PC
Uploaded byPaul Czarkowski
PPTX, PDF1,769 views

Kubernetes day 2 Operations

The document discusses best practices for operating Kubernetes beyond installation, emphasizing the roles of platform and application teams in managing infrastructure and improving efficiency. It highlights essential practices for scaling, upgrades, and monitoring, while promoting continuous integration and deployment pipelines to enhance the development lifecycle. Additionally, it touches on strategies for replatforming and modernization to optimize application performance and reduce operational costs.

Embed presentation

Downloaded 79 times
© Copyright 2018 Pivotal Software, Inc. All rights Reserved. Version 1.0 Paul Czarkowski Principal Technologist @pczarkowski github.com/paulczar Day 2 Kubernetes Beyond the install
Who is using Linux Containers ?
Who is using Kubernetes ?
Who is operating Kubernetes ?
> 1 year Kubernetes experience?
People build Platforms People build Apps Apps run on Platforms People are the most important component of any platform.
“Organizations which design systems ... are constrained to produce designs which are copies of the communication structures of these organizations.” - Conways Law
https://www.slideshare.net/SatnamSingh67/2015-0605-cluster- management-with-kubernetes
Infra Services App Platform Evolve your IT teams! Platform Team Application Team Build common services for App Teams Take business requirements and turn them into features IaaS Virtual Infrastructure Physical Infrastructure Abstract infrastructure complexity with easy consumption DBaaSELK App2App1 App3 Middleware ML Creds/CertsMessaging ??? Container Services Container Hosts | Kubernetes Infrastructure Team
“In general, taking something that’s already working somewhere and expanding its usage (capabilities) is far more likely to succeed than building these capabilities from scratch”
Patches Patching App and System components as CVEs occur Scaling Seamlessly scale platform components to accommodate changing demand. Upgrades. How do you roll out new versions of the platform with the lights on? Operating Effort Operating the platform should require very few resources and minimum manual intervention. Otherwise, you will be spending lots on operational support! Development The team can make progress in developing new features for the platform CI/CD CI/CD pipelines drive the testing and promotion of artifacts Consistency Provide a consistent setup experience, across different environment configurations. Setup time How long does it take to setup a real world working environment? Think hours, not weeks. Day 1 - Build Day 2 - Operate & Enhance
Architecture
API Server Kube Scheduler K8s Master Controller Manager Etcd K8s Worker Pod Pod Pod CNI Kubelet Kube-proxy Docker
API Server Kube Scheduler K8s Master Controller Manager Kubelet Kube-proxy Etcd K8s Worker Pod Pod Pod CNI Docker Etcd
API Server Kube Scheduler K8s Master Controller Manager Etcd K8s Worker Pod Pod Pod CNI Kubelet Kube-proxy Docker
API Server Kube Scheduler K8s Master Controller Manager Etcd Kubelet Kube-proxy K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master Controller Manager
API Server Kube Scheduler K8s Master Controller Manager Etcd Kubelet Kube-proxy K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master Controller Manager API Server Kube Scheduler K8s Master Controller Manager EtcdEtcd us-tirefire-1a us-tirefire-1b us-tirefire-1c
High Availability
API Server Kube Scheduler K8s Master Controller Manager Etcd Kubelet Kube-proxy K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker
API Server Kube Scheduler K8s Master Controller Manager Etcd Kubelet Kube-proxy K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master Controller Manager
API Server Kube Scheduler K8s Master Controller Manager Etcd Kubelet Kube-proxy K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master Controller Manager EtcdEtcd
API Server Kube Scheduler K8s Master Controller Manager Etcd Kubelet Kube-proxy K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master Controller Manager
API Server Kube Scheduler K8s Master Controller Manager Etcd Kubelet Kube-proxy K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master Controller Manager EtcdEtcd
http://www.bsielearning.com.au/keep-simple-stupid/
Kubelet Kube-proxy K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master Controller Manager Etcd Etcd
Deployment
How to Get an Kubernetes Are you in the “cloud”? yes Which cloud ? GKEAKS EKS Azure Google Amazon Do you want help? no GLHF Pivotal Container Service … ... https://kubernetes.io/partners no yes Other A laptop ? minikube no yes
Infrastructure Compute Network Monitoring Security Storage Kubernetes Cluster vSphere NSX Wavefront NSX Datastores Load Balancer Storage Requirements Availability Zone Security Policy Application Metrics
https://docs-cfcr.cfapps.io/ https://github.com/openshift/origin https://github.com/kubernetes-incubator/kubespray
Kubespray https://github.com/kubernetes-incubator/kubespray ● Ansible based, so very approachable ● An official Kubernetes (incubator) project ● Good support for CNIs and Cloud Providers ● Combine with one of the Ansible Hardening projects ○ https://github.com/dev-sec/ansible-os-hardening ○ https://github.com/openstack/ansible-hardening
gitops ● Deployed Platform == code repo + environment repo ○ Ansible - Playbook + Inventory ○ Bosh - Release + Manifest ● Keep it all in git! ○ Fork upstream repo… if only to ensure it doesn’t get changed from under you ○ Inventory/Manifest is probably YAML … perfect to be stored in git. ○ One repo for all envs, or a repo per env … either is fine. ● Consider using a gitops focussed wrapper around ansible ○ Ursula-cli (https://github.com/blueboxgroup/ursula-cli) ○ Gosible (https://github.com/paulczar/gosible) ○ Molecule (https://github.com/metacloud/molecule) ● Use Jenkins or similar to run tests, deploy test envs, push to prod??? ○ But probably not full on Continuous Delivery … risks are very high!
Validate and Backup Validate your Kubernetes cluster is conformant! https://github.com/heptio/sonobuoy Backup your Kubernetes cluster state! https://github.com/heptio/ark
Upgrades
API Server Kube Scheduler K8s Master Controller Manager Etcd K8s Worker Pod Pod Pod CNI Kubelet Kube-proxy Docker
API Server Kube Scheduler K8s Master 1.10 Controller Manager Etcd Kubelet Kube-proxy K8s Worker 1.10 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master 1.10 Controller Manager API Server Kube Scheduler K8s Master 1.10 Controller Manager EtcdEtcd us-tirefire-1a us-tirefire-1b us-tirefire-1c
API Server Kube Scheduler K8s Master 1.10 Controller Manager Etcd Kubelet Kube-proxy K8s Worker 1.10 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master 1.10 Controller Manager API Server Kube Scheduler K8s Master 1.10 Controller Manager EtcdEtcd us-tirefire-1a us-tirefire-1b us-tirefire-1c API Server Kube Scheduler K8s Master 1.11 Controller Manager
API Server Kube Scheduler K8s Master 1.11 Controller Manager Etcd Kubelet Kube-proxy K8s Worker 1.10 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master 1.10 Controller Manager API Server Kube Scheduler K8s Master 1.10 Controller Manager EtcdEtcd us-tirefire-1a us-tirefire-1b us-tirefire-1c
API Server Kube Scheduler K8s Master 1.11 Controller Manager Etcd Kubelet Kube-proxy K8s Worker 1.10 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master 1.11 Controller Manager API Server Kube Scheduler K8s Master 1.11 Controller Manager EtcdEtcd us-tirefire-1a us-tirefire-1b us-tirefire-1c
API Server Kube Scheduler K8s Master 1.11 Controller Manager Etcd Kubelet Kube-proxy K8s Worker 1.11 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master 1.11 Controller Manager API Server Kube Scheduler K8s Master 1.11 Controller Manager EtcdEtcd us-tirefire-1a us-tirefire-1b us-tirefire-1c
API Server Kube Scheduler K8s Master 1.11 Controller Manager Etcd Kubelet Kube-proxy K8s Worker 1.10 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master 1.11 Controller Manager API Server Kube Scheduler K8s Master 1.11 Controller Manager EtcdEtcd us-tirefire-1a us-tirefire-1b us-tirefire-1c
API Server Kube Scheduler K8s Master 1.11 Controller Manager Etcd Kubelet Kube-proxy K8s Worker 1.11 Pod Pod Pod K8s Worker 1.11 Pod Pod Pod K8s Worker 1.11 Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master 1.11 Controller Manager API Server Kube Scheduler K8s Master 1.11 Controller Manager EtcdEtcd us-tirefire-1a us-tirefire-1b us-tirefire-1c
Operations
Monitoring / Logging - The Platform Server Agents ● Install as binaries / containers on the underlying OS ● No chicken and egg problems ● Extra devops toil (config management etc) ● Direct access to system metrics and logs ● Can use existing tools / processes Daemonsets ● Run in Kubernetes on each node as daemonset ● If Kubernetes is broken, will the monitoring daemonset be broken ? ● Have to be able to dockerize the agent ● Privileged containers / host volumes to access system metrics and logs ● Masters also have to be workers or can’t run daemonset on them.
Monitoring / Logging - Workloads Kubernetes Metrics API ● Basic point in time pod/node metrics ● $ kubectl top {node,pod} ● Adaptors for Prometheus / Graphite / etc Kubernetes logging ● Kubernetes configures docker to log all Pod stdout/sterr to a file ● $ kubectl logs <name-of-pod> ● Need daemonset or agent to read k8s logs from filesystem ● EFK - Elastic, Fluent, Kibana
Authentication / Access Control ● Node vs ABAC vs RBAC ● Service Accounts - managed inside kubernetes ● User Accounts - managed outside kubernetes ○ OpenID Connect ■ Ldap / AD ■ Oauth2 ■ Etc ● Secure your Kubernetes Dashboard silly! ○ Everything is TLS encrypted …. Right ? $ kubectl auth can-i create deployments --namespace dev yes $ kubectl auth can-i create deployments --namespace prod no
Value!!
● Leverage features in modern cloud platforms ○ Blue/Green deploys ○ Auto-healing ○ Auto-scaling ○ Advanced routing/networking automation ● Design and build based on known Cloud Native patterns ● Longer term investment in the application ● Likey you need access to the code ● Plus everything mentioned in “replatforming” ● Lift and Shift with “just enough modernization” ● You may not have access to the code ● Revisit decisions made in Greenfield time ○ Around CI/CD process ● Get some quick wins through platform capabilities ○ Reduced operating and infrastructure cost ○ Improved speed to deploy & scale ○ Faster patching of kernel level vulnerabilities Replatforming vs Modernization for PKS Lift & Shift / Replatforming Modernization
TIME Methodology TECHNICALQUALITY BUSINESS VALUEWORSE BETTER WORSEBETTER Tolerate Invest MigrateEliminate * Gartner’s TIME methodology for Application Portfolio Rationalization TECHNICAL QUALITY - Technical Debt Level BUSINESS VALUE - Revenue / Cost Impact Identify top 10s list
APP APP APP APP 1 Identify 5-10 apps confirmed as suitable to run on PKS 2 Work on a short project to push a few apps all the way to prod and measure the ROI metrics SampleToolChain Gitlab Concourse
PLATFORM VALUE STREAM AND METRICS REPLATFORM > MODERNIZE > OPTIMIZE ESTABLISH, MEASURE AND UPDATE KEY OBJECTIVES AND RESULTS (OKRs) SPEED & AGILITY STABILITY SCALABILITY SAVINGS $SECURITY 40-60%* More Projects With Same Staff Millions Annual Savings on HW, SW and Support 25-50%* Fewer Support Incidents 40%* Faster Patching Delivery @ Zero Downtime -90%* Time to Scale $ $ % How We Think about the Business Case
Transforming How The World Builds Software © Copyright 2018 Pivotal Software, Inc. All rights Reserved.

More Related Content

PPTX
Docker Kubernetes Istio
byAraf Karsh Hamid
 
PDF
Kubernetes Basics
byEueung Mulyana
 
PDF
Confluent Operator as Cloud-Native Kafka Operator for Kubernetes
byKai Wähner
 
PDF
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
bySlideTeam
 
PPTX
Azure container instances
byKarthikeyan VK
 
PDF
Kubernetes 101
byWinton Winton
 
PPTX
Azure kubernetes service (aks)
byAkash Agrawal
 
PDF
Istio service mesh introduction
byKyohei Mizumoto
 
Docker Kubernetes Istio
byAraf Karsh Hamid
 
Kubernetes Basics
byEueung Mulyana
 
Confluent Operator as Cloud-Native Kafka Operator for Kubernetes
byKai Wähner
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
bySlideTeam
 
Azure container instances
byKarthikeyan VK
 
Kubernetes 101
byWinton Winton
 
Azure kubernetes service (aks)
byAkash Agrawal
 
Istio service mesh introduction
byKyohei Mizumoto
 

What's hot

PPTX
KubernetesPPT.pptx
byRyuzaki360
 
PDF
Operator Framework Overview
byRob Szumski
 
PPTX
01. Kubernetes-PPT.pptx
byTamalBanerjee16
 
PPTX
Kubernates vs Openshift: What is the difference and comparison between Opensh...
byjeetendra mandal
 
PDF
Introduction to Kubernetes and GKE
byOpsta
 
PDF
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
bySlideTeam
 
PDF
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
byDevOps.com
 
PPTX
Innovation anywhere with microsoft azure arc
byGoviccaSihombing
 
PDF
Kubernetes Security Best Practices - With tips for the CKS exam
byAhmed AbouZaid
 
PPTX
Kubernetes PPT.pptx
byssuser0cc9131
 
PDF
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
byEdureka!
 
PDF
An overview of the Kubernetes architecture
byIgor Sfiligoi
 
PPTX
Docker Ecosystem on Azure
byPatrick Chanezon
 
PDF
Getting Started on Amazon EKS
byMatthew Barlocker
 
PDF
Project calico - introduction
byHazzim Anaya
 
PDF
Kubernetes 101
byCrevise Technologies
 
PDF
Helm - Application deployment management for Kubernetes
byAlexei Ledenev
 
PDF
An Introduction to Kubernetes
byImesh Gunaratne
 
PDF
Kubernetes - introduction
bySparkbit
 
PPTX
Introduction to Kubernetes
byrajdeep
 
KubernetesPPT.pptx
byRyuzaki360
 
Operator Framework Overview
byRob Szumski
 
01. Kubernetes-PPT.pptx
byTamalBanerjee16
 
Kubernates vs Openshift: What is the difference and comparison between Opensh...
byjeetendra mandal
 
Introduction to Kubernetes and GKE
byOpsta
 
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
bySlideTeam
 
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShift
byDevOps.com
 
Innovation anywhere with microsoft azure arc
byGoviccaSihombing
 
Kubernetes Security Best Practices - With tips for the CKS exam
byAhmed AbouZaid
 
Kubernetes PPT.pptx
byssuser0cc9131
 
What Is Kubernetes | Kubernetes Introduction | Kubernetes Tutorial For Beginn...
byEdureka!
 
An overview of the Kubernetes architecture
byIgor Sfiligoi
 
Docker Ecosystem on Azure
byPatrick Chanezon
 
Getting Started on Amazon EKS
byMatthew Barlocker
 
Project calico - introduction
byHazzim Anaya
 
Kubernetes 101
byCrevise Technologies
 
Helm - Application deployment management for Kubernetes
byAlexei Ledenev
 
An Introduction to Kubernetes
byImesh Gunaratne
 
Kubernetes - introduction
bySparkbit
 
Introduction to Kubernetes
byrajdeep
 

Similar to Kubernetes day 2 Operations

PDF
WSO2 Kubernetes Reference Architecture - Nov 2017
byImesh Gunaratne
 
PDF
CKA Certified Kubernetes Administrator Notes
byAdnan Rashid
 
PDF
Kubernetes111111111111111111122233334334
byadnansalam11
 
PDF
Build Your Own CaaS (Container as a Service)
byHungWei Chiu
 
PDF
Kube Your Enthusiasm - Paul Czarkowski
byVMware Tanzu
 
PDF
게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...
byAmazon Web Services Korea
 
PDF
Introduction_to_Kubernetes_Worflow_of_Kubernetes_during_deployment_on_Elastic...
byKhan Baba
 
PDF
Kubernetes and Cloud Native Update Q4 2018
byCloudOps2005
 
PPTX
Kubernetes @ Squarespace: Kubernetes in the Datacenter
byKevin Lynch
 
PDF
Women Who Code Connect 2018 Conference
bySupriya Premkumar
 
PDF
Cloud-Native Operations with Kubernetes and CI/CD
byVMware Tanzu
 
PDF
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
byQAware GmbH
 
PDF
Kube Your Enthusiasm
byVMware Tanzu
 
PDF
Containers, orchestration and security, oh my!
byrhirschfeld
 
PDF
Spring Into Kubernetes DFW
byVMware Tanzu
 
PDF
Kube Your Enthusiasm - Tyler Britten
byVMware Tanzu
 
PDF
Kubernetes and CoreOS @ Athens Docker meetup
byMist.io
 
PDF
CoreOS + Kubernetes @ All Things Open 2015
byBrandon Philips
 
PDF
WWCode Dallas - Kubernetes: Learning from Zero to Production
byRosemary Wang
 
PDF
Kubernetes Walk Through from Technical View
byLei (Harry) Zhang
 
WSO2 Kubernetes Reference Architecture - Nov 2017
byImesh Gunaratne
 
CKA Certified Kubernetes Administrator Notes
byAdnan Rashid
 
Kubernetes111111111111111111122233334334
byadnansalam11
 
Build Your Own CaaS (Container as a Service)
byHungWei Chiu
 
Kube Your Enthusiasm - Paul Czarkowski
byVMware Tanzu
 
게임 고객사를 위한 ‘AWS 컨테이너 교육’ 자료 - 유재석 솔루션즈 아키텍트, AWS :: Gaming Immersion Day 201...
byAmazon Web Services Korea
 
Introduction_to_Kubernetes_Worflow_of_Kubernetes_during_deployment_on_Elastic...
byKhan Baba
 
Kubernetes and Cloud Native Update Q4 2018
byCloudOps2005
 
Kubernetes @ Squarespace: Kubernetes in the Datacenter
byKevin Lynch
 
Women Who Code Connect 2018 Conference
bySupriya Premkumar
 
Cloud-Native Operations with Kubernetes and CI/CD
byVMware Tanzu
 
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
byQAware GmbH
 
Kube Your Enthusiasm
byVMware Tanzu
 
Containers, orchestration and security, oh my!
byrhirschfeld
 
Spring Into Kubernetes DFW
byVMware Tanzu
 
Kube Your Enthusiasm - Tyler Britten
byVMware Tanzu
 
Kubernetes and CoreOS @ Athens Docker meetup
byMist.io
 
CoreOS + Kubernetes @ All Things Open 2015
byBrandon Philips
 
WWCode Dallas - Kubernetes: Learning from Zero to Production
byRosemary Wang
 
Kubernetes Walk Through from Technical View
byLei (Harry) Zhang
 

More from Paul Czarkowski

PPTX
Introduction to Kubernetes
byPaul Czarkowski
 
PPTX
Application Modernization with PKS / Kubernetes
byPaul Czarkowski
 
PDF
Compliance as Code
byPaul Czarkowski
 
PDF
Kubernetes for the PHP developer
byPaul Czarkowski
 
PPTX
Successful Patterns for running platforms
byPaul Czarkowski
 
PDF
A DevOps guide to Kubernetes
byPaul Czarkowski
 
PDF
Transform your DevOps practices with Security
byPaul Czarkowski
 
Introduction to Kubernetes
byPaul Czarkowski
 
Application Modernization with PKS / Kubernetes
byPaul Czarkowski
 
Compliance as Code
byPaul Czarkowski
 
Kubernetes for the PHP developer
byPaul Czarkowski
 
Successful Patterns for running platforms
byPaul Czarkowski
 
A DevOps guide to Kubernetes
byPaul Czarkowski
 
Transform your DevOps practices with Security
byPaul Czarkowski
 

Recently uploaded

PDF
Top 10 API Automation Testing Tools: Features, Pros & Cons
byhenrycavill30521
 
PDF
How Application Performance Monitoring Tools Are Used in Performance Testing
byhenrycavill30521
 
PDF
oracle_apex_tamil_export_an_application.pdf
byUthamaselvan M
 
PDF
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
PPTX
Information about Trusted Platform Module(TPM)
bynewtoknow techs
 
PPTX
Large Language Model. LLM Audit Artificial Intelligence
byMANASCHOUDHARY22
 
PDF
Benefits of Using the IAC 500 Sensor for Ambient Conditions
byCS Instruments
 
PDF
The Future of AI-Powered Fashion Design 10 Top Generators for 2026
bymockitseo
 
PPTX
SRWE_Module_14_SRWE_ccna_basics_routing_concepts.pptx
byahmedmahmoudece
 
PDF
A Brief Introduction About Christopher Elwell Woburn
byChristopher Elwell Woburn
 
PDF
splunk-peak-threat-hunting-framework.pdf
bylobster6719
 
PDF
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
PDF
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
PDF
threat-hunters-cookbook for cybersecurity
bylobster6719
 
PPTX
Cesium formate brine - A brief history - prepared by John Downs in May 2011
byJohn Downs
 
PPTX
Search Engine Responses to Conspiratorial Search Practices AANZCA 2025 Presen...
bykkasianenko
 
PPT
Information and Communication Technologies and Power
byJeffrey Hart
 
PDF
The_Boardroom_Cyber_Playbook_Research_Edition
bySaraDavis91
 
PDF
Achieving Interoperability in Healthcare IT: A Strategic Guide
byHart, Inc.
 
PDF
Artificial Intelligence(AI) full Book.pdf
bydeyanimesh299
 
Top 10 API Automation Testing Tools: Features, Pros & Cons
byhenrycavill30521
 
How Application Performance Monitoring Tools Are Used in Performance Testing
byhenrycavill30521
 
oracle_apex_tamil_export_an_application.pdf
byUthamaselvan M
 
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
Information about Trusted Platform Module(TPM)
bynewtoknow techs
 
Large Language Model. LLM Audit Artificial Intelligence
byMANASCHOUDHARY22
 
Benefits of Using the IAC 500 Sensor for Ambient Conditions
byCS Instruments
 
The Future of AI-Powered Fashion Design 10 Top Generators for 2026
bymockitseo
 
SRWE_Module_14_SRWE_ccna_basics_routing_concepts.pptx
byahmedmahmoudece
 
A Brief Introduction About Christopher Elwell Woburn
byChristopher Elwell Woburn
 
splunk-peak-threat-hunting-framework.pdf
bylobster6719
 
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
threat-hunters-cookbook for cybersecurity
bylobster6719
 
Cesium formate brine - A brief history - prepared by John Downs in May 2011
byJohn Downs
 
Search Engine Responses to Conspiratorial Search Practices AANZCA 2025 Presen...
bykkasianenko
 
Information and Communication Technologies and Power
byJeffrey Hart
 
The_Boardroom_Cyber_Playbook_Research_Edition
bySaraDavis91
 
Achieving Interoperability in Healthcare IT: A Strategic Guide
byHart, Inc.
 
Artificial Intelligence(AI) full Book.pdf
bydeyanimesh299
 

Kubernetes day 2 Operations

  • 1.
    © Copyright 2018Pivotal Software, Inc. All rights Reserved. Version 1.0 Paul Czarkowski Principal Technologist @pczarkowski github.com/paulczar Day 2 Kubernetes Beyond the install
  • 4.
    Who is usingLinux Containers ?
  • 5.
    Who is usingKubernetes ?
  • 6.
    Who is operatingKubernetes ?
  • 7.
    > 1 yearKubernetes experience?
  • 10.
    People build Platforms Peoplebuild Apps Apps run on Platforms People are the most important component of any platform.
  • 11.
    “Organizations which designsystems ... are constrained to produce designs which are copies of the communication structures of these organizations.” - Conways Law
  • 13.
  • 14.
    Infra Services App Platform Evolve your ITteams! Platform Team Application Team Build common services for App Teams Take business requirements and turn them into features IaaS Virtual Infrastructure Physical Infrastructure Abstract infrastructure complexity with easy consumption DBaaSELK App2App1 App3 Middleware ML Creds/CertsMessaging ??? Container Services Container Hosts | Kubernetes Infrastructure Team
  • 15.
    “In general, takingsomething that’s already working somewhere and expanding its usage (capabilities) is far more likely to succeed than building these capabilities from scratch”
  • 16.
    Patches Patching Appand System components as CVEs occur Scaling Seamlessly scale platform components to accommodate changing demand. Upgrades. How do you roll out new versions of the platform with the lights on? Operating Effort Operating the platform should require very few resources and minimum manual intervention. Otherwise, you will be spending lots on operational support! Development The team can make progress in developing new features for the platform CI/CD CI/CD pipelines drive the testing and promotion of artifacts Consistency Provide a consistent setup experience, across different environment configurations. Setup time How long does it take to setup a real world working environment? Think hours, not weeks. Day 1 - Build Day 2 - Operate & Enhance
  • 17.
  • 20.
    API Server Kube Scheduler K8sMaster Controller Manager Etcd K8s Worker Pod Pod Pod CNI Kubelet Kube-proxy Docker
  • 21.
    API Server Kube Scheduler K8sMaster Controller Manager Kubelet Kube-proxy Etcd K8s Worker Pod Pod Pod CNI Docker Etcd
  • 22.
    API Server Kube Scheduler K8sMaster Controller Manager Etcd K8s Worker Pod Pod Pod CNI Kubelet Kube-proxy Docker
  • 23.
    API Server Kube Scheduler K8sMaster Controller Manager Etcd Kubelet Kube-proxy K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master Controller Manager
  • 24.
    API Server Kube Scheduler K8sMaster Controller Manager Etcd Kubelet Kube-proxy K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master Controller Manager API Server Kube Scheduler K8s Master Controller Manager EtcdEtcd us-tirefire-1a us-tirefire-1b us-tirefire-1c
  • 25.
  • 26.
    API Server Kube Scheduler K8sMaster Controller Manager Etcd Kubelet Kube-proxy K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker
  • 27.
    API Server Kube Scheduler K8sMaster Controller Manager Etcd Kubelet Kube-proxy K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master Controller Manager
  • 28.
    API Server Kube Scheduler K8sMaster Controller Manager Etcd Kubelet Kube-proxy K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master Controller Manager EtcdEtcd
  • 29.
    API Server Kube Scheduler K8sMaster Controller Manager Etcd Kubelet Kube-proxy K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master Controller Manager
  • 30.
    API Server Kube Scheduler K8sMaster Controller Manager Etcd Kubelet Kube-proxy K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master Controller Manager EtcdEtcd
  • 31.
  • 32.
    Kubelet Kube-proxy K8s Worker Pod Pod Pod K8s Worker Pod Pod Pod K8sWorker Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master Controller Manager Etcd Etcd
  • 33.
  • 35.
    How to Get an Kubernetes Areyou in the “cloud”? yes Which cloud ? GKEAKS EKS Azure Google Amazon Do you want help? no GLHF Pivotal Container Service … ... https://kubernetes.io/partners no yes Other A laptop ? minikube no yes
  • 37.
    Infrastructure Compute Network Monitoring SecurityStorage Kubernetes Cluster vSphere NSX Wavefront NSX Datastores Load Balancer Storage Requirements Availability Zone Security Policy Application Metrics
  • 39.
  • 40.
    Kubespray https://github.com/kubernetes-incubator/kubespray ● Ansible based,so very approachable ● An official Kubernetes (incubator) project ● Good support for CNIs and Cloud Providers ● Combine with one of the Ansible Hardening projects ○ https://github.com/dev-sec/ansible-os-hardening ○ https://github.com/openstack/ansible-hardening
  • 41.
    gitops ● Deployed Platform== code repo + environment repo ○ Ansible - Playbook + Inventory ○ Bosh - Release + Manifest ● Keep it all in git! ○ Fork upstream repo… if only to ensure it doesn’t get changed from under you ○ Inventory/Manifest is probably YAML … perfect to be stored in git. ○ One repo for all envs, or a repo per env … either is fine. ● Consider using a gitops focussed wrapper around ansible ○ Ursula-cli (https://github.com/blueboxgroup/ursula-cli) ○ Gosible (https://github.com/paulczar/gosible) ○ Molecule (https://github.com/metacloud/molecule) ● Use Jenkins or similar to run tests, deploy test envs, push to prod??? ○ But probably not full on Continuous Delivery … risks are very high!
  • 42.
    Validate and Backup Validateyour Kubernetes cluster is conformant! https://github.com/heptio/sonobuoy Backup your Kubernetes cluster state! https://github.com/heptio/ark
  • 43.
  • 44.
    API Server Kube Scheduler K8sMaster Controller Manager Etcd K8s Worker Pod Pod Pod CNI Kubelet Kube-proxy Docker
  • 45.
    API Server Kube Scheduler K8sMaster 1.10 Controller Manager Etcd Kubelet Kube-proxy K8s Worker 1.10 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master 1.10 Controller Manager API Server Kube Scheduler K8s Master 1.10 Controller Manager EtcdEtcd us-tirefire-1a us-tirefire-1b us-tirefire-1c
  • 46.
    API Server Kube Scheduler K8sMaster 1.10 Controller Manager Etcd Kubelet Kube-proxy K8s Worker 1.10 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master 1.10 Controller Manager API Server Kube Scheduler K8s Master 1.10 Controller Manager EtcdEtcd us-tirefire-1a us-tirefire-1b us-tirefire-1c API Server Kube Scheduler K8s Master 1.11 Controller Manager
  • 47.
    API Server Kube Scheduler K8sMaster 1.11 Controller Manager Etcd Kubelet Kube-proxy K8s Worker 1.10 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master 1.10 Controller Manager API Server Kube Scheduler K8s Master 1.10 Controller Manager EtcdEtcd us-tirefire-1a us-tirefire-1b us-tirefire-1c
  • 48.
    API Server Kube Scheduler K8sMaster 1.11 Controller Manager Etcd Kubelet Kube-proxy K8s Worker 1.10 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master 1.11 Controller Manager API Server Kube Scheduler K8s Master 1.11 Controller Manager EtcdEtcd us-tirefire-1a us-tirefire-1b us-tirefire-1c
  • 49.
    API Server Kube Scheduler K8sMaster 1.11 Controller Manager Etcd Kubelet Kube-proxy K8s Worker 1.11 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master 1.11 Controller Manager API Server Kube Scheduler K8s Master 1.11 Controller Manager EtcdEtcd us-tirefire-1a us-tirefire-1b us-tirefire-1c
  • 50.
    API Server Kube Scheduler K8sMaster 1.11 Controller Manager Etcd Kubelet Kube-proxy K8s Worker 1.10 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod K8s Worker 1.10 Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master 1.11 Controller Manager API Server Kube Scheduler K8s Master 1.11 Controller Manager EtcdEtcd us-tirefire-1a us-tirefire-1b us-tirefire-1c
  • 51.
    API Server Kube Scheduler K8sMaster 1.11 Controller Manager Etcd Kubelet Kube-proxy K8s Worker 1.11 Pod Pod Pod K8s Worker 1.11 Pod Pod Pod K8s Worker 1.11 Pod Pod Pod CNI CNI CNI Docker Kubelet Kube-proxy Docker Kubelet Kube-proxy Docker API Server Kube Scheduler K8s Master 1.11 Controller Manager API Server Kube Scheduler K8s Master 1.11 Controller Manager EtcdEtcd us-tirefire-1a us-tirefire-1b us-tirefire-1c
  • 52.
  • 53.
    Monitoring / Logging- The Platform Server Agents ● Install as binaries / containers on the underlying OS ● No chicken and egg problems ● Extra devops toil (config management etc) ● Direct access to system metrics and logs ● Can use existing tools / processes Daemonsets ● Run in Kubernetes on each node as daemonset ● If Kubernetes is broken, will the monitoring daemonset be broken ? ● Have to be able to dockerize the agent ● Privileged containers / host volumes to access system metrics and logs ● Masters also have to be workers or can’t run daemonset on them.
  • 54.
    Monitoring / Logging- Workloads Kubernetes Metrics API ● Basic point in time pod/node metrics ● $ kubectl top {node,pod} ● Adaptors for Prometheus / Graphite / etc Kubernetes logging ● Kubernetes configures docker to log all Pod stdout/sterr to a file ● $ kubectl logs <name-of-pod> ● Need daemonset or agent to read k8s logs from filesystem ● EFK - Elastic, Fluent, Kibana
  • 55.
    Authentication / AccessControl ● Node vs ABAC vs RBAC ● Service Accounts - managed inside kubernetes ● User Accounts - managed outside kubernetes ○ OpenID Connect ■ Ldap / AD ■ Oauth2 ■ Etc ● Secure your Kubernetes Dashboard silly! ○ Everything is TLS encrypted …. Right ? $ kubectl auth can-i create deployments --namespace dev yes $ kubectl auth can-i create deployments --namespace prod no
  • 56.
  • 57.
    ● Leverage featuresin modern cloud platforms ○ Blue/Green deploys ○ Auto-healing ○ Auto-scaling ○ Advanced routing/networking automation ● Design and build based on known Cloud Native patterns ● Longer term investment in the application ● Likey you need access to the code ● Plus everything mentioned in “replatforming” ● Lift and Shift with “just enough modernization” ● You may not have access to the code ● Revisit decisions made in Greenfield time ○ Around CI/CD process ● Get some quick wins through platform capabilities ○ Reduced operating and infrastructure cost ○ Improved speed to deploy & scale ○ Faster patching of kernel level vulnerabilities Replatforming vs Modernization for PKS Lift & Shift / Replatforming Modernization
  • 58.
    TIME Methodology TECHNICALQUALITY BUSINESS VALUEWORSEBETTER WORSEBETTER Tolerate Invest MigrateEliminate * Gartner’s TIME methodology for Application Portfolio Rationalization TECHNICAL QUALITY - Technical Debt Level BUSINESS VALUE - Revenue / Cost Impact Identify top 10s list
  • 59.
    APP APP APP APP 1 Identify 5-10 appsconfirmed as suitable to run on PKS 2 Work on a short project to push a few apps all the way to prod and measure the ROI metrics SampleToolChain Gitlab Concourse
  • 60.
    PLATFORM VALUE STREAMAND METRICS REPLATFORM > MODERNIZE > OPTIMIZE ESTABLISH, MEASURE AND UPDATE KEY OBJECTIVES AND RESULTS (OKRs) SPEED & AGILITY STABILITY SCALABILITY SAVINGS $SECURITY 40-60%* More Projects With Same Staff Millions Annual Savings on HW, SW and Support 25-50%* Fewer Support Incidents 40%* Faster Patching Delivery @ Zero Downtime -90%* Time to Scale $ $ % How We Think about the Business Case
  • 61.
    Transforming How TheWorld Builds Software © Copyright 2018 Pivotal Software, Inc. All rights Reserved.