This year’s final set of Kubernetes and Cloud Native meetups just took place. They kicked off in Kitchener-Waterloo on November 29th, and continued in Montreal December 3rd, Ottawa December 4th, Toronto December 5th, and Quebec December 6th. In preparation for the upcoming KubeCon and CloudNativeCon in Seattle, a wide range of open source solutions were discussed and, as always, beer and pizza provided. Ayrat Khayretdinov began each meetup with an update of Kubernetes and the Cloud Native landscape.
Kubernetes on Bare Metal at the Kitchener-Waterloo Kubernetes and Cloud Nativ...CloudOps2005
Charlie Drage discussed Kubernetes on bare metal at last week's Kubernetes and Cloud Native meetup in Kitchener-Waterloo. His presentation demonstrated how to deploy Kubernetes on bare metal servers. Charlie is an active Kubernetes maintainer, and his contributions have included fixing some common issues with bare metal servers and using Ansible to build clusters with kubedm.
Kubernetes Cluster API - managing the infrastructure of multi clusters (k8s ...Tobias Schneck
Thanks to tools like kubeadm, Terraform or Ansible setting up a Kubernetes cluster on a dedicated environment is getting reachable, but what’s about setting up a bunch of cluster in multiple clouds in automatic way? This is still a challenge. Also if you want to do same in your own datacenter. In this talk we will take a look to the approach to orchestrate and manage a whole set of k8s cluster by the Cluster API project of kubernetes (a subproject of sig-cluster-lifecycle). The main idea behind it is to use the Kubernetes API itself to manage multiple clusters with there master and worker nodes in same way you would manage your PODs - define the needed resources and the responsible controller will take care for providing it.
After an overview about the concepts of cluster API, I will show what’s needed to implement a cluster API conform machine class/deployment. There I will see that adding your own provider isn’t that hard as you may aspect. At the end of the day it just requires a simple interface to implement. The corresponding kubermatic controllers we implemented at Loodse are available as open source, so its possible to play around with it. A live demo will show how easy it is to spin up and maintain multiple Kubernetes cluster at different public and on-premise cloud providers over one managing cluster. A final wrap up will summarize the current state of the Cluster API project and the advantages of managing clusters as cattles instead of pets.
Kubernetes on Bare Metal at the Kitchener-Waterloo Kubernetes and Cloud Nativ...CloudOps2005
Charlie Drage discussed Kubernetes on bare metal at last week's Kubernetes and Cloud Native meetup in Kitchener-Waterloo. His presentation demonstrated how to deploy Kubernetes on bare metal servers. Charlie is an active Kubernetes maintainer, and his contributions have included fixing some common issues with bare metal servers and using Ansible to build clusters with kubedm.
Kubernetes Cluster API - managing the infrastructure of multi clusters (k8s ...Tobias Schneck
Thanks to tools like kubeadm, Terraform or Ansible setting up a Kubernetes cluster on a dedicated environment is getting reachable, but what’s about setting up a bunch of cluster in multiple clouds in automatic way? This is still a challenge. Also if you want to do same in your own datacenter. In this talk we will take a look to the approach to orchestrate and manage a whole set of k8s cluster by the Cluster API project of kubernetes (a subproject of sig-cluster-lifecycle). The main idea behind it is to use the Kubernetes API itself to manage multiple clusters with there master and worker nodes in same way you would manage your PODs - define the needed resources and the responsible controller will take care for providing it.
After an overview about the concepts of cluster API, I will show what’s needed to implement a cluster API conform machine class/deployment. There I will see that adding your own provider isn’t that hard as you may aspect. At the end of the day it just requires a simple interface to implement. The corresponding kubermatic controllers we implemented at Loodse are available as open source, so its possible to play around with it. A live demo will show how easy it is to spin up and maintain multiple Kubernetes cluster at different public and on-premise cloud providers over one managing cluster. A final wrap up will summarize the current state of the Cluster API project and the advantages of managing clusters as cattles instead of pets.
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...Docker, Inc.
Niko Virtala - Cloud Architect, VR Group (Finnish Railways)
In 2016, Finnish Railways reservation system and many other systems were monolithic applications running on mainframe or local datacenters. They began a containerization project focused on modernizing the reservation system. The invest paid off. Today, they have containerized multiple applications, running both on-premises and on AWS today. That’s allowed Finland’s leading public transport agency to shut down a data center and become a technology innovator. In this session, Finnish Rail will explain the processes and tools they used to build a multi-cloud strategy that lets them take advantage of geo-location and cost advantages to run in AWS, Azure and soon Google Cloud. You’ll learn: - How to implement a successful multi-cloud deployment - What challenges you can expect to face along the way - The processes and tools that are critical part of a successful project.
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesSlideTeam
Get these visually appealing Kubernetes Concepts And Architecture PowerPoint Presentation Slides to discuss the process of operating containerized applications. You can display the need for containers by the company with the help of an open-source architecture PPT slideshow. The architecture of containers can be demonstrated with the help of a visually appealing PPT slideshow. The reasons for opting for Kubernetes by an organization can be explained to your teammates with the help of containers PowerPoint infographics. Highlight the roadmap for installing Kubernetes in the organization by using content-ready PPT slides. Take the assistance of visually appealing PPT templates to depict the major advantages of Kubernetes such as improving productivity, the stability of application run, and many more. After that, display 30 60 90 days plan to implement Kubernetes in the organization. Display the key components of Kubernetes with the help of a diagram using this professionally designed cluster architecture PPT layouts. Describe the functionality of each components of Kubernetes. Hence, download Kubernetes architecture PPT slides to easily and efficiently manage the clusters. https://bit.ly/34DWa7x
Using Docker EE to Scale Operational Intelligence at SplunkDocker, Inc.
With more than 14,000 customers in 110+ countries, Splunk is the market leader in analyzing machine data to deliver operational intelligence for security, IT and the business. Our rapid growth as a company meant that our Infrastructure Engineering Team, responsible for all the common tooling, build and test systems and frameworks utilized by the Splunk engineers, was bogged down with a sprawl of virtual machines and physical servers that were becoming incredibly difficult to manage. And as our customer’s demand for data has grown, testing at the scale of petabytes/day has become our new normal. We needed a reliable and scalable “Test Lab” for functional and performance testing.
With Docker Enterprise Edition, our engineers are able to create small test stacks on their laptop just as easily as creating multi-petabyte stacks in our Test Lab. Support for Windows, Role Based Access Control and having support for both the orchestration platform and the container engine were key in deciding to go with Docker over other solutions.
In this talk, we will cover the architecture, tooling, and frameworks we built to manage our workloads, which have grown to run on over 600 bare-metal servers, with tens of thousands of containers being created every day. We will share the lessons learned from running at scale. Lastly, we will demonstrate how we use Splunk to monitor and manage Docker Enterprise Edition.
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...Sanjeev Rampal
Introduction to the architecture of Cisco Container Platform. This is a new offering from Cisco and is an enterprise grade Multi-Cloud Kubernetes based Container platform.. The presentation covers overall architecture, internal details on networking storage, operations and automation as well as multi-cloud features including the use of this platform alongwith hosted Kubernetes offerings from AWS (EKS) and Google (GKE)
A Million ways of Deploying a Kubernetes ClusterJimmy Lu
Developers and operators tend to build and develop different ways to set up a Kubernetes cluster due to its complexity and openness. Most of the time, it's quite confusing for the newcomers to get started with the Kubernetes. In this short talk, I'll introduce you some popular ways of Kubernetes deployment and briefly talk about pros and cons of each solution.
Kubernetes Architecture - beyond a black box - Part 1Hao H. Zhang
This is part 1 of my Kubernetes architecture deep-dive slide series.
I have been working with Kubernetes for more than a year, from v1.3.6 to v1.6.7, and I am a CNCF certified Kubernetes administrator. Before I move on to something else, I would like to summarize and share my knowledges and take-aways about Kubernetes, from a software engineer perspective.
This set of slides is a humble dig into one level below your running application in production, revealing how different components of Kubernetes work together to orchestrate containers and present your applications to the rest of the world.
The slides contains 80+ external links to Kubernetes documentations, blog posts, Github issues, discussions, design proposals, pull requests, papers, source code files I went through when I was working with Kubernetes - which I think are valuable for people to understand how Kubernetes works, Kubernetes design philosophies and why these design came into places.
Helm is a package manager for Kubernetes. It helps streamline installing and managing applications. This session covers prerequisites for Helm, which include a basic understanding of containers and Kubernetes along with its architecture. It also covers the limitations that come with running deployments using the kubectl binary, Helm's architecture, templating with it and finally ends on a note highlighting the difference between versions 2 and 3.
Securing and Automating Kubernetes with KyvernoSaim Safder
Kyverno is a CNCF Sandbox Project Created by Nirmata.
Kyverno is a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies. This allows using familiar tools such as kubectl, git, and kustomize to manage policies. Kyverno policies can validate, mutate, and generate Kubernetes resources. The Kyverno CLI can be used to test policies and validate resources as part of a CI/CD pipeline.
In this session Shuting Zhao and Jim Bugwadia, both of whom are Kyverno maintainers will provide an overview of Kyverno and describe how you can get started with using it.
Kubermatic How to Migrate 100 Clusters from On-Prem to Google Cloud Without D...Tobias Schneck
Have you ever thought about migrating your Kubernetes clusters to Google Cloud to get your services closer to your customers? Yes? We too! Join us on an interactive journey to discover the main challenges of live migration at scale of etcd's, traffic routing and application workloads from your on-premise platform to GCP. The talk will discuss the current state of the technical concept, known problems and insides of the already proven migration steps for stateless workload.
As part of the journey, we'll see the differences between migrating one or one hundred clusters with productive workloads; What parts can be automated? What steps may need to be manual? Let's see how an automated solution could look like in the future and what steps are missing.
** Kubernetes Certification Training: https://www.edureka.co/kubernetes-certification **
This Edureka tutorial on "Kubernetes Architecture" will give you an introduction to popular DevOps tool - Kubernetes, and will deep dive into Kubernetes Architecture and its working. The following topics are covered in this training session:
1. What is Kubernetes
2. Features of Kubernetes
3. Kubernetes Architecture and Its Components
4. Components of Master Node and Worker Node
5. ETCD
6. Network Setup Requirements
DevOps Tutorial Blog Series: https://goo.gl/P0zAfF
Top 3 reasons why you should run your Enterprise workloads on GKESreenivas Makam
This deck covers top 3 reasons why Google Kubernetes engine is best suited to run containerized workloads. The reasons covered are Security, Observability and Maturity.
Slides from the talk given to the Startup Berlin Slack Group that demonstrates how TruckIN is implementing its continuous delivery workflow using technologies and open-source tools.
Topics that are covered: Automated Cloud Provisioning (Network, Subnets, VMs, Kubernetes Cluster, Firewall, Disks, Credentials, Private Docker Registry); Configuration Management (Salt Stack), Continuous Integration (Jenkins CI), Continuous Delivery/Deployment (Salt API/Reactor + Kubernetes) to a Google Cloud Kubernetes Cluster, Remote Application Debugging, Managing Google Cloud Kubernetes Cluster, Logging, Monitoring and ChatOps (Slack and operable.io)
DCEU 18: Provisioning and Managing Storage for Docker ContainersDocker, Inc.
Anshul Pundir - Senior Software Engineer, Docker
Anusha Ragunathan - Senior Software Engineer, Docker Inc
In this talk, we will discuss storage concepts related to containers on the Docker platform with the perspective of what is important throughout the lifecycle of an application., We will focus on application provisioning: creating persistent volumes and policies for stateful data and management: replication and failover scenarios, backup/restore, monitoring etc. Through this talk, we will cover the latest storage features and also some of the current and future direction of container storage. Key concepts covered about running stateful applications: - Persistent Volumes - Provisioning (Static vs Topology-aware) - Data Availability (failover with scheduler policies) - Data Protection (using Backup/Restore) - Monitoring (using Prometheus/Grafana dashboards) We will look at each of the characteristics in detail with demos.
Kubernetes is a container orchestration platform that provides a mechanism to manage the resources of containers in the cluster. That mechanism is known as "Requests and Limits".
Requests and limits play a key role not only in resource management but also in applications stability, capacity planning, scheduling the resources (i.e., on which node the pod will be running).
In this session we will cover:
- A quick review of Containers, Docker, and Kubernetes.
- Containers resource management in Kubernetes.
- Containers resource types in Kubernetes.
- 3 different ways to set requests and limits.
- The difference between capacity and allocatable resources.
- Tips and recap.
Kubernetes has been a key component for many companies to reduce technical debt in infrastructure by:
• Fostering the Adoption of Docker
• Simplifying Container Management
• Onboarding Developers On Infrastructure
• Unlocking Continuous Integration and Delivery
During this meetup we are going to discuss the following topics and share some best practices
• What's new with Kubernetes 1.3
• Generate Cluster Configuration using CloudFormation
• Deploy Kubernetes Clusters on AWS
• Scaling the Cluster
• Integrating Ingress with Elastic Load Balancer
• Using Internal ELB's as Kubernetes' Service
• Using EBS for persistent volumes
• Integrating Route53
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...Docker, Inc.
Niko Virtala - Cloud Architect, VR Group (Finnish Railways)
In 2016, Finnish Railways reservation system and many other systems were monolithic applications running on mainframe or local datacenters. They began a containerization project focused on modernizing the reservation system. The invest paid off. Today, they have containerized multiple applications, running both on-premises and on AWS today. That’s allowed Finland’s leading public transport agency to shut down a data center and become a technology innovator. In this session, Finnish Rail will explain the processes and tools they used to build a multi-cloud strategy that lets them take advantage of geo-location and cost advantages to run in AWS, Azure and soon Google Cloud. You’ll learn: - How to implement a successful multi-cloud deployment - What challenges you can expect to face along the way - The processes and tools that are critical part of a successful project.
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesSlideTeam
Get these visually appealing Kubernetes Concepts And Architecture PowerPoint Presentation Slides to discuss the process of operating containerized applications. You can display the need for containers by the company with the help of an open-source architecture PPT slideshow. The architecture of containers can be demonstrated with the help of a visually appealing PPT slideshow. The reasons for opting for Kubernetes by an organization can be explained to your teammates with the help of containers PowerPoint infographics. Highlight the roadmap for installing Kubernetes in the organization by using content-ready PPT slides. Take the assistance of visually appealing PPT templates to depict the major advantages of Kubernetes such as improving productivity, the stability of application run, and many more. After that, display 30 60 90 days plan to implement Kubernetes in the organization. Display the key components of Kubernetes with the help of a diagram using this professionally designed cluster architecture PPT layouts. Describe the functionality of each components of Kubernetes. Hence, download Kubernetes architecture PPT slides to easily and efficiently manage the clusters. https://bit.ly/34DWa7x
Using Docker EE to Scale Operational Intelligence at SplunkDocker, Inc.
With more than 14,000 customers in 110+ countries, Splunk is the market leader in analyzing machine data to deliver operational intelligence for security, IT and the business. Our rapid growth as a company meant that our Infrastructure Engineering Team, responsible for all the common tooling, build and test systems and frameworks utilized by the Splunk engineers, was bogged down with a sprawl of virtual machines and physical servers that were becoming incredibly difficult to manage. And as our customer’s demand for data has grown, testing at the scale of petabytes/day has become our new normal. We needed a reliable and scalable “Test Lab” for functional and performance testing.
With Docker Enterprise Edition, our engineers are able to create small test stacks on their laptop just as easily as creating multi-petabyte stacks in our Test Lab. Support for Windows, Role Based Access Control and having support for both the orchestration platform and the container engine were key in deciding to go with Docker over other solutions.
In this talk, we will cover the architecture, tooling, and frameworks we built to manage our workloads, which have grown to run on over 600 bare-metal servers, with tens of thousands of containers being created every day. We will share the lessons learned from running at scale. Lastly, we will demonstrate how we use Splunk to monitor and manage Docker Enterprise Edition.
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...Sanjeev Rampal
Introduction to the architecture of Cisco Container Platform. This is a new offering from Cisco and is an enterprise grade Multi-Cloud Kubernetes based Container platform.. The presentation covers overall architecture, internal details on networking storage, operations and automation as well as multi-cloud features including the use of this platform alongwith hosted Kubernetes offerings from AWS (EKS) and Google (GKE)
A Million ways of Deploying a Kubernetes ClusterJimmy Lu
Developers and operators tend to build and develop different ways to set up a Kubernetes cluster due to its complexity and openness. Most of the time, it's quite confusing for the newcomers to get started with the Kubernetes. In this short talk, I'll introduce you some popular ways of Kubernetes deployment and briefly talk about pros and cons of each solution.
Kubernetes Architecture - beyond a black box - Part 1Hao H. Zhang
This is part 1 of my Kubernetes architecture deep-dive slide series.
I have been working with Kubernetes for more than a year, from v1.3.6 to v1.6.7, and I am a CNCF certified Kubernetes administrator. Before I move on to something else, I would like to summarize and share my knowledges and take-aways about Kubernetes, from a software engineer perspective.
This set of slides is a humble dig into one level below your running application in production, revealing how different components of Kubernetes work together to orchestrate containers and present your applications to the rest of the world.
The slides contains 80+ external links to Kubernetes documentations, blog posts, Github issues, discussions, design proposals, pull requests, papers, source code files I went through when I was working with Kubernetes - which I think are valuable for people to understand how Kubernetes works, Kubernetes design philosophies and why these design came into places.
Helm is a package manager for Kubernetes. It helps streamline installing and managing applications. This session covers prerequisites for Helm, which include a basic understanding of containers and Kubernetes along with its architecture. It also covers the limitations that come with running deployments using the kubectl binary, Helm's architecture, templating with it and finally ends on a note highlighting the difference between versions 2 and 3.
Securing and Automating Kubernetes with KyvernoSaim Safder
Kyverno is a CNCF Sandbox Project Created by Nirmata.
Kyverno is a policy engine designed for Kubernetes. With Kyverno, policies are managed as Kubernetes resources and no new language is required to write policies. This allows using familiar tools such as kubectl, git, and kustomize to manage policies. Kyverno policies can validate, mutate, and generate Kubernetes resources. The Kyverno CLI can be used to test policies and validate resources as part of a CI/CD pipeline.
In this session Shuting Zhao and Jim Bugwadia, both of whom are Kyverno maintainers will provide an overview of Kyverno and describe how you can get started with using it.
Kubermatic How to Migrate 100 Clusters from On-Prem to Google Cloud Without D...Tobias Schneck
Have you ever thought about migrating your Kubernetes clusters to Google Cloud to get your services closer to your customers? Yes? We too! Join us on an interactive journey to discover the main challenges of live migration at scale of etcd's, traffic routing and application workloads from your on-premise platform to GCP. The talk will discuss the current state of the technical concept, known problems and insides of the already proven migration steps for stateless workload.
As part of the journey, we'll see the differences between migrating one or one hundred clusters with productive workloads; What parts can be automated? What steps may need to be manual? Let's see how an automated solution could look like in the future and what steps are missing.
** Kubernetes Certification Training: https://www.edureka.co/kubernetes-certification **
This Edureka tutorial on "Kubernetes Architecture" will give you an introduction to popular DevOps tool - Kubernetes, and will deep dive into Kubernetes Architecture and its working. The following topics are covered in this training session:
1. What is Kubernetes
2. Features of Kubernetes
3. Kubernetes Architecture and Its Components
4. Components of Master Node and Worker Node
5. ETCD
6. Network Setup Requirements
DevOps Tutorial Blog Series: https://goo.gl/P0zAfF
Top 3 reasons why you should run your Enterprise workloads on GKESreenivas Makam
This deck covers top 3 reasons why Google Kubernetes engine is best suited to run containerized workloads. The reasons covered are Security, Observability and Maturity.
Slides from the talk given to the Startup Berlin Slack Group that demonstrates how TruckIN is implementing its continuous delivery workflow using technologies and open-source tools.
Topics that are covered: Automated Cloud Provisioning (Network, Subnets, VMs, Kubernetes Cluster, Firewall, Disks, Credentials, Private Docker Registry); Configuration Management (Salt Stack), Continuous Integration (Jenkins CI), Continuous Delivery/Deployment (Salt API/Reactor + Kubernetes) to a Google Cloud Kubernetes Cluster, Remote Application Debugging, Managing Google Cloud Kubernetes Cluster, Logging, Monitoring and ChatOps (Slack and operable.io)
DCEU 18: Provisioning and Managing Storage for Docker ContainersDocker, Inc.
Anshul Pundir - Senior Software Engineer, Docker
Anusha Ragunathan - Senior Software Engineer, Docker Inc
In this talk, we will discuss storage concepts related to containers on the Docker platform with the perspective of what is important throughout the lifecycle of an application., We will focus on application provisioning: creating persistent volumes and policies for stateful data and management: replication and failover scenarios, backup/restore, monitoring etc. Through this talk, we will cover the latest storage features and also some of the current and future direction of container storage. Key concepts covered about running stateful applications: - Persistent Volumes - Provisioning (Static vs Topology-aware) - Data Availability (failover with scheduler policies) - Data Protection (using Backup/Restore) - Monitoring (using Prometheus/Grafana dashboards) We will look at each of the characteristics in detail with demos.
Kubernetes is a container orchestration platform that provides a mechanism to manage the resources of containers in the cluster. That mechanism is known as "Requests and Limits".
Requests and limits play a key role not only in resource management but also in applications stability, capacity planning, scheduling the resources (i.e., on which node the pod will be running).
In this session we will cover:
- A quick review of Containers, Docker, and Kubernetes.
- Containers resource management in Kubernetes.
- Containers resource types in Kubernetes.
- 3 different ways to set requests and limits.
- The difference between capacity and allocatable resources.
- Tips and recap.
Kubernetes has been a key component for many companies to reduce technical debt in infrastructure by:
• Fostering the Adoption of Docker
• Simplifying Container Management
• Onboarding Developers On Infrastructure
• Unlocking Continuous Integration and Delivery
During this meetup we are going to discuss the following topics and share some best practices
• What's new with Kubernetes 1.3
• Generate Cluster Configuration using CloudFormation
• Deploy Kubernetes Clusters on AWS
• Scaling the Cluster
• Integrating Ingress with Elastic Load Balancer
• Using Internal ELB's as Kubernetes' Service
• Using EBS for persistent volumes
• Integrating Route53
The OpenEBS Hangout #4 was held on 22nd December 2017 at 11:00 AM (IST and PST) where a live demo of cMotion was shown . Storage policies of OpenEBS 0.5 were also explained
Kubernetes and Cloud Native Meetup - March, 2019CloudOps2005
This year's first round of Kubernetes and Cloud Native meetups in Eastern Canada began with an update of the CNCF by Ayrat Khayretdinov, CNCF Ambassador and Solutions Architect at CloudOps. He explained the status of various projects and highlights from KubeCon + CloudNativeCon. To learn the basics of cloud native application modernization, sign up for one of our hands-on, three-day workshops on Docker and Kubernetes at https://www.cloudops.com/workshops/#DockerK8s
What does it feel like to run a high-traffic large scale application on Kubernetes, with 100+ Microservices and 1600+ Pods, handling 2K requests/second in production? Experience these developers’ journey through the Do’s, the Don'ts, the pains, the pleasures, and the Gotcha!’s to production.
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...javier ramirez
QuestDB es una base de datos open source de alto rendimiento. Mucha gente nos comentaba que les gustaría usarla como servicio, sin tener que gestionar las máquinas. Así que nos pusimos manos a la obra para desarrollar una solución que nos permitiese lanzar instancias de QuestDB con provisionado, monitorización, seguridad o actualizaciones totalmente gestionadas.
Unos cuantos clusters de Kubernetes más tarde, conseguimos lanzar nuestra oferta de QuestDB Cloud. Esta charla es la historia de cómo llegamos ahí. Hablaré de herramientas como Calico, Karpenter, CoreDNS, Telegraf, Prometheus, Loki o Grafana, pero también de retos como autenticación, facturación, multi-nube, o de a qué tienes que decir que no para poder sobrevivir en la nube.
To Russia with Love: Deploying Kubernetes in Exotic Locations On PremCloudOps2005
Michael Wojcikiewicz, Container Solutions Architect at CloudOps, showed the communities in Montreal and Kitchener-Waterloo how to deploy Kubernetes on prem at the Kubernetes + Cloud Native meetups for March, 2019.
Workday has built one of the largest OpenStack-based private clouds in the world, hosting a workload of over a million physical cores on over 16,000 compute nodes in 5 data centers for over ten years. However, there was a growing need for a newer, more maintainable deployment model that would closely follow the upstream community. We would like to share our new architecture and deployment approach as well as lessons learned from our experience.
We’ve converted many of our technologies in the process, from…
Migrating from Mitaka, to Victoria
Converting from OpenContrail, to pure L3 Calico with BGP on the host
Deploying with Chef, to deploying with Ansible
Building home-grown container images, to Kolla
Monitoring with Sensu and Wavefront, to Prometheus and Grafana
CI/CD in Jenkins, to Zuul
CentOS 7, to CentOS 8 Stream
We'll also talk about some internal tools we wrote that, while Workday-specific, may inspire you to see what value-add you can make for your customers.
Kubernetes was originally targeted for running large scale web applications.
I/O intensive workload represents a class of high-end applications such as network services, trading applications, database services that require high-speed access to hardware resources and often users specific hardware or CPU features to maximize their performance.
Watch this presentation and learn about Kubernetes Networking:
How to build applications without knowing subnets & IP addresses and build modern cloud-friendly applications in an agile fashion.
Deploying WSO2 API Manager in Production-Grade KubernetesWSO2
In this deck, we explore a scalable deployment of WSO2 API Manager with API analytics on Kubernetes. We further discuss how to deploy WSO2 API Manager with Analytics in Google Kubernetes Engine (GKE), autoscaling WSO2 API Manager based on the production load, how to apply WSO2 Update Manager (WUM) updates in a production Kubernetes environment and best practices for deploying WSO2 API Manager in Kubernetes.
Watch the On-Demand Webinar - https://wso2.com/library/webinars/2019/06/deploying-wso2-api-manager-in-production-grade-kubernetes/
For this info-packed and hands-on workshop we cover:
📍 Introduction to Kubernetes & GitOps talk:
We cover the most popular path that has brought success to many users already - GitOps as a natural evolution of Kubernetes. We'll give an overview of how you can benefit from Kubernetes and GitOps: greater security, reliability, velocity and more. Importantly, we cover definitions and principles standardized by the CNCF's OpenGitOps group and what it means for you.
📍 Get Started with GitOps:
You'll have GitOps up and running in about 30 mins using our free and open source tools! We'll give a brief vision of where you want to be with those security, reliability, and velocity benefits, and then we'll support you while go through the getting started steps. During the workshop, you'll also experience in action and see demos for:
- an opinionated repo structure to minimize decision fatigue
- disaster recovery using GitOps
- Helm charts example
- Multi-cluster example
- all with free and open source tools mostly in the CNCF (eg. Flux and Helm).
If you have questions before or after the workshop, talk to us at #weave-gitops http://bit.ly/WeaveGitOpsSlack (If you need to invite yourself to the Slack, visit https://slack.weave.works/)
Join this info-packed and hands-on workshop where we will cover:
Introduction to Kubernetes & GitOps talk:
We'll cover the most popular path that has brought success to many users already - GitOps as a natural evolution of Kubernetes. We'll give an overview of how you can benefit from Kubernetes and GitOps: greater security, reliability, velocity and more. Importantly, we cover definitions and principles standardized by the CNCF's OpenGitOps group and what it means for you.
Get Started with GitOps:
You'll have GitOps up and running in about 30 mins using our free and open source tools! We'll give a brief vision of where you want to be with those security, reliability, and velocity benefits, and then we'll support you while go through the getting started steps. During the workshop, you'll also experience in action and see demos for:
* an opinionated repo structure to minimize decision fatigue
* disaster recovery using GitOps
* Helm charts example
* Multi-cluster example
* all with free and open source tools mostly in the CNCF (eg. Flux and Helm).
If you have questions before or after the workshop, talk to us at #weave-gitops http://bit.ly/WeaveGitOpsSlack (If you need to invite yourself to the Slack, visit https://slack.weave.works/)
[WSO2Con EU 2018] Deploying Applications in K8S and DockerWSO2
Within the last four years container technologies have become very popular. A lot of companies and developers are now using containers to ship their applications. Docker provides an easy-to-use packaging model to bundle the application. However in many cases, a single container is not enough to run an application. It requires multiple containers, scaled into multiple host machines to become a production grade deployment. Kubernetes is an open source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery. This presentation discusses best practices of deploying application in Docker and Kubernetes while discussing Docker and Kubernetes concepts.
Human No, Machine Yes: Welcome to the CDF with Incremental ConfidenceCloudOps2005
Ravi Lachhman presented 'Welcome to the CDF' at Eastern Canada's Kubernetes and Cloud Native Meetups in 2019.
To see upcoming Kubernetes and Cloud Native meetups in Eastern Canada, please visit https://www.cloudops.com/workshop-calendar/#meetups
The Salmon Algorithm Spawning with KubernetesCloudOps2005
Lindsey Tulloch, Software Engineer Intern at Red Hat, presented 'The Salmon Algorithm Spawning with Kubernetes' at Eastern Canada's Kubernetes and Cloud Native Meetups in 2019.
To see upcoming Kubernetes and Cloud Native meetups in Eastern Canada, please visit https://www.cloudops.com/workshop-calendar/#meetups
Own your Destiny in the Cloud - Ian Rae - Cloud Native Day Montreal 2019CloudOps2005
Ian Rae discussed how companies can own their destinies in the cloud with open source, cloud native technologies, DevOps methodologies, and community at Montreal's first Cloud Native Day in 2019.
Plateformes et infrastructure infonuagique natif de ville de MontréallCloudOps2005
Morgan Martinet et Marc Khouzam avons discuter la plateforme et infrastructure infonuagique natif de ville de Montréal au Cloud Native Day Montreal 2019.
Using Rook to Manage Kubernetes Storage with CephCloudOps2005
Moh Ahmed and Raymond Maika presented 'Using Rook to Manage Kubernetes Storage with Ceph' at Montreal's first Cloud Native Day, which took place on June 11 in Montreal.
Victor Gamov from Confluent presented 'Streams must fFlow: Developing fault tolerant stream processing application with Kafka Streams and Kubernetes’ at Montreal's very first Cloud Native Day, which took place on June 11, 2019.
Kubernetes was first announced by Google in mid-2014 and has since grown from a fledgling project to the mainstream. Ian spoke about what it takes for a project to cross that chasm of critical adoption and what that means for the future of cloud native applications.
Gregory Eric Sanderson, software developer at Jive, spoke about the architecture solution for distributed logging with Kubernetes leveraged by Jive/LogMeIn at the Spring 2019 Kubernetes and Cloud Native meetup in Quebec City.
Kubernetes Security with Calico and Open Policy AgentCloudOps2005
Ray Kao and Kevin Harris from Microsoft presenting ‘Kubernetes Security with Calico and Open Policy Agent’ at the spring 2019 Kubernetes and Cloud Native meetup in Toronto.
Advanced Deployment Strategies with Kubernetes and IstioCloudOps2005
Jonathan Gold from Container Solutions gave a workshop on advanced deployment strategies with Kubernetes and Istio at the spring 2019 Kubernetes and Cloud Native meetup in Ottawa.
Kubernetes Services are sooo Yesterday!CloudOps2005
At the Kubernetes + CloudNative meetup in Toronto of March, 2019, Christopher Liljenstolpe, co-founder and CTO at Tigera, presented ‘Kubernetes Services are sooo yesterday!’ He also provided a demo of Tigera Secure. As Istio, MetalLB, and CoreDNS continue to be adopted en masse, Christopher’s review of the service landscape was most relevant.
Amazon EKS: the good, the bad, and the uglyCloudOps2005
Geoff Flarity, Software Engineer at CashApp (Square), gave a talk covering everything you need to know about EKS, AWS' managed Kubernetes offering at the Kubernetes + Cloud Native meetups in Toronto and Kitchener-Waterloo.
Kubernetes, Terraform, Vault, and ConsulCloudOps2005
Bart Dziekan, Kubernetes Architect and Hashistack expert at DigitalOnUs, explored the 3 essential elements of dynamic infrastructure with the Kubernetes and Cloud Native community of Ottawa at the March, 2019 meetup. His talk showed how you can create all your resources in the cloud with code that uses Terraform.
Sebastien Thomas, System Architect at Coyote Amerique, gave a presentation on operator frameworks. His talk covered how Operator SDK can be used to create Kubernetes Operators with Go.
How to Handle your Kubernetes UpgradesCloudOps2005
Suvrojeet Ghosh, Software Engineer at Ribbon, presented 'How to Handle your Kubernetes Upgrades' at the Kubernetes + Cloud Native meetup in Ottawa in March, 2019. He shared his experiences upgrading HA clusters from v1.0 to v1.13 via kubeadm in multiple hops. He pointed out certain problems and errors to be aware of as well as resources that can help.
This workshop presentation by Ticketmaster discussed Prometheus and Thanos. it focused on where they fit in in the Cloud Native lanscape and how they're being used.
Guy Dumais discussed how the Jenkins Configuration as Code plugin can be used in Red Hat OpenShift to create reliable build systems. This was presented at the very first Montreal Jenkins Meetup.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
7. Aidez-nous !
● À Montréal, Toronto, Ottawa, Québec, Kitchener-Waterloo
● Soumettez une présentation
● Commanditez ! Rejoignez-nous sur meetup.com
● Aidez nous à organizer un meetup
11. Ateliers pratiques !
Montréal et en ligne
Deepen your knowledge of containers and microservices and their ecosystems.
● Docker and Kubernetes
● CI/CD
● IaC
● Advanced Docker and Kubernetes
● Machine Learning
cloudops.com/docker-and-kubernetes-workshops
info@cloudops.com
● OpenShift
● Kubernetes on Google Cloud
● Kubernetes on Azure
● Kubernetes on AWS
18. Page
● The third release in 2018!!! September 28th
● Release link: https://github.com/kubernetes/kubernetes/releases
● The Kubernetes 1.13, 4th release December 4th!!!
Kubernetes 1.12
21. cloudops.com @cloudops_Page
Kubernetes The Hard Way
21
1. Provisioning Compute Resources
2. Provisioning the CA and Generating TLS Certificates
3. Generating Kubernetes Configuration Files for Authentication
4. Generating the Data Encryption Config and Key
5. Bootstrapping the etcd Cluster
6. Bootstrapping the Kubernetes Control Plane
7. Bootstrapping the Kubernetes Worker Nodes
8. Configuring kubectl for Remote Access
9. Provisioning Pod Network Routes
10. Deploying the DNS Cluster Add-on
23. Page
Kubeadm, Kops and other Deployment tools can now benefit from:
● TLS Bootstrapping (Stable)
● kubelet generates a private key and a CSR for submission to a
cluster-level certificate signing process.
● TLS Server Certificate Rotation (Beta)
● In addition to self-signed certificates. Users can now generate a
key locally and use it to issue a CSR to the cluster API server for a
Certificate Authority certificate, which will be updated when it
expires.
What’s new in 1.12
32. Page
Current state of scheduling
● Basic scheduling
● DaemonSets
● Nodes Selectors (e.g. Scheduling on nodes with GPU)
● Advanced Scheduling
● Node Affinity Priority
● Custom schedulers
● Taints/tolerations (e.g scenario for Specialized Hardware,
Hardware failing (but not failed)
● Disruption budget (Cluster upgrades with stateful workloads)
● Pod Priority and Pre-emption (e.g. Run debuggers during overload)
(allows assign priority to specific pods)
33. Page
What’s new in 1.12
SIG Scheduling updates
● Quota by priority - beta
● Allows to set different namespaces to have different priorities, and
assign quotas to those namespaces accordingly. This enhances the
existing priority and preemption feature that was delivered in
Kubernetes 1.11.
34. Page
What’s new in 1.13
SIG Scheduling updates
● Scheduler can be configured to score a subset of the cluster nodes
● Kubernetes scheduler can be configured to only consider a
percentage of the nodes, as long as it can find enough feasible
nodes in that set. This improves the scheduler’s performance in
large clusters.
36. Page
Container Runtime Interface (CRI) 1.7 - GA
36
AVOID
LOCK-IN
Goal of CRI:
● Remove docker kubelet code of out Kubernetes
● Simplify integration of K8s with other runtimes
CRI runtimes
● cri-docker
● rktlet
● cri-o (based on OCI)
● cri-containerd (alpha)
● virtlet (alpha)
● frakti (alpha)
37. Page
What’s new in 1.12
SIG Scheduling updates:
● RuntimeClass - alpha (cluster-scoped runtime properties)
●The runtimeClass is a new field on the PodSpec that enables users
to designate the specific runtime they want to use
● E.g. it will allow users to run Docker and Gvisor containers in same
Kubernetes cluster and specify specific parameters related to that
runtime.
41. Page 41
Container Network Interface (CNI)
41
CNI is a specification proposed by CoreOS and adopted by
Kubernetes. CNI is currnetly part of CNCF
Goal of CNI:
● To make network layer easy pluggable
● CNM is not good option for K8s
● Avoid code duplication
Third-party CNI plugins:
● Flannel
● Weave
● Calico
● Contiv and many more
46. Page
State of Network Policy in Kubernetes
Network Policy is (stable) Kubernetes 1.7 release and above
Features:
● Ingress (stable) policies can be defined
● Cross-namespace policies
● Egress (beta)
47. Page
Focus of SIG-Networking was improve to Network Policy features
● Egress - Stable
● Enables administrators to define how network traffic leaves a Pod,
this rules added in addition to Ingress Network Policy rules.
● ipBlock - Stable
● ipBlock functionality allows for defining CIDR ranges in
NetworkPolicy definitions.
What’s new in 1.12
48. Page
Example of egress and ipBlock
kind: NetworkPolicy
apiVersion:
networking.k8s.io/v1
metadata:
name: default-block
namespace: netpol-test
spec:
podSelector:
matchLabels:
role: db
egress:
- to:
- ipBlock:
cidr: 0.0.0.0/0
except:
- 192.168.111.0/24
policyTypes:
- Egress
51. Page
● K8s has Kubernetes Volume Plugins, however it is challenging
adding support for new “in-tree” volume plugins
● CSI makes Kubernetes volume layer truly extensible (Beta)
Current state of Storage
52. Page
Sig-Storage contributed some following enhancements:
● Topology-aware dynamic provisioning - Beta
● Topology aware provisioning makes it possible for Kubernetes to more intelligently provision
resources. Prevents from situation where a pod can’t start because the storage resources it
needs are in a different zone.
What’s new in 1.12
53. Page
Sig-Storage contributed some following enhancements:
● Container Storage Interface (CSI) - GA
● Raw block device using persistent volume source (Beta)
● Topology-aware dynamic provisioning (Stable)
What’s new in 1.13
55. Page
Autoscaling in Kubernetes
55
● Horizontal Pod Autoscaling (HPA)
Based on CPU
Based on Memory
Based on Custom Metrics
● Vertical Pods Autoscaling (VPA) - alpha
● Cluster Autoscaling
57. Page
Horizontal Pod Autoscaling (HPA)
57
Kubernetes automatically scales the number of pods in
● Deployment
Metrics for autoscaling
● observed CPU utilization
● observed Memory utilization
● application-provided metrics aka Custom Metrics
Pod 1 Pod 2 Pod .. Pod N
RC / Deployment Autoscaler
59. Page
Maintain a decent load
● If pods are heavily loaded then starting new
pods may bring average load down.
60. Page
Maintain a decent load
● If pods are heavily loaded then starting new
pods may bring average load down.
61. Page
Maintain a decent load
● If pods are heavily loaded then starting new
pods may bring average load down.
62. Page
Maintain a decent load
● If pods are heavily loaded then starting new
pods may bring average load down.
● If pods are barely loaded then stopping pods
will free some resources and the deployment
should still be ok..
63. Page
Maintain a decent load
● If pods are heavily loaded then starting new
pods may bring average load down.
● If pods are barely loaded then stopping pods
will free some resources and the deployment
should still be ok..
64. Page
Maintain a decent load
● If pods are heavily loaded then starting new
pods may bring average load down.
● If pods are barely loaded then stopping pods
will free some resources and the deployment
should still be ok..
● Specify the target for the load and try to be as
close as possible to it.
68. Page
Vertical Pod Autoscaling (VPA)
How VPA works:
● Resource: CPU/Memory
● “Increasing CPU/Memory resources when
necessary”
● Less complicated to design for resource
increase
● Harder to autoscale
68
70. Page
VPA Limitations
● alpha, so need testing and tease
out edge-cases
● in-place updates (requires support from
container runtime)
● usage spikes—how to deal with it best?
70
72. Page
Sig-Autoscaling made significant improvements in HPA and VPA
● HPA (Horizontal Pod Autoscaler)
● Scaling via custom metrics (metrics-server) - beta
● Improving scaling algorithm to reach size faster - beta
The algorithm used to determine how many pods should be active has been adjusted to
improve the time-to-completion
● VPA (Vertical Pod Autoscaler) - beta
What’s new in 1.12
76. Page
● Support for Azure Virtual Machine Scale Sets (VMSS)
● Cluster autoscaler support (Stable)
● Azure availability zone support (alpha)
● In future AKS will come with VMSS support
Kubernetes 1.12 (Azure)
86. Falco
A runtime security tool developed by Sysdig, designed to
detect anomalous activity and intrusions in Kubernetes
87. ● Abnormal Behavior Detection for Linux based
Containers, Hosts, and Orchestration Platforms
● Commonly referred to “Runtime Security”
● Filter language can easily detect events such as:
○ Shells/processes spawned in a container
○ Unexpected outbound connections
○ Processes listening on unexpected ports
○ Files/binaries changed after container start
○ Container isolation compromised
● Automated action can be taken when abnormal events
are detected
Falco
88. Why do you need Falco?
● Image scanning is “point in time” security of choices made by
developers
● Need the have ability to detect breakdowns in isolation when containers are
running
● Falco can detect comprised:
○ Container isolation (vulnerabilities in container runtimes/Linux kernel)
○ Applications (exploited applications)
○ Orchestration Systems (Exposed dashboards, API ports)
● Enforces best practices & compliance requirements (PCI, SOC, GDPR)
92. Runtime Security Tools Space
Proprietary
A number of vendors provide runtime security as
part of a broader container security product. These
products bundle capabilities from multiple security
areas - such as image scanning, access control,
and firewalling - to create a more extensive security
product.
- Sysdig Secure: The Falco rules
engine is used along with proprietary
software to create a SaaS based security
product.
- Aqua Security
- Twistlock
Open Source
Falco is one component of a complete security tool
set for Cloud Native platforms. Other
complementary open source projects include
Anchore, Clair, Inspec, Cilium, Notary, TUF, SPIFFE,
Vault, etc. Each project covers a different area of
infrastructure, software build, or runtime security.
- Falco
98. ● v0.7 released Feb 21, v0.8 released July 18
○ 545 commits total
● Instituted formalized project governance policies, added a new maintainer
● Rook Framework for Storage Providers
○ Makes Rook a general cloud-native storage orchestrator
○ Supports multiple new storage solutions with reusable specs, logic, policies
○ CockroachDB and Minio orchestration released in v0.8
○ NFS, Cassandra, Nexenta, Alluxio ongoing
● Ceph support graduated to Beta maturity
● Automatic horizontal scaling by the Ceph operator
● Improved security model and support for OpenShift
● Numerous other features and improvements
98
Progress Since Sandbox Entry
99. Adopters: Production Usage
99
There are additional adopters of Rook, especially those with on-premise deployments, that are
not ready to share the details of their usage publicly at this time.
100. Centre of Excellence in Next
Generation Networks
100
● 20 bare-metal nodes providing 100TB, with more being added
● Heterogeneous mix of nodes with high disk density as well as
compute-focused nodes
● Several databases, web applications, and a self-hosted file sharing
solution
“Rook is giving us a big head start in deploying cloud-native Ceph...having an
operator that can help deploy and manage Ceph in a cloud-native environment
is an ideal solution...gives us the ability to leverage both the storage and the extra
compute capabilities of the storage-dense nodes”
Raymond Maika, Cloud Infrastructure Engineer at CENGN
101. Harbor: Sandbox -> Incubation
A trusted container registry that stores, signs, and
scans docker images.
103. cloudops.com @cloudops_
What makes a trusted cloud native registry?
− Registry features include
■ Docker and Helm Registry
■ Multi-tenant content signing and validation
■ Security and vulnerability analysis
■ Role based access control and LDAP/AD support
■ Image deletion & garbage collection
■ Image replication between instances
■ Internationalization (currently English and Chinese)
− Operational experience
■ Deployed in containers
■ Extends, manages, and integrates proven open source components
104. cloudops.com @cloudops_
Architecture
API Routing
Core Service (API/Auth/GUI)
Image
Registry
Trusted
Content
Vulnerability
ScanningJob Service
Admin
Service
Harbor components
3rd party components
SQL DatabaseKey/Value Storage
Harbor integrates
multiple open
source
components to
provide a trusted
registry.
Persistence components
Local or Remote Storage (block, file, object)
Users (GUI/API)
Container
Schedulers/Runtimes
Consumers
LDAP/Active
Directory
Supporting services
HarborPackaging
113. Cloud Native Computing Foundation
11
3
2018-19 KubeCon + CloudNativeCon
• China
– Shanghai: November 14-15, 2018
– General session CFP closed!
– Intro and Deep Dive Sessions CFP
• North America
– Seattle: December 11 - 13, 2018
– CFP open until August 12, 2018
– Intro and Deep Dive Sessions CFP
• Europe
– Barcelona: May 21 - 23, 2019