SlideShare a Scribd company logo

WSO2 Kubernetes Reference Architecture - Nov 2017

•
•
Imesh Gunaratne
Imesh Gunaratne

This document provides an overview of WSO2's reference architecture for deploying their middleware products on Kubernetes. It begins with introductions to containers and Kubernetes, explaining concepts like pods, services, deployments, etc. It then outlines WSO2's approach for container orchestration, service discovery, configuration management, load balancing, security, updates, and monitoring in a Kubernetes environment. Specific practices and Kubernetes resources are recommended for areas like pod security policies, horizontal pod autoscaling, ingress definitions, and more. Overall the document serves as a guide for architecting and operating WSO2 products on Kubernetes according to best practices.

1 of 48
Download to read offline
WSO2 Kubernetes Reference Architecture Imesh Gunaratne, WSO2 November, 2017
Agenda â—Ź An Introduction to Containers â—Ź An Introduction to Kubernetes â—‹ Kubernetes Architecture â—‹ Kubernetes Components â—Ź WSO2 Reference Architecture for Kubernetes â—‹ Container Orchestration â—‹ Service Discovery â—‹ Cluster Discovery â—‹ Runtime Artifact Synchronization â—‹ Configuration Management â—‹ Autoscaling
Agenda Cont. â—Ź Security â—‹ Security Best Practices â—‹ Container Security â—‹ Pod Security Policies â—Ź Deployment Process â—‹ WSO2 Update Manager (WUM) â—‹ Kubernetes Resource Deployment â—Ź Rolling Out Updates â—‹ Kubernetes Rollout â—‹ Blue/Green Deployment â—Ź Monitoring The Deployment â—Ź WSO2 Kubernetes Resources
An Introduction to Containers
Virtual Machines Vs Containers Linux Container Brief for IEEE WG P2302, Boden Russell Hardware Hypervisor Virtual Machine Operating System Bin/Lib App App Virtual Machine Operating System Bin/Lib App App Hardware Operating System Hypervisor Virtual Machine Operating System Bin/Lib App App Virtual Machine Operating System Bin/Lib App App Type 1 Hypervisor (Bare Metal) Type 2 Hypervisor Hardware Operating System Linux Containers Container Bin/Lib App Container Bin/Lib App Container Runtime
The Container Advantage Hardware Hypervisor Virtual Machine Operating System Bin/Lib App App Virtual Machine Operating System Bin/Lib App App Type 1 Hypervisor Hardware Operating System Linux Containers Container Bin/Lib App Container Bin/Lib App 16 CPU, 128 GB RAM 2 CPU, 4 GB RAM 1 CPU, 1.25 GB RAM 1 CPU, 0.75 GB RAM 16 CPU, 128 GB RAM 2 CPU, 4 GB RAM 2 CPU, 2 GB RAM Container Runtime Operating System
Standard Container Deployments Container Image Container Images Hardware Operating System Container Bin/Lib App Container Bin/Lib App Container Runtime Container Image Registry Operating System Container Bin/Lib App Container Bin/Lib App Container Runtime Load Balancer Hardware Network
Container Cluster Manager based Deployments Overlay Network Container Images Hardware Operating System Container Bin/Lib App Container Bin/Lib App Container Runtime Container Image Registry Operating System Container Bin/Lib App Container Bin/Lib App Load Balancer Hardware Network Hardware Operating System Container Cluster Manager Controller Agent Container Runtime Agent
An Introduction to Kubernetes
An Introduction to Kubernetes Borg Google’s first container cluster manager Omega Google’s second container cluster manager Kubernetes Google’s initiative to build a general purpose container cluster manager
Kubernetes Architecture Load Balancer
kube-apiserver ● kube-apiserver exposes the Kubernetes API. It is the front-end for the Kubernetes control plane. It is designed to scale horizontally – that is, it scales by deploying more instances. https://kubernetes.io/docs/concepts/overview/components/
etcd ● etcd is used as Kubernetes’ backing store. All cluster data is stored here. Always have a backup plan for etcd’s data for your Kubernetes cluster. https://kubernetes.io/docs/concepts/overview/components/
kube-controller-manager â—Ź kube-controller-manager runs controllers, which are the background threads that handle routine tasks in the cluster. Logically, each controller is a separate process, but to reduce complexity, they are all compiled into a single binary and run in a single process. â—Ź These controllers include: â—‹ Node Controller: Responsible for noticing and responding when nodes go down. â—‹ Replication Controller: Responsible for maintaining the correct number of pods for every replication controller object in the system. â—‹ Endpoints Controller: Populates the Endpoints object (that is, joins Services & Pods). â—‹ Service Account & Token Controllers: Create default accounts and API access tokens for new namespaces. https://kubernetes.io/docs/concepts/overview/components/
cloud-controller-manager â—Ź cloud-controller-manager runs controllers that interact with the underlying cloud providers. The cloud-controller-manager binary is an alpha feature introduced in Kubernetes release 1.6. â—Ź Extension points: â—‹ Node Controller: For checking the cloud provider to determine if a node has been deleted in the cloud after it stops responding â—‹ Route Controller: For setting up routes in the underlying cloud infrastructure â—‹ Service Controller: For creating, updating and deleting cloud provider load balancers â—‹ Volume Controller: For creating, attaching, and mounting volumes, and interacting with the cloud provider to orchestrate volumes https://kubernetes.io/docs/concepts/overview/components/
kube-scheduler â—Ź kube-scheduler watches newly created pods that have no node assigned, and selects a node for them to run on. https://kubernetes.io/docs/concepts/overview/components/
DNS â—Ź While the other addons are not strictly required, all Kubernetes clusters should have cluster DNS, as many examples rely on it. â—Ź Cluster DNS is a DNS server, in addition to the other DNS server(s) in your environment, which serves DNS records for Kubernetes services. â—Ź Containers started by Kubernetes automatically include this DNS server in their DNS searches. https://kubernetes.io/docs/concepts/overview/components/
Overlay Network Options https://kubernetes.io/docs/concepts/cluster-administration/networking/ â—Ź Cilium â—Ź Contiv â—Ź Contrail â—Ź Flannel â—Ź Google Compute Engine (GCE) â—Ź Kube-router â—Ź L2 networks and linux bridging â—Ź Multus (a Multi Network plugin) â—Ź NSX-T â—Ź Nuage Networks VCS (Virtualized Cloud Services) â—Ź OpenVSwitch â—Ź OVN (Open Virtual Networking) â—Ź Project Calico â—Ź Romana â—Ź Weave Net from Weaveworks â—Ź CNI-Genie from Huawei
WSO2 Reference Architecture for Kubernetes
Reference Architecture Overlay Network Pod 1 Pod 2 Service 1 Pod 3 Pod 4 Pod m Service n Deployments Load Balancer DB 1 DB 2 DB X Persistent Volumes HPAs Pod Security Policies Ingresses Container Registry Node1 Node2 Noden Ingress Controller
WSO2 Docker Images â—Ź WSO2 Docker images are built using standard Dockerfiles â—Ź Default base image used is Ubuntu Server LTS â—Ź Will only include: â—‹ Oracle JDK 1.8 â—‹ JDBC Driver â—‹ Latest product distribution â—‹ Extensions, and Customizations â—Ź Will not include: â—‹ Configurations (Passed via ConfigMaps) â—‹ Credentials (Passed via Secrets) â—‹ Deployable Artifacts (Passed via ConfigMaps)
Container Orchestration â—Ź Deployments will be used for container orchestration â—Ź Deployments will create replca sets â—Ź Replica sets will internally create pods â—Ź Deployments will define health checks for autohealing â—Ź Horizontal pod autoscalers (HPA) will be used for autoscaling https://kubernetes.io/docs/concepts/workloads/controllers/deployment/ Pod 1 Pod 2 Service Deployments Container Registry
Service Discovery â—Ź Kubernetes services will be used for service discovery â—Ź Each service will have a domain name â—Ź WSO2 components will use services to talk to each other (inter-component communication) https://kubernetes.io/docs/concepts/services-networking/service/ Pod 1 Pod 2 Service 1 Pod 3 Pod 4 Service n
Cluster Discovery â—Ź Carbon clustering is required for some of the WSO2 components such as Analytics, CEP, and IS â—Ź WSO2 Kubernetes membership scheme is used for auto discoverying members in the cluster via the Kubernetes API or DNS Pod 1 Pod 2 Service 1 Pod 2 Kubernetes API DNS
Runtime Artifact Synchronization â—Ź WSO2 components such as Integrator, BPS, API Gateway would require synchronizing runtime artifacts â—Ź The recommended approach for this is to use a Network File System (NFS) and share the repository/deployment/server folder of pods via a persistent volume https://kubernetes.io/docs/concepts/storage/persistent-volumes/ Pod 1 Pod 2 Service Persistent Volume Pod n
Configuration Management â—Ź Each configuration folder will be converted in to a ConfigMap and passed in to the pod using a volume mount â—Ź This approach makes the configuration update process simpler â—Ź Would not require to re-build the Docker images https://kubernetes.io/docs/concepts/storage/persistent-volumes/ Pod 1 Pod 2 Service VolumesConfigMaps
Load Balancing â—Ź Internal routing will use Kubernetes services. â—Ź External routing will use a load balancer â—Ź Ingress definitions will be used to automatically configure load balancers via Ingress controllers. â—Ź If required standard load balancers can also be used with manual configurations. https://kubernetes.io/docs/concepts/services-networking/ingress/ Pod 1 Pod 2 Service 1 Pod 3 Pod 4 Service n Load Balancer Ingresses Ingress Controller
Autoscaling â—Ź Autoscaling can be applied at two levels: â—‹ Pod autoscaling â—‹ Kubernetes cluster autoscaling â—Ź Horizontal pod autoscalers (HPA) will be used for autoscaling pods. â—Ź Kubernetes cluster autoscaler will scale the number of Kubernetes nodes according to the number of pods being scheduled. https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#cluster-autoscaling Pod 1 Pod n Service Deployments HPAs
Kubernetes Package Management https://docs.helm.sh/ â—Ź A chart is a collection of files that describe a related set of Kubernetes resources. â—Ź A single chart might be used to deploy a simple pod or a complex application. â—Ź WSO2 plans to implement charts for WSO2 middleware. â—Ź Charts can be managed in Helm repositories.
Security
Security Best Practices â—Ź Ensure container images are free of vulnerabilities â—‹ Implement continuous security vulnerability scanning â—‹ Regularly apply security updates â—Ź Ensure that only authorized images are used in your environment â—Ź Limit direct access to kubernetes nodes â—Ź Create administrative boundaries between resources (using namespaces) â—Ź Define resource quota for pods â—Ź Implement network segmentation when necessary (using network policies) â—Ź Log everything http://blog.kubernetes.io/2016/08/security-best-practices-kubernetes-deployment.html
Container Security â—Ź WSO2 containers use a nonroot user for starting the server processes â—Ź The WSO2 server filesystem will only have required levels of persmissions in each directory â—Ź Permissions to volume mounts will be granted via Pod Security Policies
Pod Security Policies â—Ź A Pod Security Policy is a cluster-level resource that controls the actions that a pod can perform and what it has the ability to access. https://kubernetes.io/docs/concepts/policy/pod-security-policy/
Control Aspects of a Pod Security Policy https://kubernetes.io/docs/concepts/policy/pod-security-policy/ Control Aspect Field Name Running of privileged containers privileged Default set of capabilities that will be added to a container defaultAddCapabilities Capabilities that will be dropped from a container requiredDropCapabilities Capabilities a container can request to be added allowedCapabilities Controlling the usage of volume types volumes The use of host networking hostNetwork The use of host ports hostPorts The use of host’s PID namespace hostPID
Control Aspects of a Pod Security Policy Cont. https://kubernetes.io/docs/concepts/policy/pod-security-policy/ Control Aspect Field Name The use of host’s IPC namespace hostIPC The SELinux context of the container seLinux The user ID runAsUser Configuring allowable supplemental groups supplementalGroups Allocating an FSGroup that owns the pod’s volumes fsGroup Requiring the use of a read only root file system readOnlyRootFilesystem Running of a container that allow privilege escalation from its parent allowPrivilegeEscalation Control whether a process can gain more privileges than its parent process defaultAllowPrivilegeEscalation
The Deployment Process
WSO2 Update Manager (WUM) â—Ź Use WUM for downloading latest WSO2 product distributions including bug and security fixes http://wso2.com/wum
The Deployment Process WSO2 Product Distributions WSO2 Docker Images Version Control System Version Control System Configuaration Files Deployable Artifacts WSO2 Update Manager (WUM) Extensions Updates Updated WSO2 Product Distributions Customizations Oracle JDK JDBC Driver Container Registry ConfigMaps & Secrets WSO2 Kubernetes Resources KubernetesCluster WSO2 Docker Images
Rolling Out Updates
Rolling Out Updates â—Ź Execute a Kubernetes rollout for: â—‹ WSO2 product updates â—‹ WSO2 resource updates â—‹ Or WSO2 configuration changes which are backward compatible â—Ź If the changes are not backward compatible: â—‹ Execute a blue/green deployment https://kubernetes.io/docs/concepts/workloads/controllers/deployment/ #rolling-update-deployment
Monitoring the Deployment
Components to Monitor http://blog.kubernetes.io/2017/05/kubernetes-monitoring-guide.html Infrastructure Pods/Containers -> Monitored by Replica Sets WSO2 Servers -> Monitored by Deployment Health Checks Kubernetes Components
Kubernetes Cluster Health
Kubernetes Node/Pod Health https://kubernetes.io/docs/tasks/debug-application-cluster/resource-usage-monitoring/ cAdvisorcAdvisor Node 1 cAdvisor Heapster Node 2 Node n Grafana InfluxDB
Proposed Kubernetes Monitoring Architecture https://github.com/kubernetes/community/blob/master/contributors/design-proposals/instrumentation/ monitoring_architecture.md
WSO2 Kubernetes Resources
WSO2 Kubernetes Resources Currently available: â—Ź https://github.com/wso2/kubernetes-common/ â—Ź https://github.com/wso2/kubernetes-apim/ â—Ź https://github.com/wso2/kubernetes-ei/ In progress: â—Ź https://github.com/wso2/kubernetes-is/ â—Ź https://github.com/wso2/kubernetes-das/ â—Ź https://github.com/wso2/kubernetes-iot/
Questions & Feedback

Recommended

WSO2 Container Strategy
WSO2 Container StrategyWSO2 Container Strategy
WSO2 Container Strategy
Imesh Gunaratne
 
Deep Dive into Kubernetes - Part 1
Deep Dive into Kubernetes - Part 1Deep Dive into Kubernetes - Part 1
Deep Dive into Kubernetes - Part 1
Imesh Gunaratne
 
Planning WSO2 Deployments on DC/OS
Planning WSO2 Deployments on DC/OSPlanning WSO2 Deployments on DC/OS
Planning WSO2 Deployments on DC/OS
Imesh Gunaratne
 
Planning WSO2 Deployments on Pivotal Cloud Foundry
Planning WSO2 Deployments on Pivotal Cloud FoundryPlanning WSO2 Deployments on Pivotal Cloud Foundry
Planning WSO2 Deployments on Pivotal Cloud Foundry
Imesh Gunaratne
 
Deploying WSO2 Middleware on Containers
Deploying WSO2 Middleware on ContainersDeploying WSO2 Middleware on Containers
Deploying WSO2 Middleware on Containers
Imesh Gunaratne
 
WSO2 API Manager Reference Architecture for DC/OS
WSO2 API Manager Reference Architecture for DC/OSWSO2 API Manager Reference Architecture for DC/OS
WSO2 API Manager Reference Architecture for DC/OS
Imesh Gunaratne
 
Demystifying the Nuts & Bolts of Kubernetes Architecture
Demystifying the Nuts & Bolts of Kubernetes ArchitectureDemystifying the Nuts & Bolts of Kubernetes Architecture
Demystifying the Nuts & Bolts of Kubernetes Architecture
Ajeet Singh Raina
 
From Code to Kubernetes
From Code to KubernetesFrom Code to Kubernetes
From Code to Kubernetes
Daniel Oliveira Filho
 

Recommended

WSO2 Container Strategy
WSO2 Container StrategyWSO2 Container Strategy
WSO2 Container Strategy
Imesh Gunaratne
 
Deep Dive into Kubernetes - Part 1
Deep Dive into Kubernetes - Part 1Deep Dive into Kubernetes - Part 1
Deep Dive into Kubernetes - Part 1
Imesh Gunaratne
 
Planning WSO2 Deployments on DC/OS
Planning WSO2 Deployments on DC/OSPlanning WSO2 Deployments on DC/OS
Planning WSO2 Deployments on DC/OS
Imesh Gunaratne
 
Planning WSO2 Deployments on Pivotal Cloud Foundry
Planning WSO2 Deployments on Pivotal Cloud FoundryPlanning WSO2 Deployments on Pivotal Cloud Foundry
Planning WSO2 Deployments on Pivotal Cloud Foundry
Imesh Gunaratne
 
Deploying WSO2 Middleware on Containers
Deploying WSO2 Middleware on ContainersDeploying WSO2 Middleware on Containers
Deploying WSO2 Middleware on Containers
Imesh Gunaratne
 
WSO2 API Manager Reference Architecture for DC/OS
WSO2 API Manager Reference Architecture for DC/OSWSO2 API Manager Reference Architecture for DC/OS
WSO2 API Manager Reference Architecture for DC/OS
Imesh Gunaratne
 
Demystifying the Nuts & Bolts of Kubernetes Architecture
Demystifying the Nuts & Bolts of Kubernetes ArchitectureDemystifying the Nuts & Bolts of Kubernetes Architecture
Demystifying the Nuts & Bolts of Kubernetes Architecture
Ajeet Singh Raina
 
From Code to Kubernetes
From Code to KubernetesFrom Code to Kubernetes
From Code to Kubernetes
Daniel Oliveira Filho
 
Multi-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with VeleroMulti-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with Velero
Kublr
 
An overview of the Kubernetes architecture
An overview of the Kubernetes architectureAn overview of the Kubernetes architecture
An overview of the Kubernetes architecture
Igor Sfiligoi
 
WSO2 Cloud and Platform as a Service Strategy
WSO2 Cloud and Platform as a Service StrategyWSO2 Cloud and Platform as a Service Strategy
WSO2 Cloud and Platform as a Service Strategy
Imesh Gunaratne
 
Multitenancy in WSO2 Carbon 5 (C5)
Multitenancy in WSO2 Carbon 5 (C5)Multitenancy in WSO2 Carbon 5 (C5)
Multitenancy in WSO2 Carbon 5 (C5)
Imesh Gunaratne
 
Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015
Microsoft
 
KubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to Kubernetes
KubeAcademy
 
Introduction to helm
Introduction to helmIntroduction to helm
Introduction to helm
Jeeva Chelladhurai
 
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Phil Estes
 
Kubernetes Architecture
Kubernetes Architecture Kubernetes Architecture
Kubernetes Architecture
Knoldus Inc.
 
Implementing an Automated Staging Environment
Implementing an Automated Staging EnvironmentImplementing an Automated Staging Environment
Implementing an Automated Staging Environment
Daniel Oliveira Filho
 
Kubernetes 1.16 and rancher 2.3 enhancements
Kubernetes 1.16 and rancher 2.3 enhancementsKubernetes 1.16 and rancher 2.3 enhancements
Kubernetes 1.16 and rancher 2.3 enhancements
Saiyam Pathak
 
Kubernetes with docker
Kubernetes with dockerKubernetes with docker
Kubernetes with docker
Docker, Inc.
 
Building Cloud-Native Applications with Kubernetes, Helm and Kubeless
Building Cloud-Native Applications with Kubernetes, Helm and KubelessBuilding Cloud-Native Applications with Kubernetes, Helm and Kubeless
Building Cloud-Native Applications with Kubernetes, Helm and Kubeless
Bitnami
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Edureka!
 
Openshift: Build, deploy & manage open, standard containers
Openshift: Build, deploy & manage open, standard containersOpenshift: Build, deploy & manage open, standard containers
Openshift: Build, deploy & manage open, standard containers
Jonh Wendell
 
Kubernetes Helm: Why It Matters
Kubernetes Helm: Why It MattersKubernetes Helm: Why It Matters
Kubernetes Helm: Why It Matters
Platform9
 
Kubernetes Ingress 101
Kubernetes Ingress 101Kubernetes Ingress 101
Kubernetes Ingress 101
Kublr
 
Running and Managing Kubernetes on OpenStack
Running and Managing Kubernetes on OpenStackRunning and Managing Kubernetes on OpenStack
Running and Managing Kubernetes on OpenStack
Victor Palma
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Stanislav Pogrebnyak
 
Kubernetes fundamentals
Kubernetes fundamentalsKubernetes fundamentals
Kubernetes fundamentals
Victor Morales
 
Deploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on KubernetesDeploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on Kubernetes
Imesh Gunaratne
 
Kubernetes #1 intro
Kubernetes #1 introKubernetes #1 intro
Kubernetes #1 intro
Terry Cho
 

More Related Content

What's hot

Multi-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with VeleroMulti-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with Velero
Kublr
 
An overview of the Kubernetes architecture
An overview of the Kubernetes architectureAn overview of the Kubernetes architecture
An overview of the Kubernetes architecture
Igor Sfiligoi
 
WSO2 Cloud and Platform as a Service Strategy
WSO2 Cloud and Platform as a Service StrategyWSO2 Cloud and Platform as a Service Strategy
WSO2 Cloud and Platform as a Service Strategy
Imesh Gunaratne
 
Multitenancy in WSO2 Carbon 5 (C5)
Multitenancy in WSO2 Carbon 5 (C5)Multitenancy in WSO2 Carbon 5 (C5)
Multitenancy in WSO2 Carbon 5 (C5)
Imesh Gunaratne
 
Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015
Microsoft
 
KubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to Kubernetes
KubeAcademy
 
Introduction to helm
Introduction to helmIntroduction to helm
Introduction to helm
Jeeva Chelladhurai
 
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Phil Estes
 
Kubernetes Architecture
Kubernetes Architecture Kubernetes Architecture
Kubernetes Architecture
Knoldus Inc.
 
Implementing an Automated Staging Environment
Implementing an Automated Staging EnvironmentImplementing an Automated Staging Environment
Implementing an Automated Staging Environment
Daniel Oliveira Filho
 
Kubernetes 1.16 and rancher 2.3 enhancements
Kubernetes 1.16 and rancher 2.3 enhancementsKubernetes 1.16 and rancher 2.3 enhancements
Kubernetes 1.16 and rancher 2.3 enhancements
Saiyam Pathak
 
Kubernetes with docker
Kubernetes with dockerKubernetes with docker
Kubernetes with docker
Docker, Inc.
 
Building Cloud-Native Applications with Kubernetes, Helm and Kubeless
Building Cloud-Native Applications with Kubernetes, Helm and KubelessBuilding Cloud-Native Applications with Kubernetes, Helm and Kubeless
Building Cloud-Native Applications with Kubernetes, Helm and Kubeless
Bitnami
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Edureka!
 
Openshift: Build, deploy & manage open, standard containers
Openshift: Build, deploy & manage open, standard containersOpenshift: Build, deploy & manage open, standard containers
Openshift: Build, deploy & manage open, standard containers
Jonh Wendell
 
Kubernetes Helm: Why It Matters
Kubernetes Helm: Why It MattersKubernetes Helm: Why It Matters
Kubernetes Helm: Why It Matters
Platform9
 
Kubernetes Ingress 101
Kubernetes Ingress 101Kubernetes Ingress 101
Kubernetes Ingress 101
Kublr
 
Running and Managing Kubernetes on OpenStack
Running and Managing Kubernetes on OpenStackRunning and Managing Kubernetes on OpenStack
Running and Managing Kubernetes on OpenStack
Victor Palma
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Stanislav Pogrebnyak
 
Kubernetes fundamentals
Kubernetes fundamentalsKubernetes fundamentals
Kubernetes fundamentals
Victor Morales
 

What's hot (20)

Multi-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with VeleroMulti-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with Velero
 
An overview of the Kubernetes architecture
An overview of the Kubernetes architectureAn overview of the Kubernetes architecture
An overview of the Kubernetes architecture
 
WSO2 Cloud and Platform as a Service Strategy
WSO2 Cloud and Platform as a Service StrategyWSO2 Cloud and Platform as a Service Strategy
WSO2 Cloud and Platform as a Service Strategy
 
Multitenancy in WSO2 Carbon 5 (C5)
Multitenancy in WSO2 Carbon 5 (C5)Multitenancy in WSO2 Carbon 5 (C5)
Multitenancy in WSO2 Carbon 5 (C5)
 
Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015Red Hat Forum Benelux 2015
Red Hat Forum Benelux 2015
 
KubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to Kubernetes
 
Introduction to helm
Introduction to helmIntroduction to helm
Introduction to helm
 
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...
 
Kubernetes Architecture
Kubernetes Architecture Kubernetes Architecture
Kubernetes Architecture
 
Implementing an Automated Staging Environment
Implementing an Automated Staging EnvironmentImplementing an Automated Staging Environment
Implementing an Automated Staging Environment
 
Kubernetes 1.16 and rancher 2.3 enhancements
Kubernetes 1.16 and rancher 2.3 enhancementsKubernetes 1.16 and rancher 2.3 enhancements
Kubernetes 1.16 and rancher 2.3 enhancements
 
Kubernetes with docker
Kubernetes with dockerKubernetes with docker
Kubernetes with docker
 
Building Cloud-Native Applications with Kubernetes, Helm and Kubeless
Building Cloud-Native Applications with Kubernetes, Helm and KubelessBuilding Cloud-Native Applications with Kubernetes, Helm and Kubeless
Building Cloud-Native Applications with Kubernetes, Helm and Kubeless
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
 
Openshift: Build, deploy & manage open, standard containers
Openshift: Build, deploy & manage open, standard containersOpenshift: Build, deploy & manage open, standard containers
Openshift: Build, deploy & manage open, standard containers
 
Kubernetes Helm: Why It Matters
Kubernetes Helm: Why It MattersKubernetes Helm: Why It Matters
Kubernetes Helm: Why It Matters
 
Kubernetes Ingress 101
Kubernetes Ingress 101Kubernetes Ingress 101
Kubernetes Ingress 101
 
Running and Managing Kubernetes on OpenStack
Running and Managing Kubernetes on OpenStackRunning and Managing Kubernetes on OpenStack
Running and Managing Kubernetes on OpenStack
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
Kubernetes fundamentals
Kubernetes fundamentalsKubernetes fundamentals
Kubernetes fundamentals
 

Similar to WSO2 Kubernetes Reference Architecture - Nov 2017

Deploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on KubernetesDeploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on Kubernetes
Imesh Gunaratne
 
Kubernetes #1 intro
Kubernetes #1 introKubernetes #1 intro
Kubernetes #1 intro
Terry Cho
 
kubernetesssssssssssssssssssssssssss.pdf
kubernetesssssssssssssssssssssssssss.pdfkubernetesssssssssssssssssssssssssss.pdf
kubernetesssssssssssssssssssssssssss.pdf
bchiriamina2
 
Kubernetes for Beginners
Kubernetes for BeginnersKubernetes for Beginners
Kubernetes for Beginners
DigitalOcean
 
Future of Microservices - Jakub Hadvig
Future of Microservices - Jakub HadvigFuture of Microservices - Jakub Hadvig
Future of Microservices - Jakub Hadvig
WEBtlak
 
Production ready tooling for microservices on kubernetes
Production ready tooling for microservices on kubernetesProduction ready tooling for microservices on kubernetes
Production ready tooling for microservices on kubernetes
Chandresh Pancholi
 
Containers and Kubernetes -Notes Leo
Containers and Kubernetes -Notes LeoContainers and Kubernetes -Notes Leo
Containers and Kubernetes -Notes Leo
LĂ©opold Gault
 
Containers kuberenetes
Containers kuberenetesContainers kuberenetes
Containers kuberenetes
csegayan
 
Containers kuberenetes
Containers kuberenetesContainers kuberenetes
Containers kuberenetes
Gayan Gunarathne
 
Containers kuberenetes
Containers kuberenetesContainers kuberenetes
Containers kuberenetes
Gayan Gunarathne
 
Kubernetes in Docker
Kubernetes in DockerKubernetes in Docker
Kubernetes in Docker
docker-athens
 
Running Production-Grade Kubernetes on AWS
Running Production-Grade Kubernetes on AWSRunning Production-Grade Kubernetes on AWS
Running Production-Grade Kubernetes on AWS
DoiT International
 
Container Orchestration using kubernetes
Container Orchestration using kubernetesContainer Orchestration using kubernetes
Container Orchestration using kubernetes
Puneet Kumar Bhatia (MBA, ITIL V3 Certified)
 
QConSF18 - Disenchantment: Netflix Titus, its Feisty Team, and Daemons
QConSF18 - Disenchantment: Netflix Titus, its Feisty Team, and DaemonsQConSF18 - Disenchantment: Netflix Titus, its Feisty Team, and Daemons
QConSF18 - Disenchantment: Netflix Titus, its Feisty Team, and Daemons
aspyker
 
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App FactoryRevolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Imesh Gunaratne
 
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
Juraj Hantak
 
Comparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetesComparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetes
Adam Hamsik
 
DCSF19 How Docker Simplifies Kubernetes for the Masses
DCSF19 How Docker Simplifies Kubernetes for the Masses DCSF19 How Docker Simplifies Kubernetes for the Masses
DCSF19 How Docker Simplifies Kubernetes for the Masses
Docker, Inc.
 
Kubernetes presentation
Kubernetes presentationKubernetes presentation
Kubernetes presentation
GauranG Bajpai
 
Scalable Spark deployment using Kubernetes
Scalable Spark deployment using KubernetesScalable Spark deployment using Kubernetes
Scalable Spark deployment using Kubernetes
datamantra
 

Similar to WSO2 Kubernetes Reference Architecture - Nov 2017 (20)

Deploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on KubernetesDeploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on Kubernetes
 
Kubernetes #1 intro
Kubernetes #1 introKubernetes #1 intro
Kubernetes #1 intro
 
kubernetesssssssssssssssssssssssssss.pdf
kubernetesssssssssssssssssssssssssss.pdfkubernetesssssssssssssssssssssssssss.pdf
kubernetesssssssssssssssssssssssssss.pdf
 
Kubernetes for Beginners
Kubernetes for BeginnersKubernetes for Beginners
Kubernetes for Beginners
 
Future of Microservices - Jakub Hadvig
Future of Microservices - Jakub HadvigFuture of Microservices - Jakub Hadvig
Future of Microservices - Jakub Hadvig
 
Production ready tooling for microservices on kubernetes
Production ready tooling for microservices on kubernetesProduction ready tooling for microservices on kubernetes
Production ready tooling for microservices on kubernetes
 
Containers and Kubernetes -Notes Leo
Containers and Kubernetes -Notes LeoContainers and Kubernetes -Notes Leo
Containers and Kubernetes -Notes Leo
 
Containers kuberenetes
Containers kuberenetesContainers kuberenetes
Containers kuberenetes
 
Containers kuberenetes
Containers kuberenetesContainers kuberenetes
Containers kuberenetes
 
Containers kuberenetes
Containers kuberenetesContainers kuberenetes
Containers kuberenetes
 
Kubernetes in Docker
Kubernetes in DockerKubernetes in Docker
Kubernetes in Docker
 
Running Production-Grade Kubernetes on AWS
Running Production-Grade Kubernetes on AWSRunning Production-Grade Kubernetes on AWS
Running Production-Grade Kubernetes on AWS
 
Container Orchestration using kubernetes
Container Orchestration using kubernetesContainer Orchestration using kubernetes
Container Orchestration using kubernetes
 
QConSF18 - Disenchantment: Netflix Titus, its Feisty Team, and Daemons
QConSF18 - Disenchantment: Netflix Titus, its Feisty Team, and DaemonsQConSF18 - Disenchantment: Netflix Titus, its Feisty Team, and Daemons
QConSF18 - Disenchantment: Netflix Titus, its Feisty Team, and Daemons
 
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App FactoryRevolutionizing WSO2 PaaS with Kubernetes & App Factory
Revolutionizing WSO2 PaaS with Kubernetes & App Factory
 
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
4. CNCF kubernetes Comparison of-existing-cni-plugins-for-kubernetes
 
Comparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetesComparison of existing cni plugins for kubernetes
Comparison of existing cni plugins for kubernetes
 
DCSF19 How Docker Simplifies Kubernetes for the Masses
DCSF19 How Docker Simplifies Kubernetes for the Masses DCSF19 How Docker Simplifies Kubernetes for the Masses
DCSF19 How Docker Simplifies Kubernetes for the Masses
 
Kubernetes presentation
Kubernetes presentationKubernetes presentation
Kubernetes presentation
 
Scalable Spark deployment using Kubernetes
Scalable Spark deployment using KubernetesScalable Spark deployment using Kubernetes
Scalable Spark deployment using Kubernetes
 

More from Imesh Gunaratne

Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2
Imesh Gunaratne
 
WSO2 API Manager Reference Architecture for Pivotal Cloud Foundry
WSO2 API Manager Reference Architecture for Pivotal Cloud FoundryWSO2 API Manager Reference Architecture for Pivotal Cloud Foundry
WSO2 API Manager Reference Architecture for Pivotal Cloud Foundry
Imesh Gunaratne
 
Planning Your Cloud Strategy
Planning Your Cloud StrategyPlanning Your Cloud Strategy
Planning Your Cloud Strategy
Imesh Gunaratne
 
Deploying WSO2 Middleware on Mesos
Deploying WSO2 Middleware on MesosDeploying WSO2 Middleware on Mesos
Deploying WSO2 Middleware on Mesos
Imesh Gunaratne
 
Service Oriented Architecture & Beyond
Service Oriented Architecture & BeyondService Oriented Architecture & Beyond
Service Oriented Architecture & Beyond
Imesh Gunaratne
 
Docker for Java Developers
Docker for Java DevelopersDocker for Java Developers
Docker for Java Developers
Imesh Gunaratne
 
WSO2 Cloud Strategy Update
WSO2 Cloud Strategy UpdateWSO2 Cloud Strategy Update
WSO2 Cloud Strategy Update
Imesh Gunaratne
 
An Introduction to Go
An Introduction to GoAn Introduction to Go
An Introduction to Go
Imesh Gunaratne
 
Scale into Multi-Cloud with Containers
Scale into Multi-Cloud with ContainersScale into Multi-Cloud with Containers
Scale into Multi-Cloud with Containers
Imesh Gunaratne
 
Making a Better World with Technology Innovations
Making a Better World with Technology InnovationsMaking a Better World with Technology Innovations
Making a Better World with Technology Innovations
Imesh Gunaratne
 
Introduction to WSO2 Private PaaS 4.1.0
Introduction to WSO2 Private PaaS 4.1.0Introduction to WSO2 Private PaaS 4.1.0
Introduction to WSO2 Private PaaS 4.1.0
Imesh Gunaratne
 
Private PaaS for the Enterprise - Apache Stratos & WSO2 Private PaaS
Private PaaS for the Enterprise - Apache Stratos & WSO2 Private PaaSPrivate PaaS for the Enterprise - Apache Stratos & WSO2 Private PaaS
Private PaaS for the Enterprise - Apache Stratos & WSO2 Private PaaSImesh Gunaratne
 
Apache Stratos 4.1.0 Architecture
Apache Stratos 4.1.0 ArchitectureApache Stratos 4.1.0 Architecture
Apache Stratos 4.1.0 Architecture
Imesh Gunaratne
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
Imesh Gunaratne
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container Virtualization
Imesh Gunaratne
 
Moving Your Enterprise to the Cloud
Moving Your Enterprise to the CloudMoving Your Enterprise to the Cloud
Moving Your Enterprise to the CloudImesh Gunaratne
 
Apache Stratos 4 Alpha Quick-Start Demonstration
Apache Stratos 4 Alpha Quick-Start DemonstrationApache Stratos 4 Alpha Quick-Start Demonstration
Apache Stratos 4 Alpha Quick-Start DemonstrationImesh Gunaratne
 
Load Balancer Component Architecture - Apache Stratos 4.0.0
Load Balancer Component Architecture - Apache Stratos 4.0.0Load Balancer Component Architecture - Apache Stratos 4.0.0
Load Balancer Component Architecture - Apache Stratos 4.0.0Imesh Gunaratne
 
Neerogi - A Patient Information Management System (PIMS)
Neerogi - A Patient Information Management System (PIMS)Neerogi - A Patient Information Management System (PIMS)
Neerogi - A Patient Information Management System (PIMS)Imesh Gunaratne
 
The Role of Elastic Load Balancer - Apache Stratos
The Role of Elastic Load Balancer - Apache StratosThe Role of Elastic Load Balancer - Apache Stratos
The Role of Elastic Load Balancer - Apache StratosImesh Gunaratne
 

More from Imesh Gunaratne (20)

Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2Deep Dive into Kubernetes - Part 2
Deep Dive into Kubernetes - Part 2
 
WSO2 API Manager Reference Architecture for Pivotal Cloud Foundry
WSO2 API Manager Reference Architecture for Pivotal Cloud FoundryWSO2 API Manager Reference Architecture for Pivotal Cloud Foundry
WSO2 API Manager Reference Architecture for Pivotal Cloud Foundry
 
Planning Your Cloud Strategy
Planning Your Cloud StrategyPlanning Your Cloud Strategy
Planning Your Cloud Strategy
 
Deploying WSO2 Middleware on Mesos
Deploying WSO2 Middleware on MesosDeploying WSO2 Middleware on Mesos
Deploying WSO2 Middleware on Mesos
 
Service Oriented Architecture & Beyond
Service Oriented Architecture & BeyondService Oriented Architecture & Beyond
Service Oriented Architecture & Beyond
 
Docker for Java Developers
Docker for Java DevelopersDocker for Java Developers
Docker for Java Developers
 
WSO2 Cloud Strategy Update
WSO2 Cloud Strategy UpdateWSO2 Cloud Strategy Update
WSO2 Cloud Strategy Update
 
An Introduction to Go
An Introduction to GoAn Introduction to Go
An Introduction to Go
 
Scale into Multi-Cloud with Containers
Scale into Multi-Cloud with ContainersScale into Multi-Cloud with Containers
Scale into Multi-Cloud with Containers
 
Making a Better World with Technology Innovations
Making a Better World with Technology InnovationsMaking a Better World with Technology Innovations
Making a Better World with Technology Innovations
 
Introduction to WSO2 Private PaaS 4.1.0
Introduction to WSO2 Private PaaS 4.1.0Introduction to WSO2 Private PaaS 4.1.0
Introduction to WSO2 Private PaaS 4.1.0
 
Private PaaS for the Enterprise - Apache Stratos & WSO2 Private PaaS
Private PaaS for the Enterprise - Apache Stratos & WSO2 Private PaaSPrivate PaaS for the Enterprise - Apache Stratos & WSO2 Private PaaS
Private PaaS for the Enterprise - Apache Stratos & WSO2 Private PaaS
 
Apache Stratos 4.1.0 Architecture
Apache Stratos 4.1.0 ArchitectureApache Stratos 4.1.0 Architecture
Apache Stratos 4.1.0 Architecture
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container Virtualization
 
Moving Your Enterprise to the Cloud
Moving Your Enterprise to the CloudMoving Your Enterprise to the Cloud
Moving Your Enterprise to the Cloud
 
Apache Stratos 4 Alpha Quick-Start Demonstration
Apache Stratos 4 Alpha Quick-Start DemonstrationApache Stratos 4 Alpha Quick-Start Demonstration
Apache Stratos 4 Alpha Quick-Start Demonstration
 
Load Balancer Component Architecture - Apache Stratos 4.0.0
Load Balancer Component Architecture - Apache Stratos 4.0.0Load Balancer Component Architecture - Apache Stratos 4.0.0
Load Balancer Component Architecture - Apache Stratos 4.0.0
 
Neerogi - A Patient Information Management System (PIMS)
Neerogi - A Patient Information Management System (PIMS)Neerogi - A Patient Information Management System (PIMS)
Neerogi - A Patient Information Management System (PIMS)
 
The Role of Elastic Load Balancer - Apache Stratos
The Role of Elastic Load Balancer - Apache StratosThe Role of Elastic Load Balancer - Apache Stratos
The Role of Elastic Load Balancer - Apache Stratos
 

Recently uploaded

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
Abida Shariff
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 

Recently uploaded (20)

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 

WSO2 Kubernetes Reference Architecture - Nov 2017

  • 1. WSO2 Kubernetes Reference Architecture Imesh Gunaratne, WSO2 November, 2017
  • 2. Agenda â—Ź An Introduction to Containers â—Ź An Introduction to Kubernetes â—‹ Kubernetes Architecture â—‹ Kubernetes Components â—Ź WSO2 Reference Architecture for Kubernetes â—‹ Container Orchestration â—‹ Service Discovery â—‹ Cluster Discovery â—‹ Runtime Artifact Synchronization â—‹ Configuration Management â—‹ Autoscaling
  • 3. Agenda Cont. â—Ź Security â—‹ Security Best Practices â—‹ Container Security â—‹ Pod Security Policies â—Ź Deployment Process â—‹ WSO2 Update Manager (WUM) â—‹ Kubernetes Resource Deployment â—Ź Rolling Out Updates â—‹ Kubernetes Rollout â—‹ Blue/Green Deployment â—Ź Monitoring The Deployment â—Ź WSO2 Kubernetes Resources
  • 4. An Introduction to Containers
  • 5. Virtual Machines Vs Containers Linux Container Brief for IEEE WG P2302, Boden Russell Hardware Hypervisor Virtual Machine Operating System Bin/Lib App App Virtual Machine Operating System Bin/Lib App App Hardware Operating System Hypervisor Virtual Machine Operating System Bin/Lib App App Virtual Machine Operating System Bin/Lib App App Type 1 Hypervisor (Bare Metal) Type 2 Hypervisor Hardware Operating System Linux Containers Container Bin/Lib App Container Bin/Lib App Container Runtime
  • 6. The Container Advantage Hardware Hypervisor Virtual Machine Operating System Bin/Lib App App Virtual Machine Operating System Bin/Lib App App Type 1 Hypervisor Hardware Operating System Linux Containers Container Bin/Lib App Container Bin/Lib App 16 CPU, 128 GB RAM 2 CPU, 4 GB RAM 1 CPU, 1.25 GB RAM 1 CPU, 0.75 GB RAM 16 CPU, 128 GB RAM 2 CPU, 4 GB RAM 2 CPU, 2 GB RAM Container Runtime Operating System
  • 7. Standard Container Deployments Container Image Container Images Hardware Operating System Container Bin/Lib App Container Bin/Lib App Container Runtime Container Image Registry Operating System Container Bin/Lib App Container Bin/Lib App Container Runtime Load Balancer Hardware Network
  • 8. Container Cluster Manager based Deployments Overlay Network Container Images Hardware Operating System Container Bin/Lib App Container Bin/Lib App Container Runtime Container Image Registry Operating System Container Bin/Lib App Container Bin/Lib App Load Balancer Hardware Network Hardware Operating System Container Cluster Manager Controller Agent Container Runtime Agent
  • 9. An Introduction to Kubernetes
  • 10. An Introduction to Kubernetes Borg Google’s first container cluster manager Omega Google’s second container cluster manager Kubernetes Google’s initiative to build a general purpose container cluster manager
  • 12. kube-apiserver â—Ź kube-apiserver exposes the Kubernetes API. It is the front-end for the Kubernetes control plane. It is designed to scale horizontally – that is, it scales by deploying more instances. https://kubernetes.io/docs/concepts/overview/components/
  • 13. etcd â—Ź etcd is used as Kubernetes’ backing store. All cluster data is stored here. Always have a backup plan for etcd’s data for your Kubernetes cluster. https://kubernetes.io/docs/concepts/overview/components/
  • 14. kube-controller-manager â—Ź kube-controller-manager runs controllers, which are the background threads that handle routine tasks in the cluster. Logically, each controller is a separate process, but to reduce complexity, they are all compiled into a single binary and run in a single process. â—Ź These controllers include: â—‹ Node Controller: Responsible for noticing and responding when nodes go down. â—‹ Replication Controller: Responsible for maintaining the correct number of pods for every replication controller object in the system. â—‹ Endpoints Controller: Populates the Endpoints object (that is, joins Services & Pods). â—‹ Service Account & Token Controllers: Create default accounts and API access tokens for new namespaces. https://kubernetes.io/docs/concepts/overview/components/
  • 15. cloud-controller-manager â—Ź cloud-controller-manager runs controllers that interact with the underlying cloud providers. The cloud-controller-manager binary is an alpha feature introduced in Kubernetes release 1.6. â—Ź Extension points: â—‹ Node Controller: For checking the cloud provider to determine if a node has been deleted in the cloud after it stops responding â—‹ Route Controller: For setting up routes in the underlying cloud infrastructure â—‹ Service Controller: For creating, updating and deleting cloud provider load balancers â—‹ Volume Controller: For creating, attaching, and mounting volumes, and interacting with the cloud provider to orchestrate volumes https://kubernetes.io/docs/concepts/overview/components/
  • 16. kube-scheduler â—Ź kube-scheduler watches newly created pods that have no node assigned, and selects a node for them to run on. https://kubernetes.io/docs/concepts/overview/components/
  • 17. DNS â—Ź While the other addons are not strictly required, all Kubernetes clusters should have cluster DNS, as many examples rely on it. â—Ź Cluster DNS is a DNS server, in addition to the other DNS server(s) in your environment, which serves DNS records for Kubernetes services. â—Ź Containers started by Kubernetes automatically include this DNS server in their DNS searches. https://kubernetes.io/docs/concepts/overview/components/
  • 18. Overlay Network Options https://kubernetes.io/docs/concepts/cluster-administration/networking/ â—Ź Cilium â—Ź Contiv â—Ź Contrail â—Ź Flannel â—Ź Google Compute Engine (GCE) â—Ź Kube-router â—Ź L2 networks and linux bridging â—Ź Multus (a Multi Network plugin) â—Ź NSX-T â—Ź Nuage Networks VCS (Virtualized Cloud Services) â—Ź OpenVSwitch â—Ź OVN (Open Virtual Networking) â—Ź Project Calico â—Ź Romana â—Ź Weave Net from Weaveworks â—Ź CNI-Genie from Huawei
  • 20. Reference Architecture Overlay Network Pod 1 Pod 2 Service 1 Pod 3 Pod 4 Pod m Service n Deployments Load Balancer DB 1 DB 2 DB X Persistent Volumes HPAs Pod Security Policies Ingresses Container Registry Node1 Node2 Noden Ingress Controller
  • 21. WSO2 Docker Images â—Ź WSO2 Docker images are built using standard Dockerfiles â—Ź Default base image used is Ubuntu Server LTS â—Ź Will only include: â—‹ Oracle JDK 1.8 â—‹ JDBC Driver â—‹ Latest product distribution â—‹ Extensions, and Customizations â—Ź Will not include: â—‹ Configurations (Passed via ConfigMaps) â—‹ Credentials (Passed via Secrets) â—‹ Deployable Artifacts (Passed via ConfigMaps)
  • 22. Container Orchestration â—Ź Deployments will be used for container orchestration â—Ź Deployments will create replca sets â—Ź Replica sets will internally create pods â—Ź Deployments will define health checks for autohealing â—Ź Horizontal pod autoscalers (HPA) will be used for autoscaling https://kubernetes.io/docs/concepts/workloads/controllers/deployment/ Pod 1 Pod 2 Service Deployments Container Registry
  • 23. Service Discovery â—Ź Kubernetes services will be used for service discovery â—Ź Each service will have a domain name â—Ź WSO2 components will use services to talk to each other (inter-component communication) https://kubernetes.io/docs/concepts/services-networking/service/ Pod 1 Pod 2 Service 1 Pod 3 Pod 4 Service n
  • 24. Cluster Discovery â—Ź Carbon clustering is required for some of the WSO2 components such as Analytics, CEP, and IS â—Ź WSO2 Kubernetes membership scheme is used for auto discoverying members in the cluster via the Kubernetes API or DNS Pod 1 Pod 2 Service 1 Pod 2 Kubernetes API DNS
  • 25. Runtime Artifact Synchronization â—Ź WSO2 components such as Integrator, BPS, API Gateway would require synchronizing runtime artifacts â—Ź The recommended approach for this is to use a Network File System (NFS) and share the repository/deployment/server folder of pods via a persistent volume https://kubernetes.io/docs/concepts/storage/persistent-volumes/ Pod 1 Pod 2 Service Persistent Volume Pod n
  • 26. Configuration Management â—Ź Each configuration folder will be converted in to a ConfigMap and passed in to the pod using a volume mount â—Ź This approach makes the configuration update process simpler â—Ź Would not require to re-build the Docker images https://kubernetes.io/docs/concepts/storage/persistent-volumes/ Pod 1 Pod 2 Service VolumesConfigMaps
  • 27. Load Balancing â—Ź Internal routing will use Kubernetes services. â—Ź External routing will use a load balancer â—Ź Ingress definitions will be used to automatically configure load balancers via Ingress controllers. â—Ź If required standard load balancers can also be used with manual configurations. https://kubernetes.io/docs/concepts/services-networking/ingress/ Pod 1 Pod 2 Service 1 Pod 3 Pod 4 Service n Load Balancer Ingresses Ingress Controller
  • 28. Autoscaling â—Ź Autoscaling can be applied at two levels: â—‹ Pod autoscaling â—‹ Kubernetes cluster autoscaling â—Ź Horizontal pod autoscalers (HPA) will be used for autoscaling pods. â—Ź Kubernetes cluster autoscaler will scale the number of Kubernetes nodes according to the number of pods being scheduled. https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#cluster-autoscaling Pod 1 Pod n Service Deployments HPAs
  • 29. Kubernetes Package Management https://docs.helm.sh/ â—Ź A chart is a collection of files that describe a related set of Kubernetes resources. â—Ź A single chart might be used to deploy a simple pod or a complex application. â—Ź WSO2 plans to implement charts for WSO2 middleware. â—Ź Charts can be managed in Helm repositories.
  • 31. Security Best Practices â—Ź Ensure container images are free of vulnerabilities â—‹ Implement continuous security vulnerability scanning â—‹ Regularly apply security updates â—Ź Ensure that only authorized images are used in your environment â—Ź Limit direct access to kubernetes nodes â—Ź Create administrative boundaries between resources (using namespaces) â—Ź Define resource quota for pods â—Ź Implement network segmentation when necessary (using network policies) â—Ź Log everything http://blog.kubernetes.io/2016/08/security-best-practices-kubernetes-deployment.html
  • 32. Container Security â—Ź WSO2 containers use a nonroot user for starting the server processes â—Ź The WSO2 server filesystem will only have required levels of persmissions in each directory â—Ź Permissions to volume mounts will be granted via Pod Security Policies
  • 33. Pod Security Policies â—Ź A Pod Security Policy is a cluster-level resource that controls the actions that a pod can perform and what it has the ability to access. https://kubernetes.io/docs/concepts/policy/pod-security-policy/
  • 34. Control Aspects of a Pod Security Policy https://kubernetes.io/docs/concepts/policy/pod-security-policy/ Control Aspect Field Name Running of privileged containers privileged Default set of capabilities that will be added to a container defaultAddCapabilities Capabilities that will be dropped from a container requiredDropCapabilities Capabilities a container can request to be added allowedCapabilities Controlling the usage of volume types volumes The use of host networking hostNetwork The use of host ports hostPorts The use of host’s PID namespace hostPID
  • 35. Control Aspects of a Pod Security Policy Cont. https://kubernetes.io/docs/concepts/policy/pod-security-policy/ Control Aspect Field Name The use of host’s IPC namespace hostIPC The SELinux context of the container seLinux The user ID runAsUser Configuring allowable supplemental groups supplementalGroups Allocating an FSGroup that owns the pod’s volumes fsGroup Requiring the use of a read only root file system readOnlyRootFilesystem Running of a container that allow privilege escalation from its parent allowPrivilegeEscalation Control whether a process can gain more privileges than its parent process defaultAllowPrivilegeEscalation
  • 37. WSO2 Update Manager (WUM) â—Ź Use WUM for downloading latest WSO2 product distributions including bug and security fixes http://wso2.com/wum
  • 38. The Deployment Process WSO2 Product Distributions WSO2 Docker Images Version Control System Version Control System Configuaration Files Deployable Artifacts WSO2 Update Manager (WUM) Extensions Updates Updated WSO2 Product Distributions Customizations Oracle JDK JDBC Driver Container Registry ConfigMaps & Secrets WSO2 Kubernetes Resources KubernetesCluster WSO2 Docker Images
  • 40. Rolling Out Updates â—Ź Execute a Kubernetes rollout for: â—‹ WSO2 product updates â—‹ WSO2 resource updates â—‹ Or WSO2 configuration changes which are backward compatible â—Ź If the changes are not backward compatible: â—‹ Execute a blue/green deployment https://kubernetes.io/docs/concepts/workloads/controllers/deployment/ #rolling-update-deployment
  • 42. Components to Monitor http://blog.kubernetes.io/2017/05/kubernetes-monitoring-guide.html Infrastructure Pods/Containers -> Monitored by Replica Sets WSO2 Servers -> Monitored by Deployment Health Checks Kubernetes Components
  • 45. Proposed Kubernetes Monitoring Architecture https://github.com/kubernetes/community/blob/master/contributors/design-proposals/instrumentation/ monitoring_architecture.md
  • 47. WSO2 Kubernetes Resources Currently available: â—Ź https://github.com/wso2/kubernetes-common/ â—Ź https://github.com/wso2/kubernetes-apim/ â—Ź https://github.com/wso2/kubernetes-ei/ In progress: â—Ź https://github.com/wso2/kubernetes-is/ â—Ź https://github.com/wso2/kubernetes-das/ â—Ź https://github.com/wso2/kubernetes-iot/