Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Deploying Rock Solid Applications with Kubernetes

Deploying Rock Solid Applications with Kubernetes

Kubernetes has made it easy to deploy applications to the cloud. It’s even made it easy to deploy the same application across several instances. This, however, does not mean that your application will be highly available by default. To achieve high availability for your applications, there's a lot more involved.

In this talk we'll look at:
- creating secure Docker images and enforcing this at the cluster level with Pod Security Policies;
- configuring Health Checks and possible caveats like Circular Dependencies;
- limiting traffic between services with Network Policies;
- tolerating node failure by implementing correct Anti-Affinity rules;
- rescheduling pods onto new available nodes after node failure with Disruption Budgets;
- setting up correct deployment strategies;
- how to automate this with Custom Resource Definitions;

Jelmer Snoeck

December 12, 2018
Tweet

More Decks by Jelmer Snoeck

Other Decks in Programming

Transcript

  1. Deploying Rock Solid Applications
    with Kubernetes
    https://bit.ly/2LafjmT
    @jelmersnoeck

    View full-size slide

  2. FIND ME
    github.com/jelmersnoeck
    twitter.com/jelmersnoeck
    Jelmer Snoeck
    ABOUT ME
    - Tech Lead at manifold.co
    - <3 Kubernetes
    - <3 Golang

    View full-size slide

  3. What even are Rock
    Solid Applications?
    @jelmersnoeck

    View full-size slide

  4. Secure Applications
    @jelmersnoeck

    View full-size slide

  5. Highly Available Applications
    @jelmersnoeck

    View full-size slide

  6. @jelmersnoeck

    View full-size slide

  7. Disclaimer: simplified
    YAML for demo
    purposes
    @jelmersnoeck

    View full-size slide

  8. @jelmersnoeck

    View full-size slide

  9. @jelmersnoeck

    View full-size slide

  10. Security
    @jelmersnoeck

    View full-size slide

  11. @jelmersnoeck

    View full-size slide

  12. Pod Security
    Policies
    @jelmersnoeck

    View full-size slide

  13. @jelmersnoeck

    View full-size slide

  14. @jelmersnoeck

    View full-size slide

  15. RBAC
    @jelmersnoeck

    View full-size slide

  16. @jelmersnoeck

    View full-size slide

  17. @jelmersnoeck

    View full-size slide

  18. @jelmersnoeck

    View full-size slide

  19. @jelmersnoeck

    View full-size slide

  20. @jelmersnoeck

    View full-size slide

  21. @jelmersnoeck

    View full-size slide

  22. @jelmersnoeck

    View full-size slide

  23. or…
    @jelmersnoeck

    View full-size slide

  24. @jelmersnoeck

    View full-size slide

  25. @jelmersnoeck

    View full-size slide

  26. Network Policies
    @jelmersnoeck

    View full-size slide

  27. @jelmersnoeck

    View full-size slide

  28. @jelmersnoeck

    View full-size slide

  29. @jelmersnoeck

    View full-size slide

  30. Caveat: availability depends on your
    networking plugin
    @jelmersnoeck

    View full-size slide

  31. Security
    @jelmersnoeck

    View full-size slide

  32. High Availability
    @jelmersnoeck

    View full-size slide

  33. What even is
    High Availability?
    @jelmersnoeck

    View full-size slide

  34. This talk is not about High Availability for nodes
    @jelmersnoeck

    View full-size slide

  35. @jelmersnoeck

    View full-size slide

  36. @jelmersnoeck

    View full-size slide

  37. @jelmersnoeck

    View full-size slide

  38. Deployments
    @jelmersnoeck

    View full-size slide

  39. Replicas +
    UpdateStrategy
    @jelmersnoeck

    View full-size slide

  40. @jelmersnoeck

    View full-size slide

  41. @jelmersnoeck

    View full-size slide

  42. @jelmersnoeck

    View full-size slide

  43. @jelmersnoeck

    View full-size slide

  44. @jelmersnoeck

    View full-size slide

  45. @jelmersnoeck

    View full-size slide

  46. @jelmersnoeck

    View full-size slide

  47. @jelmersnoeck

    View full-size slide

  48. @jelmersnoeck

    View full-size slide

  49. @jelmersnoeck

    View full-size slide

  50. @jelmersnoeck

    View full-size slide

  51. @jelmersnoeck

    View full-size slide

  52. (Anti)Affinity
    @jelmersnoeck

    View full-size slide

  53. @jelmersnoeck

    View full-size slide

  54. @jelmersnoeck

    View full-size slide

  55. @jelmersnoeck

    View full-size slide

  56. @jelmersnoeck

    View full-size slide

  57. @jelmersnoeck

    View full-size slide

  58. Probes
    @jelmersnoeck

    View full-size slide

  59. @jelmersnoeck

    View full-size slide

  60. Caveat: Circular
    Dependencies
    @jelmersnoeck

    View full-size slide

  61. Caveat: Circular Dependencies
    @jelmersnoeck

    View full-size slide

  62. Caveat: Circular Dependencies
    @jelmersnoeck

    View full-size slide

  63. Caveat: Circular Dependencies
    @jelmersnoeck

    View full-size slide

  64. Caveat: Circular Dependencies
    @jelmersnoeck

    View full-size slide

  65. PodDisruptionBudget
    @jelmersnoeck

    View full-size slide

  66. @jelmersnoeck

    View full-size slide

  67. @jelmersnoeck

    View full-size slide

  68. @jelmersnoeck

    View full-size slide

  69. @jelmersnoeck

    View full-size slide

  70. @jelmersnoeck

    View full-size slide

  71. @jelmersnoeck

    View full-size slide

  72. Prevent
    misconfiguration
    @jelmersnoeck

    View full-size slide

  73. @jelmersnoeck

    View full-size slide

  74. @jelmersnoeck

    View full-size slide

  75. @jelmersnoeck

    View full-size slide

  76. @jelmersnoeck

    View full-size slide

  77. @jelmersnoeck

    View full-size slide

  78. @jelmersnoeck

    View full-size slide

  79. Webhooks
    - Barbossa
    - Azure Kubernetes Policy Controller (OPA)
    - Anchore Engine
    - …
    @jelmersnoeck

    View full-size slide

  80. We’re hiring…
    <3
    @jelmersnoeck

    View full-size slide

  81. Thanks
    I’ll be around for
    questions
    FIND ME
    github.com/jelmersnoeck
    twitter.com/jelmersnoeck
    SPECIAL THANKS TO
    twitter.com/megthesmith

    View full-size slide

  82. Resources
    - https://hackernoon.com/deploying-rock-solid-applications-with-kubernetes-2
    30fd9bb61f4
    - https://thenewstack.io/myth-cloud-native-portability
    - https://kubernetes.io/docs/concepts/policy/pod-security-policy/
    - https://kubernetes.io/docs/reference/access-authn-authz/rbac/
    - https://kubernetes.io/docs/concepts/services-networking/network-policies/
    - https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
    - https://container-solutions.com/kubernetes-deployment-strategies/
    - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinit
    y-and-anti-affinity
    - https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
    - https://kubernetes.io/docs/tasks/configure-pod-container/configure-livenes
    s-readiness-probes/
    - https://banzaicloud.com/blog/k8s-admission-webhooks/
    - https://github.com/jelmersnoeck/barbossa
    - https://github.com/Azure/kubernetes-policy-controller
    @jelmersnoeck

    View full-size slide