SlideShare a Scribd company logo

Evolving for Kubernetes

Chris McEniry
Chris McEniry

Experience of adopting Kubernetes to run applications. Presented at SD Dev Ops July 2018

Technology
1 of 67
Download to read offline
Chris 'mac' McEniry
Agenda • Some Items about Kubernetes • Lift and Shift • Evolving Applications for Kubernetes • Changing People/Processes for Kubernetes
tl;dr • Be ready for change • As you evolve your processes/support, you have to provide backwards compatibility for both your infrastructure/applications and your processes • Really focus on having a stable deployment mechanism • Sort out your interaction contracts • Start small and constrained - Realize that you won't do it "right" • You will have to make application changes • You will have to change your expectations • Be ready for cutting edges • Kubernetes has very simple set of core primitives, and a lot of options to build on top • CICD • Authentication and Access Control • Resource management - forcing to use limits/requests • Avoiding mixing goals
Perspective (Me) • I'm a platform administration. I make sure the clusters... • are available, • have resources, • connect to the rest of the infrastructure. • I run applications, but for the most part help app teams use the platform
Survey (You) • Who's familiar with cfengine / puppet / chef / ansible / etc? • Who's familiar with current containers? • Who's familiar with Kubernetes? The object / resource model? • Who's running Kubernetes in Production (even for the smallest workload)?
Some items about Kubernetes...
Declarative State • Tell me what you want • Not how to do it • How to do it can change in different contexts • "LoadBalancer" is slightly different in AWS, GCP, Azure • All state stored in the API Server
Reconciliation Loop Driven • Many specific independent actors • Controllers • Operators • Actors implement declarative state and current state • Actor can change declarative state for another actor and trigger its actions • Main ones • schduler • controller-manager • kubelet
Network Focused • Interact with other applications over network
Networking • Everything in the cluster is reachable to everything else • (Policy might restrict) • Magic Mappings. • L4 Load Balancer • DNS Mapping • Map from outside cluster to inside
Resources • What are used to defined declarative state • Stored in cluster (API Server) • aka Manifests
Container • Process • Isolation: Namespaces • Resource Management: CGroups • Restriction: Capabilities
Pod • Collection of containers working tightly together • Unit of Scheduling • Share network stack • Can share disk mounts • Sidecar: a support container running with the application container
Service • Logical construct representing a network resource
ConfigMap • (Static) Configuration data stored inside the cluster • Can be exposed as environment variable(s) or files place into the container
Higher Level Constructs • Multiple Pods all the same ==> ReplicaSet • Multiple ReplicaSets running an application (with canned rolling update mechanism) ==> Deployment • Sensitive ConfigMaps ==> Secret • Different Service Implementations ==> Ingress
Controller -> Controller (via API Server) Kubelet Endpoint Controller RS Controller Deploy Controller Replica Set PodDeployment Service App Route
Kubernetes is a Distributed System for Building Distributed Systems full of Independent Actors.
Lift and Shift (Phase 1)
Goals • Run an application inside of Kubernetes • Change the code as little as possible • Hook into the existing infrastructure as much as possible • Keep it simple - avoid state, storage, etc • Kick the tires
Starting Point • Application Server based • Takes requests in • Talks to a Database in the Back
Host App Server CLIENT DB
Starting Point - Control • Configuration • Logs
Host App Server LOGSCONFIG CLIENT DB
Host Tomcat LOGSTASHCHEF CLIENT DB
App Design for Kubernetes • Application Pod with Logstash Sidecar Pod • ConfigMap holding prerendered output from Chef. Mounted under conf dir • Shared mount (emptydir) for log output • Written by app • Read by logstash • Service definition to map from outside to inside
C TomcatConfig CLIENT DB LOG STASH Pod
C TomcatConfig CLIENT DB LOG STASH App Container Logstash Sidecar Container
C TomcatConfig CLIENT DB LOG STASH Prerendered Conf stored in ConfigMap Mounted into app container for conf dir
C TomcatConfig CLIENT DB LOG STASH Shared mount for logs
C TomcatConfig CLIENT DB LOG STASH Service Definition
Team Processes for Kubernetes • kubectl is the hammer • Deploy using manifests (from source control) with kubectl apply -f • Troubleshooting • kubectl logs ... • kubectl exec ...
Lift and Shift: Success! • It worked!
Lessons Learned • Startup time takes its time (tomcat startup) • Debugging (kube exec) • ConfigMap/Deployments only worked for one environment • Healthchecks didn't fit well in the model and worked counter to debugging steps
Next Goals • Determine how to sustainable run applications inside of Kubernetes
Evolving Applications for Kubernetes (Phase 2,3,4,5,6,7,8,9....)
https://www.redhat.com/cms/managed-files/cl-cloud-native-container-design-whitepaper-f8808kc-201710-v3-en.pdf
1. Single Concern Principle • Do one thing (and do it well) • Separation of Concerns • Target updates • Minimize (vertical) image sprawl
2. Image Immutability Principle • Image is a delivery artifact with all of the properties that that should have • "Build once, deploy everywhere" • Don't layer configuration on as part of image (unless you're putting *all* foreseeable configuration possibilities in there)
3. Self-Containment Principle • Extension of Image Immutability • On deployment, layer in instance unique items (config, data) • This uniqueness layer should be specific to this instance
4. Runtime Confinement Principle • Get an understanding of your resource requirements • And use them! (helps with scheduling) • Without them ==> • Unintentional, uninformed oversubscription • Roving micro-oversubscription hotspots
5. Process Disposability Principle • Processes are ephemeral • Before ready for them to not be there • This will happen often (every change)
Containers (by themselves) are half suited for Kubernetes • Kubernetes builds on containers • If you have been following container modeling, that translates directly
Kubernetes Cluster Ecosystem • Application process interacts with the cluster
6. Life-Cycle Conformance Principle • Figure out your timings (shutdown cleanly, startup)
7. High Observability Principle • Change in behaviors • Biggest change in thinking • Forced thinking of items like health checks and monit et al • Add to Disposability Principle - have to be able to debug quickly, over the network, and with remaining forensics
Changing People/Process for Kubernetes
Be Ready for Change • Changed Deployment Strategy • Single manifests -> Helm Charts • Changed Helm Chart Structure 5 Times • Changed Logging Infrastructure 3 Times • BE VERY CAREFUL IN WHAT YOU STOP SUPPORTING
Contracts • Describe what each side/component of processes will provide and accept • Helps to define • What can be changed without impacting others • What needs to be talked about before changing
Kubernetes Cluster Kubernetes Team App Team / User -Receives App Definition +Define App Definition (name, resource count, users) -Receives namespace, RBAC +Defines namespace, RBAC -Trusts central auth +Logs in via central auth -Allows access to granted resources +Accesses namespace App Team Onboarding to Cluster
App (Pod) Kubernetes Cluster Monitoring App Team / User +Logs to STDOUT -Receives from STDOUT +Transmits to Logging Bus -Receives on Logging Bus +JSON Structured Log Format -Handles JSON Format +Indexes in Search Tool -Search in Search Tool +Infrastructure enrichments: pod, cluster, container host, environment, datacenter -Search by infrastructure information Logging Contract
Be Comfortable with Being Uncomfortable • A lot of this technology is new/recent • A lot of simple implementations (first pass) • A lot of undiscovered bugs • "Best practices" are highly localized
Simplified Primitives • Deployments • All at once (destroy + build) • Rolling • Load Balancing • Only equal weight round robin (be it via L4 forwarding, or DNS) • What's Layer7?
Common App Team Concerns • How do I get onboarded? • How does my application have to interact with the system? • How do I run my application? • How do I troubleshoot my application? • How does it all work?!!?!?!
How do I run my application? • Build an Application Template • Dockerfile • Helm Chart • Jenkinsfile • Extend with organizational specific functions • Partial Deploy functions • Incorporate environment values
Debugging • kubectl exec ...
How does it all work?!?!?!?! • Boot camps
Current
C Jar App Config Map CLIENT DB Secret Management Config Map
New Application Model • Jar App (faster start up) • zmetrics port (separate from client interface) • Prometheus scrapes metrics • Readiness/liveness probes • Logs to STDOUT
New Deployment Model • CICD Driven • Standard format for repository • Dockerfile, Chart --> artifacts • Environment specific values • Multiproject pipeline pushes to multiple environments with approval gates • Automatic canary deploy, sanity check, then full deploy
Lessons Learned
• If you change too quickly, you will be in for a world of hurt • Different ways to deploy • Different Kubernetes versions (v1alpha1, v1beta1, v1) • You can't please everyone • Tradeoffs • Training - bootcamps and walking people through... • Examples examples examples - easy to copy (cargo culting)
Health Checks • Liveliness probe: If this fails, Kubernetes will restart the container. • Readiness probe: If this fails, Kubernetes will take the pod out of the service pool. • If an app is bad, I should stop sending traffic to it and recover it, right? ==> Ok to set these to the same thing. https://cloud.google.com/kubernetes-engine/kubernetes-comic/
"We DDOSed Ourselves!!!" • On startup, application can be ready • Gets flooded with traffic • Kube restarts because liveness failed as well • Quick fix: Removed liveness • Real fix: • Run liveness and readiness on a different port/ connection threadpool/etc • Know they mean different items
• Prometheusbeat has limited support • Security scanning checkbox • Type:LoadBalancer Services (and anything built off them) get a permit * ICMP Destination Unreachable (Type 3) - runs afoul of security policies • Provide helper tools to setup configuration • Login ==> can also gather cluster information like certificates and endpoints
Q? Obligatory - we're hiring... Maybe Answers...

Recommended

Ca de prostata
Ca de prostataCa de prostata
Ca de prostataSantiago Silva
 
Cancer hepatico
Cancer hepaticoCancer hepatico
Cancer hepaticoCFUK 22
 
How kubernetes operators can rescue dev secops in midst of a pandemic updated
How kubernetes operators can rescue dev secops in midst of a pandemic updatedHow kubernetes operators can rescue dev secops in midst of a pandemic updated
How kubernetes operators can rescue dev secops in midst of a pandemic updatedShikha Srivastava
 
GitOps 101 Presentation.pdf
GitOps 101 Presentation.pdfGitOps 101 Presentation.pdf
GitOps 101 Presentation.pdfssuser31375f
 
Why kubernetes matters
Why kubernetes mattersWhy kubernetes matters
Why kubernetes mattersPlatform9
 
Database as a Service (DBaaS) on Kubernetes
Database as a Service (DBaaS) on KubernetesDatabase as a Service (DBaaS) on Kubernetes
Database as a Service (DBaaS) on KubernetesObjectRocket
 
Containers, microservices and serverless for realists
Containers, microservices and serverless for realistsContainers, microservices and serverless for realists
Containers, microservices and serverless for realistsKarthik Gaekwad
 
10 tips for Cloud Native Security
10 tips for Cloud Native Security10 tips for Cloud Native Security
10 tips for Cloud Native SecurityKarthik Gaekwad
 

Recommended

Ca de prostata
Ca de prostataCa de prostata
Ca de prostataSantiago Silva
 
Cancer hepatico
Cancer hepaticoCancer hepatico
Cancer hepaticoCFUK 22
 
How kubernetes operators can rescue dev secops in midst of a pandemic updated
How kubernetes operators can rescue dev secops in midst of a pandemic updatedHow kubernetes operators can rescue dev secops in midst of a pandemic updated
How kubernetes operators can rescue dev secops in midst of a pandemic updatedShikha Srivastava
 
GitOps 101 Presentation.pdf
GitOps 101 Presentation.pdfGitOps 101 Presentation.pdf
GitOps 101 Presentation.pdfssuser31375f
 
Why kubernetes matters
Why kubernetes mattersWhy kubernetes matters
Why kubernetes mattersPlatform9
 
Database as a Service (DBaaS) on Kubernetes
Database as a Service (DBaaS) on KubernetesDatabase as a Service (DBaaS) on Kubernetes
Database as a Service (DBaaS) on KubernetesObjectRocket
 
Containers, microservices and serverless for realists
Containers, microservices and serverless for realistsContainers, microservices and serverless for realists
Containers, microservices and serverless for realistsKarthik Gaekwad
 
10 tips for Cloud Native Security
10 tips for Cloud Native Security10 tips for Cloud Native Security
10 tips for Cloud Native SecurityKarthik Gaekwad
 
Latest (storage IO) patterns for cloud-native applications
Latest (storage IO) patterns for cloud-native applications Latest (storage IO) patterns for cloud-native applications
Latest (storage IO) patterns for cloud-native applications OpenEBS
 
PlovDev 2016: Оркестрация на контейнери с Kubernetes - Мартин Владев
PlovDev 2016: Оркестрация на контейнери с Kubernetes - Мартин ВладевPlovDev 2016: Оркестрация на контейнери с Kubernetes - Мартин Владев
PlovDev 2016: Оркестрация на контейнери с Kubernetes - Мартин ВладевPlovDev Conference
 
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TCloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TShapeBlue
 
Kubernetes Infra 2.0
Kubernetes Infra 2.0Kubernetes Infra 2.0
Kubernetes Infra 2.0Deepak Sood
 
Getting to Walk with DevOps
Getting to Walk with DevOpsGetting to Walk with DevOps
Getting to Walk with DevOpsEklove Mohan
 
Simplify Your Way To Expert Kubernetes Management
Simplify Your Way To Expert Kubernetes ManagementSimplify Your Way To Expert Kubernetes Management
Simplify Your Way To Expert Kubernetes ManagementDevOps.com
 
Kubernetes at NU.nl (Kubernetes meetup 2019-09-05)
Kubernetes at NU.nl (Kubernetes meetup 2019-09-05)Kubernetes at NU.nl (Kubernetes meetup 2019-09-05)
Kubernetes at NU.nl (Kubernetes meetup 2019-09-05)Tibo Beijen
 
APPLICATIONS AND CONTAINERS AT SCALE: OpenShift + Kubernetes + Docker
APPLICATIONS AND CONTAINERS AT SCALE: OpenShift + Kubernetes + DockerAPPLICATIONS AND CONTAINERS AT SCALE: OpenShift + Kubernetes + Docker
APPLICATIONS AND CONTAINERS AT SCALE: OpenShift + Kubernetes + DockerSteven Pousty
 
DEVNET-1183 OpenShift + Kubernetes + Docker
DEVNET-1183 OpenShift + Kubernetes + DockerDEVNET-1183 OpenShift + Kubernetes + Docker
DEVNET-1183 OpenShift + Kubernetes + DockerCisco DevNet
 
Debugging Microservices - key challenges and techniques - Microservices Odesa...
Debugging Microservices - key challenges and techniques - Microservices Odesa...Debugging Microservices - key challenges and techniques - Microservices Odesa...
Debugging Microservices - key challenges and techniques - Microservices Odesa...Lohika_Odessa_TechTalks
 
Tech talk microservices debugging
Tech talk microservices debuggingTech talk microservices debugging
Tech talk microservices debuggingAndrey Kolodnitsky
 
Cloud foundry: The Platform for Forging Cloud Native Applications
Cloud foundry: The Platform for Forging Cloud Native ApplicationsCloud foundry: The Platform for Forging Cloud Native Applications
Cloud foundry: The Platform for Forging Cloud Native ApplicationsChip Childers
 
DevOpsCon 2020: The Past, Present, and Future of Cloud Native API Gateways
DevOpsCon 2020: The Past, Present, and Future of Cloud Native API GatewaysDevOpsCon 2020: The Past, Present, and Future of Cloud Native API Gateways
DevOpsCon 2020: The Past, Present, and Future of Cloud Native API GatewaysDaniel Bryant
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesJosef Adersberger
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesQAware GmbH
 
The Kubernetes Effect
The Kubernetes EffectThe Kubernetes Effect
The Kubernetes EffectBilgin Ibryam
 
Data harmonycloudpowerpointclientfacing
Data harmonycloudpowerpointclientfacingData harmonycloudpowerpointclientfacing
Data harmonycloudpowerpointclientfacingAccess Innovations, Inc.
 
Kubernetes Basics - ICP Workshop Batch II
Kubernetes Basics - ICP Workshop Batch IIKubernetes Basics - ICP Workshop Batch II
Kubernetes Basics - ICP Workshop Batch IIPT Datacomm Diangraha
 
Exploring Twitter's Finagle technology stack for microservices
Exploring Twitter's Finagle technology stack for microservicesExploring Twitter's Finagle technology stack for microservices
Exploring Twitter's Finagle technology stack for microservices💡 Tomasz Kogut
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes SecurityKarthik Gaekwad
 
On the Edge Systems Administration with Golang
On the Edge Systems Administration with GolangOn the Edge Systems Administration with Golang
On the Edge Systems Administration with GolangChris McEniry
 
LISA2017 Kubernetes: Hit the Ground Running
LISA2017 Kubernetes: Hit the Ground RunningLISA2017 Kubernetes: Hit the Ground Running
LISA2017 Kubernetes: Hit the Ground RunningChris McEniry
 

More Related Content

Similar to Evolving for Kubernetes

Latest (storage IO) patterns for cloud-native applications
Latest (storage IO) patterns for cloud-native applications Latest (storage IO) patterns for cloud-native applications
Latest (storage IO) patterns for cloud-native applications OpenEBS
 
PlovDev 2016: Оркестрация на контейнери с Kubernetes - Мартин Владев
PlovDev 2016: Оркестрация на контейнери с Kubernetes - Мартин ВладевPlovDev 2016: Оркестрация на контейнери с Kubernetes - Мартин Владев
PlovDev 2016: Оркестрация на контейнери с Kubernetes - Мартин ВладевPlovDev Conference
 
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TCloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TShapeBlue
 
Kubernetes Infra 2.0
Kubernetes Infra 2.0Kubernetes Infra 2.0
Kubernetes Infra 2.0Deepak Sood
 
Getting to Walk with DevOps
Getting to Walk with DevOpsGetting to Walk with DevOps
Getting to Walk with DevOpsEklove Mohan
 
Simplify Your Way To Expert Kubernetes Management
Simplify Your Way To Expert Kubernetes ManagementSimplify Your Way To Expert Kubernetes Management
Simplify Your Way To Expert Kubernetes ManagementDevOps.com
 
Kubernetes at NU.nl (Kubernetes meetup 2019-09-05)
Kubernetes at NU.nl (Kubernetes meetup 2019-09-05)Kubernetes at NU.nl (Kubernetes meetup 2019-09-05)
Kubernetes at NU.nl (Kubernetes meetup 2019-09-05)Tibo Beijen
 
APPLICATIONS AND CONTAINERS AT SCALE: OpenShift + Kubernetes + Docker
APPLICATIONS AND CONTAINERS AT SCALE: OpenShift + Kubernetes + DockerAPPLICATIONS AND CONTAINERS AT SCALE: OpenShift + Kubernetes + Docker
APPLICATIONS AND CONTAINERS AT SCALE: OpenShift + Kubernetes + DockerSteven Pousty
 
DEVNET-1183 OpenShift + Kubernetes + Docker
DEVNET-1183 OpenShift + Kubernetes + DockerDEVNET-1183 OpenShift + Kubernetes + Docker
DEVNET-1183 OpenShift + Kubernetes + DockerCisco DevNet
 
Debugging Microservices - key challenges and techniques - Microservices Odesa...
Debugging Microservices - key challenges and techniques - Microservices Odesa...Debugging Microservices - key challenges and techniques - Microservices Odesa...
Debugging Microservices - key challenges and techniques - Microservices Odesa...Lohika_Odessa_TechTalks
 
Tech talk microservices debugging
Tech talk microservices debuggingTech talk microservices debugging
Tech talk microservices debuggingAndrey Kolodnitsky
 
Cloud foundry: The Platform for Forging Cloud Native Applications
Cloud foundry: The Platform for Forging Cloud Native ApplicationsCloud foundry: The Platform for Forging Cloud Native Applications
Cloud foundry: The Platform for Forging Cloud Native ApplicationsChip Childers
 
DevOpsCon 2020: The Past, Present, and Future of Cloud Native API Gateways
DevOpsCon 2020: The Past, Present, and Future of Cloud Native API GatewaysDevOpsCon 2020: The Past, Present, and Future of Cloud Native API Gateways
DevOpsCon 2020: The Past, Present, and Future of Cloud Native API GatewaysDaniel Bryant
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesJosef Adersberger
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesQAware GmbH
 
The Kubernetes Effect
The Kubernetes EffectThe Kubernetes Effect
The Kubernetes EffectBilgin Ibryam
 
Kubernetes Basics - ICP Workshop Batch II
Kubernetes Basics - ICP Workshop Batch IIKubernetes Basics - ICP Workshop Batch II
Kubernetes Basics - ICP Workshop Batch IIPT Datacomm Diangraha
 
Exploring Twitter's Finagle technology stack for microservices
Exploring Twitter's Finagle technology stack for microservicesExploring Twitter's Finagle technology stack for microservices
Exploring Twitter's Finagle technology stack for microservices💡 Tomasz Kogut
 

Similar to Evolving for Kubernetes (20)

Latest (storage IO) patterns for cloud-native applications
Latest (storage IO) patterns for cloud-native applications Latest (storage IO) patterns for cloud-native applications
Latest (storage IO) patterns for cloud-native applications
 
PlovDev 2016: Оркестрация на контейнери с Kubernetes - Мартин Владев
PlovDev 2016: Оркестрация на контейнери с Kubernetes - Мартин ВладевPlovDev 2016: Оркестрация на контейнери с Kubernetes - Мартин Владев
PlovDev 2016: Оркестрация на контейнери с Kubernetes - Мартин Владев
 
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&TCloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
CloudStack and GitOps at Enterprise Scale - Alex Dometrius, Rene Glover - AT&T
 
Kubernetes Infra 2.0
Kubernetes Infra 2.0Kubernetes Infra 2.0
Kubernetes Infra 2.0
 
Getting to Walk with DevOps
Getting to Walk with DevOpsGetting to Walk with DevOps
Getting to Walk with DevOps
 
Simplify Your Way To Expert Kubernetes Management
Simplify Your Way To Expert Kubernetes ManagementSimplify Your Way To Expert Kubernetes Management
Simplify Your Way To Expert Kubernetes Management
 
Kubernetes at NU.nl (Kubernetes meetup 2019-09-05)
Kubernetes at NU.nl (Kubernetes meetup 2019-09-05)Kubernetes at NU.nl (Kubernetes meetup 2019-09-05)
Kubernetes at NU.nl (Kubernetes meetup 2019-09-05)
 
APPLICATIONS AND CONTAINERS AT SCALE: OpenShift + Kubernetes + Docker
APPLICATIONS AND CONTAINERS AT SCALE: OpenShift + Kubernetes + DockerAPPLICATIONS AND CONTAINERS AT SCALE: OpenShift + Kubernetes + Docker
APPLICATIONS AND CONTAINERS AT SCALE: OpenShift + Kubernetes + Docker
 
DEVNET-1183 OpenShift + Kubernetes + Docker
DEVNET-1183 OpenShift + Kubernetes + DockerDEVNET-1183 OpenShift + Kubernetes + Docker
DEVNET-1183 OpenShift + Kubernetes + Docker
 
Debugging Microservices - key challenges and techniques - Microservices Odesa...
Debugging Microservices - key challenges and techniques - Microservices Odesa...Debugging Microservices - key challenges and techniques - Microservices Odesa...
Debugging Microservices - key challenges and techniques - Microservices Odesa...
 
Tech talk microservices debugging
Tech talk microservices debuggingTech talk microservices debugging
Tech talk microservices debugging
 
Cloud foundry: The Platform for Forging Cloud Native Applications
Cloud foundry: The Platform for Forging Cloud Native ApplicationsCloud foundry: The Platform for Forging Cloud Native Applications
Cloud foundry: The Platform for Forging Cloud Native Applications
 
DevOpsCon 2020: The Past, Present, and Future of Cloud Native API Gateways
DevOpsCon 2020: The Past, Present, and Future of Cloud Native API GatewaysDevOpsCon 2020: The Past, Present, and Future of Cloud Native API Gateways
DevOpsCon 2020: The Past, Present, and Future of Cloud Native API Gateways
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to Kubernetes
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to Kubernetes
 
The Kubernetes Effect
The Kubernetes EffectThe Kubernetes Effect
The Kubernetes Effect
 
Data harmonycloudpowerpointclientfacing
Data harmonycloudpowerpointclientfacingData harmonycloudpowerpointclientfacing
Data harmonycloudpowerpointclientfacing
 
Kubernetes Basics - ICP Workshop Batch II
Kubernetes Basics - ICP Workshop Batch IIKubernetes Basics - ICP Workshop Batch II
Kubernetes Basics - ICP Workshop Batch II
 
Exploring Twitter's Finagle technology stack for microservices
Exploring Twitter's Finagle technology stack for microservicesExploring Twitter's Finagle technology stack for microservices
Exploring Twitter's Finagle technology stack for microservices
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes Security
 

More from Chris McEniry

On the Edge Systems Administration with Golang
On the Edge Systems Administration with GolangOn the Edge Systems Administration with Golang
On the Edge Systems Administration with GolangChris McEniry
 
LISA2017 Kubernetes: Hit the Ground Running
LISA2017 Kubernetes: Hit the Ground RunningLISA2017 Kubernetes: Hit the Ground Running
LISA2017 Kubernetes: Hit the Ground RunningChris McEniry
 
LISA2017 Big Three Cloud Networking
LISA2017 Big Three Cloud NetworkingLISA2017 Big Three Cloud Networking
LISA2017 Big Three Cloud NetworkingChris McEniry
 
Go for SysAdmins - LISA 2015
Go for SysAdmins - LISA 2015Go for SysAdmins - LISA 2015
Go for SysAdmins - LISA 2015Chris McEniry
 
OSCON2014 : Quick Introduction to System Tools Programming with Go
OSCON2014 : Quick Introduction to System Tools Programming with GoOSCON2014 : Quick Introduction to System Tools Programming with Go
OSCON2014 : Quick Introduction to System Tools Programming with GoChris McEniry
 
Intro to linux performance analysis
Intro to linux performance analysisIntro to linux performance analysis
Intro to linux performance analysisChris McEniry
 
Value streammapping cascadiait2014-mceniry
Value streammapping cascadiait2014-mceniryValue streammapping cascadiait2014-mceniry
Value streammapping cascadiait2014-mceniryChris McEniry
 
CQL3 and Data Modeling 101 with Apache Cassandra
CQL3 and Data Modeling 101 with Apache CassandraCQL3 and Data Modeling 101 with Apache Cassandra
CQL3 and Data Modeling 101 with Apache CassandraChris McEniry
 

More from Chris McEniry (8)

On the Edge Systems Administration with Golang
On the Edge Systems Administration with GolangOn the Edge Systems Administration with Golang
On the Edge Systems Administration with Golang
 
LISA2017 Kubernetes: Hit the Ground Running
LISA2017 Kubernetes: Hit the Ground RunningLISA2017 Kubernetes: Hit the Ground Running
LISA2017 Kubernetes: Hit the Ground Running
 
LISA2017 Big Three Cloud Networking
LISA2017 Big Three Cloud NetworkingLISA2017 Big Three Cloud Networking
LISA2017 Big Three Cloud Networking
 
Go for SysAdmins - LISA 2015
Go for SysAdmins - LISA 2015Go for SysAdmins - LISA 2015
Go for SysAdmins - LISA 2015
 
OSCON2014 : Quick Introduction to System Tools Programming with Go
OSCON2014 : Quick Introduction to System Tools Programming with GoOSCON2014 : Quick Introduction to System Tools Programming with Go
OSCON2014 : Quick Introduction to System Tools Programming with Go
 
Intro to linux performance analysis
Intro to linux performance analysisIntro to linux performance analysis
Intro to linux performance analysis
 
Value streammapping cascadiait2014-mceniry
Value streammapping cascadiait2014-mceniryValue streammapping cascadiait2014-mceniry
Value streammapping cascadiait2014-mceniry
 
CQL3 and Data Modeling 101 with Apache Cassandra
CQL3 and Data Modeling 101 with Apache CassandraCQL3 and Data Modeling 101 with Apache Cassandra
CQL3 and Data Modeling 101 with Apache Cassandra
 

Recently uploaded

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 

Recently uploaded (20)

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 

Evolving for Kubernetes

  • 2. Agenda • Some Items about Kubernetes • Lift and Shift • Evolving Applications for Kubernetes • Changing People/Processes for Kubernetes
  • 3. tl;dr • Be ready for change • As you evolve your processes/support, you have to provide backwards compatibility for both your infrastructure/applications and your processes • Really focus on having a stable deployment mechanism • Sort out your interaction contracts • Start small and constrained - Realize that you won't do it "right" • You will have to make application changes • You will have to change your expectations • Be ready for cutting edges • Kubernetes has very simple set of core primitives, and a lot of options to build on top • CICD • Authentication and Access Control • Resource management - forcing to use limits/requests • Avoiding mixing goals
  • 4. Perspective (Me) • I'm a platform administration. I make sure the clusters... • are available, • have resources, • connect to the rest of the infrastructure. • I run applications, but for the most part help app teams use the platform
  • 5. Survey (You) • Who's familiar with cfengine / puppet / chef / ansible / etc? • Who's familiar with current containers? • Who's familiar with Kubernetes? The object / resource model? • Who's running Kubernetes in Production (even for the smallest workload)?
  • 6. Some items about Kubernetes...
  • 7. Declarative State • Tell me what you want • Not how to do it • How to do it can change in different contexts • "LoadBalancer" is slightly different in AWS, GCP, Azure • All state stored in the API Server
  • 8. Reconciliation Loop Driven • Many specific independent actors • Controllers • Operators • Actors implement declarative state and current state • Actor can change declarative state for another actor and trigger its actions • Main ones • schduler • controller-manager • kubelet
  • 9. Network Focused • Interact with other applications over network
  • 10. Networking • Everything in the cluster is reachable to everything else • (Policy might restrict) • Magic Mappings. • L4 Load Balancer • DNS Mapping • Map from outside cluster to inside
  • 11. Resources • What are used to defined declarative state • Stored in cluster (API Server) • aka Manifests
  • 12. Container • Process • Isolation: Namespaces • Resource Management: CGroups • Restriction: Capabilities
  • 13. Pod • Collection of containers working tightly together • Unit of Scheduling • Share network stack • Can share disk mounts • Sidecar: a support container running with the application container
  • 14. Service • Logical construct representing a network resource
  • 15. ConfigMap • (Static) Configuration data stored inside the cluster • Can be exposed as environment variable(s) or files place into the container
  • 16. Higher Level Constructs • Multiple Pods all the same ==> ReplicaSet • Multiple ReplicaSets running an application (with canned rolling update mechanism) ==> Deployment • Sensitive ConfigMaps ==> Secret • Different Service Implementations ==> Ingress
  • 17. Controller -> Controller (via API Server) Kubelet Endpoint Controller RS Controller Deploy Controller Replica Set PodDeployment Service App Route
  • 18. Kubernetes is a Distributed System for Building Distributed Systems full of Independent Actors.
  • 20. Goals • Run an application inside of Kubernetes • Change the code as little as possible • Hook into the existing infrastructure as much as possible • Keep it simple - avoid state, storage, etc • Kick the tires
  • 21. Starting Point • Application Server based • Takes requests in • Talks to a Database in the Back
  • 23. Starting Point - Control • Configuration • Logs
  • 26. App Design for Kubernetes • Application Pod with Logstash Sidecar Pod • ConfigMap holding prerendered output from Chef. Mounted under conf dir • Shared mount (emptydir) for log output • Written by app • Read by logstash • Service definition to map from outside to inside
  • 32. Team Processes for Kubernetes • kubectl is the hammer • Deploy using manifests (from source control) with kubectl apply -f • Troubleshooting • kubectl logs ... • kubectl exec ...
  • 33. Lift and Shift: Success! • It worked!
  • 34. Lessons Learned • Startup time takes its time (tomcat startup) • Debugging (kube exec) • ConfigMap/Deployments only worked for one environment • Healthchecks didn't fit well in the model and worked counter to debugging steps
  • 35. Next Goals • Determine how to sustainable run applications inside of Kubernetes
  • 36. Evolving Applications for Kubernetes (Phase 2,3,4,5,6,7,8,9....)
  • 38. 1. Single Concern Principle • Do one thing (and do it well) • Separation of Concerns • Target updates • Minimize (vertical) image sprawl
  • 39. 2. Image Immutability Principle • Image is a delivery artifact with all of the properties that that should have • "Build once, deploy everywhere" • Don't layer configuration on as part of image (unless you're putting *all* foreseeable configuration possibilities in there)
  • 40. 3. Self-Containment Principle • Extension of Image Immutability • On deployment, layer in instance unique items (config, data) • This uniqueness layer should be specific to this instance
  • 41. 4. Runtime Confinement Principle • Get an understanding of your resource requirements • And use them! (helps with scheduling) • Without them ==> • Unintentional, uninformed oversubscription • Roving micro-oversubscription hotspots
  • 42. 5. Process Disposability Principle • Processes are ephemeral • Before ready for them to not be there • This will happen often (every change)
  • 43. Containers (by themselves) are half suited for Kubernetes • Kubernetes builds on containers • If you have been following container modeling, that translates directly
  • 44. Kubernetes Cluster Ecosystem • Application process interacts with the cluster
  • 45. 6. Life-Cycle Conformance Principle • Figure out your timings (shutdown cleanly, startup)
  • 46. 7. High Observability Principle • Change in behaviors • Biggest change in thinking • Forced thinking of items like health checks and monit et al • Add to Disposability Principle - have to be able to debug quickly, over the network, and with remaining forensics
  • 48. Be Ready for Change • Changed Deployment Strategy • Single manifests -> Helm Charts • Changed Helm Chart Structure 5 Times • Changed Logging Infrastructure 3 Times • BE VERY CAREFUL IN WHAT YOU STOP SUPPORTING
  • 49. Contracts • Describe what each side/component of processes will provide and accept • Helps to define • What can be changed without impacting others • What needs to be talked about before changing
  • 50. Kubernetes Cluster Kubernetes Team App Team / User -Receives App Definition +Define App Definition (name, resource count, users) -Receives namespace, RBAC +Defines namespace, RBAC -Trusts central auth +Logs in via central auth -Allows access to granted resources +Accesses namespace App Team Onboarding to Cluster
  • 51. App (Pod) Kubernetes Cluster Monitoring App Team / User +Logs to STDOUT -Receives from STDOUT +Transmits to Logging Bus -Receives on Logging Bus +JSON Structured Log Format -Handles JSON Format +Indexes in Search Tool -Search in Search Tool +Infrastructure enrichments: pod, cluster, container host, environment, datacenter -Search by infrastructure information Logging Contract
  • 52. Be Comfortable with Being Uncomfortable • A lot of this technology is new/recent • A lot of simple implementations (first pass) • A lot of undiscovered bugs • "Best practices" are highly localized
  • 53. Simplified Primitives • Deployments • All at once (destroy + build) • Rolling • Load Balancing • Only equal weight round robin (be it via L4 forwarding, or DNS) • What's Layer7?
  • 54. Common App Team Concerns • How do I get onboarded? • How does my application have to interact with the system? • How do I run my application? • How do I troubleshoot my application? • How does it all work?!!?!?!
  • 55. How do I run my application? • Build an Application Template • Dockerfile • Helm Chart • Jenkinsfile • Extend with organizational specific functions • Partial Deploy functions • Incorporate environment values
  • 57. How does it all work?!?!?!?! • Boot camps
  • 60. New Application Model • Jar App (faster start up) • zmetrics port (separate from client interface) • Prometheus scrapes metrics • Readiness/liveness probes • Logs to STDOUT
  • 61. New Deployment Model • CICD Driven • Standard format for repository • Dockerfile, Chart --> artifacts • Environment specific values • Multiproject pipeline pushes to multiple environments with approval gates • Automatic canary deploy, sanity check, then full deploy
  • 63. • If you change too quickly, you will be in for a world of hurt • Different ways to deploy • Different Kubernetes versions (v1alpha1, v1beta1, v1) • You can't please everyone • Tradeoffs • Training - bootcamps and walking people through... • Examples examples examples - easy to copy (cargo culting)
  • 64. Health Checks • Liveliness probe: If this fails, Kubernetes will restart the container. • Readiness probe: If this fails, Kubernetes will take the pod out of the service pool. • If an app is bad, I should stop sending traffic to it and recover it, right? ==> Ok to set these to the same thing. https://cloud.google.com/kubernetes-engine/kubernetes-comic/
  • 65. "We DDOSed Ourselves!!!" • On startup, application can be ready • Gets flooded with traffic • Kube restarts because liveness failed as well • Quick fix: Removed liveness • Real fix: • Run liveness and readiness on a different port/ connection threadpool/etc • Know they mean different items
  • 66. • Prometheusbeat has limited support • Security scanning checkbox • Type:LoadBalancer Services (and anything built off them) get a permit * ICMP Destination Unreachable (Type 3) - runs afoul of security policies • Provide helper tools to setup configuration • Login ==> can also gather cluster information like certificates and endpoints
  • 67. Q? Obligatory - we're hiring... Maybe Answers...