The Kubernetes cloud native landscape is vast. Delivering a solution requires managing a puzzling array of required tooling, monitoring, disaster recovery, and other solutions that lie outside the realm of the central cluster. The governing body of Kubernetes, the Cloud Native Computing Foundation, has developed guidance for organizations interested in this topic by publishing the Cloud Native Landscape, but while a list of options is helpful it does not give operations and DevOps professionals the knowledge they need to execute.
Learn best practices of setting up and managing the tools needed around Kubernetes. This presentation covers popular open source options (to avoid lock in) and how one can implement and manage these tools on an ongoing basis. Learn from, and do not repeat, the mistakes of previous centralized platforms.
In this session, attendees will learn:
1. Cloud Native Landscape 101 - Prometheus, Sysdig, NGINX, and more. Where do they all fit in Kubernetes solution?
2. Avoiding the OpenStack sprawl of managing a multiverse of required tooling in the Kubernetes world.
3. Leverage technology like Kubernetes, now available on DC/OS, to provide part of the infrastructure framework that helps manage cloud native application patterns.
2. Chris Gaun
PMM at Mesosphere /
Kubernetes Expert /
CNCF Ambasador
● Previous to that
Gartner analyst
covering public IaaS
● Kubernetes
community for 3 years
4. Market
Landscape
Guidance
● What’s the state of service?
CNCF: Cloud Native Landscape
● How is it incorporated in solution?
● How do you manage each service?
Missing:
5. Kubernetes Features vs. Community Projects
Pod Horizontal Autoscaling,
ReplicaSet
IaaS autoscaling,
VM orchestration
Yes No
Yes No
Yes No
Yes No
Low High
Low High
Examples
Part of Kubernetes
Tested as Part of
Kubernetes
Vetted by Kubernetes
Stakeholders
Standard Commercial
Support
Version Risk
API Changes or
Depreciation Risk
Features Projects
Kubernetes Features
● Rigorous Testing & Integration
○ Stable
○ Versioned
○ Discoverable
○ Included in apiserver
○ Include client support
● Included in Kubernetes API &
Documentation
● Avoids OpenStack’s open-
endedness & prevents
snowflakes
8. Bootcamp: Building Kubernetes-as-a-Service at
Scale, Anywhere
● Episode 1: Building Kubernetes-as-a-Service
at Scale
● Episode 2: Deploying Kubernetes at Scale
with DC/OS
● Episode 3: Kubernetes and Big Data
Services
● Episode 4: Operating Kubernetes at Scale
with DC/OS
● End-to-end components
and best practices
● Automated management
of Kubernetes
● Connecting Kubernetes
to Big Data services
● Delivering an entire
Kubernetes solution
9. Poll Question
1. What phase is your organization’s Kubernetes
journey?
a. Have not started
b. Actively researching container orchestration
options
c. Planning a production Kubernetes project
d. Managing a production Kubernetes cluster
12. PHYSICAL INFRASTRUCTURE
MICROSERVICES, CONTAINERS, & DEV TOOLS
VIRTUAL MACHINES PUBLIC CLOUDS
DATA SERVICES, MACHINE LEARNING, & AI
Security &
Compliance
Application-Aware
Automation
Multitenancy
Hybrid Cloud
Management
100+
MORE
DatacenterEdge
Datacenter and Cloud as a Single Computing Resource
Powered by Apache Mesos
20+
MORE
Unified hybrid cloud operations
Securely manage cloud, datacenter, and edge
infrastructures from a single control plane
4
Intelligent resource pooling
Optimize workload density for highest utilization with
resource guarantees
3
Broad workload coverage
Run today & tomorrow’s applications including traditional
J2EE, containers, analytics & ML
1
Application-aware automation
Automate workload-specific operating procedures to “as-a-
Service” anything from Kubernetes to data services
2
Kubernetes and Fast Data Automation
13. The premier platform to run data-driven,
containerized applications on any infrastructure
North American
Banks
Worldwide Telco
Companies
Highest-Valued
Startups
Automotive
Technology Efforts
Represents organizations using Mesosphere technologies
5 of Top 1030% of 7 of Top 12 5 of Top 10 6 Leading
16. - RBAC + IAM
- Network segmentation
- OSS framework/ container control
- Multiple isolated clusters
- Vanilla / standard / OSS Kubernetes
- Identical setup / components / no snowflakes
- Multi/hybrid cloud
- Multi data center
- Easy updating / versioning
- Scaling
- Integrations - ELB, networking, Storage, Monitoring
- Easy installation
Security
Interoperability
Easy
Management
Delivering Kubernetes Challenges
Where they run Kubernetes
Multiple management hurdles
42%
On
Prem
57%
DIY
AWS
~40%
40+%
Require more security for wider
deployment
CNCF poll
17. What’s Kubernetes Done Right?
● Automated - Kubernetes operations should be
automated
● Evergreen - You want to always run the latest version of
Kubernetes a
● Included - Kubernetes is a commoditized standard that is
included
● Open source - Market standard is pure open source
Kubernetes
● Unified - Kubernetes is not an island, you’ll have other
workloads
18. Engine crank to start Turn key
Shift into gear
First Cars Cars Today
Automatic
transmission
Drive from A to B
Self-driving…
ish
Declarative
Intelligent Resource Pooling
Evolution of Management Automation
19. Simple HA
Cluster
Provisioning
Robust API
Server Auth
Non-disruptive
Upgrades
Automated self-
healing
Scalable
Kubernetes
Transport Layer
Security
Developer and Fast
Data Services
Kubernetes Automated Management with DC/OS
20. Simple HA Cluster
Provisioning
Kubernetes Automated Management with DC/OS
Robust API
Server Auth
Non-disruptive
Upgrades
Automated
self-healing
Scalable
Kubernetes
Transport Layer
Security
Developer and Fast
Data Services
21. Dead Simple Highly Available Provisioning
1. Prerequisites
2. Installing the Client Tools
3. Provisioning Compute Resources
4. Provisioning the CA and Generating TLS Certificates
5. Generating Kubernetes Configuration Files for Authentication
6. Generating the Data Encryption Config and Key
7. Bootstrapping the etcd Cluster… 3x for HA
10. Bootstrapping the Kubernetes Control Plane… 3x for HA
13. Bootstrapping the Kubernetes Worker Nodes
14. Configuring kubectl for Remote Access
15. Provisioning Pod Network Routes
16. Deploying the DNS Cluster Add-on… Deploying other Add-ons
20. Smoke Test
21. Cleaning Up
We turn this (21 steps)*….
$ dcos package install
kubernetes
Into this….
* Kubernetes the Hard Way by Kelsey Hightower
22. 22
Kubernetes Open Source Quickstart
1. Few commands to running on
public cloud
2. Large microservice catalog
3. Search “DC/OS Kubernetes
Quickstart Github” |
https://github.com/mesospher
e/dcos-kubernetes-quickstart
24. Enabling Developer Agility:
Kubernetes is one part of a holistic CI/CD pipeline
Source Code
Control
Build and Test Release
Deploy, Monitor
and Log
Automatically trigger CI/CD
pipeline based on code check-
in.
Start automated build and test,
including functional, security
and performance tests.
Update artifact repository with
latest successful code artifacts
and pull newest images
Deploy applications to container
orchestration and watch with
monitoring and logging
CONTINUOUS INTEGRATION (CI)
CONTINUOUS DEPLOYMENT
(CD)
25. Delivering Popular Tools as-a-Service
25
Mesos
Master
Mesos
Master
Mesos
Master
Mesos AgentMesos Agent Service
Cassandra
Executor
Cassandra
Task
Spinnaker
Executor
Spinnaker
Task
Mesos AgentMesos Agent Service
Docker
Executor
Docker
Task
K8s Executor
K8s
Task
Intelligent Resource Pooling
1. Agents advertise resources to
Master
2. Master offers resources to
Services
3. Services rejects / uses resources
4. Agent reports task status to
Master
27. Transforming DevOps to Site Reliability Engineering
● Multi-dimensional metrics and modeling
● Often coupled with Grafana dashboard
a. Public ones rarely updated
b. Application level metrics
c. Cluster (node) level metrics
d. Networking information
● Supports multiple cluster metric aggregation
● Many monitoring vendors offering integration
28. Need to Enhance & Automate
Security
● Secure Authentication, Authorization and In-
Transit Data Encryption
● Enable Authentication of Users, Apps
(Client-Server) & Inter-Service
Communication (Server to Server)
● Easy Transport Layer Security (TLS)
● Automate operational overhead
29. Mesosphere & Kubernetes
CNCF certified Kubernetes
Founder on CNCF board |
Platinum Member
Co-founder Container
Storage Interface
Original member of Open
Container Initiative
DC/OS is greatest Cloud Native Landscape*
Enabler
100+ cloud native tools on demand
* https://github.com/cncf/landscape (majority of northbound OSS tools are supported on DC/OS