Is advanced scheduling in Kubernetes achievable? Yes, however, how do you properly accommodate every real-life scenario that a Kubernetes user might encounter? How do you leverage advanced scheduling techniques to shape and describe each scenario in easy-to-use rules and configurations?
Oleg Chunikhin addressed those questions and demonstrated techniques for implementing advanced scheduling. For example, using spot instances and cost-effective resources on AWS, coupled with the ability to deliver a minimum set of functionalities that cover the majority of needs – without configuration complexity. You’ll get a run-down of the pitfalls and things to keep in mind for this route.
Kubernetes pods / container scheduling 201 - pod and node affinity and anti-affinity, node selectors, taints and tolerations, persistent volumes constraints, scheduler configuration and custom scheduler development and more.
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this meetup Oleg Chunikhin, CTO at Kublr, described best practices for “configuration as code” in a Kubernetes environment. He demonstrated how a properly constructed containerized app can be deployed to both Amazon and Azure using the Kublr platform, and how Kubernetes objects, such as persistent volumes, ingress rules and services, can be used to abstract from the infrastructure.
Centralizing Kubernetes and Container OperationsKublr
While developers see and realize the benefits of Kubernetes, how it improves efficiencies, saves time, and enables focus on the unique business requirements of each project; InfoSec, infrastructure, and software operations teams still face challenges when managing a new set of tools and technologies, and integrating them into an existing enterprise infrastructure.
These meetup slides go over what’s needed for a general architecture of a centralized Kubernetes operations layer based on open source components such as Prometheus, Grafana, ELK Stack, Keycloak, etc., and how to set up reliable clusters and multi-master configuration without a load balancer. It also outlines how these components should be combined into an operations-friendly enterprise Kubernetes management platform with centralized monitoring and log collection, identity and access management, backup and disaster recovery, and infrastructure management capabilities. This presentation will show real-world open source projects use cases to implement an ops-friendly environment.
Check out this and more webinars in our BrightTalk channel: https://goo.gl/QPE5rZ
Self-healing does not equal self-healing. There are multiple layers
to it, whether a self-healing infrastructure, cluster, pods, or Kubernetes. Kubernetes itself ensures self-healing pods. But how do you ensure your applications, whose reliability depends on every single layer, are truly reliable?
In this presentation we discuss aspects of reliability and self-healing in the different layers of a comprehensive container management stack; what Kubernetes does and doesn't do (at least not by default), and what you should look out for to ensure true reliable applications.
From a skunk-works project to running the entire enterprise
While developers see and realize the benefits of Kubernetes, how it improves efficiencies, saves time, and enables focus on the unique business requirements of each project; InfoSec, infrastructure, and software operations teams still face challenges when managing a new set of tools and technologies, and integrating them into an existing enterprise infrastructure.
In this meetup, Chris, CTO at Tigera, and Oleg, CTO at Kublr, discussed the evolution of your Kubernetes cluster - from a skunk-works project to running the entire enterprise.
Building Portable Applications with KubernetesKublr
Containers and Kubernetes enable code portability across on-premise VMs, bare metal, or multiple clouds. However, many developers may include configuration and application definitions that constrain or even eliminate application portability.
We'll outline best practices for “configuration as code” in a Kubernetes environment. He'll demonstrate how a properly constructed containerized app can be deployed to both Amazon and Azure using the Kublr platform, and how Kubernetes objects, such as persistent volumes, ingress rules, and services, can be leveraged to abstract from the infrastructure.
Network services on Kubernetes on premiseHans Duedal
Deep dive into Kubernetes Networking and presentation of a usecase of running network services like DNS on a bare metal Kubernetes cluster for a major Danish e-sport event.
Kubernetes in Highly Restrictive EnvironmentsKublr
Installing Kubernetes is easy. Ensuring it complies with your organization’s enterprise governance and security requirements isn’t.
How do you use the technologies while meeting enterprise security requirements? We'll summarize common prerequisites for running Kubernetes in production, and how to leverage fine-grained controls and separation of responsibilities to meet enterprise governance and security needs.
This deck includes basic requirements for audit, security, authentication, authorization, integration with existing identity broker, logging, and monitoring. Additionally, we'll go into whether cloud-hosted Kubernetes cover these requirements, how to integrate a compliant Kubernetes installation with their existing cloud infrastructure and how to handle cross-team communication (network/compute/storage/security).
Since on-premise Kubernetes deployments have their challenges, limitations of a bare-metal installation, interactions with vSphere’s API, achieving HA, reliability and disaster recovery, as well as handling OS upgrades, security patches, and Kubernetes upgrades are also considered.
Kubernetes pods / container scheduling 201 - pod and node affinity and anti-affinity, node selectors, taints and tolerations, persistent volumes constraints, scheduler configuration and custom scheduler development and more.
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this meetup Oleg Chunikhin, CTO at Kublr, described best practices for “configuration as code” in a Kubernetes environment. He demonstrated how a properly constructed containerized app can be deployed to both Amazon and Azure using the Kublr platform, and how Kubernetes objects, such as persistent volumes, ingress rules and services, can be used to abstract from the infrastructure.
Centralizing Kubernetes and Container OperationsKublr
While developers see and realize the benefits of Kubernetes, how it improves efficiencies, saves time, and enables focus on the unique business requirements of each project; InfoSec, infrastructure, and software operations teams still face challenges when managing a new set of tools and technologies, and integrating them into an existing enterprise infrastructure.
These meetup slides go over what’s needed for a general architecture of a centralized Kubernetes operations layer based on open source components such as Prometheus, Grafana, ELK Stack, Keycloak, etc., and how to set up reliable clusters and multi-master configuration without a load balancer. It also outlines how these components should be combined into an operations-friendly enterprise Kubernetes management platform with centralized monitoring and log collection, identity and access management, backup and disaster recovery, and infrastructure management capabilities. This presentation will show real-world open source projects use cases to implement an ops-friendly environment.
Check out this and more webinars in our BrightTalk channel: https://goo.gl/QPE5rZ
Self-healing does not equal self-healing. There are multiple layers
to it, whether a self-healing infrastructure, cluster, pods, or Kubernetes. Kubernetes itself ensures self-healing pods. But how do you ensure your applications, whose reliability depends on every single layer, are truly reliable?
In this presentation we discuss aspects of reliability and self-healing in the different layers of a comprehensive container management stack; what Kubernetes does and doesn't do (at least not by default), and what you should look out for to ensure true reliable applications.
From a skunk-works project to running the entire enterprise
While developers see and realize the benefits of Kubernetes, how it improves efficiencies, saves time, and enables focus on the unique business requirements of each project; InfoSec, infrastructure, and software operations teams still face challenges when managing a new set of tools and technologies, and integrating them into an existing enterprise infrastructure.
In this meetup, Chris, CTO at Tigera, and Oleg, CTO at Kublr, discussed the evolution of your Kubernetes cluster - from a skunk-works project to running the entire enterprise.
Building Portable Applications with KubernetesKublr
Containers and Kubernetes enable code portability across on-premise VMs, bare metal, or multiple clouds. However, many developers may include configuration and application definitions that constrain or even eliminate application portability.
We'll outline best practices for “configuration as code” in a Kubernetes environment. He'll demonstrate how a properly constructed containerized app can be deployed to both Amazon and Azure using the Kublr platform, and how Kubernetes objects, such as persistent volumes, ingress rules, and services, can be leveraged to abstract from the infrastructure.
Network services on Kubernetes on premiseHans Duedal
Deep dive into Kubernetes Networking and presentation of a usecase of running network services like DNS on a bare metal Kubernetes cluster for a major Danish e-sport event.
Kubernetes in Highly Restrictive EnvironmentsKublr
Installing Kubernetes is easy. Ensuring it complies with your organization’s enterprise governance and security requirements isn’t.
How do you use the technologies while meeting enterprise security requirements? We'll summarize common prerequisites for running Kubernetes in production, and how to leverage fine-grained controls and separation of responsibilities to meet enterprise governance and security needs.
This deck includes basic requirements for audit, security, authentication, authorization, integration with existing identity broker, logging, and monitoring. Additionally, we'll go into whether cloud-hosted Kubernetes cover these requirements, how to integrate a compliant Kubernetes installation with their existing cloud infrastructure and how to handle cross-team communication (network/compute/storage/security).
Since on-premise Kubernetes deployments have their challenges, limitations of a bare-metal installation, interactions with vSphere’s API, achieving HA, reliability and disaster recovery, as well as handling OS upgrades, security patches, and Kubernetes upgrades are also considered.
Enabling support for data processing, data analytics, and machine learning workloads in Kubernetes has been one of the goals of the open source community. During this online meetup we discussed the growing use of Kubernetes for data science and machine learning workloads. We examined how new Kubernetes extensibility features such as custom resources and custom controllers are used for applications and frameworks integration. Apache Spark 2.3.’s native support is the latest indication of this growing trend. We demoed a few examples of data science workloads running on Kubernetes clusters setup by our Kublr platform
While developers see and realize the benefits of Kubernetes, how it improves efficiencies, saves time, and enables focus on the unique business requirements of each project; InfoSec, infrastructure, and software operations teams still face challenges when managing a new set of tools and technologies, and integrating them into existing enterprise infrastructure. This is especially true for environments where security and governance requirements are so strict as to come into conflict with the cloud-native reference architectures.
This deck will outline a plan that leverages Kubernetes as an infrastructure abstraction (hint: there is a lot more to it than just container orchestration!). Such an approach allows enterprises to untie themselves from infrastructure provider-specific technology stack and free development to use whichever tool fits their use case best. But how do you implement open source cloud-native technologies while meeting enterprise security and governance requirements? We’ll summarize common prerequisites for running Kubernetes in production, and how to leverage fine-grained controls and separation of responsibilities to meet enterprise governance and security needs; what’s needed for a general architecture of a centralized Kubernetes operations layer based on open source components such as Prometheus, Grafana, ELK Stack, Keycloak, etc.
Kubernetes intro public - kubernetes user group 4-21-2015reallavalamp
Kubernetes Introduction - talk given by Daniel Smith at Kubenetes User Group meetup #2 in Mountain View on 4/21/2015.
Explains the basic concepts and principles of the Kubernetes container orchestration system.
Learn from the dozens of large-scale deployments how to get the most out of your Kubernetes environment:
- Container images optimization
- Organizing namespaces
- Readiness and Liveness probes
- Resource requests and limits
- Failing with grace
- Mapping external services
- Upgrading clusters with zero downtime
Sf bay area Kubernetes meetup dec8 2016 - deployment modelsPeter Ss
I talk about deploying complex, multi-layer applications in Kuberentes.
I describe how Kubernetes AppController project (https://github.com/Mirantis/k8s-AppController) can be leveraged to enhance such deployments
Kubernetes was originally targeted for running large scale web applications.
I/O intensive workload represents a class of high-end applications such as network services, trading applications, database services that require high-speed access to hardware resources and often users specific hardware or CPU features to maximize their performance.
A basic introduction to Kubernetes. Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications.
MongoDB.local DC 2018: MongoDB Ops Manager + KubernetesMongoDB
MongoDB Ops Manager is an enterprise-grade end-to-end database management, monitoring, and backup solution. Kubernetes has clearly won the orchestration-platform "wars". In this session we'll take a deep dive on how you can leverage both these technologies to host your MongoDB deployments within your Kubernetes infrastructure whether that's OpenShift, PKS, Azure AKS, or just upstream. This talk will review the core technologies, such as containers, Kubernetes, and MongoDB Ops Manager. You'll also have a chance to see real-live demos of MongoDB running on Kubernetes and managed with MongoDB Ops Manager with the MongoDB Enterprise Kubernetes Operator.
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...Josef Adersberger
Running applications on Kubernetes can provide a lot of benefits: more dev speed, lower ops costs, and a higher elasticity & resiliency in production. Kubernetes is the place to be for cloud native apps. But what to do if you’ve no shiny new cloud native apps but a whole bunch of JEE legacy systems? No chance to leverage the advantages of Kubernetes? Yes you can!
We’re facing the challenge of migrating hundreds of JEE legacy applications of a major German insurance company onto a Kubernetes cluster within one year. We're now close to the finish line and it worked pretty well so far.
The talk will be about the lessons we've learned - the best practices and pitfalls we've discovered along our way. We'll provide our answers to life, the universe and a cloud native journey like:
- What technical constraints of Kubernetes can be obstacles for applications and how to tackle these?
- How to architect a landscape of hundreds of containerized applications with their surrounding infrastructure like DBs MQs and IAM and heavy requirements on security?
- How to industrialize and govern the migration process?
- How to leverage the possibilities of a cloud native platform like Kubernetes without challenging the tight timeline?
Fully Automated Kubernetes Deployment and Management (Peng Jiang, Rancher Labs) - Kubernetes is rapidly gaining popularity as a powerful container orchestration and scheduling platform. But deploying and managing Kubernetes clusters is still a challenge for many organizations.How to ensure Kubernetes clusters in different clouds and data centers can communicate with each other? How to automate the deployment of multiple Kubernetes clusters? How to incorporate the new Kubernetes Federation into multi cloud and multi datacenter deployments? How to manage the health of Kubernetes cluster itself? etc.
In this talk, Peng will share his experience on how to automate and simplify Kubernetes deployments, and discuss how some of the latest community projects (such as kubeadm and self-hosting Kubernetes) will help address the problems in the future.
Cloud Native Night, January 2018, Munich: Workshop led by Jörg Schad (@joerg_schad, Technical Lead Community Projects at Mesosphere)
Join our Meetup: https://www.meetup.com/de-DE/cloud-native-muc
PLEASE NOTE: During this workshop, Jörg showed many demos and the audience could participate on their laptops. Unfortunately, we can't provide these demos. Nevertheless, Jörg's slides give a deep dive into the topic.
ABSTRACT: Kubernetes has been one of the topics in 2017 and will probably remain so in 2018. In this hands-on technical workshop you will learn how best to deploy, operate, and scale Kubernetes clusters from one to hundreds of nodes using DC/OS. You will learn how to integrate and run Kubernetes alongside traditional applications and fast data services of your choice (e.g. Apache Cassandra, Apache Kafka, Apache Spark, TensorFlow, and more) on any infrastructure.
This workshop best suits operators focussed on keeping their apps and services up and running in production and developers focussed on quickly delivering internal and customer facing apps into production.
You will learn how to:
- Introduction to Kubernetes and DC/OS (including the differences between both)
- Deploy Kubernetes on DC/OS in a secure, highly available, and fault-tolerant manner
- Solve operational challenges of running a large/multiple Kubernetes cluster
- One-click deploy big data stateful and stateless services alongside a Kubernetes cluster
The Operator Pattern - Managing Stateful Services in KubernetesQAware GmbH
Cloud Native Night, January 2018, Mainz: Talk by Jakob Karalus (@krallistic, IT Consultant at codecentric)
Join our Meetup: https://www.meetup.com/de-DE/Cloud-Native-Night
Abstract: While it's easy to deploy stateless application with Kubernetes, it's harder for stateful software. Since applications often require custom functionality that Kubernetes can't provide, developers want to add more specialized patterns like automatic backups, failover or rebalancing to their Kubernetes deployments. In this talk, we will look at the Operator Pattern and other possibilities to extend the functionality of Kubernetes and how to use them to operate stateful applications.
In any Cloud Native architecture there’s a seemingly endless stream of events that happen at each layer. These events can be used to detect abnormal activity and possible security incidents, as well as providing an audit trail of activity.
In this talk we’ll cover how we extended Falco to ingest events beyond just host system calls, such as Kubernetes audit events or even application level events. We will also show how to create Falco rules to detect behaviors in these new event streams. We show how we implemented Kubernetes audit events in Falco, and how to configure the event stream.
Enabling support for data processing, data analytics, and machine learning workloads in Kubernetes has been one of the goals of the open source community. During this online meetup we discussed the growing use of Kubernetes for data science and machine learning workloads. We examined how new Kubernetes extensibility features such as custom resources and custom controllers are used for applications and frameworks integration. Apache Spark 2.3.’s native support is the latest indication of this growing trend. We demoed a few examples of data science workloads running on Kubernetes clusters setup by our Kublr platform
While developers see and realize the benefits of Kubernetes, how it improves efficiencies, saves time, and enables focus on the unique business requirements of each project; InfoSec, infrastructure, and software operations teams still face challenges when managing a new set of tools and technologies, and integrating them into existing enterprise infrastructure. This is especially true for environments where security and governance requirements are so strict as to come into conflict with the cloud-native reference architectures.
This deck will outline a plan that leverages Kubernetes as an infrastructure abstraction (hint: there is a lot more to it than just container orchestration!). Such an approach allows enterprises to untie themselves from infrastructure provider-specific technology stack and free development to use whichever tool fits their use case best. But how do you implement open source cloud-native technologies while meeting enterprise security and governance requirements? We’ll summarize common prerequisites for running Kubernetes in production, and how to leverage fine-grained controls and separation of responsibilities to meet enterprise governance and security needs; what’s needed for a general architecture of a centralized Kubernetes operations layer based on open source components such as Prometheus, Grafana, ELK Stack, Keycloak, etc.
Kubernetes intro public - kubernetes user group 4-21-2015reallavalamp
Kubernetes Introduction - talk given by Daniel Smith at Kubenetes User Group meetup #2 in Mountain View on 4/21/2015.
Explains the basic concepts and principles of the Kubernetes container orchestration system.
Learn from the dozens of large-scale deployments how to get the most out of your Kubernetes environment:
- Container images optimization
- Organizing namespaces
- Readiness and Liveness probes
- Resource requests and limits
- Failing with grace
- Mapping external services
- Upgrading clusters with zero downtime
Sf bay area Kubernetes meetup dec8 2016 - deployment modelsPeter Ss
I talk about deploying complex, multi-layer applications in Kuberentes.
I describe how Kubernetes AppController project (https://github.com/Mirantis/k8s-AppController) can be leveraged to enhance such deployments
Kubernetes was originally targeted for running large scale web applications.
I/O intensive workload represents a class of high-end applications such as network services, trading applications, database services that require high-speed access to hardware resources and often users specific hardware or CPU features to maximize their performance.
A basic introduction to Kubernetes. Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications.
MongoDB.local DC 2018: MongoDB Ops Manager + KubernetesMongoDB
MongoDB Ops Manager is an enterprise-grade end-to-end database management, monitoring, and backup solution. Kubernetes has clearly won the orchestration-platform "wars". In this session we'll take a deep dive on how you can leverage both these technologies to host your MongoDB deployments within your Kubernetes infrastructure whether that's OpenShift, PKS, Azure AKS, or just upstream. This talk will review the core technologies, such as containers, Kubernetes, and MongoDB Ops Manager. You'll also have a chance to see real-live demos of MongoDB running on Kubernetes and managed with MongoDB Ops Manager with the MongoDB Enterprise Kubernetes Operator.
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...Josef Adersberger
Running applications on Kubernetes can provide a lot of benefits: more dev speed, lower ops costs, and a higher elasticity & resiliency in production. Kubernetes is the place to be for cloud native apps. But what to do if you’ve no shiny new cloud native apps but a whole bunch of JEE legacy systems? No chance to leverage the advantages of Kubernetes? Yes you can!
We’re facing the challenge of migrating hundreds of JEE legacy applications of a major German insurance company onto a Kubernetes cluster within one year. We're now close to the finish line and it worked pretty well so far.
The talk will be about the lessons we've learned - the best practices and pitfalls we've discovered along our way. We'll provide our answers to life, the universe and a cloud native journey like:
- What technical constraints of Kubernetes can be obstacles for applications and how to tackle these?
- How to architect a landscape of hundreds of containerized applications with their surrounding infrastructure like DBs MQs and IAM and heavy requirements on security?
- How to industrialize and govern the migration process?
- How to leverage the possibilities of a cloud native platform like Kubernetes without challenging the tight timeline?
Fully Automated Kubernetes Deployment and Management (Peng Jiang, Rancher Labs) - Kubernetes is rapidly gaining popularity as a powerful container orchestration and scheduling platform. But deploying and managing Kubernetes clusters is still a challenge for many organizations.How to ensure Kubernetes clusters in different clouds and data centers can communicate with each other? How to automate the deployment of multiple Kubernetes clusters? How to incorporate the new Kubernetes Federation into multi cloud and multi datacenter deployments? How to manage the health of Kubernetes cluster itself? etc.
In this talk, Peng will share his experience on how to automate and simplify Kubernetes deployments, and discuss how some of the latest community projects (such as kubeadm and self-hosting Kubernetes) will help address the problems in the future.
Cloud Native Night, January 2018, Munich: Workshop led by Jörg Schad (@joerg_schad, Technical Lead Community Projects at Mesosphere)
Join our Meetup: https://www.meetup.com/de-DE/cloud-native-muc
PLEASE NOTE: During this workshop, Jörg showed many demos and the audience could participate on their laptops. Unfortunately, we can't provide these demos. Nevertheless, Jörg's slides give a deep dive into the topic.
ABSTRACT: Kubernetes has been one of the topics in 2017 and will probably remain so in 2018. In this hands-on technical workshop you will learn how best to deploy, operate, and scale Kubernetes clusters from one to hundreds of nodes using DC/OS. You will learn how to integrate and run Kubernetes alongside traditional applications and fast data services of your choice (e.g. Apache Cassandra, Apache Kafka, Apache Spark, TensorFlow, and more) on any infrastructure.
This workshop best suits operators focussed on keeping their apps and services up and running in production and developers focussed on quickly delivering internal and customer facing apps into production.
You will learn how to:
- Introduction to Kubernetes and DC/OS (including the differences between both)
- Deploy Kubernetes on DC/OS in a secure, highly available, and fault-tolerant manner
- Solve operational challenges of running a large/multiple Kubernetes cluster
- One-click deploy big data stateful and stateless services alongside a Kubernetes cluster
The Operator Pattern - Managing Stateful Services in KubernetesQAware GmbH
Cloud Native Night, January 2018, Mainz: Talk by Jakob Karalus (@krallistic, IT Consultant at codecentric)
Join our Meetup: https://www.meetup.com/de-DE/Cloud-Native-Night
Abstract: While it's easy to deploy stateless application with Kubernetes, it's harder for stateful software. Since applications often require custom functionality that Kubernetes can't provide, developers want to add more specialized patterns like automatic backups, failover or rebalancing to their Kubernetes deployments. In this talk, we will look at the Operator Pattern and other possibilities to extend the functionality of Kubernetes and how to use them to operate stateful applications.
In any Cloud Native architecture there’s a seemingly endless stream of events that happen at each layer. These events can be used to detect abnormal activity and possible security incidents, as well as providing an audit trail of activity.
In this talk we’ll cover how we extended Falco to ingest events beyond just host system calls, such as Kubernetes audit events or even application level events. We will also show how to create Falco rules to detect behaviors in these new event streams. We show how we implemented Kubernetes audit events in Falco, and how to configure the event stream.
These slides were used during a technical session for the Cloud-Native El Salvador community. It covers the basic Kubernetes components, some installers and main Kubernetes resources. For the demo, it was used the capabilites provided by the Horizontal Pod Autoscaler.
Kubernetes @ Squarespace: Kubernetes in the DatacenterKevin Lynch
This talk was presented at SRE NYC Meetup on August 16, 2017 at Squarespace HQ.
https://www.youtube.com/watch?v=UJ1QAKprVr4
As the engineering teams at Squarespace grow, we have been building more and more microservices. However, this has added operational strain as we try to shoehorn a growing, complex dynamic environment into our static data center infrastructure. We needed to rethink how we handle deployments, dependency management, resource allocation, monitoring, and alerting. Docker containerization and Kubernetes orchestration helps us tackle many of these problems, but the journey has been challenging. In this talk, we’ll discuss the challenges of running Kubernetes in a datacenter and how we switched to a more SLA-focused alert structure than per instance health with Prometheus and AlertManager.
Market overview of Docker orchestrators. A detailed architecture's comparison of Kubernetes and Docker Swarm, including benefits and issues. Which orchestrator works better for microservice and highly available applications?
An overview of Cassandra drivers for Java, Ruby, Python with tips and tricks for getting the most performance from Cassandra. Tune your application for low latency or high throughput.
Kubernetes currently has two load balancing mode: userspace and IPTables. They both have limitation on scalability and performance. We introduced IPVS as third kube-proxy mode which scales kubernetes load balancer to support 50,000 services. Beyond that, control plane needs to be optimized in order to deploy 50,000 services. We will introduce alternative solutions and our prototypes with detailed performance data.
CloudZone's Meetup at Google offices, 20.08.2018
Covering Google Cloud Platform Kubernetes Engine in Depth, including networking, compute, storage, monitoring & logging
SFBigAnalytics_20190724: Monitor kafka like a ProChester Chen
Kafka operators need to provide guarantees to the business that Kafka is working properly and delivering data in real time, and they need to identify and triage problems so they can solve them before end users notice them. This elevates the importance of Kafka monitoring from a nice-to-have to an operational necessity. In this talk, Kafka operations experts Xavier Léauté and Gwen Shapira share their best practices for monitoring Kafka and the streams of events flowing through it. How to detect duplicates, catch buggy clients, and triage performance issues – in short, how to keep the business’s central nervous system healthy and humming along, all like a Kafka pro.
Speakers: Gwen Shapira, Xavier Leaute (Confluence)
Gwen is a software engineer at Confluent working on core Apache Kafka. She has 15 years of experience working with code and customers to build scalable data architectures. She currently specializes in building real-time reliable data processing pipelines using Apache Kafka. Gwen is an author of “Kafka - the Definitive Guide”, "Hadoop Application Architectures", and a frequent presenter at industry conferences. Gwen is also a committer on the Apache Kafka and Apache Sqoop projects.
Xavier Leaute is One of the first engineers to Confluent team, Xavier is responsible for analytics infrastructure, including real-time analytics in KafkaStreams. He was previously a quantitative researcher at BlackRock. Prior to that, he held various research and analytics roles at Barclays Global Investors and MSCI.
Kafka is a high-throughput, fault-tolerant, scalable platform for building high-volume near-real-time data pipelines. This presentation is about tuning Kafka pipelines for high-performance.
Select configuration parameters and deployment topologies essential to achieve higher throughput and low latency across the pipeline are discussed. Lessons learned in troubleshooting and optimizing a truly global data pipeline that replicates 100GB data under 25 minutes is discussed.
Similar to Implement Advanced Scheduling Techniques in Kubernetes (20)
Container runtime and tooling has matured since Docker brought it to the mainstream a decade ago. There are multiple options for building and running containers available to the developers and system administrators. Oleg Chunikhin, CTO at Kublr, will provide a review and analysis of the popular options.
Container runtime and tooling has matured since Docker brought it to the mainstream a decade ago. There are multiple options for building and running containers available to the developers and system administrators. Oleg Chunikhin, CTO at Kublr, will provide a review and analysis of the popular options.
Kubernetes in Hybrid Environments with SubmarinerKublr
Submariner enables direct networking between Pods and Services in different Kubernetes clusters, either on-premises or in the cloud.
As Kubernetes gains adoption, teams are finding they must deploy and manage multiple clusters to facilitate features like geo-redundancy, scale, and fault isolation for their applications. With Submariner, your applications and services can span multiple cloud providers, data centers, and regions.
Submariner is completely open source, and designed to be network plugin (CNI) agnostic.
Submariner Provides: cross-cluster L3 connectivity using encrypted VPN tunnels; service Discovery across clusters; subctl, a friendly deployment tool; support for interconnecting clusters with overlapping CIDRs
Rook turns distributed storage systems into self-managing, self-scaling, self-healing storage services. It automates the tasks of a storage administrator: deployment, bootstrapping, configuration, provisioning, scaling, upgrading, migration, disaster recovery, monitoring, and resource management.
Rook uses the power of the Kubernetes platform to deliver its services via a Kubernetes Operator for each storage provider.
Oleg Chunikhin, Co-Founder and CTO @ Kublr.com, will present an introduction to storage management on k8s using Rook and Ceph.
Hybrid architecture solutions with kubernetes and the cloud native stackKublr
This presentation provides an overview of how Kubernetes capabilities can be used to simplify use of hybrid infrastructure rather than complicate it. It covers the general challenges posed by hybrid multi-site architectures, including provisioning and operations, ingress traffic management, network connectivity, and distributed data management. The presentation reviews using AWS and Azure as examples how each of these challenges can be addressed with Kubernetes and various Kubernetes controllers used as an infrastructure abstraction layer.
An application path to production does not end with a deployment, even if you are using Kubernetes (K8s) as your application deployment platform. Reliable BCDR (backup and disaster recovery) plan and framework is a must for any production-ready system.
This presentation accompanies meetups and webinars in which Oleg Chunikhin, CTO at Kublr, shows how Velero BCDR framework works and demonstrates how it can be used to backup and recover realistic applications running on Kubernetes in different clouds and environments.
What is covered:
- general notions of Kubernetes applications BCDR
- Velero BCDR framework
- demo Velero BCDR for stateful applications running on AWS and Azure clouds
- demo Velero BCDR using Strimzi / Kafka cluster and ArgoCD CI/CD manager as example application
Kubernetes (K8s) is a powerful, flexible and portable open source framework for distributed containerized applications delivery and management. An important part of the services provided by most Kubernetes clusters is the containers’ networking stack. In most cases and for many applications it “just works”, but this seeming simplicity is backed by a complex stack of technologies that provide many capabilities beyond the basics.
This presentation accompanies the meetup and webinar where Oleg Chunikhin, CTO at Kublr, shows how Kubernetes networking stack works, describes main components, interfaces and extensibility options.
What is covered:
- general notions of Kubernetes networking - Pods and Network Policies
- implementation of Kubernetes networking - CNI, CNI plugins, and Linux network namespaces
- some Kubernetes CNI providers: Calico, Weave, Flanel, and Canal
- K8S networking extensibility for advanced and “exotic” use-cases with Multus CNI plugin as an example
This presentation explains the basics of Kubernetes ingress traffic management functionality, and how it can be used to simplify managing applications across different environments - in the cloud or on premise.
In this meetup, Oleg, CTO at Kublr, walks you through the basics of K8s persistence management functionality and how it can be used to simplify managing persistent applications across different environments - in the cloud or on premise. Oleg will use a demo environment with clusters in different clouds to show K8s persistence in practice.
We will cover:
• Persistent data abstractions in K8s: persistent volumes (PV) and their attributes
• PV specifics in different clouds
• Using PV in K8s: persistent volume claims (PVC) and storage classes (SC)
• Automatic volume provisioning
• Persistence and scheduling interrelationships
• Practical examples
Kubernetes (K8s) is a powerful and flexible open source container orchestration system. The power of K8s comes from its modularity and simplicity of basic concepts. Each of these basic concepts build on the other and, from the most basic elements to more advanced ones, each is responsible for its own well-defined logic and behavior.
Portable CI/CD Environment as Code with Kubernetes, Kublr and JenkinsKublr
How to establish Kubernetes as your infrastructure for a truly cloud native environment for optimal productivity and cost.
Using Kublr for infrastructure as code approach for fast, reliable and inexpensive production-ready DevOps environment setup bringing together a combination of technologies - Kubernetes; AWS Mixed Instance Policies, Spot Instances and availability zones; AWS EFS; Nexus and Jenkins.
Best practices based on open source tools such as Nexus and Jenkins.
How to tackle build process dilemmas and difficulties including managing dependencies, hermetic builds and build scripts.
Kubernetes 101: Intro to Kubernetes namespaces, workloads, and architecture
In this webinar Oleg, CTO at Kublr, will explain the basics of Kubernetes, a powerful and flexible
open-source container orchestration system: what it is, how it works, and the main entities
Kubernetes users work with.
Containers are taking over the IT world, and while building and running them locally is simple,
running them in production on a distributed infrastructure is much more involved.
Oleg will show how Kubernetes can help orchestrating containers across multiple compute
nodes and clouds.
We will cover:
- distributed container orchestration
- architecture of Kubernetes clusters
- important Kubernetes objects: namespaces, pods, services
- overview controllers: deployment, daemonset, stateful set
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)Kublr
In a microservices world, applications consist of dozens, hundreds, or even thousands of components. Manually deploying and verifying deployment quality in production is virtually impossible. Kubernetes, which natively supports rolling updates, enables blue-green application deployments with Spinnaker. However, the gradual rollout is a feature that doesn’t come out-of-the-box but can be achieved by adding Istio and Prometheus to the equation.
During this meetup, Slava will discuss canary release implementations on Kubernetes with Spinnaker, Istio, and Prometheus. He’ll examine the role of each tool in the process and how they are all connected. During a demo, he will demonstrate a successful and failed canary release, and how these tools enable IT teams, to properly roll out changes to their customer base without any downtime.
How to Run Kubernetes in Restrictive EnvironmentsKublr
Meeting the Needs of Enterprise Governance and Security Installing
Kubernetes is easy. Ensuring it complies with your organization’s enterprise governance and security requirements isn’t.
During this webinar, Oleg will explain how to use Kubernetes while meeting enterprise requirements. In this technically-focused talk, he’ll summarize common prerequisites for running Kubernetes in production, and how to leverage fine-grained controls and separation of responsibilities to meet enterprise governance and security needs.
The presentation will include basic requirements for audit, security, authentication, authorization, integration with existing identity management, logging, and monitoring.
Because on-premise Kubernetes deployments don’t come without their challenges, Oleg will cover the limitations of a bare-metal installation, interactions with vSphere’s API, achieving HA, reliability and disaster recovery, as well as handling OS upgrades, security patches, and Kubernetes upgrades. He’ll close with a quick outlook of what’s next, including infrastructure as code, immutable infrastructure, and GitOps.
Incredibly powerful and flexible, Kubernetes role-based access control (RBAC) is an essential tool to effectively manage production clusters. Yet many Ops and DevOps engineers are still facing barriers to efficiently use it at scale. These include a steep learning curve, YAML-based configuration, lack of standardized best practices, and the general complexity of this functionality at large -- it truly can be somewhat overwhelming.
During this meetup Oleg, CTO at Kublr, will discuss Kubernetes RBAC concepts and objects. He'll explore different use cases ranging from simple permission management for in-cluster application accounts to integrations with external identity providers for SSO and enterprise user access management.
Leveraging the Kublr Platform, Oleg will demonstrate how it simplifies the management of access and RBAC rules in a cloud native environment while staying vendor-independent and compatible with any Kubernetes distribution.
How Self-Healing Nodes and Infrastructure Management Impact ReliabilityKublr
Self-healing does not equal self-healing. There are multiple layers to it, whether a self-healing infrastructure, cluster, pods, or Kubernetes. Kubernetes itself ensures self-healing pods. But how do you ensure your applications, whose reliability depends on every single layer, are truly reliable?
This presentation covers the different self-healing layers, what Kubernetes does and doesn't do (at least not by default), and what you should look out for to ensure true reliable applications. Hint: infrastructure provisioning plays a key role.
Centralizing Kubernetes Management in Restrictive EnvironmentsKublr
While developers see and realize the benefits of Kubernetes, how it improves efficiencies, saves time, and enables focus on the unique business requirements of each project; InfoSec, infrastructure, and software operations teams still face challenges when managing a new set of tools and technologies, and integrating them into existing enterprise infrastructure.
This is especially true for environments where security and governance requirements are so strict as to come into conflict with the cloud-native reference architectures.
During his presentation, Oleg will outline a plan that leverages open source cloud-native technologies while meeting enterprise security and governance requirements. He’ll summarize common prerequisites for running Kubernetes in production, and how to leverage fine-grained controls and separation of responsibilities to meet enterprise governance and security needs; what’s needed for a general architecture of a centralized Kubernetes operations layer based on open source components such as Prometheus, Grafana, ELK Stack, Keycloak, etc.
The presentation will cover basic requirements for audit, security, authentication, authorization, integration with existing identity management, logging, and monitoring. Additionally, the audience will learn whether cloud-hosted Kubernetes cover these requirements, how to integrate a compliant Kubernetes installation with their existing cloud infrastructure, the limitations of a bare-metal installation, interactions with vSphere’s API, achieving HA, reliability and disaster recovery, as well as handling OS upgrades, security patches, and Kubernetes upgrades.
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusKublr
In a microservices world, applications consist of dozens, hundreds, or even thousands of components. Manually deploying and verifying deployment quality in production is virtually impossible. Kubernetes, which natively supports rolling updates, enables blue-green application deployments with Spinnaker. However, gradual rollouts is a feature that doesn't come out-of-the-box but can be achieved by adding Istio and Prometheus to the equation.
During this meetup, Slava Koltovich, CEO of Kublr, and Oleg Atamanenko, Senior Software Architect, discussed canary release implementations on Kubernetes with Spinnaker, Istio, and Prometheus. They examined the role of each tool in the process and how they are all connected. During a demo, they demonstrated a successful and a failed canary release, and how these tools enable IT teams to properly roll out changes to their customer base without any downtime.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
3. What to Look For
• Kubernetes overview
• Scheduling algorithm
• Scheduling controls
• Advanced scheduling techniques
• Examples, use cases, and recommendations
7. Kubernetes | Nodes and Pods
Node2
Pod A-2
10.0.1.5
Cnt1
Cnt2
Node 1
Pod A-1
10.0.0.3
Cnt1
Cnt2
Pod B-1
10.0.0.8
Cnt3
8. Node 1
Kubernetes | Container Orchestration
Docker
Kubelet
K8S Master API
K8S
Scheduler(s)
Pod A
Pod B
K8S
Controller(s)
User
Node 1
Pod A
Pod B Node 2
Pod C
9. Node 1
Kubernetes | Container Orchestration
Docker
Kubelet
K8S Master API
K8S
Scheduler(s)
K8S
Controller(s)
User
It all starts empty
10. Node 1
Kubernetes | Container Orchestration
Docker
Kubelet
K8S Master API
K8S
Scheduler(s)
K8S
Controller(s)
User
Kubelet registers node
object in master
14. Node 1
Kubernetes | Container Orchestration
Docker
Kubelet
K8S Master API
K8S
Scheduler(s)
K8S
Controller(s)
User
Node 1
Node 2
…identifies the best
node to run them on…
Pod A
Pod B
Pod C
15. Node 1
Kubernetes | Container Orchestration
Docker
Kubelet
K8S Master API
K8S
Scheduler(s)
K8S
Controller(s)
User
Node 1
Node 2
…and marks the
pods as scheduled
on corresponding
nodes.
Pod A
Pod B
Pod C
16. Node 1
Kubernetes | Container Orchestration
Docker
Kubelet
K8S Master API
K8S
Scheduler(s)
K8S
Controller(s)
User
Node 1
Node 2
Kubelet notices pods
scheduled to its nodes…
Pod A
Pod B
Pod C
17. Node 1
Kubernetes | Container Orchestration
Docker
Kubelet
K8S Master API
K8S
Scheduler(s)
K8S
Controller(s)
User
Node 1
Node 2
…and starts pods’
containers.
Pod A
Pod B
Pod C
Pod A
Pod B
18. Node 1
Kubernetes | Container Orchestration
Docker
Kubelet
K8S Master API
K8S
Scheduler(s)
K8S
Controller(s)
User
Node 1
Node 2
Scheduler finds the
best node to run pods.
HOW?
Pod A
Pod B
Pod C
Pod A
Pod B
19. Kubernetes | Scheduling Algorithm
For each pod that needs scheduling:
1. Filter nodes
2. Calculate nodes priorities
3. Schedule pod if possible
20. Kubernetes | Scheduling Algorithm
Volume filters
• Do pod requested volumes’ zones
fit the node’s zone?
• Can the node attach to the
volumes?
• Are there mounted volumes
conflicts?
• Are there additional volume
topology constraints?
Volume filters
Resource filters
Topology filters
Prioritization
21. Kubernetes | Scheduling Algorithm
Resource filters
• Does pod requested resources
(CPU, RAM GPU, etc) fit the node’s
available resources?
• Can pod requested ports be
opened on the node?
• Is there no memory or disk
pressure on the node?
Volume filters
Resource filters
Topology filters
Prioritization
22. Kubernetes | Scheduling Algorithm
Topology filters
• Is the pod requested to run on this
node?
• Are there inter-pod affinity
constraints?
• Does the node match the pod’s
node selector?
• Can the pod tolerate the node’s
taints?
Volume filters
Resource filters
Topology filters
Prioritization
23. Kubernetes | Scheduling Algorithm
Prioritize with weights for
• Pod replicas distribution
• Least (or most) node utilization
• Balanced resource usage
• Inter-pod affinity priority
• Node affinity priority
• Taint toleration priority
Volume filters
Resource filters
Topology filters
Prioritization
24. Scheduling Controlling Pods Destination
• Specify resource requirements
• Be aware of volumes
• Use node constraints
• Use affinity and anti-affinity
• Scheduler configuration
• Custom / multiple schedulers
25. Scheduling Controlled | Resources
• CPU, RAM, other (GPU)
• Requests and limits
• Reserved resources
kind: Node
status:
allocatable:
cpu: "4"
memory: 8070796Ki
pods: "110"
capacity:
cpu: "4"
memory: 8Gi
pods: "110"
kind: Pod
spec:
containers:
- name: main
resources:
requests:
cpu: 100m
memory: 1Gi
26. Scheduling Controlled | Volumes
• Request volumes in the right zones
• Make sure the node can attach
enough volumes
• Avoid volume location conflicts
• Use volume topology constraints
(alpha in 1.7)
Node 1
Pod A
Node 2 Volume 2
Pod B
Unschedulable
Zone A
Pod C
Requested
Volume
Zone B
27. Scheduling Controlled | Volumes
• Request volumes in the right zones
• Make sure the node can attach
enough volumes
• Avoid volume location conflicts
• Use volume topology constraints
(alpha in 1.7)
Node 1
Pod A
Volume 2Pod B
Pod C Requested
Volume
Volume 1
28. Scheduling Controlled | Volumes
• Request volumes in the right zones
• Make sure node can attach enough
volumes
• Avoid volume location conflicts
• Use volume topology constraints
(alpha in 1.7)
Node 1
Volume 1Pod A
Node 2
Volume 2Pod B
Pod C
29. Scheduling Controlled | Volumes
• Request volumes in the right zones
• Make sure node can attach enough
volumes
• Avoid volume location conflicts
• Use volume topology constraints
(alpha in 1.7)
annotations:
"volume.alpha.kubernetes.io/node-affinity": '{
"requiredDuringSchedulingIgnoredDuringExecution": {
"nodeSelectorTerms": [{
"matchExpressions": [{
"key": "kubernetes.io/hostname",
"operator": "In",
"values": ["docker03"]
}]
}]
}}'
30. Scheduling Controlled | Constraints
• Host constraints
• Labels and node selectors
• Taints and tolerations
Node 1Pod A
kind: Pod
spec:
nodeName: node1
kind: Node
metadata:
name: node1
31. Scheduling Controlled | Node Constraints
• Host constraints
• Labels and node selectors
• Taints and tolerations
Node 1
Pod A Node 2
Node 3
label: tier: backend
kind: Node
metadata:
labels:
tier: backend
kind: Pod
spec:
nodeSelector:
tier: backend
32. Scheduling Controlled | Node Constraints
• Host constraints
• Labels and node selectors
• Taints and tolerations
kind: Pod
spec:
tolerations:
- key: error
value: disk
operator: Equal
effect: NoExecute
tolerationSeconds: 60
kind: Node
spec:
taints:
- effect: NoSchedule
key: error
value: disk
timeAdded: null
Pod B
Node 1
tainted
Pod A
tolerate
33. Scheduling Controlled | Taints
Taints communicate
node conditions
• Key – condition category
• Value – specific condition
• Operator – value wildcard
• Equal
• Exists
• Effect
• NoSchedule – filter at scheduling time
• PreferNoSchedule – prioritize at scheduling time
• NoExecute – filter at scheduling time, evict if executing
• TolerationSeconds – time to tolerate “NoExecute” taint
kind: Pod
spec:
tolerations:
- key: <taint key>
value: <taint value>
operator: <match operator>
effect: <taint effect>
tolerationSeconds: 60
40. Scheduling Controlled | Affinity Example
affinity:
topologyKey: tier
labelSelector:
matchLabels:
group: a
Node 1
tier: a
Pod B
group: a
Node 3
tier: b
tier: a
Node 4
tier: b
tier: b
Pod B
group: a
Node 1
tier: a
48. Scheduling Controlled | Custom Scheduler
Naive implementation
• In an infinite loop:
• Get list of Nodes: /api/v1/nodes
• Get list of Pods: /api/v1/pods
• Select Pods with
status.phase == Pending and
spec.schedulerName == our-name
• For each pod:
• Calculate target Node
• Create a new Binding object: POST /api/v1/bindings
apiVersion: v1
kind: Binding
Metadata:
namespace: default
name: pod1
target:
apiVersion: v1
kind: Node
name: node1
49. Scheduling Controlled | Custom Scheduler
Better implementation
• Watch Pods: /api/v1/pods
• On each Pod event:
• Process if the Pod with
status.phase == Pending and
spec.schedulerName == our-name
• Get list of Nodes: /api/v1/nodes
• Calculate target Node
• Create a new Binding object: POST /api/v1/bindings
apiVersion: v1
kind: Binding
Metadata:
namespace: default
name: pod1
target:
apiVersion: v1
kind: Node
name: node1
50. Scheduling Controlled | Custom Scheduler
Even better implementation
• Watch Nodes: /api/v1/nodes
• On each Node event:
• Update Node cache
• Watch Pods: /api/v1/pods
• On each Pod event:
• Process if the Pod with
status.phase == Pending and
spec.schedulerName == our-name
• Calculate target Node
• Create a new Binding object: POST /api/v1/bindings
apiVersion: v1
kind: Binding
Metadata:
namespace: default
name: pod1
target:
apiVersion: v1
kind: Node
name: node1
51. Custom Scheduler | Standard Filters
• Minimal set of filters
• kube-scheduler
• Extend
• Re-implement
GitHub kubernetes/kubernetes
plugin/pkg/scheduler/scheduler.go
plugin/pkg/scheduler/algorithm/predicates/predicates.go
52. Use Case | Distributed Pods
apiVersion: v1
kind: Pod
metadata:
name: db-replica-3
labels:
component: db
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: kubernetes.io/hostname
labelSelector:
matchExpressions:
- key: component
operator: In
values: [ "db" ]
Node 2
db-replica-2
Node 1
Node 3
db-replica-1
db-replica-3
53. Use Case | Co-located Pods
apiVersion: v1
kind: Pod
metadata:
name: app-replica-1
labels:
component: web
spec:
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: kubernetes.io/hostname
labelSelector:
matchExpressions:
- key: component
operator: In
values: [ "db" ]
Node 2
db-replica-2
Node 1
Node 3
db-replica-1
app-replica-1
54. Use Case | Reliable Service on Spot Nodes
• “fixed” node group
Expensive, more reliable, fixed number
Tagged with label nodeGroup: fixed
• “spot” node group
Inexpensive, unreliable, auto-scaled
Tagged with label nodeGroup: spot
• Scheduling rules:
• At least two pods on “fixed” nodes
• All other pods favor “spot” nodes
• Custom scheduler
55. Scheduling | Dos and Don’ts
DO
• Use resource-based scheduling instead of
node-based
• Specify resource requests
• Keep requests == limits
• Especially for non-elastic resources
• Memory is non-elastic!
• Safeguard against missing resource specs
• Namespace default limits
• Admission controllers
• Plan architecture of localized volumes (EBS,
local)
• Use inter-pod affinity/anti-affinity if possible
DON’T
• ... assign pod to nodes directly
• ... use pods with no resource requests
• ... use resource requests rather node
• ... use node-affinity or node assignment if
possible
56. Scheduling | Key Takeaways
• Scheduling filters and priorities
• Resource requests and availability
• Inter-pod affinity/anti-affinity
• Volumes localization (AZ)
• Node labels and selectors
• Node affinity/anti-affinity
• Node taints and tolerations
• Scheduler(s) tweaking and customization
Thank you for coming to see my presentation
Oleg Chunikhin
CTO at Kublr
Chief Software Architect at EastBanc Technologies
Kublr we develop an enterprise Kubernetes management platform
We see that quite often rich and powerful scheduling controls Kubernetes provides are underutilized, and essentially manual scheduling is used
We prepared this scheduling overview presentation to explain how cloud native applications can be made better by utilizing full power of k8s scheduling.
I will spend a few minutes reintroducing docker and kubernetes architecture concepts…
before we dig into kubernetes scheduling.
Talking about scheduling, I’ll try to explain
capabilities, …
controls available to cluster users and administrators, …
and extension points
We’ll also look at a couple of examples and…
Some recommendations
Kubernetes can schedule other types of containers, e.g. rkt
Docker containers can be managed through other orchestration technologies, such as
Mesos
Docker Swarm
Hashicorp Nomad
Docker-Kubernetes is still arguably the most common combination and we will be talking specifically about it today.
The architecture and concepts are shared with other
Distribution
Configuration
Isolation
Image repository may be public or private
Signed images are supported
Overlay network is not required
Different Linux process isolation technologies – namespaces, security groups и т.д.
Master:
API
Metadata database
Can run in HA mode1, 3, or 5 instances)
Nodes
K8s agents, docker, system containers, and application containers
After initialization and setup nodes are fully controlled by the master
Registering nodes in the wizard
Appointment of pods on the nodes
The address allocation is submitted (from the pool of addresses of the overlay network allocated to the node at registration)
Joint launch of containers in the pod
Sharing the address space of a dataport and data volumes with containers
The overall life cycle of the pod and its container
The life cycle of the pod is very simple - moving and changing is not allowed, you must be re-created
Master API maintains the general picture – vision of desired and current known state
Master relies on other components – controllers, kubelet – to update current known state
User modifies to-be state and reads current state
Controllers “clarify” to-be state
Kubelet perform actions to achieve to-be state, and reports current state
Scheduler is just one of the controllers, responsible for assigning unassigned pods to specific nodes
First there was nothing
Master API maintains the general picture
User modifies to-be state and reads current state
Controllers “clarify” to-be state
Kubelet perform actions to achieve to-be state, and reports current state
Scheduler is just one of the controllers, responsible for assigning unassigned pods to specific nodes
Master API maintains the general picture
User modifies to-be state and reads current state
Controllers “clarify” to-be state
Kubelet perform actions to achieve to-be state, and reports current state
Scheduler is just one of the controllers, responsible for assigning unassigned pods to specific nodes
Master API maintains the general picture
User modifies to-be state and reads current state
Controllers “clarify” to-be state
Kubelet perform actions to achieve to-be state, and reports current state
Scheduler is just one of the controllers, responsible for assigning unassigned pods to specific nodes
Master API maintains the general picture
User modifies to-be state and reads current state
Controllers “clarify” to-be state
Kubelet perform actions to achieve to-be state, and reports current state
Scheduler is just one of the controllers, responsible for assigning unassigned pods to specific nodes
Master API maintains the general picture
User modifies to-be state and reads current state
Controllers “clarify” to-be state
Kubelet perform actions to achieve to-be state, and reports current state
Scheduler is just one of the controllers, responsible for assigning unassigned pods to specific nodes
Master API maintains the general picture
User modifies to-be state and reads current state
Controllers “clarify” to-be state
Kubelet perform actions to achieve to-be state, and reports current state
Scheduler is just one of the controllers, responsible for assigning unassigned pods to specific nodes
Master API maintains the general picture
User modifies to-be state and reads current state
Controllers “clarify” to-be state
Kubelet perform actions to achieve to-be state, and reports current state
Scheduler is just one of the controllers, responsible for assigning unassigned pods to specific nodes
Master API maintains the general picture
User modifies to-be state and reads current state
Controllers “clarify” to-be state
Kubelet perform actions to achieve to-be state, and reports current state
Scheduler is just one of the controllers, responsible for assigning unassigned pods to specific nodes
Master API maintains the general picture
User modifies to-be state and reads current state
Controllers “clarify” to-be state
Kubelet perform actions to achieve to-be state, and reports current state
Scheduler is just one of the controllers, responsible for assigning unassigned pods to specific nodes
Pod requests new volumes, can they be created in a zone where the can be attached to the node?
If requested volumes already exist, can they be attached to the node?
If the volumes are already attached/mounted, can they be mounted to this node?
Any other user-specified constraints?
This most often happens in AWS, where
EBS can only be attached to instances in the same AZ where EBS is located
This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces,
where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running.
Empty topologyKey:
For PreferredDuringScheduling pod anti-affinity, empty topologyKey is interpreted as "all topologies" ("all topologies" here means all the topologyKeys indicated by scheduler command-line argument --failure-domains);
For affinity and for RequiredDuringScheduling pod anti-affinity, empty topologyKey is not allowed.
This pod should be co-located (affinity) or not co-located (anti-affinity)
with the pods matching the labelSelector in the specified namespaces,
where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running.
Empty topologyKey:
For PreferredDuringScheduling pod anti-affinity, empty topologyKey is interpreted as "all topologies" ("all topologies" here means all the topologyKeys indicated by scheduler command-line argument --failure-domains);
For affinity and for RequiredDuringScheduling pod anti-affinity, empty topologyKey is not allowed.