Infrastructure as Code using Deployment Manager and Kubernetes

•

2 likes•93 views

How to do infrastructure as code using GCP Deployment Manager and automate the creation of Kubernetes + Kubernetes resources. Also, what "cloud-native configuration management" could be.

Technology

Infrastructure as Code using Deployment Manager
and Kubernetes
Cloud Native Computing Switzerland Meetup, 22 May 2018
David Schweikert @dschweikert
AdNovum Informatik AG

David, can you please review our Kubernetes setup in GCP?

README files
- Click “Kubernetes Engine”
- Click “Create new cluster”
- Fill in:
- Name: my-new-cluster
- Description: …
- …
- Click ”Cloud SQL”
- Click “Create Database instance”
- … (many steps…)
+

We need to fix this before going productive

We need it to be:
• Reproducible
• Well documented
• Well tested

Look, Google also provides an infra-as-code tool…

Also…
• It keeps state on what it created
• Only does the needed changes
• And knows when to delete things
(like Terraform and Helm, for example… and unlike Ansible)
!

The best feature of Deployment Manager:
You can teach it how to manage other resource types that it doesn’t know
about, even external resources!

Requirement: RESTful API to configure resources
collection/
collection/object1
collection/object2
GET
POST
PUT
DELETE

Very good example: Kubernetes
services/
services/backend
services/db
GET
POST
PUT
DELETE

RESTful APIs for configuration management

RESTful APIs as the sole abstraction, no need to hide it!

Kubernetes custom resources are becoming more and more important…
what then?

I would call this “cloud-native configuration management”

Problem #2 was also solved and we delivered in time

If lock-in is a problem, HashiCorp‘s Terraform is probably the better choice
(but I wish it was more like Deployment Manager …)

Also, if you do chose Terraform to create your GCP resources, you probably
need something else for the Kubernetes resources (like Helm, Kapitan, …)
Having a holistic solution would be definitely better though

§ Using Deployment Manager to manage Kubernetes resource works…
but it feels like nobody does this

§ The best documentation often are the code examples

§ You can’t use it to set passwords yet
(an important feature for that is still in the works)

§ Too dangerous for some resources (like external IPs)

To summarize:
I recommend it…
• If you are totally committed to GCP
• or, you just need something quick (but still reproducible)
Really interesting to me…
§ A configuration management system that interacts with user-defined RESTful
APIs to manage resources
§ Maybe it’s time for a new open-source “cloud-native configuration
management” tool?

Questions?
(see also my blog article for all the details on managing Kubernetes resources
with Deployment Manager: https://tinyurl.com/dm-kubernetes)

What's hot

Once you start working with Big Data systems, you discover a whole bunch of problems you won’t find in monolithic systems. Monitoring all of the components becomes a big data problem itself. In the talk, we’ll mention all of the aspects that you should take into consideration when monitoring a distributed system using tools like Web Services, Spark, Cassandra, MongoDB, AWS. Not only the tools, what should you monitor about the actual data that flows in the system? We’ll cover the simplest solution with your day to day open source tools, the surprising thing, that it comes not from an Ops Guy.

Monitoring Big Data Systems Done "The Simple Way" - Demi Ben-Ari - Codemotion...

Codemotion

Dev309 from asgard to zuul - netflix oss-final

Ruslan Meshenberg

While it's easy to deploy stateless application with Kubernetes, it's harder for stateful software. Since applications often requires custom functionality that Kubernetes can't provide, developers want to add more specialised patterns like automatic backups, failover or rebalancing to their Kubernetes deployments. The Operator pattern is then a common solution to a add these custom functions. In this talk i will look at what the Operator pattern is and when and how to use it. Attendees will learn how to leverage it to make their applications work even better with Kubernetes. Additionally i will show how to get started writing your own operator using the official golang client.

The Kubernetes Operator Pattern - ContainerConf Nov 2017

Jakob Karalus

Blending Supersonic, Subatomic Java with deep learning to perform object detection. Sounds interesting? Because it is! Then watch this session to learn how to create a microservice combining TensorFlow and Quarkus together into one executable using GraalVM native image, JNI, and Protobuf. With this, we detect objects in photos by returning labels, bounding boxes, and confidence scores. Additionally, we will touch on Open Data Hub, an AI/ML solution for OpenShift.

Going deep (learning) with tensor flow and quarkus

Red Hat Developers

Making cloud native deployments easy with Buildpack

GDG Cloud Bengaluru

20140708 - Jeremy Edberg: How Netflix Delivers Software

DevOps Chicago

Embracing Serverless with Google

Joseph Lust

Metaflow (Ville Tuulos) Data scientists at Netflix are expected to develop and operate large machine learning workflows autonomously. However, we do not expect that all our scientists are deeply experienced with distributed systems and data engineering. Metaflow was created to make it delightfully easy to build and operate ML workflows in the cloud using idiomatic Python and off-the-shelf ML libraries, covering the whole lifecycle of an ML project from prototype to production. Polynote (Jeremy Smith) Polynote is a new notebook tool we created from scratch to address some of the pain points we've run into while using Scala in machine-learning notebooks at Netflix. It provides essential code editing features other tools lack like interactive auto-completes, support for mixing multiple languages and sharing data between them within a single notebook, and encourages reproducible notebooks with its immutable data model. Papermill (Matthew Seal) Nteract is an open source organization under which there are several libraries and applications that Netflix and many other companies and individuals contribute to. One of these libraries is Papermill, a library used to programmatically parameterize and execute Jupyter Notebooks. Papermill provides a CLI and Python interface that we'll explore during the session to see how it can be used and what value it adds. Using this pattern we'll also briefly talk about how we've integrated papermill at Netflix and how it interfaces with other Jupyter and nteract services.

Season 7 Episode 1 - Tools for Data Scientists

aspyker

JEEconf 2017

Ihor Kolodyuk

Managing short lived Kubernetes (Production) deployments

Haufe-Lexware GmbH & Co KG

Resource Scheduling using Apache Mesos in Cloud Native Environments

Sharma Podila

CS80A Foothill College Open Source Talk

aspyker

Discovering and managing the explosion of hybrid resources across public and on premises clouds is a daunting challenge most companies now face. As there is no longer one set of infrastructure resources, there is not one solution. Rather, multiple layers of management and insights are required to ensure you’re compliant, up-to-date, and ready to change when the business requires it. This talk will cover the multiple strategies Puppet provides to discover, rapidly deploy, and continuous enforce cloud resources and container platforms as well as manage the distributed applications that live on them. We will cover where Puppet’s solutions can be paired with others in the IT toolbox, such as CI and logging, to ensure you’re always informed and in control.

PuppetConf 2017: Cloud, Containers, Puppet and You- Carl Caum, Puppet

Puppet

Containerised ASP.NET Core apps with Kubernetes

Codemotion Tel Aviv

My GOTOcph 2018 talk In the world of stream processing, distributed systems are composed from basic building blocks: coordination, transport, storage, and checkpointed compute services. Working together harmoniously, systems remain consistent, resilient and reliable. However, there is something far more fundamental at play: time and ordering; something experienced so tangibly, yet so difficult to solve for. Over the past years, we at Netflix have learned to build an efficient, scalable and fault tolerant stream processing platform atop a microservices architecture. In this talk, we’ll try to examine the concepts of time, ordering, and causality in distributed systems. Wielding the knowledge of fundamental physics and computer science, we’ll look into how Einstein's Special Theory of Relativity, Lamport’s famous time clock paper, details of time synchronization, etc and their corresponding implications on streaming system design. Followed by evaluations of assumptions from some pre-streaming systems, then we’ll share the learnings from our hardest quests towards correct and consistent stream processing in the absence of ordering guarantees.

Time and ordering in streaming distributed systems

Zhenzhong Xu

Triangle Devops Meetup 10/2015

aspyker

Rancher + Kubernetes; Stories from the trenches

Greg Cockburn

Containers and CloudStack

ShapeBlue

Distributed Systems explained (with NodeJS) - Bruno Bossola, JUG Torino

Codemotion Tel Aviv

Customer trust and security is paramount for Salesforce. While containerization is great for DevOps due to flexibility, speed, isolation, transient existence, ease of management and patching, it becomes a challenging environment when the sensitivity level of the data traversing the environment increases. Monitoring systems, applications and network; performing disk, memory and network forensics in case of an incident; and vulnerability detection can easily become daunting tasks in such a volatile environment. In this presentation we would like to discuss the infrastructure we have built to address these issues and to secure our Docker container platform while we rapidly containerize Salesforce. Our solutions focus on securing the container pipeline, building security into the architecture, monitoring, Docker forensics (disk, memory, network), and automation. We also would like to demonstrate some of our live memory analysis capabilities we leverage to assure container and application integrity during execution.

Securing the Container Pipeline at Salesforce by Cem Gurkok

Docker, Inc.

What's hot (20)

Monitoring Big Data Systems Done "The Simple Way" - Demi Ben-Ari - Codemotion...

Dev309 from asgard to zuul - netflix oss-final

The Kubernetes Operator Pattern - ContainerConf Nov 2017

Going deep (learning) with tensor flow and quarkus

Making cloud native deployments easy with Buildpack

20140708 - Jeremy Edberg: How Netflix Delivers Software

Embracing Serverless with Google

Season 7 Episode 1 - Tools for Data Scientists

JEEconf 2017

Managing short lived Kubernetes (Production) deployments

Resource Scheduling using Apache Mesos in Cloud Native Environments

CS80A Foothill College Open Source Talk

PuppetConf 2017: Cloud, Containers, Puppet and You- Carl Caum, Puppet

Containerised ASP.NET Core apps with Kubernetes

Time and ordering in streaming distributed systems

Triangle Devops Meetup 10/2015

Rancher + Kubernetes; Stories from the trenches

Containers and CloudStack

Distributed Systems explained (with NodeJS) - Bruno Bossola, JUG Torino

Securing the Container Pipeline at Salesforce by Cem Gurkok

Similar to Infrastructure as Code using Deployment Manager and Kubernetes

Kubernetes at Spreadshirt - First steps to production

Jens Hadlich

To defend against attacks, think like a hacker. But does that mean you need to be a DevOps expert? Security researchers today need to discover new attack techniques. However, much of their focus is diverged to backend coding. We share how to build an infrastructure for researchers that allows them concentrate on business logic and writing hacker “tasks”. Using Docker and Kubernetes on Google Cloud, these tasks can then be performed in parallel and without a lot of DevOps hassle. Our technique removes two common barriers: first, long and risky deployment processes and second, low transparency within the production system. Promise to share the stupid things too.

Hacking for fun & profit - The Kubernetes Way - Demi Ben-Ari - Panorays

Demi Ben-Ari

TDC2017 | São Paulo - Trilha Cloud Computing How we figured out we had a SRE ...

tdc-globalcode

Google container engine (GKE)

Md. Sadhan Sarker

Kubernetes 101

Stanislav Pogrebnyak

Kubernetes at Google Cloud Community Copenhagen

Kevin Simper

Real-World Docker: 10 Things We've Learned

RightScale

DevOps Days Boston 2017 Microservices is an increasingly popular approach to building cloud-native applications. Dozens of new technologies that streamline adopting microservices development such as Docker, Kubernetes, and Envoy have been released over the past few years. But how do you actually use these technologies together to develop, deploy, and run microservices? In this presentation, we’ll cover the nuances of deploying containerized applications on Kubernetes, including creating a Kubernetes manifest, debugging and logging, and how to build an automated continuous deployment pipeline. Then, we’ll do a brief tour of some of the advanced concepts related to microservices, including service mesh, canary deployments, resilience, and security.

DevOps Days Boston 2017: Real-world Kubernetes for DevOps

Ambassador Labs

bol.com Dutch Container Day presentation

Maarten Dirkse

OpenStack on Kubernetes (BOS Summit / May 2017 update)

rhirschfeld

Joint OpenStack Kubernetes Environment (March 17 update)

rhirschfeld

Mete Atamel "Resilient microservices with kubernetes"

IT Event

Kubernetes: Managed or Not Managed?

Mathieu Herbert

Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire

dotCloud

Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes

Phil Estes

Pilot Tech Talk #10 — Practical automation by Kamil Cholewiński

Pilot

Kubernetes in docker for mac

Catalin Jora

Mattia Gandolfi - Improving utilization and portability with Containers and C...

Codemotion

Kubernetes is a fast-paced project and things move really fast. In deploying applications, you have several options like raw YAML files, Helm, or Operator but what are the pros and cons of each? This talk will explore the right ways to manage your production applications through seamless installation, the patch fixes, and upgrades. Several demos will be used on a live cluster to illustrate how things can be done the right way that makes life very easy for the DevOps.

Managing kubernetes deployment with operators

Cloud Technology Experts

Heroku to Kubernetes & Gihub to Gitlab success story

Jérémy Wimsingues

Similar to Infrastructure as Code using Deployment Manager and Kubernetes (20)

Kubernetes at Spreadshirt - First steps to production

Hacking for fun & profit - The Kubernetes Way - Demi Ben-Ari - Panorays

TDC2017 | São Paulo - Trilha Cloud Computing How we figured out we had a SRE ...

Google container engine (GKE)

Kubernetes 101

Kubernetes at Google Cloud Community Copenhagen

Real-World Docker: 10 Things We've Learned

DevOps Days Boston 2017: Real-world Kubernetes for DevOps

bol.com Dutch Container Day presentation

OpenStack on Kubernetes (BOS Summit / May 2017 update)

Joint OpenStack Kubernetes Environment (March 17 update)

Mete Atamel "Resilient microservices with kubernetes"

Kubernetes: Managed or Not Managed?

Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire

Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes

Pilot Tech Talk #10 — Practical automation by Kamil Cholewiński

Kubernetes in docker for mac

Mattia Gandolfi - Improving utilization and portability with Containers and C...

Managing kubernetes deployment with operators

Heroku to Kubernetes & Gihub to Gitlab success story

Recently uploaded

Using IESVE for Room Loads Analysis - UK & Ireland

IES VE

The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf

FIDO Alliance

WebRTC and SIP not just audio and video @ OpenSIPS 2024

Lorenzo Miniero

Google I/O Extended 2024 Warsaw

GDSC PJATK

Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots

Leah Henrickson

Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside

Stefan Dietze

Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...

FIDO Alliance

This talk offers actionable insights at an executive level for enhancing productivity and refining your portfolio management approach to propel your organization to greater heights. Key Points Covered: 1. Experience Transformation: - The core challenge remains consistent across organizations: converting budget into user-centric designs. - Strategies for deploying design resources effectively in both startups and large enterprises. 2. Strategic Frameworks: - Introduction to the "Ziggurat of Impact" model, detailing layers from basic system interactions to comprehensive customer experiences. - Practical insights on creating frameworks that scale with organizational complexity. 3. Organizational Impact: - Real-world examples of navigating design in large settings, focusing on the synthesis of consumer products and customer experiences. - Emphasis on the importance of designing systems that directly influence customer interactions. 4. Design Execution: - Detailed walkthrough of organizational layers affecting design execution, from touchpoints and customer activities to shared capabilities. - How to ensure design influences both the micro and macro aspects of customer interactions. 5. Measurement and Adaptation: - Techniques for measuring the impact of design decisions and adapting strategies based on data-driven insights. - The critical role of continuous improvement and feedback in refining customer experiences.

Structuring Teams and Portfolios for Success

UXDXConf

Oauth 2.0 Introduction and Flows with MuleSoft

shyamraj55

Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx

FIDO Alliance

Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf

FIDO Alliance

Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...

ScyllaDB

Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...

ScyllaDB

Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf

FIDO Alliance

Overview of Hyperledger Foundation

Hyperleger Tokyo Meetup

Where to Learn More About FDO _ Richard at FIDO Alliance.pdf

FIDO Alliance

Design Guidelines for Passkeys 2024.pptx

FIDO Alliance

Microsoft CSP Briefing Pre-Engagement - Questionnaire

Exakis Nelite

State of the Smart Building Startup Landscape 2024!

Memoori

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx

FIDO Alliance

Recently uploaded (20)

Using IESVE for Room Loads Analysis - UK & Ireland

The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf

WebRTC and SIP not just audio and video @ OpenSIPS 2024

Google I/O Extended 2024 Warsaw

Continuing Bonds Through AI: A Hermeneutic Reflection on Thanabots

Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside

Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...

Structuring Teams and Portfolios for Success

Oauth 2.0 Introduction and Flows with MuleSoft

Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx

Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf

Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...

Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...

Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf

Overview of Hyperledger Foundation

Where to Learn More About FDO _ Richard at FIDO Alliance.pdf

Design Guidelines for Passkeys 2024.pptx

Microsoft CSP Briefing Pre-Engagement - Questionnaire

State of the Smart Building Startup Landscape 2024!

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx

Infrastructure as Code using Deployment Manager and Kubernetes

1. Infrastructure as Code using Deployment Manager and Kubernetes Cloud Native Computing Switzerland Meetup, 22 May 2018 David Schweikert @dschweikert AdNovum Informatik AG

2. David, can you please review our Kubernetes setup in GCP?

3. Problem #1: GCP Infrastructure…

4. README files - Click “Kubernetes Engine” - Click “Create new cluster” - Fill in: - Name: my-new-cluster - Description: … - … - Click ”Cloud SQL” - Click “Create Database instance” - … (many steps…) +

5. Problem #2: Kubernetes Infrastructure…

7. We need to fix this before going productive

8. We need it to be: • Reproducible • Well documented • Well tested

9. We need: Infrastructure as code!

10. We need it fast

11. Look, Google also provides an infra-as-code tool…

12. It’s called: Deployment Manager

13. Problem #1? Easy…

14.

15.

16. Also… • It keeps state on what it created • Only does the needed changes • And knows when to delete things (like Terraform and Helm, for example… and unlike Ansible) !

17. About Problem #2…

18.

19. Kubernetes resources are not supported

20.

21. The best feature of Deployment Manager: You can teach it how to manage other resource types that it doesn’t know about, even external resources!

22. Requirement: RESTful API to configure resources collection/ collection/object1 collection/object2 GET POST PUT DELETE

23. Very good example: Kubernetes services/ services/backend services/db GET POST PUT DELETE

24. RESTful APIs for configuration management

25. RESTful APIs as the sole abstraction, no need to hide it!

26.

27. Kubernetes custom resources are becoming more and more important… what then?

28. I would call this “cloud-native configuration management”

29. Problem #2 was also solved and we delivered in time

30. The less good parts

31. 1. Lock-in

32. If lock-in is a problem, HashiCorp‘s Terraform is probably the better choice (but I wish it was more like Deployment Manager …)

33. Also, if you do chose Terraform to create your GCP resources, you probably need something else for the Kubernetes resources (like Helm, Kapitan, …) Having a holistic solution would be definitely better though

34. 2. Maturity

35. § Using Deployment Manager to manage Kubernetes resource works… but it feels like nobody does this

36. Credit: 20th Century Fox/The Martian

37. § The best documentation often are the code examples

38. § You can’t use it to set passwords yet (an important feature for that is still in the works)

39. § Too dangerous for some resources (like external IPs)

40. To summarize: I recommend it… • If you are totally committed to GCP • or, you just need something quick (but still reproducible) Really interesting to me… § A configuration management system that interacts with user-defined RESTful APIs to manage resources § Maybe it’s time for a new open-source “cloud-native configuration management” tool?

41. Questions? (see also my blog article for all the details on managing Kubernetes resources with Deployment Manager: https://tinyurl.com/dm-kubernetes)

Infrastructure as Code using Deployment Manager and Kubernetes

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Infrastructure as Code using Deployment Manager and Kubernetes

Similar to Infrastructure as Code using Deployment Manager and Kubernetes (20)

Recently uploaded

Recently uploaded (20)

Infrastructure as Code using Deployment Manager and Kubernetes