SlideShare a Scribd company logo
DevOps with Kubernetes
Agenda
• Kubernetes overview
• Usage and demo
• Architecture
• Kubernetes on AWS with Cloud
Formation
Kubernetes Overview
What is Kubernetes?
Quick facts
• System for managing and orchestrating containerized
applications in
clusters, a.k.a. cluster management software
• Open source, MIT licensed, developed by Google
• Used in GCE, OpenShift, other projects
Kubernetes is
• portable: public, private, hybrid, multi-cloud, written in Go
• extensible: modular, pluggable, hookable, composable
• self-healing: auto-placement, auto-restart, auto-replication, auto-
scaling
• scalable and reliable: all components are scalable and clear setup
path
exists to setup scalable and reliable cluster
• documented: a lot of documentation, training materials,
community support
• open source: MIT license, large and active community
With Kubernetes you can
• Orchestrate complex application deployments quickly and
predictably
• Scale your applications on the fly
• Seamlessly roll out new features
• Easily setup complex operations scenarios, e.g. rolling update,
canary
deployments etc
• Optimize use of your hardware by using only the resources you
need
• Manage persistent storage
• Automate
Kubernetes solves
• application composition: co-
locating helper processes
preserving the “one-
application- per-container”
model,
• mounting storage systems,
• distributing configuration and
secrets,
• application health checking,
• replicating application
instances,
• horizontal (auto-)scaling,
• naming and discovery,
• load balancing,
• rolling updates,
• resource monitoring,
• log access and ingestion,
• support for introspection
and
debugging, and
• identity and authorization.
Kubernetes Usage
Kubernetes management
• Kubectl CLI
• Independent binaries for multiple platforms (Go)
• put config file to $HOME/.kube or set $KUBECONFIG
• Automation friendly with multiple output formats: text, json, yaml,
jsonpath
• Supports proxy into cluster network, container attachment and log
retrieval
• REST API
• Available at https://<master-ip>
• Self-documented, swagger documentation
• Supports proxy into cluster network
• Basic Web dashboard
• Available at https://<master-ip>/ui
Kubernetes objects
Primitives
• Namespace
• Node
• Pod
• Service
• Config Map
• Secret
• Volume
• Persistent
Volume
Controller
s• Replication
Controller
• Deployment
• Job
• Daemon Set
• Ingress
• ...
Kubernetes objects: common
• All objects include metadata with
• Name – unique
• Labels – searchable, selectable
• Annotations – arbitrary additional information
• Spec – object specific description/specification of the
object
• Status – object status within the cluster
• Object information may be received in different formats
Kubernetes objects: names and namespaces
• Namespaces are used to separate groups of objects, e.g. by
user, team,
project etc
• Namespaces are scopes for names; names are unique per
type within namespace
• Namespaces may also be a basis for access control separation
• Resource quotas may be associated with namespaces
kubectl get namespaces [ <ns> ... ]
kubectl describe namespaces [ <ns> ... ]
Kubernetes objects: nodes
• Nodes represent a physical or virtual worker machine where
kubelet,
kube proxy, and docker run
• Kubelet registers a node on the master and maintains keep-
alive check
• Nodes may be annotated and labeled to specify workload
affinity and
constraints
kubectl get nodes
kubectl describe
[ <nd> ... ]
nodes [ <nd> ... ]
Kubernetes objects: pods
• Pod is a group of containers
• Run on the same node – co-located and co-
scheduled
• Shared storage
• Shared localhost network and port space
• Unique IP within a cluster
• Example: app server and log shipper
Kubernetes objects: nodes and pods
Node 1 Node 2
Pod A-1
10.0.0.3
Cnt1
Cnt2
Pod A-2
10.0.0.5
Cnt1
Cnt2
Pod B-1
10.0.0.8
Cnt3
Kubernetes objects: volumes and persistent volumes
• Used to manage persistent
storage
• Multiple types supported:
• AWS EBS
• Azure block store
• Git
• NFS
• GlusterFS
• Ceph
• ...
Kubernetes objects: pods and volumes
Pod
Volume
Volume
Volume
Claim
Container 1
Volume
Container 2
Volume
Persistent
Mount Mount
Kubernetes objects: config maps and secrets
• Config maps and secrets are used for distribution of
configuration
information including secrets like password, certificates, keys etc
• Kubelet registers a node on the master and maintains keep-
alive check
• Nodes may be annotated and labeled to specify workload
affinity and constraintskubectl
kubectl
kubectl
kubectl
get configmaps [ <cm> ... ]
describe configmaps [ <cm> ... ]
get secrets [ <sc> ... ]
describe secrets [ <sc> ... ]
Kubernetes objects: services
• Service is an abstraction that defines a set of pods a policy to
access
them
• Service is a distributed L3 load balancer
• Single unique IP within a cluster
• Used to expose pods to the world:
• Default
• NodePort
• LoadBalancer
external
port
Kubernetes objects: pods and services abstraction
Cluster
Pod A-1
10.0.0.3
Pod A-2
10.0.0.5
Pod B-1
10.0.0.8
SrvA
10.7.0.
1
Srv
B
10.7.0.
3
Kubernetes objects: pods and services
Node 1 Node 2
Pod A-1
10.0.0.3
Pod A-2
10.0.0.5
Pod B-1
10.0.0.8
SrvA
10.7.0.
1
Srv
B
10.7.0.
3
SrvA
10.7.0.
1
Srv
B
10.7.0.
3
external
port
external
port
iptables iptables
Service Discovery: DNS
DNS
• <service-name>.<namespace-name>.svc.cluster.local
• <service-name>.<namespace-name>
• <service-name> - in the same namespace
• DNS SRV _<port>._<proto>.<service-name> - for port
number
e.g. “SRV _http._tcp.nginx”
Kubernetes Object: Controllers
• Deployment
• Daemon Set
• Job
• Ingress
• Replication
Controller
• Replication Set
Kubernetes Controller: Job
• Create one or more pods and ensure that specified number of
them
successfully terminates
• Jobs may be used for operations automation
Kubernetes Controller: Deployment
• Deployment provides declarative updates for Pods and
Replica Sets
• Orchestrate updates and rollbacks
• Scale up or down
Kubernetes Addons
• DNS
• UI
• Logging
• Monitorin
g
Kubernetes Architecture
Kubernetes architecture
.......
,.,:..'
"-
......,..,...,•..••..-.!
.,., . . N . . .O..,. . .
----"'-. '"".
...
-
EASTBA NC
T E C H N O L O G I E S
...w,.,..,,.,..,-.
( ' ¥ ( )! ( 0 ,<) ',(o.;.)l;o;"' '" <••·.,.,
••.:V"•• . . . .,. " " " ' " ' ·
.,.,....,,:U:
.....
Kubernetes architecture: node
• kubelet manages pods,
their containers, images,
volumes, network etc
• kube-proxy is a simple
network proxy and load
balancer responsible for
reflecting services on the
nodes
Kubernetes architecture: node
• kubelet manages pods,
their containers, images,
volumes, network etc
• kube-proxy is a simple
network proxy and load
balancer responsible for
reflecting services on the
nodes. Userspace (legacy)
or iptables (modern) modes
are supported.
Kubernetes architecture: control plane
• etcd is a reliable watchable
storage for all persistent
master state
• API Server is a CRUD-y
REST server with
most/all logic
implemented in plugins
that serves Kubernetes
API.
It mainly processes REST
operations, validates them,
and updates the
corresponding objects in
etcd.
Kubernetes architecture: control plane
• etcd is a reliable watchable
storage for all persistent
master state
• API Server is a CRUD-y
REST server with
most/all logic
implemented in plugins
that serves Kubernetes
API.
It mainly processes REST
operations, validates them,
and updates the
corresponding objects in
etcd.
Kubernetes architecture: control plane
• Scheduler binds
unscheduled pods to
nodes
• Control manager performs
all
other cluster-level functions,
e.g. deployments rollout,
job control, pod replication
control
etc
Kubernetes architecture: control plane
• Scheduler binds
unscheduled pods to
nodes
• Control manager performs
all
other cluster-level functions,
e.g. deployments rollout,
job control, pod replication
control
etc
Kubernetes architecture: control plane
• Kubectl client is CLI to
manage K8S cluster
Kubernetes architecture: security
• Authentication and
authorization are pluggable.
By default – file based, but
may be easily switched to
external resources (OAuth,
authorization service)
• Transport security is based
on TLS, key distribution is
deployment specific
Kubernetes architecture: security
• Authentication and
authorization are pluggable:
file based by default, but
may be easily switched to
external resources (OAuth,
authorization service)
• Transport security is based
on TLS, key distribution is
deployment specific
Example orchestration scenario
1. User creates a new
Deployment object via REST
2. Controller Manager sees a
Deployment object with no Pods
and creates Pod objects based
on the Deployment object
specification
3. Scheduler sees Pod objects
not assigned to Nodes and
allocates them according to
the Nodes load and the Pods
specifications
4. Kubelets running on Nodes see
Pod objects allocated to their
corresponding Nodes and start
Pods’ containers based on the
Pods’ specifications
1
4
3 2 4
Kubernetes Deployment on AWS
Deployment options
• kube-up.sh script
Available in k8s distro and supported by the developers
• Other methods as described in kubernetes
documentation
• Other projects and systems based on kubernetes, such
as GCE
• EBT AWS CloudFormation template
AWS Cloud Formation K8S Cluster Improvements
• Master is in auto scaling group for auto recovery
• Nodes are in multi-zone auto scaling group for high
availability
• Multiple auto scaling groups are supported for nodes
• Simple no-client cluster rollout and teardown
• Support for node EIP auto-assignment
Summary
The good, the bad, and the ugly
Pros
• Multi-platform
• Rich OTB abstractions
and
functionality
• Extensibility
Cons and problems
• Complex architecture and
setup (AWS CF Template
solves the problem for AWS)
• Manifest parameterization
is outside K8S
Future work
• Simple deployment to other
clouds (Azure) and on-prem
• Multi-zone master
• Single-node deployment
(reusable
• master)
• Multi-region, multi-cloud
and federated deployment
• Persistent volume management
and
• backup in prod
• Monitoring and log collection in
prod
• Integration with Jenkins
• Use Vault for key and
secret storage
• Packaged components:
HAProxy ingress, glusterfs,
elasticsearch, mongo DB,
MySql Cluster(?), Galena
Cluster(?), WildFly,
ActiveMQ, RabbitMQ (?),
HippoCMS, Keycloak,
OpenAM, Hadoop (?),
Rstudio Server, Jupyter, etc
• Web UI
• • ...
THANK YOU
Oleg Chunikhin
Chief Architect
ochunikhin@eastbanctech.c
om
202-295-3000
eastbanctech.com

More Related Content

What's hot

Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
Rishabh Kumar
 
Kubernetes
KubernetesKubernetes
Kubernetes
erialc_w
 
Kubernetes PPT.pptx
Kubernetes PPT.pptxKubernetes PPT.pptx
Kubernetes PPT.pptx
ssuser0cc9131
 
(Draft) Kubernetes - A Comprehensive Overview
(Draft) Kubernetes - A Comprehensive Overview(Draft) Kubernetes - A Comprehensive Overview
(Draft) Kubernetes - A Comprehensive Overview
Bob Killen
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Crevise Technologies
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Edureka!
 
Getting Started with Kubernetes
Getting Started with Kubernetes Getting Started with Kubernetes
Getting Started with Kubernetes
VMware Tanzu
 
Kubernetes
KubernetesKubernetes
Kubernetes
Meng-Ze Lee
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
Martin Danielsson
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
Rishabh Indoria
 
Kubernetes #1 intro
Kubernetes #1   introKubernetes #1   intro
Kubernetes #1 intro
Terry Cho
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
rajdeep
 
Kubernetes Architecture
 Kubernetes Architecture Kubernetes Architecture
Kubernetes Architecture
Knoldus Inc.
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
SlideTeam
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
Eueung Mulyana
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
Krishna-Kumar
 
Deploy Application on Kubernetes
Deploy Application on KubernetesDeploy Application on Kubernetes
Deploy Application on Kubernetes
Opsta
 
Kubernetes
KubernetesKubernetes
Kubernetes
Henry He
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
Antonin Stoklasek
 
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
SlideTeam
 

What's hot (20)

Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
Kubernetes PPT.pptx
Kubernetes PPT.pptxKubernetes PPT.pptx
Kubernetes PPT.pptx
 
(Draft) Kubernetes - A Comprehensive Overview
(Draft) Kubernetes - A Comprehensive Overview(Draft) Kubernetes - A Comprehensive Overview
(Draft) Kubernetes - A Comprehensive Overview
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
 
Getting Started with Kubernetes
Getting Started with Kubernetes Getting Started with Kubernetes
Getting Started with Kubernetes
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
Kubernetes #1 intro
Kubernetes #1   introKubernetes #1   intro
Kubernetes #1 intro
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
 
Kubernetes Architecture
 Kubernetes Architecture Kubernetes Architecture
Kubernetes Architecture
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
 
Deploy Application on Kubernetes
Deploy Application on KubernetesDeploy Application on Kubernetes
Deploy Application on Kubernetes
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
Kubernetes Basics
Kubernetes BasicsKubernetes Basics
Kubernetes Basics
 
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
 

Similar to DevOps with Kubernetes

DevOps in AWS with Kubernetes
DevOps in AWS with KubernetesDevOps in AWS with Kubernetes
DevOps in AWS with Kubernetes
Oleg Chunikhin
 
Kubernetes Intro @HaufeDev
Kubernetes Intro @HaufeDev Kubernetes Intro @HaufeDev
Kubernetes Intro @HaufeDev
Haufe-Lexware GmbH & Co KG
 
Kubernetes stack reliability
Kubernetes stack reliabilityKubernetes stack reliability
Kubernetes stack reliability
Oleg Chunikhin
 
How Self-Healing Nodes and Infrastructure Management Impact Reliability
How Self-Healing Nodes and Infrastructure Management Impact ReliabilityHow Self-Healing Nodes and Infrastructure Management Impact Reliability
How Self-Healing Nodes and Infrastructure Management Impact Reliability
Kublr
 
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Portable CI/CD Environment as Code with Kubernetes, Kublr and JenkinsPortable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Kublr
 
Setup Kubernetes Cluster On AWS Using KOPS
Setup Kubernetes Cluster On AWS Using KOPSSetup Kubernetes Cluster On AWS Using KOPS
Setup Kubernetes Cluster On AWS Using KOPS
Sivaprakash
 
Kubernetes Internals
Kubernetes InternalsKubernetes Internals
Kubernetes Internals
Shimi Bandiel
 
Best Practices with Azure Kubernetes Services
Best Practices with Azure Kubernetes ServicesBest Practices with Azure Kubernetes Services
Best Practices with Azure Kubernetes Services
QAware GmbH
 
aks_training_document_Azure_kuberne.pptx
aks_training_document_Azure_kuberne.pptxaks_training_document_Azure_kuberne.pptx
aks_training_document_Azure_kuberne.pptx
WaseemShare
 
01. Kubernetes-PPT.pptx
01. Kubernetes-PPT.pptx01. Kubernetes-PPT.pptx
01. Kubernetes-PPT.pptx
TamalBanerjee16
 
Openstack presentation
Openstack presentationOpenstack presentation
Openstack presentation
Sankalp Jain
 
Kube Overview and Kube Conformance Certification OpenSource101 Raleigh
Kube Overview and Kube Conformance Certification OpenSource101 RaleighKube Overview and Kube Conformance Certification OpenSource101 Raleigh
Kube Overview and Kube Conformance Certification OpenSource101 Raleigh
Brad Topol
 
Open stack and k8s(v4)
Open stack and k8s(v4)Open stack and k8s(v4)
Open stack and k8s(v4)
H K Yoon
 
Kubernetes integration with ODL
Kubernetes integration with ODLKubernetes integration with ODL
Kubernetes integration with ODL
Prem Sankar Gopannan
 
Kubernetes Basics - ICP Workshop Batch II
Kubernetes Basics - ICP Workshop Batch IIKubernetes Basics - ICP Workshop Batch II
Kubernetes Basics - ICP Workshop Batch II
PT Datacomm Diangraha
 
Kubernetes overview and Exploitation
Kubernetes overview and ExploitationKubernetes overview and Exploitation
Kubernetes overview and Exploitation
OWASPSeasides
 
Centralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container OperationsCentralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container Operations
Kublr
 
Kubernetes-Presentation-Syed-Murtaza-Hassan
Kubernetes-Presentation-Syed-Murtaza-HassanKubernetes-Presentation-Syed-Murtaza-Hassan
Kubernetes-Presentation-Syed-Murtaza-Hassan
Syed Murtaza Hassan
 
Intro to kubernetes
Intro to kubernetesIntro to kubernetes
Hybrid architecture solutions with kubernetes and the cloud native stack
Hybrid architecture solutions with kubernetes and the cloud native stackHybrid architecture solutions with kubernetes and the cloud native stack
Hybrid architecture solutions with kubernetes and the cloud native stack
Kublr
 

Similar to DevOps with Kubernetes (20)

DevOps in AWS with Kubernetes
DevOps in AWS with KubernetesDevOps in AWS with Kubernetes
DevOps in AWS with Kubernetes
 
Kubernetes Intro @HaufeDev
Kubernetes Intro @HaufeDev Kubernetes Intro @HaufeDev
Kubernetes Intro @HaufeDev
 
Kubernetes stack reliability
Kubernetes stack reliabilityKubernetes stack reliability
Kubernetes stack reliability
 
How Self-Healing Nodes and Infrastructure Management Impact Reliability
How Self-Healing Nodes and Infrastructure Management Impact ReliabilityHow Self-Healing Nodes and Infrastructure Management Impact Reliability
How Self-Healing Nodes and Infrastructure Management Impact Reliability
 
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Portable CI/CD Environment as Code with Kubernetes, Kublr and JenkinsPortable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
 
Setup Kubernetes Cluster On AWS Using KOPS
Setup Kubernetes Cluster On AWS Using KOPSSetup Kubernetes Cluster On AWS Using KOPS
Setup Kubernetes Cluster On AWS Using KOPS
 
Kubernetes Internals
Kubernetes InternalsKubernetes Internals
Kubernetes Internals
 
Best Practices with Azure Kubernetes Services
Best Practices with Azure Kubernetes ServicesBest Practices with Azure Kubernetes Services
Best Practices with Azure Kubernetes Services
 
aks_training_document_Azure_kuberne.pptx
aks_training_document_Azure_kuberne.pptxaks_training_document_Azure_kuberne.pptx
aks_training_document_Azure_kuberne.pptx
 
01. Kubernetes-PPT.pptx
01. Kubernetes-PPT.pptx01. Kubernetes-PPT.pptx
01. Kubernetes-PPT.pptx
 
Openstack presentation
Openstack presentationOpenstack presentation
Openstack presentation
 
Kube Overview and Kube Conformance Certification OpenSource101 Raleigh
Kube Overview and Kube Conformance Certification OpenSource101 RaleighKube Overview and Kube Conformance Certification OpenSource101 Raleigh
Kube Overview and Kube Conformance Certification OpenSource101 Raleigh
 
Open stack and k8s(v4)
Open stack and k8s(v4)Open stack and k8s(v4)
Open stack and k8s(v4)
 
Kubernetes integration with ODL
Kubernetes integration with ODLKubernetes integration with ODL
Kubernetes integration with ODL
 
Kubernetes Basics - ICP Workshop Batch II
Kubernetes Basics - ICP Workshop Batch IIKubernetes Basics - ICP Workshop Batch II
Kubernetes Basics - ICP Workshop Batch II
 
Kubernetes overview and Exploitation
Kubernetes overview and ExploitationKubernetes overview and Exploitation
Kubernetes overview and Exploitation
 
Centralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container OperationsCentralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container Operations
 
Kubernetes-Presentation-Syed-Murtaza-Hassan
Kubernetes-Presentation-Syed-Murtaza-HassanKubernetes-Presentation-Syed-Murtaza-Hassan
Kubernetes-Presentation-Syed-Murtaza-Hassan
 
Intro to kubernetes
Intro to kubernetesIntro to kubernetes
Intro to kubernetes
 
Hybrid architecture solutions with kubernetes and the cloud native stack
Hybrid architecture solutions with kubernetes and the cloud native stackHybrid architecture solutions with kubernetes and the cloud native stack
Hybrid architecture solutions with kubernetes and the cloud native stack
 

More from EastBanc Tachnologies

Unpacking .NET Core | EastBanc Technologies
Unpacking .NET Core | EastBanc TechnologiesUnpacking .NET Core | EastBanc Technologies
Unpacking .NET Core | EastBanc Technologies
EastBanc Tachnologies
 
Azure and/or AWS: How to Choose the best cloud platform for your project
Azure and/or AWS: How to Choose the best cloud platform for your projectAzure and/or AWS: How to Choose the best cloud platform for your project
Azure and/or AWS: How to Choose the best cloud platform for your project
EastBanc Tachnologies
 
Functional Programming with C#
Functional Programming with C#Functional Programming with C#
Functional Programming with C#
EastBanc Tachnologies
 
Getting started with azure event hubs and stream analytics services
Getting started with azure event hubs and stream analytics servicesGetting started with azure event hubs and stream analytics services
Getting started with azure event hubs and stream analytics services
EastBanc Tachnologies
 
Developing Cross-Platform Web Apps with ASP.NET Core1.0
Developing Cross-Platform Web Apps with ASP.NET Core1.0Developing Cross-Platform Web Apps with ASP.NET Core1.0
Developing Cross-Platform Web Apps with ASP.NET Core1.0
EastBanc Tachnologies
 
Highlights from MS build\\2016 Conference
Highlights from MS build\\2016 ConferenceHighlights from MS build\\2016 Conference
Highlights from MS build\\2016 Conference
EastBanc Tachnologies
 
Introduction to Kotlin Language and its application to Android platform
Introduction to Kotlin Language and its application to Android platformIntroduction to Kotlin Language and its application to Android platform
Introduction to Kotlin Language and its application to Android platform
EastBanc Tachnologies
 
Estimating for Fixed Price Projects
Estimating for Fixed Price ProjectsEstimating for Fixed Price Projects
Estimating for Fixed Price Projects
EastBanc Tachnologies
 
Async Programming with C#5: Basics and Pitfalls
Async Programming with C#5: Basics and PitfallsAsync Programming with C#5: Basics and Pitfalls
Async Programming with C#5: Basics and Pitfalls
EastBanc Tachnologies
 
EastBanc Technologies US-Russian Collaboration and Innovation
EastBanc Technologies US-Russian Collaboration and InnovationEastBanc Technologies US-Russian Collaboration and Innovation
EastBanc Technologies US-Russian Collaboration and Innovation
EastBanc Tachnologies
 
EastBanc Technologies SharePoint Portfolio
EastBanc Technologies SharePoint PortfolioEastBanc Technologies SharePoint Portfolio
EastBanc Technologies SharePoint Portfolio
EastBanc Tachnologies
 
EastBanc Technologies Data Visualization/BI Portfolio
EastBanc Technologies Data Visualization/BI PortfolioEastBanc Technologies Data Visualization/BI Portfolio
EastBanc Technologies Data Visualization/BI Portfolio
EastBanc Tachnologies
 
EastBanc Technologies Portals and CMS Portfolio
EastBanc Technologies Portals and CMS PortfolioEastBanc Technologies Portals and CMS Portfolio
EastBanc Technologies Portals and CMS Portfolio
EastBanc Tachnologies
 
Cross Platform Mobile Application Development Using Xamarin and C#
Cross Platform Mobile Application Development Using Xamarin and C#Cross Platform Mobile Application Development Using Xamarin and C#
Cross Platform Mobile Application Development Using Xamarin and C#
EastBanc Tachnologies
 

More from EastBanc Tachnologies (14)

Unpacking .NET Core | EastBanc Technologies
Unpacking .NET Core | EastBanc TechnologiesUnpacking .NET Core | EastBanc Technologies
Unpacking .NET Core | EastBanc Technologies
 
Azure and/or AWS: How to Choose the best cloud platform for your project
Azure and/or AWS: How to Choose the best cloud platform for your projectAzure and/or AWS: How to Choose the best cloud platform for your project
Azure and/or AWS: How to Choose the best cloud platform for your project
 
Functional Programming with C#
Functional Programming with C#Functional Programming with C#
Functional Programming with C#
 
Getting started with azure event hubs and stream analytics services
Getting started with azure event hubs and stream analytics servicesGetting started with azure event hubs and stream analytics services
Getting started with azure event hubs and stream analytics services
 
Developing Cross-Platform Web Apps with ASP.NET Core1.0
Developing Cross-Platform Web Apps with ASP.NET Core1.0Developing Cross-Platform Web Apps with ASP.NET Core1.0
Developing Cross-Platform Web Apps with ASP.NET Core1.0
 
Highlights from MS build\\2016 Conference
Highlights from MS build\\2016 ConferenceHighlights from MS build\\2016 Conference
Highlights from MS build\\2016 Conference
 
Introduction to Kotlin Language and its application to Android platform
Introduction to Kotlin Language and its application to Android platformIntroduction to Kotlin Language and its application to Android platform
Introduction to Kotlin Language and its application to Android platform
 
Estimating for Fixed Price Projects
Estimating for Fixed Price ProjectsEstimating for Fixed Price Projects
Estimating for Fixed Price Projects
 
Async Programming with C#5: Basics and Pitfalls
Async Programming with C#5: Basics and PitfallsAsync Programming with C#5: Basics and Pitfalls
Async Programming with C#5: Basics and Pitfalls
 
EastBanc Technologies US-Russian Collaboration and Innovation
EastBanc Technologies US-Russian Collaboration and InnovationEastBanc Technologies US-Russian Collaboration and Innovation
EastBanc Technologies US-Russian Collaboration and Innovation
 
EastBanc Technologies SharePoint Portfolio
EastBanc Technologies SharePoint PortfolioEastBanc Technologies SharePoint Portfolio
EastBanc Technologies SharePoint Portfolio
 
EastBanc Technologies Data Visualization/BI Portfolio
EastBanc Technologies Data Visualization/BI PortfolioEastBanc Technologies Data Visualization/BI Portfolio
EastBanc Technologies Data Visualization/BI Portfolio
 
EastBanc Technologies Portals and CMS Portfolio
EastBanc Technologies Portals and CMS PortfolioEastBanc Technologies Portals and CMS Portfolio
EastBanc Technologies Portals and CMS Portfolio
 
Cross Platform Mobile Application Development Using Xamarin and C#
Cross Platform Mobile Application Development Using Xamarin and C#Cross Platform Mobile Application Development Using Xamarin and C#
Cross Platform Mobile Application Development Using Xamarin and C#
 

Recently uploaded

zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
christinelarrosa
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE?  Session 2 – CoE RolesWhat is an RPA CoE?  Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
DianaGray10
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
Vadym Kazulkin
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
DanBrown980551
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
Fwdays
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users",  Kevin Goedecke"Scaling RAG Applications to serve millions of users",  Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
Fwdays
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
ScyllaDB
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
zjhamm304
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
Fwdays
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Pitangent Analytics & Technology Solutions Pvt. Ltd
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Enterprise Knowledge
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 

Recently uploaded (20)

zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE?  Session 2 – CoE RolesWhat is an RPA CoE?  Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
 
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w..."What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
 
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users",  Kevin Goedecke"Scaling RAG Applications to serve millions of users",  Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
 
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk"Frontline Battles with DDoS: Best practices and Lessons Learned",  Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
 
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 

DevOps with Kubernetes

  • 2. Agenda • Kubernetes overview • Usage and demo • Architecture • Kubernetes on AWS with Cloud Formation
  • 4. What is Kubernetes? Quick facts • System for managing and orchestrating containerized applications in clusters, a.k.a. cluster management software • Open source, MIT licensed, developed by Google • Used in GCE, OpenShift, other projects
  • 5. Kubernetes is • portable: public, private, hybrid, multi-cloud, written in Go • extensible: modular, pluggable, hookable, composable • self-healing: auto-placement, auto-restart, auto-replication, auto- scaling • scalable and reliable: all components are scalable and clear setup path exists to setup scalable and reliable cluster • documented: a lot of documentation, training materials, community support • open source: MIT license, large and active community
  • 6. With Kubernetes you can • Orchestrate complex application deployments quickly and predictably • Scale your applications on the fly • Seamlessly roll out new features • Easily setup complex operations scenarios, e.g. rolling update, canary deployments etc • Optimize use of your hardware by using only the resources you need • Manage persistent storage • Automate
  • 7. Kubernetes solves • application composition: co- locating helper processes preserving the “one- application- per-container” model, • mounting storage systems, • distributing configuration and secrets, • application health checking, • replicating application instances, • horizontal (auto-)scaling, • naming and discovery, • load balancing, • rolling updates, • resource monitoring, • log access and ingestion, • support for introspection and debugging, and • identity and authorization.
  • 9. Kubernetes management • Kubectl CLI • Independent binaries for multiple platforms (Go) • put config file to $HOME/.kube or set $KUBECONFIG • Automation friendly with multiple output formats: text, json, yaml, jsonpath • Supports proxy into cluster network, container attachment and log retrieval • REST API • Available at https://<master-ip> • Self-documented, swagger documentation • Supports proxy into cluster network • Basic Web dashboard • Available at https://<master-ip>/ui
  • 10. Kubernetes objects Primitives • Namespace • Node • Pod • Service • Config Map • Secret • Volume • Persistent Volume Controller s• Replication Controller • Deployment • Job • Daemon Set • Ingress • ...
  • 11. Kubernetes objects: common • All objects include metadata with • Name – unique • Labels – searchable, selectable • Annotations – arbitrary additional information • Spec – object specific description/specification of the object • Status – object status within the cluster • Object information may be received in different formats
  • 12. Kubernetes objects: names and namespaces • Namespaces are used to separate groups of objects, e.g. by user, team, project etc • Namespaces are scopes for names; names are unique per type within namespace • Namespaces may also be a basis for access control separation • Resource quotas may be associated with namespaces kubectl get namespaces [ <ns> ... ] kubectl describe namespaces [ <ns> ... ]
  • 13. Kubernetes objects: nodes • Nodes represent a physical or virtual worker machine where kubelet, kube proxy, and docker run • Kubelet registers a node on the master and maintains keep- alive check • Nodes may be annotated and labeled to specify workload affinity and constraints kubectl get nodes kubectl describe [ <nd> ... ] nodes [ <nd> ... ]
  • 14. Kubernetes objects: pods • Pod is a group of containers • Run on the same node – co-located and co- scheduled • Shared storage • Shared localhost network and port space • Unique IP within a cluster • Example: app server and log shipper
  • 15. Kubernetes objects: nodes and pods Node 1 Node 2 Pod A-1 10.0.0.3 Cnt1 Cnt2 Pod A-2 10.0.0.5 Cnt1 Cnt2 Pod B-1 10.0.0.8 Cnt3
  • 16. Kubernetes objects: volumes and persistent volumes • Used to manage persistent storage • Multiple types supported: • AWS EBS • Azure block store • Git • NFS • GlusterFS • Ceph • ...
  • 17. Kubernetes objects: pods and volumes Pod Volume Volume Volume Claim Container 1 Volume Container 2 Volume Persistent Mount Mount
  • 18. Kubernetes objects: config maps and secrets • Config maps and secrets are used for distribution of configuration information including secrets like password, certificates, keys etc • Kubelet registers a node on the master and maintains keep- alive check • Nodes may be annotated and labeled to specify workload affinity and constraintskubectl kubectl kubectl kubectl get configmaps [ <cm> ... ] describe configmaps [ <cm> ... ] get secrets [ <sc> ... ] describe secrets [ <sc> ... ]
  • 19. Kubernetes objects: services • Service is an abstraction that defines a set of pods a policy to access them • Service is a distributed L3 load balancer • Single unique IP within a cluster • Used to expose pods to the world: • Default • NodePort • LoadBalancer
  • 20. external port Kubernetes objects: pods and services abstraction Cluster Pod A-1 10.0.0.3 Pod A-2 10.0.0.5 Pod B-1 10.0.0.8 SrvA 10.7.0. 1 Srv B 10.7.0. 3
  • 21. Kubernetes objects: pods and services Node 1 Node 2 Pod A-1 10.0.0.3 Pod A-2 10.0.0.5 Pod B-1 10.0.0.8 SrvA 10.7.0. 1 Srv B 10.7.0. 3 SrvA 10.7.0. 1 Srv B 10.7.0. 3 external port external port iptables iptables
  • 22. Service Discovery: DNS DNS • <service-name>.<namespace-name>.svc.cluster.local • <service-name>.<namespace-name> • <service-name> - in the same namespace • DNS SRV _<port>._<proto>.<service-name> - for port number e.g. “SRV _http._tcp.nginx”
  • 23. Kubernetes Object: Controllers • Deployment • Daemon Set • Job • Ingress • Replication Controller • Replication Set
  • 24. Kubernetes Controller: Job • Create one or more pods and ensure that specified number of them successfully terminates • Jobs may be used for operations automation
  • 25. Kubernetes Controller: Deployment • Deployment provides declarative updates for Pods and Replica Sets • Orchestrate updates and rollbacks • Scale up or down
  • 26. Kubernetes Addons • DNS • UI • Logging • Monitorin g
  • 28. Kubernetes architecture ....... ,.,:..' "- ......,..,...,•..••..-.! .,., . . N . . .O..,. . . ----"'-. '"". ... - EASTBA NC T E C H N O L O G I E S ...w,.,..,,.,..,-. ( ' ¥ ( )! ( 0 ,<) ',(o.;.)l;o;"' '" <••·.,., ••.:V"•• . . . .,. " " " ' " ' · .,.,....,,:U: .....
  • 29. Kubernetes architecture: node • kubelet manages pods, their containers, images, volumes, network etc • kube-proxy is a simple network proxy and load balancer responsible for reflecting services on the nodes
  • 30. Kubernetes architecture: node • kubelet manages pods, their containers, images, volumes, network etc • kube-proxy is a simple network proxy and load balancer responsible for reflecting services on the nodes. Userspace (legacy) or iptables (modern) modes are supported.
  • 31. Kubernetes architecture: control plane • etcd is a reliable watchable storage for all persistent master state • API Server is a CRUD-y REST server with most/all logic implemented in plugins that serves Kubernetes API. It mainly processes REST operations, validates them, and updates the corresponding objects in etcd.
  • 32. Kubernetes architecture: control plane • etcd is a reliable watchable storage for all persistent master state • API Server is a CRUD-y REST server with most/all logic implemented in plugins that serves Kubernetes API. It mainly processes REST operations, validates them, and updates the corresponding objects in etcd.
  • 33. Kubernetes architecture: control plane • Scheduler binds unscheduled pods to nodes • Control manager performs all other cluster-level functions, e.g. deployments rollout, job control, pod replication control etc
  • 34. Kubernetes architecture: control plane • Scheduler binds unscheduled pods to nodes • Control manager performs all other cluster-level functions, e.g. deployments rollout, job control, pod replication control etc
  • 35. Kubernetes architecture: control plane • Kubectl client is CLI to manage K8S cluster
  • 36. Kubernetes architecture: security • Authentication and authorization are pluggable. By default – file based, but may be easily switched to external resources (OAuth, authorization service) • Transport security is based on TLS, key distribution is deployment specific
  • 37. Kubernetes architecture: security • Authentication and authorization are pluggable: file based by default, but may be easily switched to external resources (OAuth, authorization service) • Transport security is based on TLS, key distribution is deployment specific
  • 38. Example orchestration scenario 1. User creates a new Deployment object via REST 2. Controller Manager sees a Deployment object with no Pods and creates Pod objects based on the Deployment object specification 3. Scheduler sees Pod objects not assigned to Nodes and allocates them according to the Nodes load and the Pods specifications 4. Kubelets running on Nodes see Pod objects allocated to their corresponding Nodes and start Pods’ containers based on the Pods’ specifications 1 4 3 2 4
  • 40. Deployment options • kube-up.sh script Available in k8s distro and supported by the developers • Other methods as described in kubernetes documentation • Other projects and systems based on kubernetes, such as GCE • EBT AWS CloudFormation template
  • 41. AWS Cloud Formation K8S Cluster Improvements • Master is in auto scaling group for auto recovery • Nodes are in multi-zone auto scaling group for high availability • Multiple auto scaling groups are supported for nodes • Simple no-client cluster rollout and teardown • Support for node EIP auto-assignment
  • 43. The good, the bad, and the ugly Pros • Multi-platform • Rich OTB abstractions and functionality • Extensibility Cons and problems • Complex architecture and setup (AWS CF Template solves the problem for AWS) • Manifest parameterization is outside K8S
  • 44. Future work • Simple deployment to other clouds (Azure) and on-prem • Multi-zone master • Single-node deployment (reusable • master) • Multi-region, multi-cloud and federated deployment • Persistent volume management and • backup in prod • Monitoring and log collection in prod • Integration with Jenkins • Use Vault for key and secret storage • Packaged components: HAProxy ingress, glusterfs, elasticsearch, mongo DB, MySql Cluster(?), Galena Cluster(?), WildFly, ActiveMQ, RabbitMQ (?), HippoCMS, Keycloak, OpenAM, Hadoop (?), Rstudio Server, Jupyter, etc • Web UI • • ...
  • 45. THANK YOU Oleg Chunikhin Chief Architect ochunikhin@eastbanctech.c om 202-295-3000 eastbanctech.com