SlideShare a Scribd company logo

Kubernetes as a Concrete Abstraction Layer

K
KarenBruner

Slides from SCaLE 18x. Abstract: https://www.socallinuxexpo.org/scale/18x/presentations/kubernetes-concrete-abstraction-layer

1 of 25
Download to read offline
Kubernetes as a Concrete Abstraction Layer SCaLE 18x
2 WHO AM I • Karen Bruner • Recovering SRE • Tech Evangelist at StackRox • Totally Sane Cat Lady • Twitter @fuzzyKB
3 WHAT IS KUBERNETES • Container Orchestration Platform
4 WHAT IS KUBERNETES • Self-Driving Car for ContainerWorkloads and Services • Except More Like "Assisted Driving" • And Everything is in a Different Place in Every Model • And If It Catches Fire, It Burns for Hours
5 WHAT WE'LL COVER • Kubernetes Releases and Conformance • Storage • Service Load Balancers • Nodeless • Security Options • Other Functional Differences • Mitigation Plans
6 Kubernetes Releases and Conformance
7 Kubernetes Release Cycle • Release cadence: every 3 months • 3 versions supported at a time • Interactive release notes: relnotes.k8s.io
8 Version EKS AKS GKE Kubernetes 1.18 beta 1.17 preview ✔ 1.16 preview beta ✔ 1.15 ✔ ✔ ✔ 1.14 default default default 1.13 ✔ ✔ ✔ 1.12 ✔ Current Support Matrix
9 CNCF Certified Kubernetes Conformance • Covered • kubelet behavior • Most Core API resources • App API resources • Batch API resources • Pod-to-pod and service networking • Not Covered • StorageClass, PersistentVolumes • Service of type LoadBalancer • APIs requiring plugins, controllers (usually), or device drivers • Nodeless platforms
10 Conformance Examples (Illustrated) Covered: Pods Not Covered: Load Balancers
11 Abstract vs Concrete Examples FromWhere Portability Ends
12 Platform Kubernetes Version Cloud Provider ToolVersion Notes AKS 1.14.8 Azure az v2.0.77 kubenet network EKS 1.14.9 AWS eksctl v0.13.0 GKE 1.14.10 Google Cloud gcloud v283.0.0 Kops 1.16.7 AWS kops v1.16.0 flannel CNI Kubespray 1.16.6 AWS master branch 2019-02-27 OpenShift 1.14.6 AWS openshift-installer v4.3.2 OpenShift v4.2.21 Evaluation Environments
13 Platform Default StorageClass Supports Resize AKS Standard Azure Storage (HDD) Yes EKS Elastic Block Storage gp2 (SSD) Yes GKE Standard Persistent Disk (HDD) Yes Kops Elastic Block Storage gp2 (SSD) Yes Kubespray None N/A OpenShift Elastic Block Storage gp2 (SSD) Yes PersistentVolumes
14 Managing Differences in Storage • Create standard default StorageClasses on all platforms • Use consistent StorageClass names across platforms (ssd, hdd) • Avoid provider special snowflake storage products • Or use a portable storage service like Rook/Ceph
15 Platform Default Load Balancer Type Source IP Preserved Default Idle Timeout (K8s) Supported Timeout Range AKS Azure Standard Load Balancer Yes 30 m 4-30 m EKS Elastic Load Balancer (Classic ELB) No 60 s 1-4000 s GKE ExternalTCP/UDP Network Load Balancer Yes Not documented Not documented Kops Elastic Load Balancer (Classic ELB) No 60 s 1-4000 s Kubespray None N/A N/A N/A OpenShift Elastic Load Balancer (Classic ELB) No 60 s 1-4000 s Service Load Balancers
16 Managing Differences in Load Balancers • For source IP, set externalTrafficPolicyto Local • LB must support IP SNAT • Requires DaemonSet for backend service unless LB does health checking • For LBs with no source IP NAT • Check provider for alternative LB types • Use Proxy Protocol • Examples • Annotation to use AWS Network Load Balancer: service.beta.kubernetes.io/aws-load-balancer-type: "nlb" • Annotation to enable Proxy Protocol on AWS Classic ELB: service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
17 Load Balancer Demo
18 "Nodeless" Kubernetes • virtual-kubelet • Currently at 70% CNCF Conformance • Main portability limitation: no DaemonSet support • Cloud provider "nodeless" • AKS on Azure Container Instances • EKS on Fargate (not based on virtual-kubelet) • GKE - none • Common limitations on managed providers • No DaemonSet support (run as sidecars) • No privileged containers • No node-level visibility
19 Platform RBAC Network Policy Pod Security Policy AKS Optional; enabled by default Optional Optional EKS Always on User-managed Always on GKE Optional; enabled by default Optional Optional Kops Optional; enabled by default Depends on CNI (default no: kubenet) Optional Kubespray Optional; enabled by default Depends on CNI (default yes: Calico) Optional OpenShift Always on Optional; enabled by default Not supported Kubernetes Security Features
20 Other Potential Problem Areas • Supported Admission Controllers • Feature gates • Enabled API groups • Container runtimes
21 Maintaining Portability • Create self-managed clusters • Create your own sonobuoy plugins for organizational conformance • Enable RBAC and Network Policy everywhere • Use consistent resource manifests across platforms • Open Policy Agent Gatekeeper to enforce security and resource conformance
22 References
23 Thanks and References Thanks to Brendan Cox and MadhuriYechuri for virtual-kubelet info Conformance • https://github.com/cncf/k8s-conformance/blob/master/docs/KubeConformance-1.15.md • https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/ • https://sonobuoy.io/ Platforms • https://docs.microsoft.com/en-us/azure/aks/ • https://docs.aws.amazon.com/eks/latest/userguide/what-is-eks.html • https://cloud.google.com/kubernetes-engine/docs/concepts/kubernetes-engine-overview • https://github.com/kubernetes/kops • https://github.com/kubernetes-sigs/kubespray • https://docs.openshift.com/container-platform/4.2/welcome/index.html Storage • https://kubernetes.io/docs/concepts/storage/storage-classes/ • https://kubernetes.io/docs/concepts/storage/persistent-volumes/ • https://github.com/rook/rook Load balancing • https://kubernetes.io/docs/concepts/architecture/cloud-controller/ • https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer • https://aws.amazon.com/elasticloadbalancing/ • https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview • https://cloud.google.com/load-balancing/docs/network
24 References (cont.) Nodeless • https://virtual-kubelet.io/ • https://docs.microsoft.com/en-us/azure/aks/virtual-nodes-portal • https://docs.aws.amazon.com/eks/latest/userguide/fargate.html • https://cloud.google.com/run/docs Security • https://kubernetes.io/docs/reference/access-authn-authz/rbac/ • https://kubernetes.io/docs/concepts/services-networking/network-policies/ • https://kubernetes.io/docs/concepts/policy/pod-security-policy/ • https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet-authentication-authorization/ Other potential problem areas • https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/ • https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/ • https://kubernetes.io/docs/reference/using-api/api-overview/ Maintaining portability • https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/ • https://github.com/kubernetes-sigs/kubespray/blob/master/docs/comparisons.md • https://github.com/open-policy-agent/gatekeeper
25 Questions? • Twitter @fuzzyKB • LinkedIn www.linkedin.com/in/kmbruner/ • Blog posts • www.stackrox.com/post/ (paycheck) • nightmare-before-devops.xyz (personal)

Recommended

Kubernetes 101 for Developers
Kubernetes 101 for DevelopersKubernetes 101 for Developers
Kubernetes 101 for Developers
Ross Kukulinski
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
Ross Kukulinski
 
Guts & OpenStack migration
Guts & OpenStack migrationGuts & OpenStack migration
Guts & OpenStack migration
openstackindia
 
Stateful set in kubernetes implementation & usecases
Stateful set in kubernetes implementation & usecases Stateful set in kubernetes implementation & usecases
Stateful set in kubernetes implementation & usecases
Krishna-Kumar
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Crevise Technologies
 
Securing & Monitoring Your K8s Cluster with RBAC and Prometheus”.
Securing & Monitoring Your K8s Cluster with RBAC and Prometheus”.Securing & Monitoring Your K8s Cluster with RBAC and Prometheus”.
Securing & Monitoring Your K8s Cluster with RBAC and Prometheus”.
Opcito Technologies
 
Scheduling a Kubernetes Federation with Admiralty
Scheduling a Kubernetes Federation with AdmiraltyScheduling a Kubernetes Federation with Admiralty
Scheduling a Kubernetes Federation with Admiralty
Igor Sfiligoi
 
Architecting a Cloud Native Internet Archive
Architecting a Cloud Native Internet ArchiveArchitecting a Cloud Native Internet Archive
Architecting a Cloud Native Internet Archive
Ross Kukulinski
 

Recommended

Kubernetes 101 for Developers
Kubernetes 101 for DevelopersKubernetes 101 for Developers
Kubernetes 101 for Developers
Ross Kukulinski
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
Ross Kukulinski
 
Guts & OpenStack migration
Guts & OpenStack migrationGuts & OpenStack migration
Guts & OpenStack migration
openstackindia
 
Stateful set in kubernetes implementation & usecases
Stateful set in kubernetes implementation & usecases Stateful set in kubernetes implementation & usecases
Stateful set in kubernetes implementation & usecases
Krishna-Kumar
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Crevise Technologies
 
Securing & Monitoring Your K8s Cluster with RBAC and Prometheus”.
Securing & Monitoring Your K8s Cluster with RBAC and Prometheus”.Securing & Monitoring Your K8s Cluster with RBAC and Prometheus”.
Securing & Monitoring Your K8s Cluster with RBAC and Prometheus”.
Opcito Technologies
 
Scheduling a Kubernetes Federation with Admiralty
Scheduling a Kubernetes Federation with AdmiraltyScheduling a Kubernetes Federation with Admiralty
Scheduling a Kubernetes Federation with Admiralty
Igor Sfiligoi
 
Architecting a Cloud Native Internet Archive
Architecting a Cloud Native Internet ArchiveArchitecting a Cloud Native Internet Archive
Architecting a Cloud Native Internet Archive
Ross Kukulinski
 
Workshop: Deploying and Scaling Node.js with Kubernetes
Workshop: Deploying and Scaling Node.js with KubernetesWorkshop: Deploying and Scaling Node.js with Kubernetes
Workshop: Deploying and Scaling Node.js with Kubernetes
Ross Kukulinski
 
Autoscaling Kubernetes
Autoscaling KubernetesAutoscaling Kubernetes
Autoscaling Kubernetes
craigbox
 
Container Orchestration
Container OrchestrationContainer Orchestration
Container Orchestration
dfilppi
 
DockerDay2015: Getting started with Google Container Engine
DockerDay2015: Getting started with Google Container EngineDockerDay2015: Getting started with Google Container Engine
DockerDay2015: Getting started with Google Container Engine
Docker-Hanoi
 
Kubernetes Introduction & Whats new in Kubernetes 1.6
Kubernetes Introduction & Whats new in Kubernetes 1.6Kubernetes Introduction & Whats new in Kubernetes 1.6
Kubernetes Introduction & Whats new in Kubernetes 1.6
Opcito Technologies
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
Paris Apostolopoulos
 
Challenges of Kubernetes On-premise Deployment
Challenges of Kubernetes On-premise DeploymentChallenges of Kubernetes On-premise Deployment
Challenges of Kubernetes On-premise Deployment
Vietnam Open Infrastructure User Group
 
Kubernetes on CloudStack with coreOS
Kubernetes on CloudStack with coreOSKubernetes on CloudStack with coreOS
Kubernetes on CloudStack with coreOS
Sebastien Goasguen
 
k8s NodeSet
k8s NodeSet k8s NodeSet
k8s NodeSet
loodse
 
Kubernetes User Group: 維運 Kubernetes 的兩三事
Kubernetes User Group: 維運 Kubernetes 的兩三事Kubernetes User Group: 維運 Kubernetes 的兩三事
Kubernetes User Group: 維運 Kubernetes 的兩三事
smalltown
 
Node.js and Containers Go Together Like Peanut Butter and Jelly
Node.js and Containers Go Together Like Peanut Butter and JellyNode.js and Containers Go Together Like Peanut Butter and Jelly
Node.js and Containers Go Together Like Peanut Butter and Jelly
Ross Kukulinski
 
What's new in Kubernetes
What's new in KubernetesWhat's new in Kubernetes
What's new in Kubernetes
Daniel Smith
 
Kubernetes dealing with storage and persistence
Kubernetes dealing with storage and persistenceKubernetes dealing with storage and persistence
Kubernetes dealing with storage and persistence
Janakiram MSV
 
Ceph & OpenStack talk given @ OpenStack Meetup @ Bangalore, June 2015
Ceph & OpenStack talk given @ OpenStack Meetup @ Bangalore, June 2015Ceph & OpenStack talk given @ OpenStack Meetup @ Bangalore, June 2015
Ceph & OpenStack talk given @ OpenStack Meetup @ Bangalore, June 2015
Deepak Shetty
 
Docker meets Kubernetes
Docker meets KubernetesDocker meets Kubernetes
Docker meets Kubernetes
loodse
 
Kafka on Kubernetes: Keeping It Simple (Nikki Thean, Etsy) Kafka Summit SF 2019
Kafka on Kubernetes: Keeping It Simple (Nikki Thean, Etsy) Kafka Summit SF 2019Kafka on Kubernetes: Keeping It Simple (Nikki Thean, Etsy) Kafka Summit SF 2019
Kafka on Kubernetes: Keeping It Simple (Nikki Thean, Etsy) Kafka Summit SF 2019
confluent
 
Kubernetes Frankfurt
Kubernetes FrankfurtKubernetes Frankfurt
Kubernetes Frankfurt
loodse
 
Intro to kubernetes
Intro to kubernetesIntro to kubernetes
Intro to kubernetes
Faculty of Technical Sciences, University of Novi Sad
 
Rook on aws kubernetes meetup munchen 22_feb_18
Rook on aws kubernetes meetup munchen 22_feb_18Rook on aws kubernetes meetup munchen 22_feb_18
Rook on aws kubernetes meetup munchen 22_feb_18
Ovidiu Hutuleac
 
Flocker
FlockerFlocker
Flocker
Venkata Naga Ravi
 
Elastic Kubernetes Services (EKS)
Elastic Kubernetes Services (EKS)Elastic Kubernetes Services (EKS)
Elastic Kubernetes Services (EKS)
sriram_rajan
 
Kubernetes – An open platform for container orchestration
Kubernetes – An open platform for container orchestrationKubernetes – An open platform for container orchestration
Kubernetes – An open platform for container orchestration
inovex GmbH
 

More Related Content

What's hot

Workshop: Deploying and Scaling Node.js with Kubernetes
Workshop: Deploying and Scaling Node.js with KubernetesWorkshop: Deploying and Scaling Node.js with Kubernetes
Workshop: Deploying and Scaling Node.js with Kubernetes
Ross Kukulinski
 
Autoscaling Kubernetes
Autoscaling KubernetesAutoscaling Kubernetes
Autoscaling Kubernetes
craigbox
 
Container Orchestration
Container OrchestrationContainer Orchestration
Container Orchestration
dfilppi
 
DockerDay2015: Getting started with Google Container Engine
DockerDay2015: Getting started with Google Container EngineDockerDay2015: Getting started with Google Container Engine
DockerDay2015: Getting started with Google Container Engine
Docker-Hanoi
 
Kubernetes Introduction & Whats new in Kubernetes 1.6
Kubernetes Introduction & Whats new in Kubernetes 1.6Kubernetes Introduction & Whats new in Kubernetes 1.6
Kubernetes Introduction & Whats new in Kubernetes 1.6
Opcito Technologies
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
Paris Apostolopoulos
 
Challenges of Kubernetes On-premise Deployment
Challenges of Kubernetes On-premise DeploymentChallenges of Kubernetes On-premise Deployment
Challenges of Kubernetes On-premise Deployment
Vietnam Open Infrastructure User Group
 
Kubernetes on CloudStack with coreOS
Kubernetes on CloudStack with coreOSKubernetes on CloudStack with coreOS
Kubernetes on CloudStack with coreOS
Sebastien Goasguen
 
k8s NodeSet
k8s NodeSet k8s NodeSet
k8s NodeSet
loodse
 
Kubernetes User Group: 維運 Kubernetes 的兩三事
Kubernetes User Group: 維運 Kubernetes 的兩三事Kubernetes User Group: 維運 Kubernetes 的兩三事
Kubernetes User Group: 維運 Kubernetes 的兩三事
smalltown
 
Node.js and Containers Go Together Like Peanut Butter and Jelly
Node.js and Containers Go Together Like Peanut Butter and JellyNode.js and Containers Go Together Like Peanut Butter and Jelly
Node.js and Containers Go Together Like Peanut Butter and Jelly
Ross Kukulinski
 
What's new in Kubernetes
What's new in KubernetesWhat's new in Kubernetes
What's new in Kubernetes
Daniel Smith
 
Kubernetes dealing with storage and persistence
Kubernetes dealing with storage and persistenceKubernetes dealing with storage and persistence
Kubernetes dealing with storage and persistence
Janakiram MSV
 
Ceph & OpenStack talk given @ OpenStack Meetup @ Bangalore, June 2015
Ceph & OpenStack talk given @ OpenStack Meetup @ Bangalore, June 2015Ceph & OpenStack talk given @ OpenStack Meetup @ Bangalore, June 2015
Ceph & OpenStack talk given @ OpenStack Meetup @ Bangalore, June 2015
Deepak Shetty
 
Docker meets Kubernetes
Docker meets KubernetesDocker meets Kubernetes
Docker meets Kubernetes
loodse
 
Kafka on Kubernetes: Keeping It Simple (Nikki Thean, Etsy) Kafka Summit SF 2019
Kafka on Kubernetes: Keeping It Simple (Nikki Thean, Etsy) Kafka Summit SF 2019Kafka on Kubernetes: Keeping It Simple (Nikki Thean, Etsy) Kafka Summit SF 2019
Kafka on Kubernetes: Keeping It Simple (Nikki Thean, Etsy) Kafka Summit SF 2019
confluent
 
Kubernetes Frankfurt
Kubernetes FrankfurtKubernetes Frankfurt
Kubernetes Frankfurt
loodse
 
Intro to kubernetes
Intro to kubernetesIntro to kubernetes
Intro to kubernetes
Faculty of Technical Sciences, University of Novi Sad
 
Rook on aws kubernetes meetup munchen 22_feb_18
Rook on aws kubernetes meetup munchen 22_feb_18Rook on aws kubernetes meetup munchen 22_feb_18
Rook on aws kubernetes meetup munchen 22_feb_18
Ovidiu Hutuleac
 
Flocker
FlockerFlocker
Flocker
Venkata Naga Ravi
 

What's hot (20)

Workshop: Deploying and Scaling Node.js with Kubernetes
Workshop: Deploying and Scaling Node.js with KubernetesWorkshop: Deploying and Scaling Node.js with Kubernetes
Workshop: Deploying and Scaling Node.js with Kubernetes
 
Autoscaling Kubernetes
Autoscaling KubernetesAutoscaling Kubernetes
Autoscaling Kubernetes
 
Container Orchestration
Container OrchestrationContainer Orchestration
Container Orchestration
 
DockerDay2015: Getting started with Google Container Engine
DockerDay2015: Getting started with Google Container EngineDockerDay2015: Getting started with Google Container Engine
DockerDay2015: Getting started with Google Container Engine
 
Kubernetes Introduction & Whats new in Kubernetes 1.6
Kubernetes Introduction & Whats new in Kubernetes 1.6Kubernetes Introduction & Whats new in Kubernetes 1.6
Kubernetes Introduction & Whats new in Kubernetes 1.6
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
 
Challenges of Kubernetes On-premise Deployment
Challenges of Kubernetes On-premise DeploymentChallenges of Kubernetes On-premise Deployment
Challenges of Kubernetes On-premise Deployment
 
Kubernetes on CloudStack with coreOS
Kubernetes on CloudStack with coreOSKubernetes on CloudStack with coreOS
Kubernetes on CloudStack with coreOS
 
k8s NodeSet
k8s NodeSet k8s NodeSet
k8s NodeSet
 
Kubernetes User Group: 維運 Kubernetes 的兩三事
Kubernetes User Group: 維運 Kubernetes 的兩三事Kubernetes User Group: 維運 Kubernetes 的兩三事
Kubernetes User Group: 維運 Kubernetes 的兩三事
 
Node.js and Containers Go Together Like Peanut Butter and Jelly
Node.js and Containers Go Together Like Peanut Butter and JellyNode.js and Containers Go Together Like Peanut Butter and Jelly
Node.js and Containers Go Together Like Peanut Butter and Jelly
 
What's new in Kubernetes
What's new in KubernetesWhat's new in Kubernetes
What's new in Kubernetes
 
Kubernetes dealing with storage and persistence
Kubernetes dealing with storage and persistenceKubernetes dealing with storage and persistence
Kubernetes dealing with storage and persistence
 
Ceph & OpenStack talk given @ OpenStack Meetup @ Bangalore, June 2015
Ceph & OpenStack talk given @ OpenStack Meetup @ Bangalore, June 2015Ceph & OpenStack talk given @ OpenStack Meetup @ Bangalore, June 2015
Ceph & OpenStack talk given @ OpenStack Meetup @ Bangalore, June 2015
 
Docker meets Kubernetes
Docker meets KubernetesDocker meets Kubernetes
Docker meets Kubernetes
 
Kafka on Kubernetes: Keeping It Simple (Nikki Thean, Etsy) Kafka Summit SF 2019
Kafka on Kubernetes: Keeping It Simple (Nikki Thean, Etsy) Kafka Summit SF 2019Kafka on Kubernetes: Keeping It Simple (Nikki Thean, Etsy) Kafka Summit SF 2019
Kafka on Kubernetes: Keeping It Simple (Nikki Thean, Etsy) Kafka Summit SF 2019
 
Kubernetes Frankfurt
Kubernetes FrankfurtKubernetes Frankfurt
Kubernetes Frankfurt
 
Intro to kubernetes
Intro to kubernetesIntro to kubernetes
Intro to kubernetes
 
Rook on aws kubernetes meetup munchen 22_feb_18
Rook on aws kubernetes meetup munchen 22_feb_18Rook on aws kubernetes meetup munchen 22_feb_18
Rook on aws kubernetes meetup munchen 22_feb_18
 
Flocker
FlockerFlocker
Flocker
 

Similar to Kubernetes as a Concrete Abstraction Layer

Elastic Kubernetes Services (EKS)
Elastic Kubernetes Services (EKS)Elastic Kubernetes Services (EKS)
Elastic Kubernetes Services (EKS)
sriram_rajan
 
Kubernetes – An open platform for container orchestration
Kubernetes – An open platform for container orchestrationKubernetes – An open platform for container orchestration
Kubernetes – An open platform for container orchestration
inovex GmbH
 
A Million ways of Deploying a Kubernetes Cluster
A Million ways of Deploying a Kubernetes ClusterA Million ways of Deploying a Kubernetes Cluster
A Million ways of Deploying a Kubernetes Cluster
Jimmy Lu
 
01. Kubernetes-PPT.pptx
01. Kubernetes-PPT.pptx01. Kubernetes-PPT.pptx
01. Kubernetes-PPT.pptx
TamalBanerjee16
 
Getting started with Azure Container Service (AKS)
Getting started with Azure Container Service (AKS)Getting started with Azure Container Service (AKS)
Getting started with Azure Container Service (AKS)
Janakiram MSV
 
Engage 2020 - Kubernetes for HCL Connections Component Pack - Build or Buy?
Engage 2020 - Kubernetes for HCL Connections Component Pack - Build or Buy?Engage 2020 - Kubernetes for HCL Connections Component Pack - Build or Buy?
Engage 2020 - Kubernetes for HCL Connections Component Pack - Build or Buy?
panagenda
 
Kubernetes for HCL Connections Component Pack - Build or Buy?
Kubernetes for HCL Connections Component Pack - Build or Buy?Kubernetes for HCL Connections Component Pack - Build or Buy?
Kubernetes for HCL Connections Component Pack - Build or Buy?
Martin Schmidt
 
kubernetes_largescale_system_design_optimization
kubernetes_largescale_system_design_optimizationkubernetes_largescale_system_design_optimization
kubernetes_largescale_system_design_optimization
RaviShankar KS
 
DevOps in AWS with Kubernetes
DevOps in AWS with KubernetesDevOps in AWS with Kubernetes
DevOps in AWS with Kubernetes
Oleg Chunikhin
 
Kubernetes Internals
Kubernetes InternalsKubernetes Internals
Kubernetes Internals
Shimi Bandiel
 
Running Kafka on Kubernetes, across three clouds at Adobe
Running Kafka on Kubernetes, across three clouds at AdobeRunning Kafka on Kubernetes, across three clouds at Adobe
Running Kafka on Kubernetes, across three clouds at Adobe
DoKC
 
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
VMUG IT
 
Enterprise grade-deployment-2019
Enterprise grade-deployment-2019Enterprise grade-deployment-2019
Enterprise grade-deployment-2019
Martin Novák
 
Kubernetes Basics - ICP Workshop Batch II
Kubernetes Basics - ICP Workshop Batch IIKubernetes Basics - ICP Workshop Batch II
Kubernetes Basics - ICP Workshop Batch II
PT Datacomm Diangraha
 
Docker and kubernetes_introduction
Docker and kubernetes_introductionDocker and kubernetes_introduction
Docker and kubernetes_introduction
Jason Hu
 
Centralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container OperationsCentralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container Operations
Kublr
 
Demystifying Kubernetes for Enterprise DevOps
Demystifying Kubernetes for Enterprise DevOpsDemystifying Kubernetes for Enterprise DevOps
Demystifying Kubernetes for Enterprise DevOps
Jim Bugwadia
 
Let's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for KubernetesLet's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for Kubernetes
Phil Estes
 
Kubernetes in Azure
Kubernetes in AzureKubernetes in Azure
Kubernetes in Azure
Karl Ots
 
Scaling AKS Nodes: Leveraging Cluster Autoscaler, Karpenter, and Node Autopro...
Scaling AKS Nodes: Leveraging Cluster Autoscaler, Karpenter, and Node Autopro...Scaling AKS Nodes: Leveraging Cluster Autoscaler, Karpenter, and Node Autopro...
Scaling AKS Nodes: Leveraging Cluster Autoscaler, Karpenter, and Node Autopro...
Philip Welz
 

Similar to Kubernetes as a Concrete Abstraction Layer (20)

Elastic Kubernetes Services (EKS)
Elastic Kubernetes Services (EKS)Elastic Kubernetes Services (EKS)
Elastic Kubernetes Services (EKS)
 
Kubernetes – An open platform for container orchestration
Kubernetes – An open platform for container orchestrationKubernetes – An open platform for container orchestration
Kubernetes – An open platform for container orchestration
 
A Million ways of Deploying a Kubernetes Cluster
A Million ways of Deploying a Kubernetes ClusterA Million ways of Deploying a Kubernetes Cluster
A Million ways of Deploying a Kubernetes Cluster
 
01. Kubernetes-PPT.pptx
01. Kubernetes-PPT.pptx01. Kubernetes-PPT.pptx
01. Kubernetes-PPT.pptx
 
Getting started with Azure Container Service (AKS)
Getting started with Azure Container Service (AKS)Getting started with Azure Container Service (AKS)
Getting started with Azure Container Service (AKS)
 
Engage 2020 - Kubernetes for HCL Connections Component Pack - Build or Buy?
Engage 2020 - Kubernetes for HCL Connections Component Pack - Build or Buy?Engage 2020 - Kubernetes for HCL Connections Component Pack - Build or Buy?
Engage 2020 - Kubernetes for HCL Connections Component Pack - Build or Buy?
 
Kubernetes for HCL Connections Component Pack - Build or Buy?
Kubernetes for HCL Connections Component Pack - Build or Buy?Kubernetes for HCL Connections Component Pack - Build or Buy?
Kubernetes for HCL Connections Component Pack - Build or Buy?
 
kubernetes_largescale_system_design_optimization
kubernetes_largescale_system_design_optimizationkubernetes_largescale_system_design_optimization
kubernetes_largescale_system_design_optimization
 
DevOps in AWS with Kubernetes
DevOps in AWS with KubernetesDevOps in AWS with Kubernetes
DevOps in AWS with Kubernetes
 
Kubernetes Internals
Kubernetes InternalsKubernetes Internals
Kubernetes Internals
 
Running Kafka on Kubernetes, across three clouds at Adobe
Running Kafka on Kubernetes, across three clouds at AdobeRunning Kafka on Kubernetes, across three clouds at Adobe
Running Kafka on Kubernetes, across three clouds at Adobe
 
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
 
Enterprise grade-deployment-2019
Enterprise grade-deployment-2019Enterprise grade-deployment-2019
Enterprise grade-deployment-2019
 
Kubernetes Basics - ICP Workshop Batch II
Kubernetes Basics - ICP Workshop Batch IIKubernetes Basics - ICP Workshop Batch II
Kubernetes Basics - ICP Workshop Batch II
 
Docker and kubernetes_introduction
Docker and kubernetes_introductionDocker and kubernetes_introduction
Docker and kubernetes_introduction
 
Centralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container OperationsCentralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container Operations
 
Demystifying Kubernetes for Enterprise DevOps
Demystifying Kubernetes for Enterprise DevOpsDemystifying Kubernetes for Enterprise DevOps
Demystifying Kubernetes for Enterprise DevOps
 
Let's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for KubernetesLet's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for Kubernetes
 
Kubernetes in Azure
Kubernetes in AzureKubernetes in Azure
Kubernetes in Azure
 
Scaling AKS Nodes: Leveraging Cluster Autoscaler, Karpenter, and Node Autopro...
Scaling AKS Nodes: Leveraging Cluster Autoscaler, Karpenter, and Node Autopro...Scaling AKS Nodes: Leveraging Cluster Autoscaler, Karpenter, and Node Autopro...
Scaling AKS Nodes: Leveraging Cluster Autoscaler, Karpenter, and Node Autopro...
 

Recently uploaded

20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 

Recently uploaded (20)

20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 

Kubernetes as a Concrete Abstraction Layer

  • 1. Kubernetes as a Concrete Abstraction Layer SCaLE 18x
  • 2. 2 WHO AM I • Karen Bruner • Recovering SRE • Tech Evangelist at StackRox • Totally Sane Cat Lady • Twitter @fuzzyKB
  • 3. 3 WHAT IS KUBERNETES • Container Orchestration Platform
  • 4. 4 WHAT IS KUBERNETES • Self-Driving Car for ContainerWorkloads and Services • Except More Like "Assisted Driving" • And Everything is in a Different Place in Every Model • And If It Catches Fire, It Burns for Hours
  • 5. 5 WHAT WE'LL COVER • Kubernetes Releases and Conformance • Storage • Service Load Balancers • Nodeless • Security Options • Other Functional Differences • Mitigation Plans
  • 7. 7 Kubernetes Release Cycle • Release cadence: every 3 months • 3 versions supported at a time • Interactive release notes: relnotes.k8s.io
  • 8. 8 Version EKS AKS GKE Kubernetes 1.18 beta 1.17 preview ✔ 1.16 preview beta ✔ 1.15 ✔ ✔ ✔ 1.14 default default default 1.13 ✔ ✔ ✔ 1.12 ✔ Current Support Matrix
  • 9. 9 CNCF Certified Kubernetes Conformance • Covered • kubelet behavior • Most Core API resources • App API resources • Batch API resources • Pod-to-pod and service networking • Not Covered • StorageClass, PersistentVolumes • Service of type LoadBalancer • APIs requiring plugins, controllers (usually), or device drivers • Nodeless platforms
  • 10. 10 Conformance Examples (Illustrated) Covered: Pods Not Covered: Load Balancers
  • 11. 11 Abstract vs Concrete Examples FromWhere Portability Ends
  • 12. 12 Platform Kubernetes Version Cloud Provider ToolVersion Notes AKS 1.14.8 Azure az v2.0.77 kubenet network EKS 1.14.9 AWS eksctl v0.13.0 GKE 1.14.10 Google Cloud gcloud v283.0.0 Kops 1.16.7 AWS kops v1.16.0 flannel CNI Kubespray 1.16.6 AWS master branch 2019-02-27 OpenShift 1.14.6 AWS openshift-installer v4.3.2 OpenShift v4.2.21 Evaluation Environments
  • 13. 13 Platform Default StorageClass Supports Resize AKS Standard Azure Storage (HDD) Yes EKS Elastic Block Storage gp2 (SSD) Yes GKE Standard Persistent Disk (HDD) Yes Kops Elastic Block Storage gp2 (SSD) Yes Kubespray None N/A OpenShift Elastic Block Storage gp2 (SSD) Yes PersistentVolumes
  • 14. 14 Managing Differences in Storage • Create standard default StorageClasses on all platforms • Use consistent StorageClass names across platforms (ssd, hdd) • Avoid provider special snowflake storage products • Or use a portable storage service like Rook/Ceph
  • 15. 15 Platform Default Load Balancer Type Source IP Preserved Default Idle Timeout (K8s) Supported Timeout Range AKS Azure Standard Load Balancer Yes 30 m 4-30 m EKS Elastic Load Balancer (Classic ELB) No 60 s 1-4000 s GKE ExternalTCP/UDP Network Load Balancer Yes Not documented Not documented Kops Elastic Load Balancer (Classic ELB) No 60 s 1-4000 s Kubespray None N/A N/A N/A OpenShift Elastic Load Balancer (Classic ELB) No 60 s 1-4000 s Service Load Balancers
  • 16. 16 Managing Differences in Load Balancers • For source IP, set externalTrafficPolicyto Local • LB must support IP SNAT • Requires DaemonSet for backend service unless LB does health checking • For LBs with no source IP NAT • Check provider for alternative LB types • Use Proxy Protocol • Examples • Annotation to use AWS Network Load Balancer: service.beta.kubernetes.io/aws-load-balancer-type: "nlb" • Annotation to enable Proxy Protocol on AWS Classic ELB: service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
  • 18. 18 "Nodeless" Kubernetes • virtual-kubelet • Currently at 70% CNCF Conformance • Main portability limitation: no DaemonSet support • Cloud provider "nodeless" • AKS on Azure Container Instances • EKS on Fargate (not based on virtual-kubelet) • GKE - none • Common limitations on managed providers • No DaemonSet support (run as sidecars) • No privileged containers • No node-level visibility
  • 19. 19 Platform RBAC Network Policy Pod Security Policy AKS Optional; enabled by default Optional Optional EKS Always on User-managed Always on GKE Optional; enabled by default Optional Optional Kops Optional; enabled by default Depends on CNI (default no: kubenet) Optional Kubespray Optional; enabled by default Depends on CNI (default yes: Calico) Optional OpenShift Always on Optional; enabled by default Not supported Kubernetes Security Features
  • 20. 20 Other Potential Problem Areas • Supported Admission Controllers • Feature gates • Enabled API groups • Container runtimes
  • 21. 21 Maintaining Portability • Create self-managed clusters • Create your own sonobuoy plugins for organizational conformance • Enable RBAC and Network Policy everywhere • Use consistent resource manifests across platforms • Open Policy Agent Gatekeeper to enforce security and resource conformance
  • 23. 23 Thanks and References Thanks to Brendan Cox and MadhuriYechuri for virtual-kubelet info Conformance • https://github.com/cncf/k8s-conformance/blob/master/docs/KubeConformance-1.15.md • https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/ • https://sonobuoy.io/ Platforms • https://docs.microsoft.com/en-us/azure/aks/ • https://docs.aws.amazon.com/eks/latest/userguide/what-is-eks.html • https://cloud.google.com/kubernetes-engine/docs/concepts/kubernetes-engine-overview • https://github.com/kubernetes/kops • https://github.com/kubernetes-sigs/kubespray • https://docs.openshift.com/container-platform/4.2/welcome/index.html Storage • https://kubernetes.io/docs/concepts/storage/storage-classes/ • https://kubernetes.io/docs/concepts/storage/persistent-volumes/ • https://github.com/rook/rook Load balancing • https://kubernetes.io/docs/concepts/architecture/cloud-controller/ • https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer • https://aws.amazon.com/elasticloadbalancing/ • https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview • https://cloud.google.com/load-balancing/docs/network
  • 24. 24 References (cont.) Nodeless • https://virtual-kubelet.io/ • https://docs.microsoft.com/en-us/azure/aks/virtual-nodes-portal • https://docs.aws.amazon.com/eks/latest/userguide/fargate.html • https://cloud.google.com/run/docs Security • https://kubernetes.io/docs/reference/access-authn-authz/rbac/ • https://kubernetes.io/docs/concepts/services-networking/network-policies/ • https://kubernetes.io/docs/concepts/policy/pod-security-policy/ • https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet-authentication-authorization/ Other potential problem areas • https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/ • https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/ • https://kubernetes.io/docs/reference/using-api/api-overview/ Maintaining portability • https://kubernetes.io/docs/concepts/cluster-administration/cloud-providers/ • https://github.com/kubernetes-sigs/kubespray/blob/master/docs/comparisons.md • https://github.com/open-policy-agent/gatekeeper
  • 25. 25 Questions? • Twitter @fuzzyKB • LinkedIn www.linkedin.com/in/kmbruner/ • Blog posts • www.stackrox.com/post/ (paycheck) • nightmare-before-devops.xyz (personal)