Many people associate kubernetes with cloud solutions exclusively. I tend to disagree. In this presentation I will explain the rationale and success criteria of this project. I will also describe in details our key findings, tools that we used along the way, incident management process and the benefits analysis. The presentation will also cover all lessons learned as well as pitfalls and drawbacks of this solution. Major incidents will be explained along with the correctional procedures. Moreover this talk will also be focused on the cost effectiveness of the solution in question. No minikube demos, no raspberry pi clusters, no obvious basics. Just the real world application of the tech that works and generates revenue.
9. 9
Pros and cons
• Physical storage
• Hardware control
• No “noisy neighbours”
• Money
• No network storage “out
of the box”
• Hardware and OS
management
• Less elasticity
• No autoscaling
13. 13
Cluster specs
● 5-7 worker nodes
● 3 master nodes
● Tinted master nodes
● Full monitoring
● Production ready in 6 months
14. 14
Pilot app specs
● Stateless components
● Loose coupling
● HTTP/HTTPS
● Databases outside the cluster
● No autoscaling
15. 15
Security
● Cluster access
○ ssh only for adm/ops
○ local kubectl for others
● API server access control
○ individual token for each person and service
○ token inventory
○ token rotation
○ RBAC
● App security
○ HTTPS
○ ingress
○ exposed services inventory