Here are the slides I presented on 12-12-2017 at the Bay Area Microservices Meeting. I presented some of the best practices to achieve application isolation on Kubernetes
OpenEBS is a container-native open source containerized storage project for containers – tightly integrated into Kubernetes.
You can find the full presentation here: https://www.facebook.com/VMTNcommunity/videos/2008142932762386/
Multi-Container Apps spanning Docker, Mesos and OpenStackDocker, Inc.
Roll up! Roll up! Before your very eyes Andrew will use Apache Brooklyn powered Clocker to deploy and manage multi-container applications transparently spanning - Docker, Mesos and OpenStack.
This presentation was made as closing session for Container Conference 2018 on 03rd August in Bangalore by Anoop Kumar from Docker.
"In this session we will get familiarized with the technical aspects of the Docker EE 2.0 Platform. It will involve a walkthrough of the swarm as well as the relatively newly introduced Kubernetes integrations, how it enables organizational agility, choice and security and the future roadmap of the product suite. We'll finally do a quick demo of the platform and close with a Q&A section."
Author: Oleg Chunikhin, www.eastbanctech.com
Kubernetes is a portable open source system for managing and orchestrating containerized cluster applications. Kubernetes solves a number of DevOps related problems out of the box in a simple and unified way – rolling updates and update rollback, canary deployment and other complicated deployment scenarios, scaling, load balancing, service discovery, logging, monitoring, persistent storage management, and much more. You will learn how in less than 30 minutes a reliable self-healing production-ready Kubernetes cluster may be deployed on AWS and used to host and operate multiple environments and applications.
Platform as a Service with Kubernetes and Mesos Miguel Zuniga
Platform as a Service with Kubernetes and Mesos on top of openstack
Go through the design, architecture, HA, security and how to design and roll services.
OpenEBS is a container-native open source containerized storage project for containers – tightly integrated into Kubernetes.
You can find the full presentation here: https://www.facebook.com/VMTNcommunity/videos/2008142932762386/
Multi-Container Apps spanning Docker, Mesos and OpenStackDocker, Inc.
Roll up! Roll up! Before your very eyes Andrew will use Apache Brooklyn powered Clocker to deploy and manage multi-container applications transparently spanning - Docker, Mesos and OpenStack.
This presentation was made as closing session for Container Conference 2018 on 03rd August in Bangalore by Anoop Kumar from Docker.
"In this session we will get familiarized with the technical aspects of the Docker EE 2.0 Platform. It will involve a walkthrough of the swarm as well as the relatively newly introduced Kubernetes integrations, how it enables organizational agility, choice and security and the future roadmap of the product suite. We'll finally do a quick demo of the platform and close with a Q&A section."
Author: Oleg Chunikhin, www.eastbanctech.com
Kubernetes is a portable open source system for managing and orchestrating containerized cluster applications. Kubernetes solves a number of DevOps related problems out of the box in a simple and unified way – rolling updates and update rollback, canary deployment and other complicated deployment scenarios, scaling, load balancing, service discovery, logging, monitoring, persistent storage management, and much more. You will learn how in less than 30 minutes a reliable self-healing production-ready Kubernetes cluster may be deployed on AWS and used to host and operate multiple environments and applications.
Platform as a Service with Kubernetes and Mesos Miguel Zuniga
Platform as a Service with Kubernetes and Mesos on top of openstack
Go through the design, architecture, HA, security and how to design and roll services.
This presentation was made by Sathyajith Bhat, Senior DevOps Engineer, Adobe as part of Container Conference 2018.
Securing Containers: "Containers have almost become the ubiquitous method of packaging and deploying applications. While containers are perceived to be completed isolated and secure methods of running your application, the reality is that containers are not completely foolproof and are susceptible to many attack vectors. This session takes a look at the attack vectors and different ways to mitigate them."
www.containerconf.in
- Archeology: before and without Kubernetes
- Deployment: kube-up, DCOS, GKE
- Core Architecture: the apiserver, the kubelet and the scheduler
- Compute Model: the pod, the service and the controller
A basic introductory slide set on Kubernetes: What does Kubernetes do, what does Kubernetes not do, which terms are used (Containers, Pods, Services, Replica Sets, Deployments, etc...) and how basic interaction with a Kubernetes cluster is done.
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesSlideTeam
Get these visually appealing Kubernetes Concepts And Architecture PowerPoint Presentation Slides to discuss the process of operating containerized applications. You can display the need for containers by the company with the help of an open-source architecture PPT slideshow. The architecture of containers can be demonstrated with the help of a visually appealing PPT slideshow. The reasons for opting for Kubernetes by an organization can be explained to your teammates with the help of containers PowerPoint infographics. Highlight the roadmap for installing Kubernetes in the organization by using content-ready PPT slides. Take the assistance of visually appealing PPT templates to depict the major advantages of Kubernetes such as improving productivity, the stability of application run, and many more. After that, display 30 60 90 days plan to implement Kubernetes in the organization. Display the key components of Kubernetes with the help of a diagram using this professionally designed cluster architecture PPT layouts. Describe the functionality of each components of Kubernetes. Hence, download Kubernetes architecture PPT slides to easily and efficiently manage the clusters. https://bit.ly/34DWa7x
Presented as part of Container Conference 2018: www.containerconf.in
Deep dive into Kubernetes networking
"Container networking is pretty complex and Kubernetes has taken a unique approach to solve container networking challenges. Both simplicity and scalability have been key design principles of Kubernetes networking. This session will illustrate kubernetes networking concepts with examples and demos. Best practises and considerations for deploying container networks in production using Kubernetes will be covered.
This session will also go into latest developments in Kubernetes networking like Network policy and Service policy using Istio."
Containers and workload security an overview Krishna-Kumar
Beginner Level Talk - Presented at Bangalore container conf 2018 - Containers and workload security an overview. Hope it get starts your container security journey :-)
Containers require a new approach to networking. How are your containers communicating with each other? This talk will go through the different network topologies of Kubernetes. How Kubernetes addresses networking compared to traditional physical networking concepts. What are your options for networking using Kubernetes. What is the CNI (Container Network Interface) and how it affects Kubernetes networking.
Security best practices for kubernetes deploymentMichael Cherny
Security best practices for a Kubernetes Deployment - from development, through build, ship, networking and run time controls.
Was presented at New York Kubernetes meetup https://www.meetup.com/New-York-Kubernetes-Meetup/events/237790149/
Kubernetes for FaaS (Function as a Service) - Serverless evolution, some basic constructs, kubenetes features, comparisons - from Serverless conference 2017 Bangalore.
Learn from the dozens of large-scale deployments how to get the most out of your Kubernetes environment:
- Container images optimization
- Organizing namespaces
- Readiness and Liveness probes
- Resource requests and limits
- Failing with grace
- Mapping external services
- Upgrading clusters with zero downtime
This presentation was made by Sathyajith Bhat, Senior DevOps Engineer, Adobe as part of Container Conference 2018.
Securing Containers: "Containers have almost become the ubiquitous method of packaging and deploying applications. While containers are perceived to be completed isolated and secure methods of running your application, the reality is that containers are not completely foolproof and are susceptible to many attack vectors. This session takes a look at the attack vectors and different ways to mitigate them."
www.containerconf.in
- Archeology: before and without Kubernetes
- Deployment: kube-up, DCOS, GKE
- Core Architecture: the apiserver, the kubelet and the scheduler
- Compute Model: the pod, the service and the controller
A basic introductory slide set on Kubernetes: What does Kubernetes do, what does Kubernetes not do, which terms are used (Containers, Pods, Services, Replica Sets, Deployments, etc...) and how basic interaction with a Kubernetes cluster is done.
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesSlideTeam
Get these visually appealing Kubernetes Concepts And Architecture PowerPoint Presentation Slides to discuss the process of operating containerized applications. You can display the need for containers by the company with the help of an open-source architecture PPT slideshow. The architecture of containers can be demonstrated with the help of a visually appealing PPT slideshow. The reasons for opting for Kubernetes by an organization can be explained to your teammates with the help of containers PowerPoint infographics. Highlight the roadmap for installing Kubernetes in the organization by using content-ready PPT slides. Take the assistance of visually appealing PPT templates to depict the major advantages of Kubernetes such as improving productivity, the stability of application run, and many more. After that, display 30 60 90 days plan to implement Kubernetes in the organization. Display the key components of Kubernetes with the help of a diagram using this professionally designed cluster architecture PPT layouts. Describe the functionality of each components of Kubernetes. Hence, download Kubernetes architecture PPT slides to easily and efficiently manage the clusters. https://bit.ly/34DWa7x
Presented as part of Container Conference 2018: www.containerconf.in
Deep dive into Kubernetes networking
"Container networking is pretty complex and Kubernetes has taken a unique approach to solve container networking challenges. Both simplicity and scalability have been key design principles of Kubernetes networking. This session will illustrate kubernetes networking concepts with examples and demos. Best practises and considerations for deploying container networks in production using Kubernetes will be covered.
This session will also go into latest developments in Kubernetes networking like Network policy and Service policy using Istio."
Containers and workload security an overview Krishna-Kumar
Beginner Level Talk - Presented at Bangalore container conf 2018 - Containers and workload security an overview. Hope it get starts your container security journey :-)
Containers require a new approach to networking. How are your containers communicating with each other? This talk will go through the different network topologies of Kubernetes. How Kubernetes addresses networking compared to traditional physical networking concepts. What are your options for networking using Kubernetes. What is the CNI (Container Network Interface) and how it affects Kubernetes networking.
Security best practices for kubernetes deploymentMichael Cherny
Security best practices for a Kubernetes Deployment - from development, through build, ship, networking and run time controls.
Was presented at New York Kubernetes meetup https://www.meetup.com/New-York-Kubernetes-Meetup/events/237790149/
Kubernetes for FaaS (Function as a Service) - Serverless evolution, some basic constructs, kubenetes features, comparisons - from Serverless conference 2017 Bangalore.
Learn from the dozens of large-scale deployments how to get the most out of your Kubernetes environment:
- Container images optimization
- Organizing namespaces
- Readiness and Liveness probes
- Resource requests and limits
- Failing with grace
- Mapping external services
- Upgrading clusters with zero downtime
In this talk, a closer look into the lifecycle of operators will be presented. With an understanding of how operators evolve, it becomes clear what
challenges during operator upgrades. A brief overview of lifecycle management tools such as Helm, OLM, and Carvel is presented in this context. In particular, it will be discussed whether these tools can help, which restrictions apply and where further development would be desirable.
At the end of this talk, you will know what operator lifecycle management is about, what its challenges are, and which tools may be used to reduce operational friction.
This talk was given by Julian Fischer for DoK Day Europe @ KubeCon 2022.
Link: https://youtu.be/_lQhoCUQReU
https://go.dok.community/slack
https://dok.community/
From the DoK Day EU 2022 (https://youtu.be/Xi-h4XNd5tE)
The ability to extend Kubernetes with Custom Resource Definitions and respective controllers has led to the OperatorSDK, which became
the de facto standard for data service automation on Kubernetes. There are countless operator implementations available, and new operators are
being released on a daily basis. Organizations managing hundreds of Kubernetes clusters for dozens of developer teams are also challenged to
manage the lifecycle of hundreds of Kubernetes operators. The goal is to keep the operational overhead to a minimum.
In this talk, a closer look into the lifecycle of operators will be presented. With an understanding of how operators evolve, it becomes clear what
challenges during operator upgrades. A brief overview of lifecycle management tools such as Helm, OLM, and Carvel is presented in this context. In particular, it will be discussed whether these tools can help, which restrictions apply and where further development would be desirable.
At the end of this talk, you will know what operator lifecycle management is about, what its challenges are, and which tools may be used to reduce operational friction.
-----
Julian Fischer, CEO of anynines, has dedicated his career to the automation of software operations. In more than fifteen years, he has built several application platforms. He has been using Kubernetes, Cloud Foundry, and BOSH in recent years. Within platform automation, Julian has a strong focus on data service automation at scale.
Kubernetes is an open-source system and is quickly becoming the new standard for automating deployment, scaling, and management of containerized applications.
In the presentation we will have a high-level overview of the most important components of Kubernetes and how they fit together. We will start with having an overview of Container and Orchestration and what Kubernetes is capable of and how it helps in automating deployment and scaling software in the cloud. Afterwards we will discuss Kubernetes objects (Pod, ReplicaSet, Deployment, Services, Namespaces) with some examples.
An Introduction to Kubernetes and Continuous Delivery FundamentalsAll Things Open
Presented at All Things Open RTP Meetup
Presented by Brad Topol
Title: An Introduction to Kubernetes and Continuous Delivery Fundamentals
Abstract: Kubernetes is a cloud infrastructure that has emerged as the de facto standard platform for managing, orchestrating, and provisioning container-based cloud native computing applications. Cloud native computing applications are built from a collection of smaller services and take advantage of the speed of development and scalability cloud computing environments provide. In this talk, we provide an overview of the fundamentals of Kubernetes. We begin with a short introduction to the concept of containers and describe the Kubernetes architecture. We then present several core features provided by Kubernetes such as Pods, ReplicaSets, Deployments, Service objects, and autoscaling capabilities. We conclude with a discussion of Kubernetes continuous delivery fundamentals and tools, including how to do small batch changes, source control, and developer access to production-like environments.
Slides used for Orchestructure May 2018 workshop.
Labs:
https://github.com/mrbobbytables/k8s-intro-tutorials
Event Information:
https://www.meetup.com/orchestructure/events/250189685/
Securing & Monitoring Your K8s Cluster with RBAC and Prometheus”.Opcito Technologies
Opcito Technologies is a proud partner with Kubernetes, an open-source system for container orchestration.
We will be talking about:
• Features of Kubernetes 1.6
• RBAC Configurations
• RBAC Use Cases
• Running Prometheus in Kubernetes
• Prometheus Operator - Deployment, Cluster & Service Monitoring
An Operator is an application that encodes the domain knowledge of the application and extends the Kubernetes API through custom resources. They enable users to create, configure, and manage their applications. Operators have been around for a while now, and that has allowed for patterns and best practices to be developed.
In this talk, Lili will explain what operators are in the context of Kubernetes and present the different tools out there to create and maintain operators over time. She will end by demoing the building of an operator from scratch, and also using the helper tools available out there.
[DevDay 2017] OpenShift Enterprise - Speaker: Linh Do - DevOps Engineer at Ax...DevDay.org
This session discusses OpenShift Enterprise (or OpenShift Container Platform). OpenShift Container Platform is Red Hat's on-premise private platform as a service product, built around a core of application containers powered by Docker, with orchestration and management provided by Kubernetes, on a foundation of Red Hat Enterprise Linux.
Cloud native applications are popular these days. They promise superior reliability and almost arbitrary scalability. They follow three key principles: they are built and composed as microservices. They are packaged and distributed in containers. The containers are executed dynamically in the cloud. But which technology is best to build this kind of application? This talk will be your guidebook.
In this hands-on session, we will briefly introduce the core concepts and some key technologies of the cloud native stack and then show how to build, package, containerize, compose and orchestrate a cloud native showcase application on top of a cluster operating system such as Kubernetes or OpenShift. Throughout the session we will be using an off-the-shelf MIDI controller to visualize the concepts and to remote control the cluster.
Container Days 2017 conference. @ConDaysEU #CDS17 #qaware #CloudNativeNerd @LeanderReimer
A hitchhiker‘s guide to the cloud native stackQAware GmbH
Container Days 2017, Hamburg: Vortrag von Mario-Leander Reimer (@LeanderReimer, Cheftechnologe bei QAware).
Abstract: Cloud-Größen wie Google, Twitter und Netflix haben die Kernbausteine ihrer Infrastruktur quelloffen verfügbar gemacht. Das Resultat aus vielen Jahren Cloud-Erfahrung ist nun frei zugänglich, und jeder kann seine eigenen Cloud-nativen Anwendungen entwickeln – Anwendungen, die in der Cloud zuverlässig laufen und fast beliebig skalieren. Die einzelnen Bausteine wachsen zu einem großen Ganzen zusammen, dem Cloud Native Stack.
In dieser Session stellen wir die wichtigsten Konzepte und Schlüsseltechnologien vor und bringen dann eine Spring-Cloud-basierte Beispielanwendung schrittweise auf Kubernetes und DC/OS zum Laufen. Dabei diskutieren wir verschiedene praktikable Architekturalternativen.
Similar to Meetup 12-12-2017 - Application Isolation on Kubernetes (20)
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
In software engineering, the right architecture is essential for robust, scalable platforms. Wix has undergone a pivotal shift from event sourcing to a CRUD-based model for its microservices. This talk will chart the course of this pivotal journey.
Event sourcing, which records state changes as immutable events, provided robust auditing and "time travel" debugging for Wix Stores' microservices. Despite its benefits, the complexity it introduced in state management slowed development. Wix responded by adopting a simpler, unified CRUD model. This talk will explore the challenges of event sourcing and the advantages of Wix's new "CRUD on steroids" approach, which streamlines API integration and domain event management while preserving data integrity and system resilience.
Participants will gain valuable insights into Wix's strategies for ensuring atomicity in database updates and event production, as well as caching, materialization, and performance optimization techniques within a distributed system.
Join us to discover how Wix has mastered the art of balancing simplicity and extensibility, and learn how the re-adoption of the modest CRUD has turbocharged their development velocity, resilience, and scalability in a high-growth environment.
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
top nidhi software solution freedownloadvrstrong314
This presentation emphasizes the importance of data security and legal compliance for Nidhi companies in India. It highlights how online Nidhi software solutions, like Vector Nidhi Software, offer advanced features tailored to these needs. Key aspects include encryption, access controls, and audit trails to ensure data security. The software complies with regulatory guidelines from the MCA and RBI and adheres to Nidhi Rules, 2014. With customizable, user-friendly interfaces and real-time features, these Nidhi software solutions enhance efficiency, support growth, and provide exceptional member services. The presentation concludes with contact information for further inquiries.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfJay Das
With the advent of artificial intelligence or AI tools, project management processes are undergoing a transformative shift. By using tools like ChatGPT, and Bard organizations can empower their leaders and managers to plan, execute, and monitor projects more effectively.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Mind IT Systems
Healthcare providers often struggle with the complexities of chronic conditions and remote patient monitoring, as each patient requires personalized care and ongoing monitoring. Off-the-shelf solutions may not meet these diverse needs, leading to inefficiencies and gaps in care. It’s here, custom healthcare software offers a tailored solution, ensuring improved care and effectiveness.
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Meetup 12-12-2017 - Application Isolation on Kubernetes
1. Segmentation and Isolation on Kubernetes
for Enterprise Teams
Microservices & Cloud Native Apps,
December 12th 2017
2. 2
Kubernetes cluster sprawl
is the new VM sprawl
Our Goal:
Optimize the number of clusters by
sharing them across users & teams
3. 3
•Developer, VP Engineering, Founder at Nirmata
•Developing large-scale software since the early 90’s.
•Expertise in centralized management for complex
distributed systems.
•Co-founded Nirmata in 2013, for enterprise
management of cloud-native applications.
Damien Toledo
7. 7
• Kubernetes is an open source
container orchestration solution
originally developed by Google now
part of CNCF
• Enable Enterprise DevOps
• Kubernetes is designed for
microservices but can support
stateful applications
Kubernetes
(Greek for “helmsman" or "pilot")
8. 8
Pod
Deployment
Service Ingress
Replica Set
Stateful SetDaemon Set
Network Policy
Job
Container
Secrets
Dude, where’s my app?
Persistent
Volume
Namespace
Ingress Controller
Persistent
Volume Claim
Storage Class
Network
Controller
Cloud
Provider
9. 9
Kubernetes is awesome! But ...
“For newcomers, Kubernetes
can be intimidating….” -- Joe
Beda
“Kubernetes was created by
system engineers, for system
engineers”
-- Craig McLuckie
“Guardrails are important.”
-- Steve Sandke, Salesforce
11. 11
• Most obvious construct to create virtual clusters
• Provide a scope for names
• Provide a way to divide cluster resources using quota
• By default namespace does not provide
• Network isolation Any service can reach any service
• Access Control Anybody can do everything
Namespace
12. 12
Should I use
One namespace per user/developer
One namespace per team
One per service type
One namespace per application type
One namespace per running instance of your application
application
Namespace scope
13. 13
Namespace Per Application Instance
Service
Deployment
Pod
NetworkPolic
y
ReplicaSet
Pod
Service
Deployment
Pod
NetworkPolic
y
ReplicaSet
Pod
Service
Deployment
PodNetworkPolicy
ReplicaSet
Pod
Service
Deployment
Pod
NetworkPolic
y
ReplicaSet
Pod
Service
Deployment
Pod
NetworkPolic
y
ReplicaSet
Pod
Service
Deployment
PodNetworkPolicy
ReplicaSet
Pod
Namespace (shopme-joe) Namespace (shopme-susan)
Cluster
14. 14
Resources Creation & Namespaces
apiVersion: v1
kind: Service
metadata:
name: customer
namespace: shopme-john
spec:
ports:
- name: http
protocol: TCP
port: 80
targetPort: 80
selector:
service: customer
All resources belonging to the same
application instance must be created in
the same Namespace
kubectl create –f service-customer.yaml
16. 16
• Used to provide different level of QoS to Pods
• Containers can specify
• Requests: Guaranteed amount of a specific resource (CPU,
Memory, …)
• Limits: Maximum amount of a resource allowed
• Request <= Limit
• Scheduling is based on Requests, not on Limits
• Sum of limits can exceed system capacity (i.e. oversubscription)
Container Requests & Limits
18. 18
Compressible Resources (CPU)
• Pods are guaranteed to get the amount of CPU requested
• Excess CPU is distributed based on the amount requested
• If a Pod exceeds a limit, the process using the most amount of the resource will be
killed.
• Pods are throttled if they exceed their limit
Incompressible Resources (Memory)
• If a Pod exceeds its request, it can be killed if other Pods needs more memory
• If a Pod exceeds a limit, the process using the most amount of the resource will be
killed.
Container Requests & Limits
19. 19
Resource Quota
• Resource Quota are defined at the namespace level
• Limit aggregate resource consumption
• Limit number of objects (Service, NodePort, Pod, …)
• Limit that total compute resources (CPU, memory, storage)
• Resource Quotas should be created by administrators
• If creating or updating a resource violate a Resource Quota,
the operation is denied (403 FORBIDDEN)
• Users must specify container Requests when Resource
Quotas are in use
25. 25
• General availability in K8s 1.8
• Policies controlling permissions within a cluster
• Can provide cluster wide defaults
• Fined grained access control per Namespace
Kubernetes RBAC
26. 26
Service Accounts
• Managed by Kubernetes
• Bound to specific Namespaces
• Tied to a set of credentials stored as Secrets
Normal Users
• Managed outside K8s
• There are no k8s objects representing users
• Can use private keys, file with list of users, user store like keystone, etc
Kubernetes Users
31. 31
All Containers can communicates with all containers within a cluster
Best pratices:
1. Enable network policies using a plugin (Calico, Cilium, Kuke-router, Romana,
Weave Net, ..)
2. By default, deny all traffic to your services
3. Create Network Policies to selectively enable traffic from other services
Kubernetes Networking is Great But …
38. 38
• Kubernetes is a powerful toolbox
• Provides many building blocks that can be used to implement application
isolation
• Developers shouldn’t have to worry about this
• Admins need solutions to simplify their work …
Conclusion
39. 39
• Single management plane
across multiple clusters
• Secure and scalable
multi-cloud management
• Seamless integrations for
continuous delivery
Nirmata simplifies Kubernetes
forenterpriseDevOpsteams
