Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Deploying Rock Solid Applications with Kubernetes

Jelmer Snoeck
December 12, 2018
Programming
2
160

Deploying Rock Solid Applications with Kubernetes

Kubernetes has made it easy to deploy applications to the cloud. It’s even made it easy to deploy the same application across several instances. This, however, does not mean that your application will be highly available by default. To achieve high availability for your applications, there's a lot more involved.

In this talk we'll look at:
- creating secure Docker images and enforcing this at the cluster level with Pod Security Policies;
- configuring Health Checks and possible caveats like Circular Dependencies;
- limiting traffic between services with Network Policies;
- tolerating node failure by implementing correct Anti-Affinity rules;
- rescheduling pods onto new available nodes after node failure with Disruption Budgets;
- setting up correct deployment strategies;
- how to automate this with Custom Resource Definitions;

Jelmer Snoeck

December 12, 2018
Tweet

More Decks by Jelmer Snoeck

See All by Jelmer Snoeck
Service alerting and monitoring
jelmersnoeck
0
73
The rise of GraphQL
jelmersnoeck
0
79
Custom Resources for Cloud Native DevOps
jelmersnoeck
1
67
Experimental Refactoring with Go
jelmersnoeck
1
130
From Terraform to Kubernetes: creating and sharing secrets
jelmersnoeck
1
920
let's talk open source software
jelmersnoeck
0
91
The Dark Side Of Microservices
jelmersnoeck
1
160
Workflows
jelmersnoeck
0
130
Inside Darwin Analytics
jelmersnoeck
1
240

Other Decks in Programming

See All in Programming
[SF Ruby, March 2024] Rails on Wasm
palkan
0
380
코틀린으로 멀티플랫폼 만들기
pangmoo
0
120
SwiftUIで使いやすいToastの作り方 / How to build a Toast system which is easy to use in SwiftUI
lovee
3
100
Java 22 Overview
kishida
1
170
Zero Waste, Radical Magic, and Italian Graft – Quarkus Efficiency Secrets
hollycummins
0
220
OpenAPIを中心に考えるAPI開発入門 / Introduction to API Development with a Focus on OpenAPI
seike460
PRO
2
120
甘い香りに誘われてVanilla Extractを1年間運用してみた
miyahkun
1
110
Rails と人魚の話/rails-and-mermaid
sanfrecce_osaka
0
100
TYPO3 v13 – The road to LTS: What's new and new APIs
luisasofie_xoxo
0
180
Front-end application development, Symfony-style(s)
dunglas
2
1.9k
Tailwind CSSを本気でカスタマイズする方法
fsubal
5
1.2k
StreamlitとTerraformでデータカタログを作った話
gussan0223
0
300

Featured

See All Featured
Put a Button on it: Removing Barriers to Going Fast.
kastner
58
3k
In The Pink: A Labor of Love
frogandcode
138
21k
Mobile First: as difficult as doing things right
swwweet
216
8.6k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
19
1.9k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
15
1.4k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
18
1.7k
10 Git Anti Patterns You Should be Aware of
lemiorhan
646
57k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
352
28k
Fantastic passwords and where to find them - at NoRuKo
philnash
36
2.5k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
76
41k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
39
4.4k
4 Signs Your Business is Dying
shpigford
175
21k

Transcript

  1. Deploying Rock Solid Applications with Kubernetes https://bit.ly/2LafjmT @jelmersnoeck

  2. FIND ME github.com/jelmersnoeck twitter.com/jelmersnoeck Jelmer Snoeck ABOUT ME - Tech

    Lead at manifold.co - <3 Kubernetes - <3 Golang

  3. What even are Rock Solid Applications? @jelmersnoeck

  4. Secure Applications @jelmersnoeck

  5. Highly Available Applications @jelmersnoeck

  6. @jelmersnoeck

  7. Disclaimer: simplified YAML for demo purposes @jelmersnoeck

  8. @jelmersnoeck

  9. @jelmersnoeck

  10. Security @jelmersnoeck

  11. @jelmersnoeck

  12. Pod Security Policies @jelmersnoeck

  13. @jelmersnoeck

  14. @jelmersnoeck

  15. RBAC @jelmersnoeck

  16. @jelmersnoeck

  17. @jelmersnoeck

  18. @jelmersnoeck

  19. @jelmersnoeck

  20. @jelmersnoeck

  21. @jelmersnoeck

  22. @jelmersnoeck

  23. or… @jelmersnoeck

  24. @jelmersnoeck

  25. @jelmersnoeck

  26. Network Policies @jelmersnoeck

  27. @jelmersnoeck

  28. @jelmersnoeck

  29. @jelmersnoeck

  30. Caveat: availability depends on your networking plugin @jelmersnoeck

  31. Security @jelmersnoeck

  32. High Availability @jelmersnoeck

  33. What even is High Availability? @jelmersnoeck

  34. This talk is not about High Availability for nodes @jelmersnoeck

  35. @jelmersnoeck

  36. @jelmersnoeck

  37. @jelmersnoeck

  38. Deployments @jelmersnoeck

  39. Replicas + UpdateStrategy @jelmersnoeck

  40. @jelmersnoeck

  41. @jelmersnoeck

  42. @jelmersnoeck

  43. @jelmersnoeck

  44. @jelmersnoeck

  45. @jelmersnoeck

  46. @jelmersnoeck

  47. @jelmersnoeck

  48. @jelmersnoeck

  49. @jelmersnoeck

  50. @jelmersnoeck

  51. @jelmersnoeck

  52. (Anti)Affinity @jelmersnoeck

  53. @jelmersnoeck

  54. @jelmersnoeck

  55. @jelmersnoeck

  56. @jelmersnoeck

  57. @jelmersnoeck

  58. Probes @jelmersnoeck

  59. @jelmersnoeck

  60. Caveat: Circular Dependencies @jelmersnoeck

  61. Caveat: Circular Dependencies @jelmersnoeck

  62. Caveat: Circular Dependencies @jelmersnoeck

  63. Caveat: Circular Dependencies @jelmersnoeck

  64. Caveat: Circular Dependencies @jelmersnoeck

  65. PodDisruptionBudget @jelmersnoeck

  66. @jelmersnoeck

  67. @jelmersnoeck

  68. @jelmersnoeck

  69. @jelmersnoeck

  70. @jelmersnoeck

  71. @jelmersnoeck

  72. Prevent misconfiguration @jelmersnoeck

  73. Linting?

  74. Webhooks!

  75. @jelmersnoeck

  76. @jelmersnoeck

  77. @jelmersnoeck

  78. @jelmersnoeck

  79. @jelmersnoeck

  80. @jelmersnoeck

  81. Webhooks - Barbossa - Azure Kubernetes Policy Controller (OPA) -

    Anchore Engine - … @jelmersnoeck

  82. We’re hiring… <3 @jelmersnoeck

  83. Thanks I’ll be around for questions FIND ME github.com/jelmersnoeck twitter.com/jelmersnoeck

    SPECIAL THANKS TO twitter.com/megthesmith

  84. Resources - https://hackernoon.com/deploying-rock-solid-applications-with-kubernetes-2 30fd9bb61f4 - https://thenewstack.io/myth-cloud-native-portability - https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - https://kubernetes.io/docs/reference/access-authn-authz/rbac/

    - https://kubernetes.io/docs/concepts/services-networking/network-policies/ - https://kubernetes.io/docs/concepts/workloads/controllers/deployment/ - https://container-solutions.com/kubernetes-deployment-strategies/ - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinit y-and-anti-affinity - https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ - https://kubernetes.io/docs/tasks/configure-pod-container/configure-livenes s-readiness-probes/ - https://banzaicloud.com/blog/k8s-admission-webhooks/ - https://github.com/jelmersnoeck/barbossa - https://github.com/Azure/kubernetes-policy-controller @jelmersnoeck