Amazon SWF and GordonJonathan Weiss
 
Building Micro-Services with Scala
Building Micro-Services with ScalaBuilding Micro-Services with Scala
Building Micro-Services with ScalaYardena Meymann
 
Building Angular 2.0 applications with TypeScript
Building Angular 2.0 applications with TypeScriptBuilding Angular 2.0 applications with TypeScript
Building Angular 2.0 applications with TypeScriptMSDEVMTL
 
1 DevOp vs 1.000 servers - Amazon EC2 and Chef automation intro
1 DevOp vs 1.000 servers - Amazon EC2 and Chef automation intro1 DevOp vs 1.000 servers - Amazon EC2 and Chef automation intro
1 DevOp vs 1.000 servers - Amazon EC2 and Chef automation introThomas Lobinger
 
Monitoring, the Prometheus Way - Julius Voltz, Prometheus
Monitoring, the Prometheus Way - Julius Voltz, Prometheus Monitoring, the Prometheus Way - Julius Voltz, Prometheus
Monitoring, the Prometheus Way - Julius Voltz, Prometheus Docker, Inc.
 
Automating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngageAutomating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngageVishal Uderani
 
Sebastien goasguen cloud stack the next year
Sebastien goasguen cloud stack the next yearSebastien goasguen cloud stack the next year
Sebastien goasguen cloud stack the next yearShapeBlue
 

Recommended

Securing Containers From Day One | null Ahmedabad Meetup
Securing Containers From Day One | null Ahmedabad MeetupSecuring Containers From Day One | null Ahmedabad Meetup
Securing Containers From Day One | null Ahmedabad MeetupKumar Ashwin
 
Amazon SWF and Gordon
Amazon SWF and GordonAmazon SWF and Gordon
Amazon SWF and GordonJonathan Weiss
 
Building Micro-Services with Scala
Building Micro-Services with ScalaBuilding Micro-Services with Scala
Building Micro-Services with ScalaYardena Meymann
 
Building Angular 2.0 applications with TypeScript
Building Angular 2.0 applications with TypeScriptBuilding Angular 2.0 applications with TypeScript
Building Angular 2.0 applications with TypeScriptMSDEVMTL
 
1 DevOp vs 1.000 servers - Amazon EC2 and Chef automation intro
1 DevOp vs 1.000 servers - Amazon EC2 and Chef automation intro1 DevOp vs 1.000 servers - Amazon EC2 and Chef automation intro
1 DevOp vs 1.000 servers - Amazon EC2 and Chef automation introThomas Lobinger
 
Monitoring, the Prometheus Way - Julius Voltz, Prometheus
Monitoring, the Prometheus Way - Julius Voltz, Prometheus Monitoring, the Prometheus Way - Julius Voltz, Prometheus
Monitoring, the Prometheus Way - Julius Voltz, Prometheus Docker, Inc.
 
Automating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngageAutomating aws infrastructure and code deployments using Ansible @WebEngage
Automating aws infrastructure and code deployments using Ansible @WebEngageVishal Uderani
 
Sebastien goasguen cloud stack the next year
Sebastien goasguen cloud stack the next yearSebastien goasguen cloud stack the next year
Sebastien goasguen cloud stack the next yearShapeBlue
 
Sebastien goasguen cloud stack and docker
Sebastien goasguen cloud stack and dockerSebastien goasguen cloud stack and docker
Sebastien goasguen cloud stack and dockerShapeBlue
 
Consul and Consul Pusher
Consul and Consul PusherConsul and Consul Pusher
Consul and Consul PusherŁukasz Cieśluk
 
Automating MySQL Deployments on Kubernetes
Automating MySQL Deployments on KubernetesAutomating MySQL Deployments on Kubernetes
Automating MySQL Deployments on KubernetesPresslabs
 
Creating a Kubernetes Operator in Java
Creating a Kubernetes Operator in JavaCreating a Kubernetes Operator in Java
Creating a Kubernetes Operator in JavaRudy De Busscher
 
Docker in the Cloud
Docker in the CloudDocker in the Cloud
Docker in the CloudSascha Möllering
 
ONE Tips & Tricks
ONE Tips & Tricks ONE Tips & Tricks
ONE Tips & Tricks CSUC - Consorci de Serveis Universitaris de Catalunya
 
Exactly-once Semantics in Apache Kafka
Exactly-once Semantics in Apache KafkaExactly-once Semantics in Apache Kafka
Exactly-once Semantics in Apache Kafkaconfluent
 
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECSWeaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECSWeaveworks
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction Robert Reiz
 
Crafting Kubernetes Operators
Crafting Kubernetes OperatorsCrafting Kubernetes Operators
Crafting Kubernetes OperatorsRed Hat Developers
 
CollabDays 2020 Barcelona - Serverless Kubernetes with KEDA
CollabDays 2020 Barcelona - Serverless Kubernetes with KEDACollabDays 2020 Barcelona - Serverless Kubernetes with KEDA
CollabDays 2020 Barcelona - Serverless Kubernetes with KEDAEduard Tomàs
 
Containerization - The DevOps Revolution
Containerization - The DevOps RevolutionContainerization - The DevOps Revolution
Containerization - The DevOps RevolutionYulian Slobodyan
 
Multi host container networking
Multi host container networkingMulti host container networking
Multi host container networkingWeaveworks
 
ASP.NET vNext
ASP.NET vNextASP.NET vNext
ASP.NET vNextAlex Thissen
 
Sas 2015 event_driven
Sas 2015 event_drivenSas 2015 event_driven
Sas 2015 event_drivenSascha Möllering
 
Serverless
ServerlessServerless
ServerlessDaniel Cottone
 
Distributed automation sel_conf_2015
Distributed automation sel_conf_2015Distributed automation sel_conf_2015
Distributed automation sel_conf_2015aragavan
 
Rohit yadav cloud stack internals
Rohit yadav cloud stack internalsRohit yadav cloud stack internals
Rohit yadav cloud stack internalsShapeBlue
 
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014Amazon Web Services
 
Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...
Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...
Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...CodeOps Technologies LLP
 
London Hashicorp Meetup #22 - Congruent infrastructure @zopa by Ben Coughlan
London Hashicorp Meetup #22 - Congruent infrastructure @zopa by Ben CoughlanLondon Hashicorp Meetup #22 - Congruent infrastructure @zopa by Ben Coughlan
London Hashicorp Meetup #22 - Congruent infrastructure @zopa by Ben CoughlanBen Coughlan
 
Cluster management with Kubernetes
Cluster management with KubernetesCluster management with Kubernetes
Cluster management with KubernetesSatnam Singh
 

More Related Content

What's hot

Sebastien goasguen cloud stack and docker
Sebastien goasguen cloud stack and dockerSebastien goasguen cloud stack and docker
Sebastien goasguen cloud stack and dockerShapeBlue
 
Automating MySQL Deployments on Kubernetes
Automating MySQL Deployments on KubernetesAutomating MySQL Deployments on Kubernetes
Automating MySQL Deployments on KubernetesPresslabs
 
Creating a Kubernetes Operator in Java
Creating a Kubernetes Operator in JavaCreating a Kubernetes Operator in Java
Creating a Kubernetes Operator in JavaRudy De Busscher
 
Exactly-once Semantics in Apache Kafka
Exactly-once Semantics in Apache KafkaExactly-once Semantics in Apache Kafka
Exactly-once Semantics in Apache Kafkaconfluent
 
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECSWeaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECSWeaveworks
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction Robert Reiz
 
CollabDays 2020 Barcelona - Serverless Kubernetes with KEDA
CollabDays 2020 Barcelona - Serverless Kubernetes with KEDACollabDays 2020 Barcelona - Serverless Kubernetes with KEDA
CollabDays 2020 Barcelona - Serverless Kubernetes with KEDAEduard Tomàs
 
Containerization - The DevOps Revolution
Containerization - The DevOps RevolutionContainerization - The DevOps Revolution
Containerization - The DevOps RevolutionYulian Slobodyan
 
Multi host container networking
Multi host container networkingMulti host container networking
Multi host container networkingWeaveworks
 
Distributed automation sel_conf_2015
Distributed automation sel_conf_2015Distributed automation sel_conf_2015
Distributed automation sel_conf_2015aragavan
 
Rohit yadav cloud stack internals
Rohit yadav cloud stack internalsRohit yadav cloud stack internals
Rohit yadav cloud stack internalsShapeBlue
 
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014Amazon Web Services
 
Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...
Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...
Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...CodeOps Technologies LLP
 

What's hot (20)

Sebastien goasguen cloud stack and docker
Sebastien goasguen cloud stack and dockerSebastien goasguen cloud stack and docker
Sebastien goasguen cloud stack and docker
 
Consul and Consul Pusher
Consul and Consul PusherConsul and Consul Pusher
Consul and Consul Pusher
 
Automating MySQL Deployments on Kubernetes
Automating MySQL Deployments on KubernetesAutomating MySQL Deployments on Kubernetes
Automating MySQL Deployments on Kubernetes
 
Creating a Kubernetes Operator in Java
Creating a Kubernetes Operator in JavaCreating a Kubernetes Operator in Java
Creating a Kubernetes Operator in Java
 
Docker in the Cloud
Docker in the CloudDocker in the Cloud
Docker in the Cloud
 
ONE Tips & Tricks
ONE Tips & Tricks ONE Tips & Tricks
ONE Tips & Tricks
 
Exactly-once Semantics in Apache Kafka
Exactly-once Semantics in Apache KafkaExactly-once Semantics in Apache Kafka
Exactly-once Semantics in Apache Kafka
 
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECSWeaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
 
Ansible Introduction
Ansible Introduction Ansible Introduction
Ansible Introduction
 
Crafting Kubernetes Operators
Crafting Kubernetes OperatorsCrafting Kubernetes Operators
Crafting Kubernetes Operators
 
CollabDays 2020 Barcelona - Serverless Kubernetes with KEDA
CollabDays 2020 Barcelona - Serverless Kubernetes with KEDACollabDays 2020 Barcelona - Serverless Kubernetes with KEDA
CollabDays 2020 Barcelona - Serverless Kubernetes with KEDA
 
Containerization - The DevOps Revolution
Containerization - The DevOps RevolutionContainerization - The DevOps Revolution
Containerization - The DevOps Revolution
 
Multi host container networking
Multi host container networkingMulti host container networking
Multi host container networking
 
ASP.NET vNext
ASP.NET vNextASP.NET vNext
ASP.NET vNext
 
Sas 2015 event_driven
Sas 2015 event_drivenSas 2015 event_driven
Sas 2015 event_driven
 
Serverless
ServerlessServerless
Serverless
 
Distributed automation sel_conf_2015
Distributed automation sel_conf_2015Distributed automation sel_conf_2015
Distributed automation sel_conf_2015
 
Rohit yadav cloud stack internals
Rohit yadav cloud stack internalsRohit yadav cloud stack internals
Rohit yadav cloud stack internals
 
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
(APP309) Running and Monitoring Docker Containers at Scale | AWS re:Invent 2014
 
Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...
Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...
Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...
 

Similar to Women Who Code Connect 2018 Conference

London Hashicorp Meetup #22 - Congruent infrastructure @zopa by Ben Coughlan
London Hashicorp Meetup #22 - Congruent infrastructure @zopa by Ben CoughlanLondon Hashicorp Meetup #22 - Congruent infrastructure @zopa by Ben Coughlan
London Hashicorp Meetup #22 - Congruent infrastructure @zopa by Ben CoughlanBen Coughlan
 
Cluster management with Kubernetes
Cluster management with KubernetesCluster management with Kubernetes
Cluster management with KubernetesSatnam Singh
 
What Does Kubernetes Look Like?: Performance Monitoring & Visualization with ...
What Does Kubernetes Look Like?: Performance Monitoring & Visualization with ...What Does Kubernetes Look Like?: Performance Monitoring & Visualization with ...
What Does Kubernetes Look Like?: Performance Monitoring & Visualization with ...InfluxData
 
Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...
Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...
Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...Edureka!
 
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...Brian Grant
 
WSO2Con USA 2015: Keynote - Kubernetes – A Platform for Automating Deployment...
WSO2Con USA 2015: Keynote - Kubernetes – A Platform for Automating Deployment...WSO2Con USA 2015: Keynote - Kubernetes – A Platform for Automating Deployment...
WSO2Con USA 2015: Keynote - Kubernetes – A Platform for Automating Deployment...WSO2
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesRishabh Indoria
 
10 tips for Cloud Native Security
10 tips for Cloud Native Security10 tips for Cloud Native Security
10 tips for Cloud Native SecurityKarthik Gaekwad
 
Standalone Spark Deployment for Stability and Performance
Standalone Spark Deployment for Stability and PerformanceStandalone Spark Deployment for Stability and Performance
Standalone Spark Deployment for Stability and PerformanceRomi Kuntsman
 
Database as a Service (DBaaS) on Kubernetes
Database as a Service (DBaaS) on KubernetesDatabase as a Service (DBaaS) on Kubernetes
Database as a Service (DBaaS) on KubernetesObjectRocket
 
Migration Station at SAS - DevOps for Fusion with Version Control and Continu...
Migration Station at SAS - DevOps for Fusion with Version Control and Continu...Migration Station at SAS - DevOps for Fusion with Version Control and Continu...
Migration Station at SAS - DevOps for Fusion with Version Control and Continu...Lucidworks
 
Openstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaS
Openstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaSOpenstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaS
Openstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaSSadique Puthen
 
To Build My Own Cloud with Blackjack…
To Build My Own Cloud with Blackjack…To Build My Own Cloud with Blackjack…
To Build My Own Cloud with Blackjack…Sergey Dzyuban
 
Velocity NYC 2016 - Containers @ Netflix
Velocity NYC 2016 - Containers @ NetflixVelocity NYC 2016 - Containers @ Netflix
Velocity NYC 2016 - Containers @ Netflixaspyker
 
Apache Cassandra Lunch #41: Cassandra on Kubernetes - Docker/Kubernetes/Helm ...
Apache Cassandra Lunch #41: Cassandra on Kubernetes - Docker/Kubernetes/Helm ...Apache Cassandra Lunch #41: Cassandra on Kubernetes - Docker/Kubernetes/Helm ...
Apache Cassandra Lunch #41: Cassandra on Kubernetes - Docker/Kubernetes/Helm ...Anant Corporation
 
Introduction openstack-meetup-nov-28
Introduction openstack-meetup-nov-28Introduction openstack-meetup-nov-28
Introduction openstack-meetup-nov-28Sadique Puthen
 
Containerizing your Security Operations Center
Containerizing your Security Operations CenterContainerizing your Security Operations Center
Containerizing your Security Operations CenterJimmy Mesta
 
Experiences with Microservices at Tuenti
Experiences with Microservices at TuentiExperiences with Microservices at Tuenti
Experiences with Microservices at TuentiAndrés Viedma Peláez
 

Similar to Women Who Code Connect 2018 Conference (20)

London Hashicorp Meetup #22 - Congruent infrastructure @zopa by Ben Coughlan
London Hashicorp Meetup #22 - Congruent infrastructure @zopa by Ben CoughlanLondon Hashicorp Meetup #22 - Congruent infrastructure @zopa by Ben Coughlan
London Hashicorp Meetup #22 - Congruent infrastructure @zopa by Ben Coughlan
 
Cluster management with Kubernetes
Cluster management with KubernetesCluster management with Kubernetes
Cluster management with Kubernetes
 
What Does Kubernetes Look Like?: Performance Monitoring & Visualization with ...
What Does Kubernetes Look Like?: Performance Monitoring & Visualization with ...What Does Kubernetes Look Like?: Performance Monitoring & Visualization with ...
What Does Kubernetes Look Like?: Performance Monitoring & Visualization with ...
 
Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...
Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...
Kubernetes Deployment Tutorial | Kubernetes Tutorial For Beginners | Kubernet...
 
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
 
WSO2Con USA 2015: Keynote - Kubernetes – A Platform for Automating Deployment...
WSO2Con USA 2015: Keynote - Kubernetes – A Platform for Automating Deployment...WSO2Con USA 2015: Keynote - Kubernetes – A Platform for Automating Deployment...
WSO2Con USA 2015: Keynote - Kubernetes – A Platform for Automating Deployment...
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
10 tips for Cloud Native Security
10 tips for Cloud Native Security10 tips for Cloud Native Security
10 tips for Cloud Native Security
 
Standalone Spark Deployment for Stability and Performance
Standalone Spark Deployment for Stability and PerformanceStandalone Spark Deployment for Stability and Performance
Standalone Spark Deployment for Stability and Performance
 
Database as a Service (DBaaS) on Kubernetes
Database as a Service (DBaaS) on KubernetesDatabase as a Service (DBaaS) on Kubernetes
Database as a Service (DBaaS) on Kubernetes
 
Migration Station at SAS - DevOps for Fusion with Version Control and Continu...
Migration Station at SAS - DevOps for Fusion with Version Control and Continu...Migration Station at SAS - DevOps for Fusion with Version Control and Continu...
Migration Station at SAS - DevOps for Fusion with Version Control and Continu...
 
Gdg izmir kubernetes
Gdg izmir kubernetesGdg izmir kubernetes
Gdg izmir kubernetes
 
Openstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaS
Openstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaSOpenstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaS
Openstack on Fedora, Fedora on Openstack: An Introduction to cloud IaaS
 
To Build My Own Cloud with Blackjack…
To Build My Own Cloud with Blackjack…To Build My Own Cloud with Blackjack…
To Build My Own Cloud with Blackjack…
 
Velocity NYC 2016 - Containers @ Netflix
Velocity NYC 2016 - Containers @ NetflixVelocity NYC 2016 - Containers @ Netflix
Velocity NYC 2016 - Containers @ Netflix
 
Docker in prod
Docker in prodDocker in prod
Docker in prod
 
Apache Cassandra Lunch #41: Cassandra on Kubernetes - Docker/Kubernetes/Helm ...
Apache Cassandra Lunch #41: Cassandra on Kubernetes - Docker/Kubernetes/Helm ...Apache Cassandra Lunch #41: Cassandra on Kubernetes - Docker/Kubernetes/Helm ...
Apache Cassandra Lunch #41: Cassandra on Kubernetes - Docker/Kubernetes/Helm ...
 
Introduction openstack-meetup-nov-28
Introduction openstack-meetup-nov-28Introduction openstack-meetup-nov-28
Introduction openstack-meetup-nov-28
 
Containerizing your Security Operations Center
Containerizing your Security Operations CenterContainerizing your Security Operations Center
Containerizing your Security Operations Center
 
Experiences with Microservices at Tuenti
Experiences with Microservices at TuentiExperiences with Microservices at Tuenti
Experiences with Microservices at Tuenti
 

Recently uploaded

complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionMebane Rash
 
Transport layer issues and challenges - Guide
Transport layer issues and challenges - GuideTransport layer issues and challenges - Guide
Transport layer issues and challenges - GuideGOPINATHS437943
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleAlluxio, Inc.
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptSAURABHKUMAR892774
 
Piping Basic stress analysis by engineering
Piping Basic stress analysis by engineeringPiping Basic stress analysis by engineering
Piping Basic stress analysis by engineeringJuanCarlosMorales19600
 
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncWhy does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncssuser2ae721
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvLewisJB
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)dollysharma2066
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfAsst.prof M.Gokilavani
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx959SahilShah
 
Indian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptIndian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptMadan Karki
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 

Recently uploaded (20)

complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
Design and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdfDesign and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdf
 
POWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examplesPOWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examples
 
US Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of ActionUS Department of Education FAFSA Week of Action
US Department of Education FAFSA Week of Action
 
Transport layer issues and challenges - Guide
Transport layer issues and challenges - GuideTransport layer issues and challenges - Guide
Transport layer issues and challenges - Guide
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at Scale
 
Arduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.pptArduino_CSE ece ppt for working and principal of arduino.ppt
Arduino_CSE ece ppt for working and principal of arduino.ppt
 
Piping Basic stress analysis by engineering
Piping Basic stress analysis by engineeringPiping Basic stress analysis by engineering
Piping Basic stress analysis by engineering
 
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncWhy does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvv
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
 
young call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Serviceyoung call girls in Green Park🔝 9953056974 🔝 escort Service
young call girls in Green Park🔝 9953056974 🔝 escort Service
 
Application of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptxApplication of Residue Theorem to evaluate real integrations.pptx
Application of Residue Theorem to evaluate real integrations.pptx
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
Indian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.pptIndian Dairy Industry Present Status and.ppt
Indian Dairy Industry Present Status and.ppt
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 

Women Who Code Connect 2018 Conference

  • 1.
  • 2. Women Who Code CONNECT 2018 Abstracting application deployment using kubernetes Supriya Premkumar Stanford Linear Accelerator Center.
  • 3. Who am I? ❖ Software Engineer @ Stanford Linear Accelerator Center ❖ Work on all things infra ❖ Superpowers someday? + = ?
  • 4. Evolution of “unit of management” Machine Application Increasing Application Complexity Standalone Servers VMs Containers
  • 5. Today’s application requirements - Pick All! ❖ Discovery/Load Balancing. ❖ (Auto)-Scaling. ❖ Self Healing. ❖ Rolling upgrade/downgrades ❖ Resource pinning/consolidation. ❖ Health monitoring. ❖ Secret Management. ❖ Underlying infrastructure agnostic. No more “Works on my machine!”
  • 6. I think Kubernetes is basically…
  • 7. Kubernetes concepts | Architecture ❖ Desired State Architecture. Object state stored in etcd. ❖ Master Node: ❖ kube-api-server: ❖ validate/configure data. ❖ kube-controller-manager: ❖ implements control or “are we there yet” loop. ❖ kube-scheduler: ❖ honors scheduling requirements. ❖ Non-Master Node: ❖ kubelet: ❖ ensures all managed containers are up and running. ❖ kube-proxy: ❖ TCP/UDP proxy, does load balancing 3 Master, 5 Node k8s cluster
  • 8. Kubernetes Concepts | Objects ❖ Pod: ❖ Basic unit of scheduling. Can have one or more containers. - a.k.a “ an instance” of your application. ❖ Ephemeral. ❖ Service: ❖ Provide an abstraction over pods and a policy to access them. ❖ Volume: ❖ Since pods are ephemeral. The application instances may not be. ❖ Apps need access to a kind of `file system` to preserve state and share some of it with other pods. ❖ Namespace: ❖ Scoping isolation between different pods. ❖ Cluster-ception!
  • 9. Kubernetes Concepts | Controller Objects ❖ ReplicaSet: ❖ You can say “I want X number of Y pods” ❖ Deployment: ❖ A higher level abstraction than ReplicaSet. ❖ Declarative app state. Controller moves the app to desired state. ❖ Manages replicas, supports roll over and roll back ❖ StatefulSet: ❖ Similar to deployment, but for stateful applications. Has strong pod affinity. ❖ Used for persistent storage, network resources, ordered scaling etc.. ❖ DaemonSet: ❖ You can say “I want my pod to run on all the nodes” ❖ Used for “daemony” things like monitoring each node, collecting logs etc… ❖ As new nodes are added, daemon sets are automatically scheduled. ❖ Job: ❖ Used for run to completion/batch workloads.
  • 10. Kubernetes Concepts | Labels & Selectors ❖ Labels: ❖ key-value metadata added to objects. ❖ Selector: ❖ filter for labels with a certain match criteria. ❖ And the force is eternal…
  • 11. My view of Kubernetes Objects pod, service, replica set, deployment
  • 12. One missing piece… ❖ Secrets: ❖ Allows secure sharing of confidential data to apps that need them. ❖ Auth Tokens, Keys and passwords, image pull creds. ❖ Share the secrets as env variables or volumes.
  • 13. Anatomy of a config file ❖ Use yamls to describe the desired state. ❖ Kind: Object Type ❖ Name: Object Name ❖ Spec: Desired State. Specifies: ❖ container image. ❖ container ports ❖ replicas. ❖ labels & selectors.
  • 14. Managing Kubernetes Objects ❖ Imperative Commands: ❖ “Do this right now.” ❖ Imperative With Config Files: ❖ “Do what is specified in this file.” ❖ Works on a set of config files, which can be version controlled. ❖ Suitable for prod. ❖ Config files as the single source of truth. ❖ Declarative with config directories recursively ❖ “Do everything that is specified in this directory” ❖ Harder to debug and understand how we got into this state.
  • 15. A Non-Exhaustive Prod Ready Kubernetes Checklist ❖ Ensure standard code hygiene is maintained. Validate user input, use least privilege. a.k.a follow OWASP Guidelines ❖ Validate your container image. Check for vulns and analyze image layers. ❖ Run non-privileged containers unless you absolutely sure that you need CAP_SYSADMIN on your containers. ❖ Configure security context for your pod. Use seccomp and no_new_privs to automatically enforce things. ❖ Lock down access to api server, Implement RBAC on your cluster, Have Auth&Auth configured (correctly) ❖ Set Resource quotas for your workloads. ❖ Monitor and track valuable metrics. (both for cluster and your app.) ❖ Have a strong telemetry story. ❖ Since upgrading is so easy, don’t be afraid to roll out security patches.
  • 16. “Lets see some of these in action!”