While developers see and realize the benefits of Kubernetes, how it improves efficiencies, saves time, and enables focus on the unique business requirements of each project; InfoSec, infrastructure, and software operations teams still face challenges when managing a new set of tools and technologies, and integrating them into an existing enterprise infrastructure.
These meetup slides go over what’s needed for a general architecture of a centralized Kubernetes operations layer based on open source components such as Prometheus, Grafana, ELK Stack, Keycloak, etc., and how to set up reliable clusters and multi-master configuration without a load balancer. It also outlines how these components should be combined into an operations-friendly enterprise Kubernetes management platform with centralized monitoring and log collection, identity and access management, backup and disaster recovery, and infrastructure management capabilities. This presentation will show real-world open source projects use cases to implement an ops-friendly environment.
Check out this and more webinars in our BrightTalk channel: https://goo.gl/QPE5rZ
From a skunk-works project to running the entire enterprise
While developers see and realize the benefits of Kubernetes, how it improves efficiencies, saves time, and enables focus on the unique business requirements of each project; InfoSec, infrastructure, and software operations teams still face challenges when managing a new set of tools and technologies, and integrating them into an existing enterprise infrastructure.
In this meetup, Chris, CTO at Tigera, and Oleg, CTO at Kublr, discussed the evolution of your Kubernetes cluster - from a skunk-works project to running the entire enterprise.
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusKublr
In a microservices world, applications consist of dozens, hundreds, or even thousands of components. Manually deploying and verifying deployment quality in production is virtually impossible. Kubernetes, which natively supports rolling updates, enables blue-green application deployments with Spinnaker. However, gradual rollouts is a feature that doesn't come out-of-the-box but can be achieved by adding Istio and Prometheus to the equation.
During this meetup, Slava Koltovich, CEO of Kublr, and Oleg Atamanenko, Senior Software Architect, discussed canary release implementations on Kubernetes with Spinnaker, Istio, and Prometheus. They examined the role of each tool in the process and how they are all connected. During a demo, they demonstrated a successful and a failed canary release, and how these tools enable IT teams to properly roll out changes to their customer base without any downtime.
While developers see and realize the benefits of Kubernetes, how it improves efficiencies, saves time, and enables focus on the unique business requirements of each project; InfoSec, infrastructure, and software operations teams still face challenges when managing a new set of tools and technologies, and integrating them into existing enterprise infrastructure. This is especially true for environments where security and governance requirements are so strict as to come into conflict with the cloud-native reference architectures.
This deck will outline a plan that leverages Kubernetes as an infrastructure abstraction (hint: there is a lot more to it than just container orchestration!). Such an approach allows enterprises to untie themselves from infrastructure provider-specific technology stack and free development to use whichever tool fits their use case best. But how do you implement open source cloud-native technologies while meeting enterprise security and governance requirements? We’ll summarize common prerequisites for running Kubernetes in production, and how to leverage fine-grained controls and separation of responsibilities to meet enterprise governance and security needs; what’s needed for a general architecture of a centralized Kubernetes operations layer based on open source components such as Prometheus, Grafana, ELK Stack, Keycloak, etc.
Enabling support for data processing, data analytics, and machine learning workloads in Kubernetes has been one of the goals of the open source community. During this online meetup we discussed the growing use of Kubernetes for data science and machine learning workloads. We examined how new Kubernetes extensibility features such as custom resources and custom controllers are used for applications and frameworks integration. Apache Spark 2.3.’s native support is the latest indication of this growing trend. We demoed a few examples of data science workloads running on Kubernetes clusters setup by our Kublr platform
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this meetup Oleg Chunikhin, CTO at Kublr, described best practices for “configuration as code” in a Kubernetes environment. He demonstrated how a properly constructed containerized app can be deployed to both Amazon and Azure using the Kublr platform, and how Kubernetes objects, such as persistent volumes, ingress rules and services, can be used to abstract from the infrastructure.
Incredibly powerful and flexible, Kubernetes role-based access control (RBAC) is an essential tool to effectively manage production clusters. Yet many Ops and DevOps engineers are still facing barriers to efficiently use it at scale. These include a steep learning curve, YAML-based configuration, lack of standardized best practices, and the general complexity of this functionality at large -- it truly can be somewhat overwhelming.
During this meetup Oleg, CTO at Kublr, will discuss Kubernetes RBAC concepts and objects. He'll explore different use cases ranging from simple permission management for in-cluster application accounts to integrations with external identity providers for SSO and enterprise user access management.
Leveraging the Kublr Platform, Oleg will demonstrate how it simplifies the management of access and RBAC rules in a cloud native environment while staying vendor-independent and compatible with any Kubernetes distribution.
Building Portable Applications with KubernetesKublr
Containers and Kubernetes enable code portability across on-premise VMs, bare metal, or multiple clouds. However, many developers may include configuration and application definitions that constrain or even eliminate application portability.
We'll outline best practices for “configuration as code” in a Kubernetes environment. He'll demonstrate how a properly constructed containerized app can be deployed to both Amazon and Azure using the Kublr platform, and how Kubernetes objects, such as persistent volumes, ingress rules, and services, can be leveraged to abstract from the infrastructure.
Self-healing does not equal self-healing. There are multiple layers
to it, whether a self-healing infrastructure, cluster, pods, or Kubernetes. Kubernetes itself ensures self-healing pods. But how do you ensure your applications, whose reliability depends on every single layer, are truly reliable?
In this presentation we discuss aspects of reliability and self-healing in the different layers of a comprehensive container management stack; what Kubernetes does and doesn't do (at least not by default), and what you should look out for to ensure true reliable applications.
From a skunk-works project to running the entire enterprise
While developers see and realize the benefits of Kubernetes, how it improves efficiencies, saves time, and enables focus on the unique business requirements of each project; InfoSec, infrastructure, and software operations teams still face challenges when managing a new set of tools and technologies, and integrating them into an existing enterprise infrastructure.
In this meetup, Chris, CTO at Tigera, and Oleg, CTO at Kublr, discussed the evolution of your Kubernetes cluster - from a skunk-works project to running the entire enterprise.
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusKublr
In a microservices world, applications consist of dozens, hundreds, or even thousands of components. Manually deploying and verifying deployment quality in production is virtually impossible. Kubernetes, which natively supports rolling updates, enables blue-green application deployments with Spinnaker. However, gradual rollouts is a feature that doesn't come out-of-the-box but can be achieved by adding Istio and Prometheus to the equation.
During this meetup, Slava Koltovich, CEO of Kublr, and Oleg Atamanenko, Senior Software Architect, discussed canary release implementations on Kubernetes with Spinnaker, Istio, and Prometheus. They examined the role of each tool in the process and how they are all connected. During a demo, they demonstrated a successful and a failed canary release, and how these tools enable IT teams to properly roll out changes to their customer base without any downtime.
While developers see and realize the benefits of Kubernetes, how it improves efficiencies, saves time, and enables focus on the unique business requirements of each project; InfoSec, infrastructure, and software operations teams still face challenges when managing a new set of tools and technologies, and integrating them into existing enterprise infrastructure. This is especially true for environments where security and governance requirements are so strict as to come into conflict with the cloud-native reference architectures.
This deck will outline a plan that leverages Kubernetes as an infrastructure abstraction (hint: there is a lot more to it than just container orchestration!). Such an approach allows enterprises to untie themselves from infrastructure provider-specific technology stack and free development to use whichever tool fits their use case best. But how do you implement open source cloud-native technologies while meeting enterprise security and governance requirements? We’ll summarize common prerequisites for running Kubernetes in production, and how to leverage fine-grained controls and separation of responsibilities to meet enterprise governance and security needs; what’s needed for a general architecture of a centralized Kubernetes operations layer based on open source components such as Prometheus, Grafana, ELK Stack, Keycloak, etc.
Enabling support for data processing, data analytics, and machine learning workloads in Kubernetes has been one of the goals of the open source community. During this online meetup we discussed the growing use of Kubernetes for data science and machine learning workloads. We examined how new Kubernetes extensibility features such as custom resources and custom controllers are used for applications and frameworks integration. Apache Spark 2.3.’s native support is the latest indication of this growing trend. We demoed a few examples of data science workloads running on Kubernetes clusters setup by our Kublr platform
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this meetup Oleg Chunikhin, CTO at Kublr, described best practices for “configuration as code” in a Kubernetes environment. He demonstrated how a properly constructed containerized app can be deployed to both Amazon and Azure using the Kublr platform, and how Kubernetes objects, such as persistent volumes, ingress rules and services, can be used to abstract from the infrastructure.
Incredibly powerful and flexible, Kubernetes role-based access control (RBAC) is an essential tool to effectively manage production clusters. Yet many Ops and DevOps engineers are still facing barriers to efficiently use it at scale. These include a steep learning curve, YAML-based configuration, lack of standardized best practices, and the general complexity of this functionality at large -- it truly can be somewhat overwhelming.
During this meetup Oleg, CTO at Kublr, will discuss Kubernetes RBAC concepts and objects. He'll explore different use cases ranging from simple permission management for in-cluster application accounts to integrations with external identity providers for SSO and enterprise user access management.
Leveraging the Kublr Platform, Oleg will demonstrate how it simplifies the management of access and RBAC rules in a cloud native environment while staying vendor-independent and compatible with any Kubernetes distribution.
Building Portable Applications with KubernetesKublr
Containers and Kubernetes enable code portability across on-premise VMs, bare metal, or multiple clouds. However, many developers may include configuration and application definitions that constrain or even eliminate application portability.
We'll outline best practices for “configuration as code” in a Kubernetes environment. He'll demonstrate how a properly constructed containerized app can be deployed to both Amazon and Azure using the Kublr platform, and how Kubernetes objects, such as persistent volumes, ingress rules, and services, can be leveraged to abstract from the infrastructure.
Self-healing does not equal self-healing. There are multiple layers
to it, whether a self-healing infrastructure, cluster, pods, or Kubernetes. Kubernetes itself ensures self-healing pods. But how do you ensure your applications, whose reliability depends on every single layer, are truly reliable?
In this presentation we discuss aspects of reliability and self-healing in the different layers of a comprehensive container management stack; what Kubernetes does and doesn't do (at least not by default), and what you should look out for to ensure true reliable applications.
Centralizing Kubernetes Management in Restrictive EnvironmentsKublr
While developers see and realize the benefits of Kubernetes, how it improves efficiencies, saves time, and enables focus on the unique business requirements of each project; InfoSec, infrastructure, and software operations teams still face challenges when managing a new set of tools and technologies, and integrating them into existing enterprise infrastructure.
This is especially true for environments where security and governance requirements are so strict as to come into conflict with the cloud-native reference architectures.
During his presentation, Oleg will outline a plan that leverages open source cloud-native technologies while meeting enterprise security and governance requirements. He’ll summarize common prerequisites for running Kubernetes in production, and how to leverage fine-grained controls and separation of responsibilities to meet enterprise governance and security needs; what’s needed for a general architecture of a centralized Kubernetes operations layer based on open source components such as Prometheus, Grafana, ELK Stack, Keycloak, etc.
The presentation will cover basic requirements for audit, security, authentication, authorization, integration with existing identity management, logging, and monitoring. Additionally, the audience will learn whether cloud-hosted Kubernetes cover these requirements, how to integrate a compliant Kubernetes installation with their existing cloud infrastructure, the limitations of a bare-metal installation, interactions with vSphere’s API, achieving HA, reliability and disaster recovery, as well as handling OS upgrades, security patches, and Kubernetes upgrades.
Implement Advanced Scheduling Techniques in Kubernetes Kublr
Is advanced scheduling in Kubernetes achievable? Yes, however, how do you properly accommodate every real-life scenario that a Kubernetes user might encounter? How do you leverage advanced scheduling techniques to shape and describe each scenario in easy-to-use rules and configurations?
Oleg Chunikhin addressed those questions and demonstrated techniques for implementing advanced scheduling. For example, using spot instances and cost-effective resources on AWS, coupled with the ability to deliver a minimum set of functionalities that cover the majority of needs – without configuration complexity. You’ll get a run-down of the pitfalls and things to keep in mind for this route.
Kubernetes in Highly Restrictive EnvironmentsKublr
Installing Kubernetes is easy. Ensuring it complies with your organization’s enterprise governance and security requirements isn’t.
How do you use the technologies while meeting enterprise security requirements? We'll summarize common prerequisites for running Kubernetes in production, and how to leverage fine-grained controls and separation of responsibilities to meet enterprise governance and security needs.
This deck includes basic requirements for audit, security, authentication, authorization, integration with existing identity broker, logging, and monitoring. Additionally, we'll go into whether cloud-hosted Kubernetes cover these requirements, how to integrate a compliant Kubernetes installation with their existing cloud infrastructure and how to handle cross-team communication (network/compute/storage/security).
Since on-premise Kubernetes deployments have their challenges, limitations of a bare-metal installation, interactions with vSphere’s API, achieving HA, reliability and disaster recovery, as well as handling OS upgrades, security patches, and Kubernetes upgrades are also considered.
An application path to production does not end with a deployment, even if you are using Kubernetes (K8s) as your application deployment platform. Reliable BCDR (backup and disaster recovery) plan and framework is a must for any production-ready system.
This presentation accompanies meetups and webinars in which Oleg Chunikhin, CTO at Kublr, shows how Velero BCDR framework works and demonstrates how it can be used to backup and recover realistic applications running on Kubernetes in different clouds and environments.
What is covered:
- general notions of Kubernetes applications BCDR
- Velero BCDR framework
- demo Velero BCDR for stateful applications running on AWS and Azure clouds
- demo Velero BCDR using Strimzi / Kafka cluster and ArgoCD CI/CD manager as example application
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...Josef Adersberger
Running applications on Kubernetes can provide a lot of benefits: more dev speed, lower ops costs, and a higher elasticity & resiliency in production. Kubernetes is the place to be for cloud native apps. But what to do if you’ve no shiny new cloud native apps but a whole bunch of JEE legacy systems? No chance to leverage the advantages of Kubernetes? Yes you can!
We’re facing the challenge of migrating hundreds of JEE legacy applications of a major German insurance company onto a Kubernetes cluster within one year. We're now close to the finish line and it worked pretty well so far.
The talk will be about the lessons we've learned - the best practices and pitfalls we've discovered along our way. We'll provide our answers to life, the universe and a cloud native journey like:
- What technical constraints of Kubernetes can be obstacles for applications and how to tackle these?
- How to architect a landscape of hundreds of containerized applications with their surrounding infrastructure like DBs MQs and IAM and heavy requirements on security?
- How to industrialize and govern the migration process?
- How to leverage the possibilities of a cloud native platform like Kubernetes without challenging the tight timeline?
Kubernetes was originally targeted for running large scale web applications.
I/O intensive workload represents a class of high-end applications such as network services, trading applications, database services that require high-speed access to hardware resources and often users specific hardware or CPU features to maximize their performance.
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)Kublr
In a microservices world, applications consist of dozens, hundreds, or even thousands of components. Manually deploying and verifying deployment quality in production is virtually impossible. Kubernetes, which natively supports rolling updates, enables blue-green application deployments with Spinnaker. However, the gradual rollout is a feature that doesn’t come out-of-the-box but can be achieved by adding Istio and Prometheus to the equation.
During this meetup, Slava will discuss canary release implementations on Kubernetes with Spinnaker, Istio, and Prometheus. He’ll examine the role of each tool in the process and how they are all connected. During a demo, he will demonstrate a successful and failed canary release, and how these tools enable IT teams, to properly roll out changes to their customer base without any downtime.
Kubernetes is a fast-paced project and things move really fast. In deploying applications, you have several options like raw YAML files, Helm, or Operator but what are the pros and cons of each?
This talk will explore the right ways to manage your production applications through seamless installation, the patch fixes, and upgrades. Several demos will be used on a live cluster to illustrate how things can be done the right way that makes life very easy for the DevOps.
Kubernetes (K8s) is a powerful, flexible and portable open source framework for distributed containerized applications delivery and management. An important part of the services provided by most Kubernetes clusters is the containers’ networking stack. In most cases and for many applications it “just works”, but this seeming simplicity is backed by a complex stack of technologies that provide many capabilities beyond the basics.
This presentation accompanies the meetup and webinar where Oleg Chunikhin, CTO at Kublr, shows how Kubernetes networking stack works, describes main components, interfaces and extensibility options.
What is covered:
- general notions of Kubernetes networking - Pods and Network Policies
- implementation of Kubernetes networking - CNI, CNI plugins, and Linux network namespaces
- some Kubernetes CNI providers: Calico, Weave, Flanel, and Canal
- K8S networking extensibility for advanced and “exotic” use-cases with Multus CNI plugin as an example
A Million ways of Deploying a Kubernetes ClusterJimmy Lu
Developers and operators tend to build and develop different ways to set up a Kubernetes cluster due to its complexity and openness. Most of the time, it's quite confusing for the newcomers to get started with the Kubernetes. In this short talk, I'll introduce you some popular ways of Kubernetes deployment and briefly talk about pros and cons of each solution.
Kubernetes 1.16 and rancher 2.3 enhancementsSaiyam Pathak
This presentation talks about the recent kubernetes 1.16 enhancements and Rancher 2.3 new features. It also has the references section that was used as a motivation for this presentation.
Sf bay area Kubernetes meetup dec8 2016 - deployment modelsPeter Ss
I talk about deploying complex, multi-layer applications in Kuberentes.
I describe how Kubernetes AppController project (https://github.com/Mirantis/k8s-AppController) can be leveraged to enhance such deployments
MongoDB.local DC 2018: MongoDB Ops Manager + KubernetesMongoDB
MongoDB Ops Manager is an enterprise-grade end-to-end database management, monitoring, and backup solution. Kubernetes has clearly won the orchestration-platform "wars". In this session we'll take a deep dive on how you can leverage both these technologies to host your MongoDB deployments within your Kubernetes infrastructure whether that's OpenShift, PKS, Azure AKS, or just upstream. This talk will review the core technologies, such as containers, Kubernetes, and MongoDB Ops Manager. You'll also have a chance to see real-live demos of MongoDB running on Kubernetes and managed with MongoDB Ops Manager with the MongoDB Enterprise Kubernetes Operator.
Service meshes are all the buzz in cloud-native world.
How come only yesterday we didn't know such a thing existed and now everybody seems to want one?
If you're already running a microservice-based system or only starting out with one — you may be asking yourself: "Do I also need a mesh?"
In this session we'll try to answer what the mesh is good for, what problems it solves, what new questions it poses.
More specifically we will:
explore the SMI Spec;
understand why everybody wants a mesh;
see how the mesh helps with progressive delivery;
discuss if it's time for you to get into the mesh.
Slides from the talk given to the Startup Berlin Slack Group that demonstrates how TruckIN is implementing its continuous delivery workflow using technologies and open-source tools.
Topics that are covered: Automated Cloud Provisioning (Network, Subnets, VMs, Kubernetes Cluster, Firewall, Disks, Credentials, Private Docker Registry); Configuration Management (Salt Stack), Continuous Integration (Jenkins CI), Continuous Delivery/Deployment (Salt API/Reactor + Kubernetes) to a Google Cloud Kubernetes Cluster, Remote Application Debugging, Managing Google Cloud Kubernetes Cluster, Logging, Monitoring and ChatOps (Slack and operable.io)
Kubernetes pods / container scheduling 201 - pod and node affinity and anti-affinity, node selectors, taints and tolerations, persistent volumes constraints, scheduler configuration and custom scheduler development and more.
Helm is a package manager for Kubernetes. It helps streamline installing and managing applications. This session covers prerequisites for Helm, which include a basic understanding of containers and Kubernetes along with its architecture. It also covers the limitations that come with running deployments using the kubectl binary, Helm's architecture, templating with it and finally ends on a note highlighting the difference between versions 2 and 3.
Developers realize the benefits of Kubernetes, how it improves efficiencies, saves time, and enables focus on the unique business requirements of each project. This session will examine how to set up an operations-friendly enterprise Kubernetes management platform for centralized operations.
Kubernetes – An open platform for container orchestrationinovex GmbH
Datum: 30.08.2017
Event: GridKA School 2017
Speaker: Johannes M. Scheuermann
Mehr Tech-Vorträge: https://www.inovex.de/de/content-pool/vortraege/
Mehr Tech-Artikel: https://www.inovex.de/blog/
Centralizing Kubernetes Management in Restrictive EnvironmentsKublr
While developers see and realize the benefits of Kubernetes, how it improves efficiencies, saves time, and enables focus on the unique business requirements of each project; InfoSec, infrastructure, and software operations teams still face challenges when managing a new set of tools and technologies, and integrating them into existing enterprise infrastructure.
This is especially true for environments where security and governance requirements are so strict as to come into conflict with the cloud-native reference architectures.
During his presentation, Oleg will outline a plan that leverages open source cloud-native technologies while meeting enterprise security and governance requirements. He’ll summarize common prerequisites for running Kubernetes in production, and how to leverage fine-grained controls and separation of responsibilities to meet enterprise governance and security needs; what’s needed for a general architecture of a centralized Kubernetes operations layer based on open source components such as Prometheus, Grafana, ELK Stack, Keycloak, etc.
The presentation will cover basic requirements for audit, security, authentication, authorization, integration with existing identity management, logging, and monitoring. Additionally, the audience will learn whether cloud-hosted Kubernetes cover these requirements, how to integrate a compliant Kubernetes installation with their existing cloud infrastructure, the limitations of a bare-metal installation, interactions with vSphere’s API, achieving HA, reliability and disaster recovery, as well as handling OS upgrades, security patches, and Kubernetes upgrades.
Implement Advanced Scheduling Techniques in Kubernetes Kublr
Is advanced scheduling in Kubernetes achievable? Yes, however, how do you properly accommodate every real-life scenario that a Kubernetes user might encounter? How do you leverage advanced scheduling techniques to shape and describe each scenario in easy-to-use rules and configurations?
Oleg Chunikhin addressed those questions and demonstrated techniques for implementing advanced scheduling. For example, using spot instances and cost-effective resources on AWS, coupled with the ability to deliver a minimum set of functionalities that cover the majority of needs – without configuration complexity. You’ll get a run-down of the pitfalls and things to keep in mind for this route.
Kubernetes in Highly Restrictive EnvironmentsKublr
Installing Kubernetes is easy. Ensuring it complies with your organization’s enterprise governance and security requirements isn’t.
How do you use the technologies while meeting enterprise security requirements? We'll summarize common prerequisites for running Kubernetes in production, and how to leverage fine-grained controls and separation of responsibilities to meet enterprise governance and security needs.
This deck includes basic requirements for audit, security, authentication, authorization, integration with existing identity broker, logging, and monitoring. Additionally, we'll go into whether cloud-hosted Kubernetes cover these requirements, how to integrate a compliant Kubernetes installation with their existing cloud infrastructure and how to handle cross-team communication (network/compute/storage/security).
Since on-premise Kubernetes deployments have their challenges, limitations of a bare-metal installation, interactions with vSphere’s API, achieving HA, reliability and disaster recovery, as well as handling OS upgrades, security patches, and Kubernetes upgrades are also considered.
An application path to production does not end with a deployment, even if you are using Kubernetes (K8s) as your application deployment platform. Reliable BCDR (backup and disaster recovery) plan and framework is a must for any production-ready system.
This presentation accompanies meetups and webinars in which Oleg Chunikhin, CTO at Kublr, shows how Velero BCDR framework works and demonstrates how it can be used to backup and recover realistic applications running on Kubernetes in different clouds and environments.
What is covered:
- general notions of Kubernetes applications BCDR
- Velero BCDR framework
- demo Velero BCDR for stateful applications running on AWS and Azure clouds
- demo Velero BCDR using Strimzi / Kafka cluster and ArgoCD CI/CD manager as example application
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...Josef Adersberger
Running applications on Kubernetes can provide a lot of benefits: more dev speed, lower ops costs, and a higher elasticity & resiliency in production. Kubernetes is the place to be for cloud native apps. But what to do if you’ve no shiny new cloud native apps but a whole bunch of JEE legacy systems? No chance to leverage the advantages of Kubernetes? Yes you can!
We’re facing the challenge of migrating hundreds of JEE legacy applications of a major German insurance company onto a Kubernetes cluster within one year. We're now close to the finish line and it worked pretty well so far.
The talk will be about the lessons we've learned - the best practices and pitfalls we've discovered along our way. We'll provide our answers to life, the universe and a cloud native journey like:
- What technical constraints of Kubernetes can be obstacles for applications and how to tackle these?
- How to architect a landscape of hundreds of containerized applications with their surrounding infrastructure like DBs MQs and IAM and heavy requirements on security?
- How to industrialize and govern the migration process?
- How to leverage the possibilities of a cloud native platform like Kubernetes without challenging the tight timeline?
Kubernetes was originally targeted for running large scale web applications.
I/O intensive workload represents a class of high-end applications such as network services, trading applications, database services that require high-speed access to hardware resources and often users specific hardware or CPU features to maximize their performance.
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)Kublr
In a microservices world, applications consist of dozens, hundreds, or even thousands of components. Manually deploying and verifying deployment quality in production is virtually impossible. Kubernetes, which natively supports rolling updates, enables blue-green application deployments with Spinnaker. However, the gradual rollout is a feature that doesn’t come out-of-the-box but can be achieved by adding Istio and Prometheus to the equation.
During this meetup, Slava will discuss canary release implementations on Kubernetes with Spinnaker, Istio, and Prometheus. He’ll examine the role of each tool in the process and how they are all connected. During a demo, he will demonstrate a successful and failed canary release, and how these tools enable IT teams, to properly roll out changes to their customer base without any downtime.
Kubernetes is a fast-paced project and things move really fast. In deploying applications, you have several options like raw YAML files, Helm, or Operator but what are the pros and cons of each?
This talk will explore the right ways to manage your production applications through seamless installation, the patch fixes, and upgrades. Several demos will be used on a live cluster to illustrate how things can be done the right way that makes life very easy for the DevOps.
Kubernetes (K8s) is a powerful, flexible and portable open source framework for distributed containerized applications delivery and management. An important part of the services provided by most Kubernetes clusters is the containers’ networking stack. In most cases and for many applications it “just works”, but this seeming simplicity is backed by a complex stack of technologies that provide many capabilities beyond the basics.
This presentation accompanies the meetup and webinar where Oleg Chunikhin, CTO at Kublr, shows how Kubernetes networking stack works, describes main components, interfaces and extensibility options.
What is covered:
- general notions of Kubernetes networking - Pods and Network Policies
- implementation of Kubernetes networking - CNI, CNI plugins, and Linux network namespaces
- some Kubernetes CNI providers: Calico, Weave, Flanel, and Canal
- K8S networking extensibility for advanced and “exotic” use-cases with Multus CNI plugin as an example
A Million ways of Deploying a Kubernetes ClusterJimmy Lu
Developers and operators tend to build and develop different ways to set up a Kubernetes cluster due to its complexity and openness. Most of the time, it's quite confusing for the newcomers to get started with the Kubernetes. In this short talk, I'll introduce you some popular ways of Kubernetes deployment and briefly talk about pros and cons of each solution.
Kubernetes 1.16 and rancher 2.3 enhancementsSaiyam Pathak
This presentation talks about the recent kubernetes 1.16 enhancements and Rancher 2.3 new features. It also has the references section that was used as a motivation for this presentation.
Sf bay area Kubernetes meetup dec8 2016 - deployment modelsPeter Ss
I talk about deploying complex, multi-layer applications in Kuberentes.
I describe how Kubernetes AppController project (https://github.com/Mirantis/k8s-AppController) can be leveraged to enhance such deployments
MongoDB.local DC 2018: MongoDB Ops Manager + KubernetesMongoDB
MongoDB Ops Manager is an enterprise-grade end-to-end database management, monitoring, and backup solution. Kubernetes has clearly won the orchestration-platform "wars". In this session we'll take a deep dive on how you can leverage both these technologies to host your MongoDB deployments within your Kubernetes infrastructure whether that's OpenShift, PKS, Azure AKS, or just upstream. This talk will review the core technologies, such as containers, Kubernetes, and MongoDB Ops Manager. You'll also have a chance to see real-live demos of MongoDB running on Kubernetes and managed with MongoDB Ops Manager with the MongoDB Enterprise Kubernetes Operator.
Service meshes are all the buzz in cloud-native world.
How come only yesterday we didn't know such a thing existed and now everybody seems to want one?
If you're already running a microservice-based system or only starting out with one — you may be asking yourself: "Do I also need a mesh?"
In this session we'll try to answer what the mesh is good for, what problems it solves, what new questions it poses.
More specifically we will:
explore the SMI Spec;
understand why everybody wants a mesh;
see how the mesh helps with progressive delivery;
discuss if it's time for you to get into the mesh.
Slides from the talk given to the Startup Berlin Slack Group that demonstrates how TruckIN is implementing its continuous delivery workflow using technologies and open-source tools.
Topics that are covered: Automated Cloud Provisioning (Network, Subnets, VMs, Kubernetes Cluster, Firewall, Disks, Credentials, Private Docker Registry); Configuration Management (Salt Stack), Continuous Integration (Jenkins CI), Continuous Delivery/Deployment (Salt API/Reactor + Kubernetes) to a Google Cloud Kubernetes Cluster, Remote Application Debugging, Managing Google Cloud Kubernetes Cluster, Logging, Monitoring and ChatOps (Slack and operable.io)
Kubernetes pods / container scheduling 201 - pod and node affinity and anti-affinity, node selectors, taints and tolerations, persistent volumes constraints, scheduler configuration and custom scheduler development and more.
Helm is a package manager for Kubernetes. It helps streamline installing and managing applications. This session covers prerequisites for Helm, which include a basic understanding of containers and Kubernetes along with its architecture. It also covers the limitations that come with running deployments using the kubectl binary, Helm's architecture, templating with it and finally ends on a note highlighting the difference between versions 2 and 3.
Developers realize the benefits of Kubernetes, how it improves efficiencies, saves time, and enables focus on the unique business requirements of each project. This session will examine how to set up an operations-friendly enterprise Kubernetes management platform for centralized operations.
Kubernetes – An open platform for container orchestrationinovex GmbH
Datum: 30.08.2017
Event: GridKA School 2017
Speaker: Johannes M. Scheuermann
Mehr Tech-Vorträge: https://www.inovex.de/de/content-pool/vortraege/
Mehr Tech-Artikel: https://www.inovex.de/blog/
The presentation was given on 11/12/2018 on CloudExpo NY. The presentation talks about software portability approaches and technologies on Kubernetes, microservices, service mesh, and serverless platforms
Moby is an open source project providing a "LEGO set" of dozens of components, the framework to assemble them into specialized container-based systems, and a place for all container enthusiasts to experiment and exchange ideas.
One of these assemblies is Docker CE, an open source product that lets you build, ship, and run containers.
This talk will explain how you can leverage the Moby project to assemble your own specialized container-based system, whether for IoT, cloud or bare metal scenarios.
We will cover Moby itself, the framework, and tooling around the project, as well as many of it’s components: LinuxKit, InfraKit, containerd, SwarmKit, Notary.
Then we will present a few use cases and demos of how different companies have leveraged Moby and some of the Moby components to create their own container-based systems.
Video at https://www.youtube.com/watch?v=kDp22YkD6WY
Rook turns distributed storage systems into self-managing, self-scaling, self-healing storage services. It automates the tasks of a storage administrator: deployment, bootstrapping, configuration, provisioning, scaling, upgrading, migration, disaster recovery, monitoring, and resource management.
Rook uses the power of the Kubernetes platform to deliver its services via a Kubernetes Operator for each storage provider.
Oleg Chunikhin, Co-Founder and CTO @ Kublr.com, will present an introduction to storage management on k8s using Rook and Ceph.
How Self-Healing Nodes and Infrastructure Management Impact ReliabilityKublr
Self-healing does not equal self-healing. There are multiple layers to it, whether a self-healing infrastructure, cluster, pods, or Kubernetes. Kubernetes itself ensures self-healing pods. But how do you ensure your applications, whose reliability depends on every single layer, are truly reliable?
This presentation covers the different self-healing layers, what Kubernetes does and doesn't do (at least not by default), and what you should look out for to ensure true reliable applications. Hint: infrastructure provisioning plays a key role.
Serverless frameworks are changing the way we do computing. In open source container world, Kubernetes is playing a pivotal role in manifesting this. This presentation will go deep into various features of Kubernetes to create serverless functions.
Also includes a comparative study of various serverless frameworks such as Kubeless, Fission and Funktion are available in open source world. Will conclude with an implementation demo and some real world use cases.
Presented in serverless summit 2017: www.inserverless.com
Kubernetes for FaaS (Function as a Service) - Serverless evolution, some basic constructs, kubenetes features, comparisons - from Serverless conference 2017 Bangalore.
Hybrid architecture solutions with kubernetes and the cloud native stackKublr
This presentation provides an overview of how Kubernetes capabilities can be used to simplify use of hybrid infrastructure rather than complicate it. It covers the general challenges posed by hybrid multi-site architectures, including provisioning and operations, ingress traffic management, network connectivity, and distributed data management. The presentation reviews using AWS and Azure as examples how each of these challenges can be addressed with Kubernetes and various Kubernetes controllers used as an infrastructure abstraction layer.
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Cynthia Thomas
This session offers techniques for securing Docker containers and hosts using open source network virtualization technologies to implement microsegmentation. Come learn real tips and tricks that you can apply to keep your production environment secure.
Accelerate Application Innovation Journey with Azure Kubernetes Service WinWire Technologies Inc
Regardless of your organization’s size or industry, migrating to the public cloud and Kubernetes is burdened with business and technical risk. Managing Kubernetes clusters, applying blueprint to clusters and adding requisite governance and control are just a few hurdles that can stall your application modernization journey.
Azure Kubernetes Service (AKS) simplifies deploying a managed Kubernetes cluster in Azure by offloading much of the complexity and operational overhead.
In this session, you will learn:
- Introduction and architecture of AKS
- Best practices in adopting Azure Kubernetes Service
- How to monitor and optimize AKS
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Docker, Inc.
Au programme : la mise en place de plateformes agiles pour s’adapter aux nouveaux business models, l’optimisation des coûts IT dans le cadre de vos déploiements applicatifs, réussir la mise en oeuvre de Kubernetes, garantir la sécurité de vos applications tout au long de leur cycle de vie et bien plus encore.
Navigating the Container Orchestration MazeAlex Vranceanu
With Docker adoption on the rise in many organisations, it’s becoming increasingly challenging to manage multiple containerized environments across clusters and infrastructure providers.
Starting from the question of what do we use to manage our Kubernetes clusters in cloud or on-premise, we’ll look at a head-to-head comparison of major Container Orchestration and Management platforms in the enterprise and open-source world.
RedHat OpenShift Container Platform, Docker Enterprise, DC/OS, Rancher and Spinnaker and the main platforms which we’ll be taking a closer look at and I hope that this comparison will help make a more informed choice for a Container Management platform. Looking forward to discussing the above and possibly other options with you.
For those interested after the presentation, we could have a hands-on session with all of the above platforms, to get a real feeling of each one.
OSDC 2018 | Three years running containers with Kubernetes in Production by T...NETWAYS
The talk gives a state of the art update of experiences with deploying applications in Kubernetes on scale. If in clouds or on premises, Kubernetes took over the leading role as a container operating system. The central paradigm of stateless containers connected to storage and services is the core of Kubernetes. However, it can be extended to distributed databases, Machine Learning, Windows VMs in Kubernetes. All these applications have been considered as edge cases a few years ago, however, are going more and more mainstream today.
Container runtime and tooling has matured since Docker brought it to the mainstream a decade ago. There are multiple options for building and running containers available to the developers and system administrators. Oleg Chunikhin, CTO at Kublr, will provide a review and analysis of the popular options.
Container runtime and tooling has matured since Docker brought it to the mainstream a decade ago. There are multiple options for building and running containers available to the developers and system administrators. Oleg Chunikhin, CTO at Kublr, will provide a review and analysis of the popular options.
Kubernetes in Hybrid Environments with SubmarinerKublr
Submariner enables direct networking between Pods and Services in different Kubernetes clusters, either on-premises or in the cloud.
As Kubernetes gains adoption, teams are finding they must deploy and manage multiple clusters to facilitate features like geo-redundancy, scale, and fault isolation for their applications. With Submariner, your applications and services can span multiple cloud providers, data centers, and regions.
Submariner is completely open source, and designed to be network plugin (CNI) agnostic.
Submariner Provides: cross-cluster L3 connectivity using encrypted VPN tunnels; service Discovery across clusters; subctl, a friendly deployment tool; support for interconnecting clusters with overlapping CIDRs
This presentation explains the basics of Kubernetes ingress traffic management functionality, and how it can be used to simplify managing applications across different environments - in the cloud or on premise.
In this meetup, Oleg, CTO at Kublr, walks you through the basics of K8s persistence management functionality and how it can be used to simplify managing persistent applications across different environments - in the cloud or on premise. Oleg will use a demo environment with clusters in different clouds to show K8s persistence in practice.
We will cover:
• Persistent data abstractions in K8s: persistent volumes (PV) and their attributes
• PV specifics in different clouds
• Using PV in K8s: persistent volume claims (PVC) and storage classes (SC)
• Automatic volume provisioning
• Persistence and scheduling interrelationships
• Practical examples
Kubernetes (K8s) is a powerful and flexible open source container orchestration system. The power of K8s comes from its modularity and simplicity of basic concepts. Each of these basic concepts build on the other and, from the most basic elements to more advanced ones, each is responsible for its own well-defined logic and behavior.
Portable CI/CD Environment as Code with Kubernetes, Kublr and JenkinsKublr
How to establish Kubernetes as your infrastructure for a truly cloud native environment for optimal productivity and cost.
Using Kublr for infrastructure as code approach for fast, reliable and inexpensive production-ready DevOps environment setup bringing together a combination of technologies - Kubernetes; AWS Mixed Instance Policies, Spot Instances and availability zones; AWS EFS; Nexus and Jenkins.
Best practices based on open source tools such as Nexus and Jenkins.
How to tackle build process dilemmas and difficulties including managing dependencies, hermetic builds and build scripts.
Kubernetes 101: Intro to Kubernetes namespaces, workloads, and architecture
In this webinar Oleg, CTO at Kublr, will explain the basics of Kubernetes, a powerful and flexible
open-source container orchestration system: what it is, how it works, and the main entities
Kubernetes users work with.
Containers are taking over the IT world, and while building and running them locally is simple,
running them in production on a distributed infrastructure is much more involved.
Oleg will show how Kubernetes can help orchestrating containers across multiple compute
nodes and clouds.
We will cover:
- distributed container orchestration
- architecture of Kubernetes clusters
- important Kubernetes objects: namespaces, pods, services
- overview controllers: deployment, daemonset, stateful set
How to Run Kubernetes in Restrictive EnvironmentsKublr
Meeting the Needs of Enterprise Governance and Security Installing
Kubernetes is easy. Ensuring it complies with your organization’s enterprise governance and security requirements isn’t.
During this webinar, Oleg will explain how to use Kubernetes while meeting enterprise requirements. In this technically-focused talk, he’ll summarize common prerequisites for running Kubernetes in production, and how to leverage fine-grained controls and separation of responsibilities to meet enterprise governance and security needs.
The presentation will include basic requirements for audit, security, authentication, authorization, integration with existing identity management, logging, and monitoring.
Because on-premise Kubernetes deployments don’t come without their challenges, Oleg will cover the limitations of a bare-metal installation, interactions with vSphere’s API, achieving HA, reliability and disaster recovery, as well as handling OS upgrades, security patches, and Kubernetes upgrades. He’ll close with a quick outlook of what’s next, including infrastructure as code, immutable infrastructure, and GitOps.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
2. Introductions
Oleg Chunikhin
CTO, Kublr
• Nearly 20 years in the field of software
architecture and development.
• Joined Kublr as the CTO in 2016.
• Kublr is an enterprise Kubernetes management and
operations platform that helps accelerate Kubernetes
adoption and containerized applications management for
enterprises.
3. History
• Custom software development company
• Dozens of projects per year
• Varying target environments: clouds, on-prem, hybrid
• Unified application delivery and ops platform wanted:
monitoring, logs, security, multiple env, ...
4. Docker and Kubernetes to the Rescue
• Docker is great, but local
• Kubernetes is great... when it is up and running
• Who sets up and operates K8S clusters?
• Who takes care of operational aspects at scale?
• How do you provide governance and ensure
compliance?
6. Kubernetes Management Platform Wanted
• Portability – clouds, on-prem, air-gapped, different OS’
• Centralized multi-cluster operations saves resources – many
environments (dev, prod, QA, ...), teams, applications
• Self-service and governance for Kubernetes operations
• Reliability – cluster self-healing, self-reliance
• Limited management profile – cloud and K8S API
• Architecture – flexible, open, pluggable, compatible
• Sturdy – secure, scalable, modular, HA, DR etc.
7. Central Control Plane: Operations
K8S Clusters
Cloud(s)
Data
center
API UI
Log collection
Operations
Monitoring
Authn and authz, SSO, federation
Audit Image Repo
Infrastructure management
Backup & DR
Dev
K8S API
Cloud API
Prod
PoC
Dev
10. Cluster: Portability
• (Almost) everything runs in containers
• Simple (single-binary) management agent
• Minimal store requirements
• Shared, eventually consistent
• Secure: RW files for masters, RO for nodes
• Thus the store can be anything:
S3, SA, NFS, rsynced dir, provided files, ...
• Minimal infra automation requirements
• Configure and run configuration agent
• Enable access to the store
• Can be AWS CF, Azure ARM, BOSH,
Ansible, ...
• Load balancer is not required for multi-master;
each agent can independently fail over to a healthy
master
Infrastructure
Automation
MASTER
KUBLR
overlay network, discovery,
connectivity
K8s Master Components:
etcd, scheduler, API, controller
Docker
KUBELET KUBLRKUBELET
NODE
Docker
overlay network, discovery,
connectivity
Infrastructure and
Application containers
Orchestration
Store Secrets
discovery
11. Cluster: Reliability
• Rely on underlying platform as much as
possible
• ASG on AWS
• IAM on AWS for store access
• SA on Azure, S3 on AWS
• ARM on Azure, CF on AWS
• Minimal infrastructure SLA
tolerate temporary failures
• Multi-muster API failover on nodes
• Resource management, memory requests
and limits for OS and k8s components
Infrastructure
Automation
MASTER
KUBLR
overlay network, discovery,
connectivity
K8s Master Components:
etcd, scheduler, API, controller
Docker
KUBELET KUBLRKUBELET
NODE
Docker
overlay network, discovery,
connectivity
Infrastructure and
Application containers
Orchestration
Store
12. Central Control Plane: Logs and Metrics
K8S Clusters
Cloud(s)
Data
center
API UI Operations
Authn and authz, SSO, federation
Image Repo
Infrastructure management
Backup & DR
Dev
K8S API
Cloud API
Prod
PoC
Dev
Log collection Monitoring
Audit
13. Centralized Monitoring and Log Collection.
Why Bother?
• Prometheus and ELK are heavy and not easy to operate;
need attention and at least 4-8 Gb RAM... each, per cluster
• Cloud/SaaS monitoring is not always permitted or available
• Existing monitoring is often not container-aware
• No aggregated view and analysis
• No alerting governance
14. K8S Monitoring with Prometheus
• Discover nodes, services, pods
via K8S API
• Query metrics from discovered
endpoints
• Endpoint are accessed directly
via internal cluster addresses
Kubernetes Cluster
Prometheus
Nodes
K8S API
Grafana
Pods
Discovery
Srv
Metrics
15. Centralized Monitoring
Cluster registry
PROMETHEUSGrafana
K8S Proxy API
nodes, pods,
service endpoints
Ship externally
Ship externally
Prometheus
config
Prometheus
data
Configurator
Control plane
KUBERNETES CLUSTER
Prometheus
(collector)
Prometheus
(collector)
16. Centralized Monitoring: Considerations
• Prometheus resource usage tuning
• Long-term storage (m3)
• Configuration file growth with many clusters
• Metrics labeling
• Additional load on API server
Where the project comes from
Company overview
Kubernetes as a solution – standardized delivery platform
Kubernetes is great for managing containers, but who manages Kubernetes?
How to streamline monitoring and collection of logs with multiple Kubernetes clusters?
Requirements
Portability – support for cloud environments, on prem deployment, and isolated deployments
Multi-cluster operations support
Centralized log collection and monitoring
Reliability – self healing, modularity, cluster self-reliance
Limited connectivity profile – do not require many ports
Architecture – flexible, open, pluggable
Security
The control plane is only critically involved in the cluster when the cluster is created
The control plane uses cloud specific infrastructure management automation frameworks – CF, ARM, BOSH, VMware, etc.
After the cluster infrastructure is created and configured, the cluster does not need the control plane
Self-coordination via the orchestration store
Orchestration store and underlying platform are the only coordination devices the cluster needs to operate and recover failures from
Masters and nodes are configured for the orchestration store access
Master(s) will try to get secrets and discovery information from the store;if not available – will generate and publish a new set
With multiple masters – the latest published package wins
Nodes will take the latest published data and use it.
Prometheus
Prometheus
Control plane keeps track of managed clusters
Configurator reconfigures Prometheus when cluster list changes
Prometheus configuration is in K8S config maps