Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Deploying Rock Solid Applications with Kubernetes

Jelmer Snoeck
December 12, 2018
Programming
2
160

Deploying Rock Solid Applications with Kubernetes

Kubernetes has made it easy to deploy applications to the cloud. It’s even made it easy to deploy the same application across several instances. This, however, does not mean that your application will be highly available by default. To achieve high availability for your applications, there's a lot more involved.

In this talk we'll look at:
- creating secure Docker images and enforcing this at the cluster level with Pod Security Policies;
- configuring Health Checks and possible caveats like Circular Dependencies;
- limiting traffic between services with Network Policies;
- tolerating node failure by implementing correct Anti-Affinity rules;
- rescheduling pods onto new available nodes after node failure with Disruption Budgets;
- setting up correct deployment strategies;
- how to automate this with Custom Resource Definitions;

Jelmer Snoeck

December 12, 2018
Tweet

More Decks by Jelmer Snoeck

See All by Jelmer Snoeck
Service alerting and monitoring
jelmersnoeck
0
41
The rise of GraphQL
jelmersnoeck
0
73
Custom Resources for Cloud Native DevOps
jelmersnoeck
1
55
Experimental Refactoring with Go
jelmersnoeck
1
130
From Terraform to Kubernetes: creating and sharing secrets
jelmersnoeck
1
880
let's talk open source software
jelmersnoeck
0
84
The Dark Side Of Microservices
jelmersnoeck
1
150
Workflows
jelmersnoeck
0
120
Inside Darwin Analytics
jelmersnoeck
1
190

Other Decks in Programming

See All in Programming
トランクベース開発の実現に向けた開発プロセスとCIパイプラインの継続的改善
aanrii
5
890
DevRel/Japan 2023 - 1つの事業部だけで行う DevRel とは
hcrane
0
320
Honoの3+1のルーターとそこにつながるPRがプロジェクトにもたらしたもの
usualoma
1
790
Android端末のNFCを無効化しようとしてダメだった話
mitchan
1
2.8k
フレームワークが存在しない時代からのレガシープロダクトを、 Laravelに”載せる”実装戦略
hirobe1999
0
130
Kubernetesコントローラーのパフォーマンスチューニング
zoetrope
4
430
いろいろなフレームワークの仕組みを index.php から読み解こう / index.php of each framework
okashoi
0
270
Famm Android改善記
akatsuki174
0
120
PHPUnit 10 概論 / Introduction of PHPUnit 10
cocoeyes02
0
200
Prompt Engineering 勉強会 / 2023.03.21 GPT-4 Prompt 報告会
smiyawaki0820
16
6.5k
WantedlyでのCompose導入 / Introducing Jetpack Compose at Wantedly
kubode
1
110
NOT A HOTEL
AIコンシェルジュ「Kevin」の開発秘話
codehex
2
2.4k

Featured

See All Featured
Scaling GitHub
holman
453
140k
Rails Girls Zürich Keynote
gr2m
87
12k
Done Done
chrislema
178
15k
Designing for Performance
lara
600
65k
Building Flexible Design Systems
yeseniaperezcruz
314
35k
Documentation Writing (for coders)
carmenintech
51
3k
How GitHub Uses GitHub to Build GitHub
holman
466
280k
Learning to Love Humans: Emotional Interface Design
aarron
263
38k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
351
21k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
500
130k
Fireside Chat
paigeccino
16
2k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
14
1.2k

Transcript

  1. Deploying Rock Solid Applications
    with Kubernetes
    https://bit.ly/2LafjmT
    @jelmersnoeck

    View Slide

  2. FIND ME
    github.com/jelmersnoeck
    twitter.com/jelmersnoeck
    Jelmer Snoeck
    ABOUT ME
    - Tech Lead at manifold.co
    - <3 Kubernetes
    - <3 Golang

    View Slide

  3. What even are Rock
    Solid Applications?
    @jelmersnoeck

    View Slide

  4. Secure Applications
    @jelmersnoeck

    View Slide

  5. Highly Available Applications
    @jelmersnoeck

    View Slide

  6. @jelmersnoeck

    View Slide

  7. Disclaimer: simplified
    YAML for demo
    purposes
    @jelmersnoeck

    View Slide

  8. @jelmersnoeck

    View Slide

  9. @jelmersnoeck

    View Slide

  10. Security
    @jelmersnoeck

    View Slide

  11. @jelmersnoeck

    View Slide

  12. Pod Security
    Policies
    @jelmersnoeck

    View Slide

  13. @jelmersnoeck

    View Slide

  14. @jelmersnoeck

    View Slide

  15. RBAC
    @jelmersnoeck

    View Slide

  16. @jelmersnoeck

    View Slide

  17. @jelmersnoeck

    View Slide

  18. @jelmersnoeck

    View Slide

  19. @jelmersnoeck

    View Slide

  20. @jelmersnoeck

    View Slide

  21. @jelmersnoeck

    View Slide

  22. @jelmersnoeck

    View Slide

  23. or…
    @jelmersnoeck

    View Slide

  24. @jelmersnoeck

    View Slide

  25. @jelmersnoeck

    View Slide

  26. Network Policies
    @jelmersnoeck

    View Slide

  27. @jelmersnoeck

    View Slide

  28. @jelmersnoeck

    View Slide

  29. @jelmersnoeck

    View Slide

  30. Caveat: availability depends on your
    networking plugin
    @jelmersnoeck

    View Slide

  31. Security
    @jelmersnoeck

    View Slide

  32. High Availability
    @jelmersnoeck

    View Slide

  33. What even is
    High Availability?
    @jelmersnoeck

    View Slide

  34. This talk is not about High Availability for nodes
    @jelmersnoeck

    View Slide

  35. @jelmersnoeck

    View Slide

  36. @jelmersnoeck

    View Slide

  37. @jelmersnoeck

    View Slide

  38. Deployments
    @jelmersnoeck

    View Slide

  39. Replicas +
    UpdateStrategy
    @jelmersnoeck

    View Slide

  40. @jelmersnoeck

    View Slide

  41. @jelmersnoeck

    View Slide

  42. @jelmersnoeck

    View Slide

  43. @jelmersnoeck

    View Slide

  44. @jelmersnoeck

    View Slide

  45. @jelmersnoeck

    View Slide

  46. @jelmersnoeck

    View Slide

  47. @jelmersnoeck

    View Slide

  48. @jelmersnoeck

    View Slide

  49. @jelmersnoeck

    View Slide

  50. @jelmersnoeck

    View Slide

  51. @jelmersnoeck

    View Slide

  52. (Anti)Affinity
    @jelmersnoeck

    View Slide

  53. @jelmersnoeck

    View Slide

  54. @jelmersnoeck

    View Slide

  55. @jelmersnoeck

    View Slide

  56. @jelmersnoeck

    View Slide

  57. @jelmersnoeck

    View Slide

  58. Probes
    @jelmersnoeck

    View Slide

  59. @jelmersnoeck

    View Slide

  60. Caveat: Circular
    Dependencies
    @jelmersnoeck

    View Slide

  61. Caveat: Circular Dependencies
    @jelmersnoeck

    View Slide

  62. Caveat: Circular Dependencies
    @jelmersnoeck

    View Slide

  63. Caveat: Circular Dependencies
    @jelmersnoeck

    View Slide

  64. Caveat: Circular Dependencies
    @jelmersnoeck

    View Slide

  65. PodDisruptionBudget
    @jelmersnoeck

    View Slide

  66. @jelmersnoeck

    View Slide

  67. @jelmersnoeck

    View Slide

  68. @jelmersnoeck

    View Slide

  69. @jelmersnoeck

    View Slide

  70. @jelmersnoeck

    View Slide

  71. @jelmersnoeck

    View Slide

  72. Prevent
    misconfiguration
    @jelmersnoeck

    View Slide

  73. Linting?

    View Slide

  74. Webhooks!

    View Slide

  75. @jelmersnoeck

    View Slide

  76. @jelmersnoeck

    View Slide

  77. @jelmersnoeck

    View Slide

  78. @jelmersnoeck

    View Slide

  79. @jelmersnoeck

    View Slide

  80. @jelmersnoeck

    View Slide

  81. Webhooks
    - Barbossa
    - Azure Kubernetes Policy Controller (OPA)
    - Anchore Engine
    - …
    @jelmersnoeck

    View Slide

  82. We’re hiring…
    <3
    @jelmersnoeck

    View Slide

  83. Thanks
    I’ll be around for
    questions
    FIND ME
    github.com/jelmersnoeck
    twitter.com/jelmersnoeck
    SPECIAL THANKS TO
    twitter.com/megthesmith

    View Slide

  84. Resources
    - https://hackernoon.com/deploying-rock-solid-applications-with-kubernetes-2
    30fd9bb61f4
    - https://thenewstack.io/myth-cloud-native-portability
    - https://kubernetes.io/docs/concepts/policy/pod-security-policy/
    - https://kubernetes.io/docs/reference/access-authn-authz/rbac/
    - https://kubernetes.io/docs/concepts/services-networking/network-policies/
    - https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
    - https://container-solutions.com/kubernetes-deployment-strategies/
    - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinit
    y-and-anti-affinity
    - https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
    - https://kubernetes.io/docs/tasks/configure-pod-container/configure-livenes
    s-readiness-probes/
    - https://banzaicloud.com/blog/k8s-admission-webhooks/
    - https://github.com/jelmersnoeck/barbossa
    - https://github.com/Azure/kubernetes-policy-controller
    @jelmersnoeck

    View Slide