In this session, we will discuss the architecture of a Kubernetes cluster. we will go through all the master and worker components of a kubernetes cluster. We will also discuss the basic terminology of Kubernetes cluster such as Pods, Deployments, Service etc. We will also cover networking inside Kuberneets. In the end, we will discuss options available for the setup of a Kubernetes cluster.
A brief study on Kubernetes and its componentsRamit Surana
Kubernetes is an open source orchestration system for Docker containers. It handles scheduling onto nodes in a compute cluster and actively manages workloads to ensure that their state matches the users declared intentions. Using the concepts of "labels" and "pods", it groups the containers which make up an application into logical units for easy management and discovery.
In this session, we will discuss the architecture of a Kubernetes cluster. we will go through all the master and worker components of a kubernetes cluster. We will also discuss the basic terminology of Kubernetes cluster such as Pods, Deployments, Service etc. We will also cover networking inside Kuberneets. In the end, we will discuss options available for the setup of a Kubernetes cluster.
A brief study on Kubernetes and its componentsRamit Surana
Kubernetes is an open source orchestration system for Docker containers. It handles scheduling onto nodes in a compute cluster and actively manages workloads to ensure that their state matches the users declared intentions. Using the concepts of "labels" and "pods", it groups the containers which make up an application into logical units for easy management and discovery.
If you’re working with just a few containers, managing them isn't too complicated. But what if you have hundreds or thousands? Think about having to handle multiple upgrades for each container, keeping track of container and node state, available resources, and more. That’s where Kubernetes comes in. Kubernetes is an open source container management platform that helps you run containers at scale. This talk will cover Kubernetes components and show how to run applications on it.
History and Basics of containers, LXC, Docker and Kubernetes. This presentation is given to Engineering colleage students at VIT DevFest 2018. Beginner to Intermediate level.
Author: Oleg Chunikhin, www.eastbanctech.com
Kubernetes is a portable open source system for managing and orchestrating containerized cluster applications. Kubernetes solves a number of DevOps related problems out of the box in a simple and unified way – rolling updates and update rollback, canary deployment and other complicated deployment scenarios, scaling, load balancing, service discovery, logging, monitoring, persistent storage management, and much more. You will learn how in less than 30 minutes a reliable self-healing production-ready Kubernetes cluster may be deployed on AWS and used to host and operate multiple environments and applications.
A basic introductory slide set on Kubernetes: What does Kubernetes do, what does Kubernetes not do, which terms are used (Containers, Pods, Services, Replica Sets, Deployments, etc...) and how basic interaction with a Kubernetes cluster is done.
Service Discovery in kubernetes is all about how services of kubernetes get discovered internally and externally. How does a single POD communicate to another POD the within the cluster and how does a user request reach to a specific POD in the cluster? These are some questions that are answered by this TOPIC.
Kubernetes for Beginners: An Introductory GuideBytemark
An introduction to Kubernetes for beginners. Includes the definition, architecture, benefits and misconceptions of Kubernetes. Written in plain English, ideal for both developers and non-developers who are new to Kubernetes.
Find out more about Kubernetes at Bytemark here: https://www.bytemark.co.uk/managed-kubernetes/
K8s in 3h - Kubernetes Fundamentals TrainingPiotr Perzyna
Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications. This training helps you understand key concepts within 3 hours.
An overview of the Kubernetes architectureIgor Sfiligoi
This talk provides a 101 introdution to Kubernetes from a user point of view.
Aimed at service providers, it was presented at the GPN Annual Meeting 2019. https://conferences.k-state.edu/gpn/
Kubernetes: An Introduction to the Open Source Container Orchestration PlatformMichael O'Sullivan
Originally designed by Google, Kubernetes is now an open-source platform that is used for managing applications deployed as containers across multiple hosts - now hosted under the Cloud Native Computing Foundation. It provides features for automating deployment, scaling, and maintaining these applications. Hosts are organised into clusters, and applications are deployed into these clusters as containers. Kubernetes is compatible with several container engines, notably Docker. The popularity of Kubernetes continues to increase as a result of the feature-rich tooling when compared to use of a container-engine alone, and a number of Cloud-based hosted solutions are now available, such as Google Kubernetes Engine, Amazon Elastic Container Service for Kubernetes, and IBM Cloud Container Service.
This talk will provide an introduction to the Kubernetes platform, and a detailed view of the platform architecture from both the Control Plane and Worker-node perspectives. A walk-through demonstration will also be provided. Furthermore, two additional tools that support Kubernetes will be presented and demonstrated - Helm: a package manager solution which enables easy deployment of pre-built Kubernetes software using Helm Charts, and Istio: a platform in development that aims to simplify the management of micro-services deployed on the Kubernetes platform.
Speaker Bio:
Dr. Michael J. O'Sullivan is a Software Engineer working as part of the Cloud Foundation Services team for IBM Cloud Dedicated, in the IBM Cloud division in Cork. Michael has worked on both Delivery Pipeline/Deployment Automation and Performance Testing teams, which has resulted in daily exposure to customer deployments of IBM Cloud services such as the IBM Cloud Containers Service, and the IBM Cloud Logging and Metrics Services. Michael has also worked on deployment of these services to OpenStack and VMware platforms. Michael holds a PhD in Computer Science from University College Cork (2012 - 2015), where, under the supervision of Dr. Dan Grigoras, engaged in research of Mobile Cloud Computing (MCC) - specifically, studying and implementing solutions for delivering seamless user experiences of MCC applications and services. Prior to this, Michael graduated with a 1st Class Honours Degree in Computer Science from University College Cork in 2012.
A Comprehensive Introduction to Kubernetes. This slide deck serves as the lecture portion of a full-day Workshop covering the architecture, concepts and components of Kubernetes. For the interactive portion, please see the tutorials here:
https://github.com/mrbobbytables/k8s-intro-tutorials
This presentation covers how app deployment model evolved from bare metal servers to Kubernetes World.
In addition to theoretical information, you will find free KATACODA workshops url to perform practices to understand the details of the each topics.
** Kubernetes Certification Training: https://www.edureka.co/kubernetes-certification **
This Edureka tutorial on "Kubernetes Architecture" will give you an introduction to popular DevOps tool - Kubernetes, and will deep dive into Kubernetes Architecture and its working. The following topics are covered in this training session:
1. What is Kubernetes
2. Features of Kubernetes
3. Kubernetes Architecture and Its Components
4. Components of Master Node and Worker Node
5. ETCD
6. Network Setup Requirements
DevOps Tutorial Blog Series: https://goo.gl/P0zAfF
If you’re working with just a few containers, managing them isn't too complicated. But what if you have hundreds or thousands? Think about having to handle multiple upgrades for each container, keeping track of container and node state, available resources, and more. That’s where Kubernetes comes in. Kubernetes is an open source container management platform that helps you run containers at scale. This talk will cover Kubernetes components and show how to run applications on it.
History and Basics of containers, LXC, Docker and Kubernetes. This presentation is given to Engineering colleage students at VIT DevFest 2018. Beginner to Intermediate level.
Author: Oleg Chunikhin, www.eastbanctech.com
Kubernetes is a portable open source system for managing and orchestrating containerized cluster applications. Kubernetes solves a number of DevOps related problems out of the box in a simple and unified way – rolling updates and update rollback, canary deployment and other complicated deployment scenarios, scaling, load balancing, service discovery, logging, monitoring, persistent storage management, and much more. You will learn how in less than 30 minutes a reliable self-healing production-ready Kubernetes cluster may be deployed on AWS and used to host and operate multiple environments and applications.
A basic introductory slide set on Kubernetes: What does Kubernetes do, what does Kubernetes not do, which terms are used (Containers, Pods, Services, Replica Sets, Deployments, etc...) and how basic interaction with a Kubernetes cluster is done.
Service Discovery in kubernetes is all about how services of kubernetes get discovered internally and externally. How does a single POD communicate to another POD the within the cluster and how does a user request reach to a specific POD in the cluster? These are some questions that are answered by this TOPIC.
Kubernetes for Beginners: An Introductory GuideBytemark
An introduction to Kubernetes for beginners. Includes the definition, architecture, benefits and misconceptions of Kubernetes. Written in plain English, ideal for both developers and non-developers who are new to Kubernetes.
Find out more about Kubernetes at Bytemark here: https://www.bytemark.co.uk/managed-kubernetes/
K8s in 3h - Kubernetes Fundamentals TrainingPiotr Perzyna
Kubernetes (K8s) is an open-source system for automating deployment, scaling, and management of containerized applications. This training helps you understand key concepts within 3 hours.
An overview of the Kubernetes architectureIgor Sfiligoi
This talk provides a 101 introdution to Kubernetes from a user point of view.
Aimed at service providers, it was presented at the GPN Annual Meeting 2019. https://conferences.k-state.edu/gpn/
Kubernetes: An Introduction to the Open Source Container Orchestration PlatformMichael O'Sullivan
Originally designed by Google, Kubernetes is now an open-source platform that is used for managing applications deployed as containers across multiple hosts - now hosted under the Cloud Native Computing Foundation. It provides features for automating deployment, scaling, and maintaining these applications. Hosts are organised into clusters, and applications are deployed into these clusters as containers. Kubernetes is compatible with several container engines, notably Docker. The popularity of Kubernetes continues to increase as a result of the feature-rich tooling when compared to use of a container-engine alone, and a number of Cloud-based hosted solutions are now available, such as Google Kubernetes Engine, Amazon Elastic Container Service for Kubernetes, and IBM Cloud Container Service.
This talk will provide an introduction to the Kubernetes platform, and a detailed view of the platform architecture from both the Control Plane and Worker-node perspectives. A walk-through demonstration will also be provided. Furthermore, two additional tools that support Kubernetes will be presented and demonstrated - Helm: a package manager solution which enables easy deployment of pre-built Kubernetes software using Helm Charts, and Istio: a platform in development that aims to simplify the management of micro-services deployed on the Kubernetes platform.
Speaker Bio:
Dr. Michael J. O'Sullivan is a Software Engineer working as part of the Cloud Foundation Services team for IBM Cloud Dedicated, in the IBM Cloud division in Cork. Michael has worked on both Delivery Pipeline/Deployment Automation and Performance Testing teams, which has resulted in daily exposure to customer deployments of IBM Cloud services such as the IBM Cloud Containers Service, and the IBM Cloud Logging and Metrics Services. Michael has also worked on deployment of these services to OpenStack and VMware platforms. Michael holds a PhD in Computer Science from University College Cork (2012 - 2015), where, under the supervision of Dr. Dan Grigoras, engaged in research of Mobile Cloud Computing (MCC) - specifically, studying and implementing solutions for delivering seamless user experiences of MCC applications and services. Prior to this, Michael graduated with a 1st Class Honours Degree in Computer Science from University College Cork in 2012.
A Comprehensive Introduction to Kubernetes. This slide deck serves as the lecture portion of a full-day Workshop covering the architecture, concepts and components of Kubernetes. For the interactive portion, please see the tutorials here:
https://github.com/mrbobbytables/k8s-intro-tutorials
This presentation covers how app deployment model evolved from bare metal servers to Kubernetes World.
In addition to theoretical information, you will find free KATACODA workshops url to perform practices to understand the details of the each topics.
** Kubernetes Certification Training: https://www.edureka.co/kubernetes-certification **
This Edureka tutorial on "Kubernetes Architecture" will give you an introduction to popular DevOps tool - Kubernetes, and will deep dive into Kubernetes Architecture and its working. The following topics are covered in this training session:
1. What is Kubernetes
2. Features of Kubernetes
3. Kubernetes Architecture and Its Components
4. Components of Master Node and Worker Node
5. ETCD
6. Network Setup Requirements
DevOps Tutorial Blog Series: https://goo.gl/P0zAfF
DevNetCreate - ACI and Kubernetes IntegrationHank Preston
These are slides from my hands on lab workshop at DevNet Create 2019 in April. https://developer.cisco.com/devnetcreate/2019/agenda
Description:
Enterprises all over are embracing Kubernetes as the foundation for their cloud native, micro service applications. As they are, network security is becoming a top of mind question. The ACI CNI Plugin for Kubernetes brings the power of Application Centric Infrastructure (granular segmentation, robust operational visibility, and unsurpassed network performance) to the Docker container driven infrastructure of Kubernetes. In this session, you'll have a chance to see all of this in action through a guided exploration of your very own Kubernetes cluster integrated with an ACI fabric. You'll start by diving into how a typical application looks after being deployed to Kubernetes within the ACI fabric. See each individual container and pod show up within the ACI operational dashboards. Look at how the load balancing and traffic routing is handled within the network by ACI, just like any other application environment. Then begin to enhance the policies applied to the application by segmenting applications by name spaces for better isolation between running applications. But we won't stop there, before you're done you'll build contracts to explicitly control the flow of traffic between the tiers of your application to ensure business and security policies are applied to containerized applications running within Kubernetes with the same contracts and filters you're using for traditional workloads.
Kubernetes: від знайомства до використання у CI/CDStfalcon Meetups
Kubernetes: від знайомства до використання у CI/CD
Олександр Занічковський
Technical Lead у компанії SoftServe
14+ років досвіду розробки різноманітного програмного забезпечення, як для десктопа, так і для веб
Працював фріланс-програмістом та в команді
Цікавиться архітектурою ПЗ, автоматизацією процесів інтеграції та доставки нових версій продукту, хмарними технологіями
Віднедавна займається менторінгом майбутніх техлідів
У вільний від роботи час грає на гітарі і мріє про велику сцену
Олександр поділиться власним досвідом роботи з Kubernetes:
ознайомить з базовими поняттями та примітивами K8S
опише можливі сценарії використання Kubernetes для CI/CD на прикладі GitLab
покаже, як можна використовувати постійне сховище, збирати метрики контейнерів, використовувати Ingress для роутинга запитів за певними правилами
покаже, як можна самому встановити K8S для ознайомлення чи локальної роботи
Kubernetes is an open-source system and is quickly becoming the new standard for automating deployment, scaling, and management of containerized applications.
In the presentation we will have a high-level overview of the most important components of Kubernetes and how they fit together. We will start with having an overview of Container and Orchestration and what Kubernetes is capable of and how it helps in automating deployment and scaling software in the cloud. Afterwards we will discuss Kubernetes objects (Pod, ReplicaSet, Deployment, Services, Namespaces) with some examples.
These slides were used during a technical session for the Cloud-Native El Salvador community. It covers the basic Kubernetes components, some installers and main Kubernetes resources. For the demo, it was used the capabilites provided by the Horizontal Pod Autoscaler.
An Introduction to Kubernetes and Continuous Delivery FundamentalsAll Things Open
Presented at All Things Open RTP Meetup
Presented by Brad Topol
Title: An Introduction to Kubernetes and Continuous Delivery Fundamentals
Abstract: Kubernetes is a cloud infrastructure that has emerged as the de facto standard platform for managing, orchestrating, and provisioning container-based cloud native computing applications. Cloud native computing applications are built from a collection of smaller services and take advantage of the speed of development and scalability cloud computing environments provide. In this talk, we provide an overview of the fundamentals of Kubernetes. We begin with a short introduction to the concept of containers and describe the Kubernetes architecture. We then present several core features provided by Kubernetes such as Pods, ReplicaSets, Deployments, Service objects, and autoscaling capabilities. We conclude with a discussion of Kubernetes continuous delivery fundamentals and tools, including how to do small batch changes, source control, and developer access to production-like environments.
Kubernetes Introduction. The concepts you need to understand to effectively develop and run applications in a Kubernetes environment. Focusing primarily on application developers, but it also provides an overview of managing applications from the operational perspective. It’s meant for anyone interested in running and managing containerized applications on more than just a single server.
An in depth overview of Kubernetes and it's various components.
NOTE: This is a fixed version of a previous presentation (a draft was uploaded with some errors)
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
2. WHY CONTAINERS
• Build, Ship, and Run any App, Anywhere.
• No more dependency problems; e.x. no RPM/DEB or
dynamic libraries incompatibility issues.
• No more: "but it works on my machine", as the same
image used in dev is deployed to prod.
• Serverless implementations are mainly backed by
containers.
3. WHY KUBERNETES
• Be able to manage hundreds or thousands of containers,
on a fleet of hundred or thousands of nodes.
• Be able to deploy an application without worrying about
the hardware infrastructure.
• Be able to guarantee that applications will stay running
according with the specifications.
• Be able to facilitate scaling and upgrades not only for the
workloads but for the k8s cluster itself.
4. WHAT IS KUBERNETES
• A distributed cluster technology that manages container-based systems
in a declarative manner using an API (a container orchestrator).
• Designed from the ground-up as a loosely coupled collection of
components centered around deploying, maintaining and scaling
workloads.
• Abstracts away the underlying hardware of the nodes and provides a
uniform interface for workloads to be both deployed and consume the
shared pool of resources.
• Works as an engine for resolving state by converging actual and the
desired state of the system (self-healing).
6. PODS
• Atomic unit or smallest “unit of
work”of Kubernetes.
• Pods are one or MORE
containers that share volumes, a
network namespace, and are a
part of a single context.
Host A
Pod
ExternalVolume
container container
Network Namespace 10.255.16.3
Pod Network
Ephemeral
7. SERVICES
• Unified method of
accessing the exposed
workloads of Pods.
• Durable resource
- static cluster IP
- static namespaced DNS
name
Host A
Labels:
app=nginx
env=prod
Labels:
app=nginx
env=prod
Labels:
app=mysql
env=dev
Host B
Labels:
app=nginx
env=prod
Labels:
app=mysql
env=prod
Labels:
app=nginx
env=dev
Service
app=nginx
env=prod
NOT
Ephemeral
9. Control Plane - 1,2,…n
kube
controller manager
kube
scheduler
kube
apiserver
kubectl
Node 1
Containers
System Services
kubelet
kube-proxy
Container Runtime
Pod Pod
Node 2
Containers
System Services
kubelet
kube-proxy
Container Runtime
Pod Pod
cloud
controller manager
Cloud
Provider
API
Load
Balancer
End Users
Cloud Provider
Network Edge
10. Control Plane - 1,2,…n
Containers
kube-control-manager
kube-scheduler
kube
apiserver
kubectl
Node 1
Containers
System Services
kubelet
kube-proxy
Container Runtime
Pod Pod
Node 2
Containers
System Services
kubelet
kube-proxy
Container Runtime
Pod Pod
cloud-controller-manager
Cloud
Provider
API
Load
Balancer
End Users
Cloud Provider
Network Edge
System Services
kubelet
Container Runtime
additional services
kube-proxy
11. KUBE-APISERVER
• Provides a forward facing REST interface into the
kubernetes control plane and datastore.
• All clients and other applications interact with
kubernetes strictly through the API Server.
• Acts as the gatekeeper to the cluster by handling
authentication and authorization, request validation,
mutation, and admission control in addition to being
the front-end to the backing datastore.
master
12. • etcd acts as the cluster datastore.
• Purpose in relation to Kubernetes is to provide a
strong, consistent and highly available key-value store
for persisting cluster state.
• Stores objects and config information.
• Uses “Raft Consensus” among a quorum of systems to
create a fault-tolerant consistent “view” of the cluster.
master
13. KUBE-CONTROLLER-MANAGER
• Serves as the primary daemon that manages
all core component control loops.
• Monitors the cluster state via the apiserver
and steers the cluster towards the desired
state.
master
14. KUBE-SCHEDULER
• Component on the master that watches newly
created pods that have no node assigned, and
selects a node for them to run on.
• Factors taken into account for scheduling decisions
include individual and collective resource
requirements, hardware/software/policy
constraints, affinity and anti-affinity specifications,
data locality, inter-workload interference and
deadlines.
master
15. CLOUD-CONTROLLER-MANAGER
• Daemon that provides cloud-provider specific
knowledge and integration capability into the
core control loop of Kubernetes.
• The controllers include Node, Route, Service,
and add an additional controller to handle
things such as PersistentVolume Labels.
master
Optional
16. KUBE-PROXY
• Manages the network rules on each node.
• Performs connection forwarding or load
balancing for Kubernetes cluster services.
worker
17. KUBELET
• An agent that runs on each node in the cluster.
It makes sure that containers are running in a
pod.
• The kubelet takes a set of PodSpecs that are
provided through various mechanisms and
ensures that the containers described in those
PodSpecs are running and healthy.
worker
18. CONTAINER RUNTIME ENGINE
A container runtime is a CRI (Container Runtime
Interface) compatible application that executes and
manages containers.
• containerd (Docker)
• cri-o
• rkt
• kata (formerly clear and hyper)
• virtlet (VM CRI compatible runtime)
worker
19. KUBERNETES NETWORKING
• Pod Network
- Cluster-wide network used for pod-to-pod
communication managed by a CNI
(Container Network Interface) plugin.
• Service Network
- Cluster-wide range of Virtual IPs managed by
kube-proxy for service discovery.
20. FUNDAMENTAL NETWORKING RULES
• All containers within a pod can communicate
with each other unimpeded.
• All Pods can communicate with all other Pods
without NAT.
• All nodes can communicate with all Pods (and
vice-versa) without NAT.
• The IP that a Pod sees itself as is the same IP
that others see it as.
What if I want to limit
communication within
Pods ?
Learn about Network
Policies (and make sure
the chosen CNI supports
it)
22. API OVERVIEW
• The REST API is the true
keystone of Kubernetes.
• Everything within Kubernetes
is as an API Object.
• Referenced within an object as
the apiVersion and kind.
Format:
/apis/<group>/<version>/<resource>
Examples:
/apis/apps/v1/deployments
/apis/batch/v1beta1/cronjobs
23. OBJECT MODEL
• Objects are a “record of intent” or a
persistent entity that represent the desired
state of the object within the cluster.
• All objects MUST have apiVersion, kind, and
poses the nested fields metadata.name,
metadata.namespace, and metadata.uid.
24. OBJECT EXPRESSION -YAML
• Files or other representations
of Kubernetes Objects are
generally represented in YAML.
• Three basic data types:
- mappings - hash or
dictionary,
- sequences - array or list
- scalars - string, number,
boolean etc
apiVersion: v1
kind: Pod
metadata:
name: sample
namespace: test
spec:
containers:
- name: container1
image: nginx
- name: container2
image: alpine
25. YAMLVS JSON
{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"name": "pod-example"
},
"spec": {
"containers": [
{
"name": "nginx",
"image": "nginx:stable-alpine",
"ports": [
{ "containerPort": 80 }
]
}
]
}
}
apiVersion: v1
kind: Pod
metadata:
name: pod-example
spec:
containers:
- name: nginx
image: nginx:stable-alpine
ports:
- containerPort: 80
Are you wondering about theYAML schema ?
kubectl explain is your friend ;)
What about kinds or versions ?
kubectl api-versions is your friend ;)
27. NAMESPACES
Namespaces are a logical cluster or
environment, and are the primary method of
partitioning a cluster or scoping access.
apiVersion: v1
kind: Namespace
metadata:
name: prod
labels:
app: MyBigWebApp
$ kubectl get ns --show-labels
NAME STATUS AGE LABELS
default Active 11h <none>
kube-public Active 11h <none>
kube-system Active 11h <none>
prod Active 6s app=MyBigWebApp
Known as
Projects in
OpenShift
28. PODS
• Atomic unit or smallest
“unit of work”of
Kubernetes.
• Foundational building
block of Kubernetes
Workloads.
• Pods are one or MORE
containers that share
volumes, a network
namespace, and are a
part of a single context.
Host A
Pod
ExternalVolume
container container
Network Namespace 10.255.16.3
Pod Network
apiVersion: v1
kind: Pod
metadata:
name: sample
spec:
containers:
- name: nginx
image: nginx:stable-alpine
ports:
- containerPort: 80
name: http
protocol: TCP
env:
- name: MYVAR
value: isAwesome
command: [“/bin/sh”, “-c”]
args: [“echo ${MYVAR}”]
readinessProbe:
tcpSocket:
port: http
initialDelaySeconds: 10
periodSeconds: 10
livenessProbe:
httpGet:
path: /
port: http
initialDelaySeconds: 30
periodSeconds: 60
Array of
ports to expose
Name of the
container
Container
ImageArray of
environment
variables
Entrypoint
Array
~ Docker
ENTRYPOINT
Arguments
to pass to the
command
~ Docker CMD
Tells
when the
application is ready
to receive
requests
Checks if the
container is still
alive (running)
29. LABELS
• key-value pairs that
are used to identify,
describe and group
together related sets of
objects or resources.
• NOT characteristic of
uniqueness.
• Have a strict syntax
with a slightly limited
character set*.
https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set
Host A
Pod
container
Network Namespace 10.255.16.3
Pod Network
Labels:
gpu=nvidia
Labels:
app=nginx
env=prod
apiVersion: v1
kind: Pod
metadata:
name: pod-label-example
labels:
app: nginx
env: prod
spec:
containers:
- name: nginx
image: nginx:stable-alpine
ports:
- containerPort: 80
30. SELECTORS
Selectors use
labels to filter or
select objects, and
are used
throughout
Kubernetes.
Host A
Pod
mlapp
Network Namespace 10.255.16.3
Pod Network
Labels:
gpu=nvidia
Labels:
app=mlapp
env=prodapiVersion: v1
kind: Pod
metadata:
name: mlapp
labels:
app: mlapp
env: prod
spec:
nodeSelector:
- gpu: nvidia
containers:
- name: nginx
image: tensorflow/tensorflow
Host B
Labels:
gpu=amd
31. SERVICES
• Unified method of accessing the
exposed workloads of Pods.
• Durable resource (unlike Pods)
- static cluster-unique IP
- static namespaced DNS name
<service name>.<namespace>.svc.cluster.local
There are 4 major service types:
• ClusterIP (default)
• NodePort
• LoadBalancer
• ExternalName
32. CLUSTER IP SERVICE
Labels:
app=nginx
env=prod
kube-proxy
Host A
Labels:
app=nginx
env=prod
Host B
Pod
Host C
Pod
Network
kube-proxy
kube-proxy
Name: example-prod
Selector: app=nginx,env=prod
Type: ClusterIP
IP: 10.96.28.176
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 10.255.16.3:80,
10.255.16.4:80
• The Pod on host C requests the service.
• Hits host iptables and it load-balances
the connection between the endpoints
residing on Hosts A, B
/ # nslookup example-prod.default.svc.cluster.local
Name: example-prod.default.svc.cluster.local
Address 1: 10.96.28.176 example-prod.default.svc.cluster.local
33. NODE PORT SERVICE
Labels:
app=nginx
env=prod
kube-proxy
Host A
Labels:
app=nginx
env=prod
Host B
Labels:
app=nginx
env=dev
Host C
Name: example-prod
Selector: app=nginx,env=prod
Type: NodePort
IP: 10.96.28.176
Port: <unset> 80/TCP
TargetPort: 80/TCP
NodePort: <unset> 32410/TCP
Endpoints: 10.255.16.3:80,
10.255.16.4:80
• User can hit any host in cluster on
NodePort IP and get to service.
• Does introduce extra hop if hitting a
host without instance of the pod.
32410
32410kube-proxy
32410kube-proxy
34. LOAD BALANCER SERVICE
• LoadBalancer services extend NodePort.
• Works in conjunction with an external
system to map a cluster external IP to the
exposed service.
Labels:
app=nginx
env=prod
kube-proxy
Host A
Labels:
app=nginx
env=prod
Host B
Labels:
app=nginx
env=dev
Host C
32410
32410kube-proxy
32410kube-proxy
Load
Balancer
Cloud Provider
Edge Network
Name: example-prod
Selector: app=nginx,env=prod
Type: LoadBalancer
IP: 10.96.28.176
LoadBalancer
Ingress: 172.17.18.43
Port: <unset> 80/TCP
TargetPort: 80/TCP
NodePort: <unset> 32410/TCP
Endpoints: 10.255.16.3:80,
10.255.16.4:80
35. INGRESSKnown as
Routes in
OpenShift
• An API object that manages external access
to the services in a cluster, through a single
LoadBalancer.
• Provides load balancing, SSL termination and
name/path-based virtual hosting
• Gives services externally-reachable URLs.
• Multiple implementations to choose from.
service:
grafana
port=3000
Host A
service:
kibana
port=5601
Host B
service:
opennms
port=8980
Host C
grafana.example.com
kibana.example.com
Cloud Provider
Edge Network
Ingress
Controller
Host D
Load
Balancer
onms.example.com
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ingress-rules
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- host: onms.example.com
http:
paths:
- path: /
backend:
serviceName: opennms
servicePort: 8980
…
36. EXTERNAL NAME SERVICE
• ExternalName is used to
reference endpoints
OUTSIDE the cluster.
• Creates an internal CNAME
DNS entry that aliases
another.
apiVersion: v1
kind: Service
metadata:
name: example-prod
spec:
type: ExternalName
spec:
externalName: example.com
38. WORKLOADS
• Workloads within Kubernetes
are higher level objects that
manage Pods or other higher
level objects.
• In ALL CASES a Pod Template
is included, and acts the base
tier of management.
•ReplicaSet
•Deployment
•DaemonSet
•StatefulSet
•Job
•CronJob
39. PODTEMPLATE
• Workload Controllers
manage instances of Pods
based off a provided
template.
• Pod Templates are Pod
specs with limited metadata.
• Controllers use Pod
Templates to make actual
pods
apiVersion: v1
kind: Pod
metadata:
name: pod-example
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-example
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
40. RESOURCE MODEL
• Request: amount of a resource
allowed to be used, with a strong
guarantee of availability.
- CPU (seconds/second), RAM
(bytes)
- Scheduler will not over-commit
requests
• Limit: max amount of a resource that
can be used, regardless of guarantees
- Scheduler ignores limits
apiVersion: v1
kind: Pod
metadata:
name: pod-example
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
41. INIT CONTAINERS
If we compare a container template with a Class
definition in Java, an initContainer would be the
constructor of a class; while a running Pod, would be
an instance of that class.
Can be used for everything that should happen
before the containers within a Pod start running. For
example: wait for dependencies, initialize volumes or
databases, verify requirements, etc.
42. REPLICA SET
• Primary method of managing
pod replicas and their lifecycle.
• Includes their scheduling,
scaling, and deletion.
• Their job is simple: Always
ensure the desired number
of pods are running.
ReplicaSet Pod
• replicas: The desired number of instances of
the Pod.
• selector: The label selector for the
ReplicaSet will manage ALL Pod instances
that it targets; whether it’s desired or not.
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: rs-example
spec:
replicas: 3
selector:
matchLabels:
app: nginx
env: prod
template:
<pod template>
43. DEPLOYMENT
• Declarative method of managing Pods via
ReplicaSets.
• Provide rollback functionality and update
control.
• Updates are managed through the pod-
template-hash label.
• Each iteration creates a unique label that is
assigned to both the ReplicaSet and
subsequent Pods.
PodReplicaSetDeployment
• revisionHistoryLimit: The number of previous iterations of the
Deployment to retain.
• strategy: Describes the method of updating the Pods based on
the type.Valid options are:
- Recreate: All existing Pods are killed before the new ones
are created.
- RollingUpdate: Cycles through updating the Pods according
to the parameters: maxSurge and maxUnavailable.
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-example
spec:
replicas: 3
revisionHistoryLimit: 3
selector:
matchLabels:
app: nginx
env: prod
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
<pod template>
44. DAEMON SET
• Ensure that all nodes matching certain
criteria will run an instance of the
supplied Pod.
• They bypass default scheduling
mechanisms.
• Are ideal for cluster wide services such
as log forwarding, or health monitoring.
• Revisions are managed via a
controller-revision-hash label.
DaemonSet Pod
• spec.template.spec.nodeSelector: The
primary selector used to target nodes.
• Default Host Labels:
- kubernetes.io/hostname
- beta.kubernetes.io/os
- beta.kubernetes.io/arch
• Cloud Host Labels:
- failure-domain.beta.kubernetes.io/zone
- failure-domain.beta.kubernetes.io/region
- beta.kubernetes.io/instance-type
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: ds-example
spec:
revisionHistoryLimit: 3
selector:
matchLabels:
app: nginx
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
template:
spec:
nodeSelector:
nodeType: edge
<pod template>
45. STATEFUL SET
• Tailored to managing Pods that must persist or maintain state.
• Pod identity including hostname, network, and storage
WILL be persisted.
• Assigned a unique ordinal name following the convention of
‘<statefulset name>-<ordinal index>’.
• Naming convention is also used in Pod’s network Identity and
Volumes.
• Pod lifecycle will be ordered and follow consistent patterns.
• Revisions are managed via a controller-revision-hash label.
Pod
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: sts-cassandra
spec:
replicas: 3
selector:
matchLabels:
app: cassandra
serviceName: cassandra
updateStrategy:
type: RollingUpdate
rollingUpdate:
partition: 0
template:
metadata:
labels:
app: cassandra
spec:
containers:
- name: cassandra-node
image: cassandra:3.11.4
env:
- name: CASSANDRA_SEEDS
value: sts-cassandra-0.cassandra
- name: CASSANDRA_CLUSTER_NAME
value: my-cluster
ports:
- containerPort: 7000
- containerPort: 7199
- containerPort: 9042
volumeMounts:
- name: data
mountPath: /cassandra_data
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: standard
resources:
requests:
storage: 100Gi
The name of the
associated headless service;
or a service without a
ClusterIP
Pods with an
ordinal greater than the
partition value will be
updated one-by-one in
reverse order
StatefulSet
Template of the
persistent volume(s)
request to use for each
instance of the
StatefulSet.
47. VOLUME CLAIMTEMPLATE
<Volume Name>.<StatefulSet Name>-<ordinal>
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: standard
resources:
requests:
storage: 1Gi
Persistent Volumes associated with a
StatefulSet will NOT be automatically
garbage collected when its associated
StatefulSet is deleted. They must
manually be removed.
$ kubectl get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
data-cassandra-sts-0 Bound pvc-8baec2a5-8c77-11e9-a6be-0800275ddaf0 100Gi RWO standard 17m
data-cassandra-sts-1 Bound pvc-95463714-8c77-11e9-a6be-0800275ddaf0 100Gi RWO standard 17m
data-cassandra-sts-2 Bound pvc-9807c42a-8c77-11e9-a6be-0800275ddaf0 100Gi RWO standard 17m
48. JOB
• Job controller ensures one or more
pods are executed and successfully
terminate.
• Will continue to try and execute the
job until it satisfies the completion
and/or parallelism condition.
• Pods are NOT cleaned up until the
job itself is deleted.
PodJob
apiVersion: batch/v1
kind: Job
metadata:
name: job-example
spec:
backoffLimit: 4
completions: 4
parallelism: 2
template:
spec:
restartPolicy: Never
template:
<pod-template>
• backoffLimit: The number of failures before
the job itself is considered failed.
• completions: The total number of successful
completions desired.
• parallelism: How many instances of the pod
can be run concurrently.
• spec.template.spec.restartPolicy:Jobs only
support a restartPolicy of type Never or
OnFailure.
49. CRONJOB
• An extension of the Job Controller,
it provides a method of executing
jobs on a cron-like schedule.
• CronJobs within Kubernetes
use UTC ONLY.
PodJobCronJob
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: cronjob-example
spec:
schedule: "*/1 * * * *"
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 1
jobTemplate:
spec:
completions: 4
parallelism: 2
template:
<pod template>
The cron
schedule for
the job
The number of
successful jobs to
retain
The number of
failed jobs to
retain
50. OPERATORS
• Might be the most powerful feature of
K8s.
• When none of the workloads fits the
needs of your app, you can create your
own controllers with your own
specifications (CRD).
• Should be implemented in Go, but there
are alternatives.
• A given controller usually requires a
ServiceAccount with proper RBAC Role
to be able to manage workloads (e.x.
create and maintain Pods, Services, etc.)
apiVersion: acid.zalan.do/v1
kind: postgresql
metadata:
name: opennms-database
spec:
teamId: OpenNMS
volume:
size: 100Gi
numberOfInstances: 3
enableMasterLoadBalancer: false
enableReplicaLoadBalancer: false
users:
opennms:
- superuser
- createdb
databases:
opennms: opennms
postgresql:
version: "10"
52. VOLUMES
• Storage that is tied to the Pod’s Lifecycle.
• A pod can have one or more types of volumes
attached to it.
• Can be consumed by any of the containers
within the pod.
• Survive Pod restarts; however their durability
beyond that is dependent on the Volume Type.
53. PERSISTENTVOLUMES
• A PersistentVolume (PV) represents a storage resource.
• PVs are a cluster wide resource linked to a backing
storage provider: NFS, EBS, GCEPersistentDisk, etc.
• Generally provisioned by an administrator.
• Their lifecycle is handled independently from a pod
• CANNOT be attached to a Pod directly. Relies on a
PersistentVolumeClaim (PVC).
• A PVC is a namespaced request for storage.
54. STORAGE CLASS
• Satisfies a set of requirements instead of mapping
to a storage resource directly.
• Ensures that an application’s claim for storage is
portable across numerous backends or
providers.
56. CONFIG MAPS
• Externalized data stored within
kubernetes.
• Can be referenced through several
different means:
- environment variable
- a command line argument (via
environment variable)
- injected as a file into a volume mount
• Can be created from a manifest, literals,
directories, or files directly.
apiVersion: v1
kind: ConfigMap
metadata:
name: manifest-example
data:
state: Minnesota
city: Minneapolis
content: |
Look at this,
its multiline!
57. SECRETS
• Functionally identical to a ConfigMap.
• Stored as base64 encoded content.
• Encrypted at rest within etcd (if
configured!).
• Ideal for username/passwords,
certificates or other sensitive information
that should not be stored in a container.
• Can be created from a manifest, literals,
directories, or from files directly.
apiVersion: v1
kind: Secret
metadata:
name: manifest-secret
type: Opaque
data:
username: ZXhhbXBsZQ==
password: bXlwYXNzd29yZA==
• type: There are three different types of
secrets within Kubernetes:
- docker-registry - credentials used to
authenticate to a container registry
- generic/Opaque - literal values from
different sources
- tls - a certificate based secret
• data: Contains key-value pairs of base64
encoded content.
59. BARE-METAL, CLOUD, OR
LOCAL INSTALLATION
Install
OpenShift
is hard ;)
Local PC Installation
For development and testing
• minikube
• minishift (for OKD)
• oc cluster up (for OKD)
• Docker for Mac or Windows
• microk8s (for Linux via Snap)
Cloud Installation
Single Command Experience
• gcloud container clusters create
• kops create cluster
• eksctl create cluster
• az aks create
• az openshift create
OpenShift 4 promises this for the first
time since its conception.
Bare-Metal / On-Premise
• kubeadm (single command
to spin up a master or a
worker)
• OpenShift/OKD Ansible
Tools
On-Premise vs Cloud Managed
• Masters are managed for you, and the only additional resources are the instances for worker nodes
• Complete integration with cloud services (volumes, network, load balancers, etc.)
61. THINGS TO KEEP IN MIND
• Users (to access cluster through the API). Usually implemented through certificates.
• Service Accounts (for controllers and operators, to make changes from within K8s).
• RBAC: Roles and RoleBinding, ClusterRole and ClusterRoleBinding (for users, groups
and service accounts).
• Never run containers as root, and block privilege escalations (OpenShift enforce this by
default using SecurityContextConstraint; known I k8s as PodSecurityPolicy).
• Limit resources per namespace (total CPUs and memory, number of Pods, …).
• Create your own images and keep a private registry (OpenShift offers this by default).
• Research about NetworkPolicy (which requires a CNI that supports this feature).
• Research about applications like vault (to enhance protection for your secrets).
• Research about clair (a tool for vulnerability scans on containers).
• Research about kube-bench (a tool that analyzes your cluster for security best practices).
• Research about gvisor.dev (a container sandbox focused on security and efficiency).
Some inspired
by OpenShift
62. ACCESS
On user the certificate (signed by the CA
used on the API server), the Common
Name (CN) will be interpreted as the
username, and the Organization (O) as
the group where this user belongs to.
Use the kubectl command to
create the kubeconfig based
on the user’s certificate, to
access the cluster resources.
Define an RBAC Role to
connect resources
(deployments, pods,
ingress, …) with operations
(create, delete, list, …) on a
given namespace.
Define an RBAC
RoleBinding to connect a
role with subjects (i.e.
group, user, service-
account)
Use a
ClusterRole for
cluster wide access
For a
ClusterRole use
ClusterRoleBinding
Now you
have
access!
cluster-admin
O=system:masters
64. HOWTO MONITOR K8S?
• Based on Google’s Four Golden Signals: latency, errors, traffic, saturation, use
Brendan Gregg’s USE method (Utilization, Saturation, Errors) for Resources,
and Tom Wilkie’s RED method (Rate, Errors, Duration) for Services.
• Metric Server collects metrics such as CPU and Memory by each pod and
node from the Summary API, exposed by Kubelet (via cAdvisor) on each
node.This allows the usage of K8s features like the HorizontalPodAutoscaler.
• The usage of Prometheus is widely adopted.This solution is based on their
own node_exporter (deployed as DaemonSet) which exposes lots of Linux
metrics in Prometheus format.
65. MONITOR K8S WITH OPENNMS
• OpenNMS has been used to monitor network infrastructure (or
network devices).
• OpenNMS can monitor servers at some degree, and can do some
level of application monitoring; but traditionally other applications
are used in this context.
• For Kubernetes, Prometheus is wildly adopted, on a level that it is
considered the standard.
• OpenNMS can be used to expand the functionality of the already
existing observability/monitoring tools in Kubernetes world.
66. MONITOR K8S WITH OPENNMS
• Have an operator forwarding important K8s events to OpenNMS, so you
can use all the event processing infrastructure to react upon changes on
your K8s cluster.
• There is no such thing as fixed IP addresses in Kubernetes, so forget
about Pods. But, if providing support FQDN support in OpenNMS is
possible, that can make monitoring K8s services a reality in the future.
• Build a solution based on the Metrics API / cAdvisor, or Prometheus
(directly or indirectly through the node_exporter), to get data from the
running Nodes, Pods and Services.
• SNMP could run on Kubernetes nodes; but that’s not an option for Pods.
67. HOWTO DEPLOY OPENNMS IN K8S?
• Use a StatefulSet for OpenNMS (1 replica), to take advantage of auto-deployed PVCs, as
the dynamic nature of the configuration directory makes OpenNMS a stateful application.
Keep in mind "kubectl cp" for transferring files.
• Use a StatefulSet for Minions, to take advantage of the persistent network identity, and use
Pod name as the minion-ID.This is recommended, even if Minions are stateless by nature.
• Use a Deployment for Sentinels, as they are stateless in nature and having a unique
identity is not relevant (for now). Although a StatefulSet won’t hurt.
• A combination of initContainers, config-maps, and secrets can be used to pre-configure
the mandatory settings on all the applications.The PersistentVolume will keep the custom
settings added by the user during the lifetime of the product.
68. OPENNMS DEPENDENCIES
It depends… a given team should decide if it
it worth running PostgreSQL, Kafka, Cassandra
and Elasticsearch within K8s.
Keep in mind that all databases are stateful in
nature, and managing the life-cycle is
different on each case. Solutions based on
operators when available are preferred.
69. INTEGRATE OPENNMS WITH K8S
• OpenNMS can forward everything to Kafka, and
even consume events from Kafka. From there,
Serverless technologies or Kafka Streams apps
deployed into K8s, can be used to create your own
horizontally scalable integrations triggered by
events, alarms or collected metrics.
• What about using OpenNMS as the source of metrics
for Horizontal Pod Autoscaling or Cluster Workers
auto-scaling ?
71. OVERWHELMED?
Do not forget we haven’t talked about …
• Several k8s features not discussed here ;)
• Helm (the k8s package manager; the yum or apt-get for k8s)
• Service Meshes (Envoy, Istio, Linkerd, …)
• Serverless (Kubeless, Fission, Knative, …)
• Machine Learning (kubeflow, …)
• VMs and Kubernetes (KubeVirt)
• Operators In Depth:
https://operatorhub.io
https://github.com/operator-framework
And more…
Not a big enough lis ? Check https://landscape.cncf.io
73. THANKYOU!
This work has been inspired by a few presentations from:
https://github.com/cncf/presentations/tree/master/kubernetes
Demo:
https://github.com/OpenNMS/opennms-drift-kubernetes