This document discusses managing multiple Kubernetes clusters without using federation. It notes that most organizations have 5-10 clusters on average spread across different regions, providers, and environments. While federation provides a way to manage multiple clusters, it has limitations around security and operations. The document proposes breaking the problem up between app owners and infra admins and leveraging existing Kubernetes concepts like RBAC, namespaces and cluster registry. It also suggests using specialized software that is more Kubernetes native, such as specialized CLIs, controllers, operators or the federation v2 project. The overall message is that managing multiple clusters requires specialized software that provides a good user experience while using Kubernetes primitives and tools.
An application path to production does not end with a deployment, even if you are using Kubernetes (K8s) as your application deployment platform. Reliable BCDR (backup and disaster recovery) plan and framework is a must for any production-ready system.
This presentation accompanies meetups and webinars in which Oleg Chunikhin, CTO at Kublr, shows how Velero BCDR framework works and demonstrates how it can be used to backup and recover realistic applications running on Kubernetes in different clouds and environments.
What is covered:
- general notions of Kubernetes applications BCDR
- Velero BCDR framework
- demo Velero BCDR for stateful applications running on AWS and Azure clouds
- demo Velero BCDR using Strimzi / Kafka cluster and ArgoCD CI/CD manager as example application
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...Josef Adersberger
Running applications on Kubernetes can provide a lot of benefits: more dev speed, lower ops costs, and a higher elasticity & resiliency in production. Kubernetes is the place to be for cloud native apps. But what to do if you’ve no shiny new cloud native apps but a whole bunch of JEE legacy systems? No chance to leverage the advantages of Kubernetes? Yes you can!
We’re facing the challenge of migrating hundreds of JEE legacy applications of a major German insurance company onto a Kubernetes cluster within one year. We're now close to the finish line and it worked pretty well so far.
The talk will be about the lessons we've learned - the best practices and pitfalls we've discovered along our way. We'll provide our answers to life, the universe and a cloud native journey like:
- What technical constraints of Kubernetes can be obstacles for applications and how to tackle these?
- How to architect a landscape of hundreds of containerized applications with their surrounding infrastructure like DBs MQs and IAM and heavy requirements on security?
- How to industrialize and govern the migration process?
- How to leverage the possibilities of a cloud native platform like Kubernetes without challenging the tight timeline?
Developer joy for distributed teams with CodeReady Workspaces | DevNation Tec...Red Hat Developers
Enabling teams on projects has been often challenging due to hardware configurations, software dependencies, and lack of documentation. In this session, we'll show you how admins can easily provide CodeReady Workspaces, a multi-tenant in-browser IDE system on top of OpenShift. CodeReady Workspaces can get Developers comfortably started with coding and testing their changes in Kubernetes-containerized environments (workspaces), and deploying their apps to the Platform.
When we think about establishing a Kubernetes capability for our organization, our instinct, or perhaps just habit, might lead us to stand up a single cluster that will then be a shared resource across numerous tenants. Kubernetes offers namespaces that are intended to carve up the capacity across different users or groups of users. And while this may work well in some scenarios, it does impose certain constraints and limitations on its use. For example, it is well understood that the multitenancy in Kubernetes is soft, meaning it does not guard against deliberately malicious attacks from one tenant to another.
If instead, we align tenant boundaries to Kubernetes clusters, effectively creating many single tenant clusters we can not only avoid certain limitations but we gain some significant advantages. Add a control plane for managing these sets of clusters and we have a powerful solution built on decades of maturity in machine virtualization.
In this session we will present both models, multi-tenant clusters and multi-clusters and study the tradeoffs of each.
Slides from the talk given to the Startup Berlin Slack Group that demonstrates how TruckIN is implementing its continuous delivery workflow using technologies and open-source tools.
Topics that are covered: Automated Cloud Provisioning (Network, Subnets, VMs, Kubernetes Cluster, Firewall, Disks, Credentials, Private Docker Registry); Configuration Management (Salt Stack), Continuous Integration (Jenkins CI), Continuous Delivery/Deployment (Salt API/Reactor + Kubernetes) to a Google Cloud Kubernetes Cluster, Remote Application Debugging, Managing Google Cloud Kubernetes Cluster, Logging, Monitoring and ChatOps (Slack and operable.io)
An application path to production does not end with a deployment, even if you are using Kubernetes (K8s) as your application deployment platform. Reliable BCDR (backup and disaster recovery) plan and framework is a must for any production-ready system.
This presentation accompanies meetups and webinars in which Oleg Chunikhin, CTO at Kublr, shows how Velero BCDR framework works and demonstrates how it can be used to backup and recover realistic applications running on Kubernetes in different clouds and environments.
What is covered:
- general notions of Kubernetes applications BCDR
- Velero BCDR framework
- demo Velero BCDR for stateful applications running on AWS and Azure clouds
- demo Velero BCDR using Strimzi / Kafka cluster and ArgoCD CI/CD manager as example application
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...Josef Adersberger
Running applications on Kubernetes can provide a lot of benefits: more dev speed, lower ops costs, and a higher elasticity & resiliency in production. Kubernetes is the place to be for cloud native apps. But what to do if you’ve no shiny new cloud native apps but a whole bunch of JEE legacy systems? No chance to leverage the advantages of Kubernetes? Yes you can!
We’re facing the challenge of migrating hundreds of JEE legacy applications of a major German insurance company onto a Kubernetes cluster within one year. We're now close to the finish line and it worked pretty well so far.
The talk will be about the lessons we've learned - the best practices and pitfalls we've discovered along our way. We'll provide our answers to life, the universe and a cloud native journey like:
- What technical constraints of Kubernetes can be obstacles for applications and how to tackle these?
- How to architect a landscape of hundreds of containerized applications with their surrounding infrastructure like DBs MQs and IAM and heavy requirements on security?
- How to industrialize and govern the migration process?
- How to leverage the possibilities of a cloud native platform like Kubernetes without challenging the tight timeline?
Developer joy for distributed teams with CodeReady Workspaces | DevNation Tec...Red Hat Developers
Enabling teams on projects has been often challenging due to hardware configurations, software dependencies, and lack of documentation. In this session, we'll show you how admins can easily provide CodeReady Workspaces, a multi-tenant in-browser IDE system on top of OpenShift. CodeReady Workspaces can get Developers comfortably started with coding and testing their changes in Kubernetes-containerized environments (workspaces), and deploying their apps to the Platform.
When we think about establishing a Kubernetes capability for our organization, our instinct, or perhaps just habit, might lead us to stand up a single cluster that will then be a shared resource across numerous tenants. Kubernetes offers namespaces that are intended to carve up the capacity across different users or groups of users. And while this may work well in some scenarios, it does impose certain constraints and limitations on its use. For example, it is well understood that the multitenancy in Kubernetes is soft, meaning it does not guard against deliberately malicious attacks from one tenant to another.
If instead, we align tenant boundaries to Kubernetes clusters, effectively creating many single tenant clusters we can not only avoid certain limitations but we gain some significant advantages. Add a control plane for managing these sets of clusters and we have a powerful solution built on decades of maturity in machine virtualization.
In this session we will present both models, multi-tenant clusters and multi-clusters and study the tradeoffs of each.
Slides from the talk given to the Startup Berlin Slack Group that demonstrates how TruckIN is implementing its continuous delivery workflow using technologies and open-source tools.
Topics that are covered: Automated Cloud Provisioning (Network, Subnets, VMs, Kubernetes Cluster, Firewall, Disks, Credentials, Private Docker Registry); Configuration Management (Salt Stack), Continuous Integration (Jenkins CI), Continuous Delivery/Deployment (Salt API/Reactor + Kubernetes) to a Google Cloud Kubernetes Cluster, Remote Application Debugging, Managing Google Cloud Kubernetes Cluster, Logging, Monitoring and ChatOps (Slack and operable.io)
Zero-downtime deployment of Micro-services with KubernetesWojciech Barczyński
Talk on deployment strategies with Kubernetes covering kubernetes configuration files and the actual implementation of your service in Golang.
You will find demos for recreate, rolling updates, blue-green, and canary deployments.
Source and demos, you will find on github: https://github.com/wojciech12/talk_zero_downtime_deployment_with_kubernetes
We are on the cusp of a new era of application development software: instead of bolting on operations as an after-thought to the software development process, Kubernetes promises to bring development and operations together by design.
Kubernetes and the hybrid cloud with Skupper | DevNation tech talkRed Hat Developers
In this session, we are going to conduct a live demonstration of hybrid cloud-native Java microservices, distributed across Amazon Web Services, Google Cloud Platform and Microsoft Azure, with real-time load-balancing and fail-over.
Kubernetes 1.16 and rancher 2.3 enhancementsSaiyam Pathak
This presentation talks about the recent kubernetes 1.16 enhancements and Rancher 2.3 new features. It also has the references section that was used as a motivation for this presentation.
Spring Boot is the defacto framework for building microservices with Java. These slides walk you though how to get started, deploy and debug, perform service discovery and do canary deployments with Spring Boot apps on OpenShift
Introduction to Kubernetes - Docker Global Mentor Week 2016Opsta
Kubernetes is an open-source system for automating
deployment, scaling, and management of containerized
applications. This presentation will show you overview of Kubernetes concept.
Docker Global Mentor Week 2016 #DockerInThai at Kaidee on November 18, 2016
KubeCon EU 2016: ITNW (If This Now What): Orchestrating an EnterpriseKubeAcademy
With growing demand for containers in the enterprise, build pipelines are a bottleneck to success. Traditional workflows can't release application candidates quickly enough to fulfill demand. With over 400 development teams across many different business units, Pearson had to move away from massive installs of traditional build pipeline tools and rethink the entire concept. In this talk we'll demonstrate how we have built in security compliance, performance testing, quality assurance, abstracted away complexity, reduced overhead, aim to recover 10% of developers time and turned build tools into cattle.
This represents the story to date of an in-flight engineering project to modernise the digital estate of a global enterprise organisation and how scale of the operation is leading us to challenge many established beliefs. Attendees will walk away with everything from workflows to code which they can use to get started in their own endeavors.
Sched Link:
Operatorhub.io and your Kubernetes cluster | DevNation Tech TalkRed Hat Developers
An Operator packages and manages the entire lifecycle of an application. You might not be building your own Operators (yet), but Operators make it easier to install and consistently manage the foundation components like databases, file systems, and middleware that your applications rely on -- and they’re not just for OpenShift. We’ll show you how to use the Operator Lifecycle Manager (OLM) and the Operators at OperatorHub.io with your Kubernetes cluster.
Kubernetes (K8s) is a powerful, flexible and portable open source framework for distributed containerized applications delivery and management. An important part of the services provided by most Kubernetes clusters is the containers’ networking stack. In most cases and for many applications it “just works”, but this seeming simplicity is backed by a complex stack of technologies that provide many capabilities beyond the basics.
This presentation accompanies the meetup and webinar where Oleg Chunikhin, CTO at Kublr, shows how Kubernetes networking stack works, describes main components, interfaces and extensibility options.
What is covered:
- general notions of Kubernetes networking - Pods and Network Policies
- implementation of Kubernetes networking - CNI, CNI plugins, and Linux network namespaces
- some Kubernetes CNI providers: Calico, Weave, Flanel, and Canal
- K8S networking extensibility for advanced and “exotic” use-cases with Multus CNI plugin as an example
Slides from my talk that demonstrates the challenges, difficulties, discoveries and joys of building an CI/CD for staging environments using Docker, Kubernetes, Github, Slack, AWS, Terraform and SaltStack. From the opening of a pull request to a running environment, how our process at Autobutler is provisioning and running staging environments using containers.
Effective Kubernetes - Is Kubernetes the new Linux? Is the new Application Se...Wojciech Barczyński
I will tell you two stories about two different implementations of Kubernetes. One from Fashion mobile ecomerce. One from a Fintech. Kubernetes is not a silver bullet. But damn close ;).
Secure your Quarkus applications | DevNation Tech TalkRed Hat Developers
So you have built - in no time - your Quarkus application and it's supersonic subatomic fast. Have you thought about security? Right, usually this is the thing we implement at the end. Even if it's a crucial part of our application, we often ignore it. The good news is that with Quarkus, adding security and identity management is a breeze. Join this 100% live coding session where we explore the different options that Quarkus offers you to secure your applications.
Building streaming applications using a managed Kafka service | DevNation Tec...Red Hat Developers
Learn about Red Hat OpenShift Streams for Apache Kafka, a service that provides fully hosted and managed Kafka instances. This enables you to focus on building your real-time, data streaming applications while Red Hat takes care of your infrastructure. After this session you'll be familiar with the features of OpenShift Streams for Apache Kafka, the related CLI tooling, and understand how it can be integrated with applications running on OpenShift (or elsewhere!)
This presentation will introduce you to Container, Docker, and Kubernetes with a live demo. This also explains Kubernetes basic concepts such as Pod, Deployment, Service, Ingress, and Rolling Update.
Facebook Live: https://www.facebook.com/imcinstitute/videos/4199946253380670
Youtube Recorded: https://youtu.be/vW1Yq5ftWZ4
IMC Live Webinar on July 17, 2020
In celebration of the launch of the Knative Cookbook, we will run a fast-paced live code demonstration of the coolest Knative-based techniques that we can imagine that include Kafka and Kamel.
Ephemeral DevOps: Adventures in Managing Short-Lived SystemsPriyanka Aash
This talk will explore the concepts and experiences of using configuration management in a highly disposable environment of ephemeral virtual machines. It will cover why an operations team may desire such an environment, the tools the presenter used to build one, and most importantly, the sorts of failures, accomplishments and considerations encountered during the journey.
(Source: RSA Conference USA 2018)
Zero-downtime deployment of Micro-services with KubernetesWojciech Barczyński
Talk on deployment strategies with Kubernetes covering kubernetes configuration files and the actual implementation of your service in Golang.
You will find demos for recreate, rolling updates, blue-green, and canary deployments.
Source and demos, you will find on github: https://github.com/wojciech12/talk_zero_downtime_deployment_with_kubernetes
We are on the cusp of a new era of application development software: instead of bolting on operations as an after-thought to the software development process, Kubernetes promises to bring development and operations together by design.
Kubernetes and the hybrid cloud with Skupper | DevNation tech talkRed Hat Developers
In this session, we are going to conduct a live demonstration of hybrid cloud-native Java microservices, distributed across Amazon Web Services, Google Cloud Platform and Microsoft Azure, with real-time load-balancing and fail-over.
Kubernetes 1.16 and rancher 2.3 enhancementsSaiyam Pathak
This presentation talks about the recent kubernetes 1.16 enhancements and Rancher 2.3 new features. It also has the references section that was used as a motivation for this presentation.
Spring Boot is the defacto framework for building microservices with Java. These slides walk you though how to get started, deploy and debug, perform service discovery and do canary deployments with Spring Boot apps on OpenShift
Introduction to Kubernetes - Docker Global Mentor Week 2016Opsta
Kubernetes is an open-source system for automating
deployment, scaling, and management of containerized
applications. This presentation will show you overview of Kubernetes concept.
Docker Global Mentor Week 2016 #DockerInThai at Kaidee on November 18, 2016
KubeCon EU 2016: ITNW (If This Now What): Orchestrating an EnterpriseKubeAcademy
With growing demand for containers in the enterprise, build pipelines are a bottleneck to success. Traditional workflows can't release application candidates quickly enough to fulfill demand. With over 400 development teams across many different business units, Pearson had to move away from massive installs of traditional build pipeline tools and rethink the entire concept. In this talk we'll demonstrate how we have built in security compliance, performance testing, quality assurance, abstracted away complexity, reduced overhead, aim to recover 10% of developers time and turned build tools into cattle.
This represents the story to date of an in-flight engineering project to modernise the digital estate of a global enterprise organisation and how scale of the operation is leading us to challenge many established beliefs. Attendees will walk away with everything from workflows to code which they can use to get started in their own endeavors.
Sched Link:
Operatorhub.io and your Kubernetes cluster | DevNation Tech TalkRed Hat Developers
An Operator packages and manages the entire lifecycle of an application. You might not be building your own Operators (yet), but Operators make it easier to install and consistently manage the foundation components like databases, file systems, and middleware that your applications rely on -- and they’re not just for OpenShift. We’ll show you how to use the Operator Lifecycle Manager (OLM) and the Operators at OperatorHub.io with your Kubernetes cluster.
Kubernetes (K8s) is a powerful, flexible and portable open source framework for distributed containerized applications delivery and management. An important part of the services provided by most Kubernetes clusters is the containers’ networking stack. In most cases and for many applications it “just works”, but this seeming simplicity is backed by a complex stack of technologies that provide many capabilities beyond the basics.
This presentation accompanies the meetup and webinar where Oleg Chunikhin, CTO at Kublr, shows how Kubernetes networking stack works, describes main components, interfaces and extensibility options.
What is covered:
- general notions of Kubernetes networking - Pods and Network Policies
- implementation of Kubernetes networking - CNI, CNI plugins, and Linux network namespaces
- some Kubernetes CNI providers: Calico, Weave, Flanel, and Canal
- K8S networking extensibility for advanced and “exotic” use-cases with Multus CNI plugin as an example
Slides from my talk that demonstrates the challenges, difficulties, discoveries and joys of building an CI/CD for staging environments using Docker, Kubernetes, Github, Slack, AWS, Terraform and SaltStack. From the opening of a pull request to a running environment, how our process at Autobutler is provisioning and running staging environments using containers.
Effective Kubernetes - Is Kubernetes the new Linux? Is the new Application Se...Wojciech Barczyński
I will tell you two stories about two different implementations of Kubernetes. One from Fashion mobile ecomerce. One from a Fintech. Kubernetes is not a silver bullet. But damn close ;).
Secure your Quarkus applications | DevNation Tech TalkRed Hat Developers
So you have built - in no time - your Quarkus application and it's supersonic subatomic fast. Have you thought about security? Right, usually this is the thing we implement at the end. Even if it's a crucial part of our application, we often ignore it. The good news is that with Quarkus, adding security and identity management is a breeze. Join this 100% live coding session where we explore the different options that Quarkus offers you to secure your applications.
Building streaming applications using a managed Kafka service | DevNation Tec...Red Hat Developers
Learn about Red Hat OpenShift Streams for Apache Kafka, a service that provides fully hosted and managed Kafka instances. This enables you to focus on building your real-time, data streaming applications while Red Hat takes care of your infrastructure. After this session you'll be familiar with the features of OpenShift Streams for Apache Kafka, the related CLI tooling, and understand how it can be integrated with applications running on OpenShift (or elsewhere!)
This presentation will introduce you to Container, Docker, and Kubernetes with a live demo. This also explains Kubernetes basic concepts such as Pod, Deployment, Service, Ingress, and Rolling Update.
Facebook Live: https://www.facebook.com/imcinstitute/videos/4199946253380670
Youtube Recorded: https://youtu.be/vW1Yq5ftWZ4
IMC Live Webinar on July 17, 2020
In celebration of the launch of the Knative Cookbook, we will run a fast-paced live code demonstration of the coolest Knative-based techniques that we can imagine that include Kafka and Kamel.
Ephemeral DevOps: Adventures in Managing Short-Lived SystemsPriyanka Aash
This talk will explore the concepts and experiences of using configuration management in a highly disposable environment of ephemeral virtual machines. It will cover why an operations team may desire such an environment, the tools the presenter used to build one, and most importantly, the sorts of failures, accomplishments and considerations encountered during the journey.
(Source: RSA Conference USA 2018)
Serverless in production, an experience report (FullStack 2018)Yan Cui
AWS Lambda has changed the way we deploy and run software, but this new serverless paradigm has created new challenges to old problems - how do you test a cloud-hosted function locally? How do you monitor them? What about logging and config management? And how do we start migrating from existing architectures?
In this talk Yan and Scott will discuss solutions to these challenges by drawing from real-world experience running Lambda in production and migrating from an existing monolithic architecture.
Serverless in Production, an experience report (AWS UG South Wales)Yan Cui
AWS Lambda has changed the way we deploy and run software, but this new serverless paradigm has created new challenges to old problems - how do you test a cloud-hosted function locally? How do you monitor them? What about logging and config management? And how do we start migrating from existing architectures?
In this talk Yan and Scott will discuss solutions to these challenges by drawing from real-world experience running Lambda in production and migrating from an existing monolithic architecture.
Docker on a local machine and Docker in production — are two big differences. It's easy to play with technology but it's hard to do something real for many customers.
Half a year ago inside of Alpha Laboratory (division of Alfa-Bank) we've started building new microservices architecture for one of our pilot projects. We've almost completely changed a stack of the used technologies on a frontend and significantly changed it on a middle layer. For package and distribution we have choosen Docker. Two months ago we've deployed project to production and have opened service for clients.
In the report the following topics will be covered:
- reasons of a choice Docker;
- why Docker without other tools is not enough for a production;
- what stack of technologies we used in our solution;
- what advantages we've got;
- what problems have been faced and how we've solved them.
Serverless in production, an experience report (CoDe-Conf)Yan Cui
AWS Lambda has changed the way we deploy and run software, but this new serverless paradigm has created new challenges to old problems - how do you test a cloud-hosted function locally? How do you monitor them? What about logging and config management? And how do we start migrating from existing architectures?
In this talk Yan and Scott will discuss solutions to these challenges by drawing from real-world experience running Lambda in production and migrating from an existing monolithic architecture.
Serverless in production, an experience reportYan Cui
AWS Lambda has changed the way we deploy and run software, but this new serverless paradigm has created new challenges to old problems - how do you test a cloud-hosted function locally? How do you monitor them? What about logging and config management? And how do we start migrating from existing architectures?
In this talk Yan and Scott will discuss solutions to these challenges by drawing from real-world experience running Lambda in production and migrating from an existing monolithic architecture.
Cloud-native .NET Microservices mit KubernetesQAware GmbH
BASTA! 2017, Mainz: Talk von Mario-Leander Reimer (@LeanderReimer, Cheftechnologe bei QAware).
Cloud-Größen wie Google, Twitter und Netflix haben die Kernbausteine ihrer Infrastruktur quelloffen verfügbar gemacht. Das Resultat aus vielen Jahren Cloud-Erfahrung ist nun frei zugänglich, und jeder kann seine eigenen Cloud-nativen Anwendungen entwickeln – Anwendungen, die in der Cloud zuverlässig laufen und fast beliebig skalieren. Die einzelnen Bausteine wachsen zu einem großen Ganzen zusammen, dem Cloud-Native-Stack. In dieser Session stellen wir die wichtigsten Konzepte und aktuellen Schlüsseltechnologien kurz vor. Anschließend implementieren wir einen einfachen Microservice mit .NET Core und Steeltoe OSS und bringen ihn zusammen mit ausgewählten Bausteinen für Service-Discovery und Konfiguration schrittweise auf einem Kubernetes-Cluster zum Laufen.
Considerations for operating docker at scaleDocker, Inc.
"Scale" happens along 3 different aspects: (1) applications and their services scale up and down leading to (2) the infrastructure scaling up to meet the needs of the applications, and finally (3) sites scale across multiple locations, including movement to public cloud. In this session, we will talk about how Docker EE scales along all three of these dimensions to give you a consistent platform for running your applications:
1. At the application level: how do you manage application state & health along with resource and security constraints to scale containers up and down up in a controlled fashion?
2. The infrastructure level: as your application estate grows on the Docker EE platform you will need to scale across more nodes. How do automate the provisioning of these new nodes and how do you integrate the Docker EE platform layer with your existing infrastructure systems and tools.
3. Finally, we'll talk about distributed scale: how do you take what works for applications in one data center and spread it across multiple sites, in an integrated fashion so you can operate seamlessly?
(ARC402) Deployment Automation: From Developers' Keyboards to End Users' Scre...Amazon Web Services
Some of the best businesses today are deploying their code dozens of times a day. How? By making heavy use of automation, smart tools, and repeatable patterns to get process out of the way and keep the workflow moving. Come to this session to learn how you can do this too, using services such as AWS OpsWorks, AWS CloudFormation, Amazon Simple Workflow Service, and other tools. We'll discuss a number of different deployment patterns, and what aspects you need to focus on when working toward deployment automation yourself.
CloudCamp. Paul Hopton, @relayr_cloud - 'The WunderBar - Bootstrapping the In...Chris Purrington
Paul Hopton, @relayr_cloud - 'The WunderBar - Bootstrapping the Internet of Things
How to move beyond corporate hype, and make the Internet of Things happen (almost) now.
Why Kubernetes? Cloud Native and Developer Experience at Zalando - Enterprise...Henning Jacobs
Kubernetes hat sich als defacto Standard für Cloud Native Plattformen etabliert. Doch warum? Welche Vorteile und Fallstricke gibt es in der Praxis? Henning Jacobs zeigt am Beispiel von Zalando wie Kubernetes als Infrastruktur für 1200+ Entwickler dient, welche Aspekte Kubernetes trotz seiner Komplexität einzigartig machen, und was dies für die Developer Experience bedeutet.
Similar to Kubernetes Multi-cluster without Federation - Kubecon EU 2018 (20)
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
18. 18
● Hook up to CI/CD
● Cluster discovery
● Failover between clusters
● Credential management
BREAKING UP THE PROBLEM
APP OWNER INFRA ADMIN
19. 19
APP OWNER
● Hook up to CI/CD
● Cluster discovery
● Failover between clusters
● Credential management
● Connect and track clusters
● Ensure overall security
● Lock down as much as possible
● Resource limits
INFRA ADMIN
BREAKING UP THE PROBLEM
20. ● Connect and track clusters
● Ensure overall security
● Lock down as much as possible
● Resource limits
20
APP OWNER
● Hook up to CI/CD
● Cluster discovery
● Failover between clusters
● Credential management
INFRA ADMIN
BREAKING UP THE PROBLEM
21. ● Connect and track clusters
● Ensure overall security
● Lock down as much as possible
● Resource limits
21
APP OWNER
● Hook up to CI/CD
● Cluster discovery
● Failover between clusters
● Credential management
INFRA ADMIN
BREAKING UP THE PROBLEM
23. $ kubectl get clusters
NAME AGE
west-coast-production 5d
east-coast-production 24d
23
CLUSTER REGISTRY
Upstream Kubernetes project for tracking clusters
PROBLEM
Lives on a single cluster, but is useful to all clusters
25. 25
ACCESS CONTROL
Build on Kubernetes RBAC as much as possible
Staging
Production
App Owner Engineer
SRE Robots
26. 26
ACCESS CONTROL
Build on Kubernetes RBAC as much as possible
Staging
Production
App Owner Engineer
SRE Robots
27. 27
ACCESS CONTROL
Build on Kubernetes RBAC as much as possible
Staging
Production
PROBLEM
What transforms this?
App Owner Engineer
SRE Robots
28. 28
BRING-YOUR-OWN WORKFLOWS
Customization is key to make all users successful
API server
Node Node Node
API server
Node Node Node
Federation API server
App Owner Engineer
SRE Robots
29. 29
BRING-YOUR-OWN WORKFLOWS
Customization is key to make all users successful
kind: Deployment
apiVersion: apps/v1
metadata:
annotations:
federation.kubernetes.io/deployment-preferences: |
{
"rebalance": true,
"clusters": {
"clusterA": {
"minReplicas": 1,
"maxReplicas": 3,
"weight": 1
},
33. 33
BRING-YOUR-OWN WORKFLOWS
Customization is key to make all users successful
Europe North America
Engineer
SRE
App Owner
Security
New versions, Config, Secrets
RBAC Roles/Bindings, Quota, Namespaces
34. 34
BRING-YOUR-OWN WORKFLOWS
Customization is key to make all users successful
Europe North America
Engineer
SRE
App Owner
Security
New versions, Config, Secrets
RBAC Roles/Bindings, Quota, Namespaces
35. 35
TECTONIC MULTI-CLUSTER
● Sync this to all clusters instead of
living on one
● Use registry as a selector for policy
● Agent running on the cluster
● Focused on RBAC-only
● CRUD namespaces, roles, bindings
● Updated immediately across clusters
CLUSTER REGISTRY
SYNC POLICY
kind: ClusterPolicy
apiVersion: multicluster.coreos.com/v1
spec:
selector:
cloud: aws
namespaces:
- name: "api-prod"
authorization:
bindings:
- clusterRole: view
users: ["random-user"]
groups: ["SupportTeam"]
- clusterRole: edit
groups: ["APIDevelopers"]
- clusterRole: admin
users: ["joe-team-lead"]
- name: "api-test"
authorization:
bindings:
- clusterRole: admin
36. 36
Europe US East
Cluster Registry
TECTONIC MULTI-CLUSTER
Common Roles and Bindings
US West
Prod Production ProductionStage
37. 37
Europe US East
Cluster Registry
TECTONIC MULTI-CLUSTER
Common Roles and Bindings
US West
Prod Production ProductionStage
Engineer
App Owner
Deploy to production
38. 38
Europe US East
Cluster Registry
TECTONIC MULTI-CLUSTER
Common Roles and Bindings
US West
Prod Production ProductionStage
SRE
Security Change staging resource quota
39. 39
Europe US East
Cluster Registry
TECTONIC MULTI-CLUSTER
Common Roles and Bindings
US West
Prod Stage
SRE
Security Register a new cluster
New
Production Production Production
40. 40
Europe US East
Cluster Registry
TECTONIC MULTI-CLUSTER
Common Roles and Bindings
US West
Prod Stage
SRE
Security Remove the staging cluster selector
Prod Stage Prod Stage Stage
Singapore
Prod
41. 41
Europe US East
TECTONIC MULTI-CLUSTER
US West
Cluster Registry
BETTER SECURITY
No cluster needs to access all clusters
ServiceAccounts can be audited/revoked
ServiceAccounts only read Clusters and ClusterPolicies
44. 44
Least Complex
● Simple loop through clusters
● Human in the loop
● Error handling?
● No declarative state that we love
● Loop through clusters
● Human out of the loop
● Error handling?
● Jobs might need to be long running
BASH SCRIPT JENKINS
PROBLEM
Kubernetes is smart...these aren’t
45. 45
More Complex
● Specialized CLI tool
● Using Kubernetes-native tooling
● GCP beta feature only
● Smarts outside of the cluster
MULTI-CLUSTER INGRESS
kubemci create zone-printer
--ingress=ingress/ingress.yaml
--gcp-project=$PROJECT
--kubeconfig=clusters.yaml
46. 46
More Complex
MULTI-CLUSTER INGRESS
for ctx in $(kubectl config get-contexts -o=name --kubeconfig
clusters.yaml); do
kubectl --kubeconfig clusters.yaml
--context="${ctx}"
create -f manifests/
done
47. 47
More Complex
● Specialized controller for an
application
● Model apps using CRDs
● Use cluster registry, other cluster
state and RBAC
● Requires a Kubernetes-native app
OPERATOR
kind: CompliantDatabase
metadata:
name: example-db
spec:
replicationFactor: 2
autoscale: true
backup: hourly
geography:
restriction: EU
preference: Germany
49. 49
Even Smarter
● Accept that this is a vast problem
space
● Don’t have to use all parts
● Policies modeled as CRDs
○ Add as many as you’d like
● Use existing RBAC
● Can plug into policy engine
FEDERATION V2
Your-Custom-Object
Template
Placement
Override
50. 50
Even Smarter
● UX matters!
● Implemented as an aggregated API
server
○ Can use kubectl and existing
tools/libraries
● Secured with ServiceAccounts
● Possible to implement a custom
scheduler
FEDERATION V2
Owned by SIG Multi-cluster
