This document is a presentation on safely running Kubernetes clusters. It discusses the need for soft multi-tenancy between namespaces, using a cloud-native approach to managing Kubernetes clusters, establishing clear roles and personas, handling stateful workloads, differences between Kubernetes implementations, and adopting new operational practices. The presentation provides examples and recommendations on each of these topics to help users run Kubernetes clusters safely and effectively.
2. Cover w/ Image
Me?
Developer (wasn’t Ops)
Web architectures for >10 years
Cloud-native for 6+ years
Cloud Foundry for 6+ years
Discount code 40% off!: 40cloudnat
https://www.manning.com/books/cloud-native-patterns
@cdavisafc
10. Kubernetes Master
API Server Controller Manager
DNS Scheduler …
Namespace 1:
Kubelet Kube Proxy Kubelet Kube Proxy
Namespace 2:
These are all shared components
That are not
namespace aware!!!
11. Kubernetes Master
API Server Controller Manager
DNS Scheduler …
Namespace 1:
Kubelet Kube Proxy Kubelet Kube Proxy
Namespace 2:
Limitations:
● Noisy neighbors (workloads can affect
other tenants)
● Tenants share the same network
● Tenants share DNS
● Tenants share Configuration
● …
13. Kubernetes Master
API Server Controller Manager
DNS Scheduler …
Namespace 1:
Kubelet Kube Proxy Kubelet Kube Proxy
Namespace 2:
The suggestion: Give each tenant
their own set of K8s controller
components.
14. Kubernetes Master
API Server
Controller Manager DNS
Scheduler
Kubelet Kube Proxy Kubelet Kube Proxy
Tenant 1:
Kubernetes Master
API Server
Controller Manager DNS
Scheduler
Kubelet Kube Proxy Kubelet Kube Proxy
Tenant 2:
Leverage 20
years of maturity
in hypervisor-
based security!
17. Kubernetes Takes Care of Your Workloads
Image Cache
etcd
K8s Master
Worker Worker Worker
Kubernetes
Scheduler
Desired
State
Actual
State
Replica Set Controller
LoadBalancer
24. Teams Delivering Outcomes
Platform Team
Application Team
Iteratively building and
delivering digital offerings
to the consumer
Enabling the app teams all
while maintaining
Security
Compliance
Resilience
Cost Efficiency
Your Application
Code
Virtualized
Infrastructure
29. Kubernetes Master
Stateless workloads:
● Can be moved around
● Aided by service discovery
● Don’t have a particular
start order
● Bind to backing services
for state
38. Kubernetes Master
API Server Controller Manager
DNS Scheduler …
…
There are 150 flags
you can set on
startup
There are many
different controllers
that affect workload
behaviors
Your chosen machine
types can affect your
workloads (i.e. standard
CPU vs. GPU)
Cluster addons affect
your workloads
39. You are probably doing multi-cloud
kubectl
PKS AKS GKE EKS
Different cluster configurations -> Different workload behaviors
40.
41. You are probably doing multi-cloud
kubectl
PKS PKS PKS PKS
Same cluster configurations across all clouds
49. Slaying Dragons
1. Think about your tenancy needs
2.You need something to take care of your Kubernetes clusters
3.Great care needed in establishing roles and permissions
4.Stateful workloads work - need to be deliberate about persistence
5.There is no such thing as “Vanilla Kubernetes”
6.Establish new operational practices
51. Cover w/ Image
Me?
Developer (wasn’t Ops)
Web architectures for >10 years
Cloud-native for 6+ years
Cloud Foundry for 6+ years
Discount code 40% off!: 40cloudnat
https://www.manning.com/books/cloud-native-patterns
@cdavisafc