Kubernetes: A Cautionary Tale - KCDC 2019

Transcript

1. Kubernetes: A Cautionary Tale

2. Titanium Sponsors Platinum Sponsors Gold Sponsors

3. C.H. ROBINSON Accelerating commerce through the worlds most powerful supply

   chain platform

4. Our people, processes, and technology improve the world's transportation and

   supply chains, delivering exceptional value to our customers and suppliers. OVERVIEW $16.6B in 2018 Gross 
 Revenues 15,000+ Employees Worldwide 123K Active Customers Worldwide 73K Active Carriers and Suppliers 1100+ IT Employees in 14 Countries

5. •CHR acquired FreightQuote in 2015 •1200+ employees in KC office

   •Grew from 38 to 65 in IT - much in last 18mo •C#/.NET, React, Node in micro services •Supports largest, most profitable division •Hiring!

6. AI USE CASES PRESCRIPTIVE & PREDICTIVE PERSONALIZED FLEET OPTIMIZATION MODEL

   BASED PRICING MAKE CONNECTIONS
7. None

8. Kubernetes experience?

9. None
10. None
11. None
12. None

13. So what do you do? (A view from early 2018)

14. • Why K8s? (Hint: Might not be right for you)

    • One Approach • How Goals Changed • What We Learned • What Remained

15. Why Kubernetes (k8s)?

16. Why containers?

17. None

18. When do I need Kubernetes (k8s)?

19. 1. Cloud Hosted (flexibility) 2. Automation (CI/CD) 3. Culture (people

    matter) 4. Microservices 5. Containers 6. Orchestration (e.g. Kubernetes) https://container-solutions.com/when-is-the-wrong-time-to-use-kubernetes/
20. None
21. None

22. Why not Swarm?

23. How hard is K8s to learn?

24. “It depends.” ;) (Not polished in late 2017)

25. None
26. None
27. None

28. In 2019?

29. None
30. None
31. None
32. None
33. None
34. None
35. None
36. None
37. None
38. None
39. None
40. None
41. None
42. None

43. Valuable for my team? – we learned a lot… …

    and apps stayed up.

44. Valuable for my company? Definitely.

45. None
46. None
47. None
48. None
49. None
50. None
51. None
52. None
53. None
54. None
55. None
56. None

57. What We Learned • Don’t roll your own • Certificates

    are important • Networking knowledge is critical • Secrets aren’t secret • Some apps don’t benefit

58. Don’t Roll Your Own If you don’t sell k8s, don’t

    build it • ~22 Hosted solutions • ~28 Cloud turnkey solutions • ~18 On-premises turnkey solutions https://kubernetes.io/docs/setup/pick-right-solution/

59. Certificates Are Important You need to “generate TLS certificates for

    the following components: etcd, kube-apiserver, kube-controller- manager, kube-scheduler, kubelet, and kube-proxy.” … And that’s before even considering your apps.

60. Networking Knowledge is Critical “Kubernetes cluster networking is perhaps one

    of the most complex components of the Kubernetes infrastructure because it involves so many layers and parts (e.g., container-to-container networking, Pod networking, services, ingress, load balancers), and many users are struggling to make sense of it all.” - Kirill Goltsman, Supergiant

61. Secrets Aren’t Secret • ENV vs volume mount • Base64

    encoding in cluster • `kubeseal` • HashiCorp Vault

62. Some Apps Don’t Benefit • Where do they scale? •

    Are they “cluster-aware”? • What about failed deployments?

63. What Remains • Maintenance needs? • CI/CD into K8s •

    How to get our nodes (vendor?) • Improved storage, external state • Namespaces and environments

64. Multiple Environments • Dev == Minikube? • Integration == Namespace?

    Cluster? • Production == 1+ clusters? • Testing apps vs testing k8s upgrades

65. Closing • Think before you k8s - do you need

    it? • Plan to learn - in stages, over time • People matter - especially networking folk ;) • Expect plans to evolve • KC? MN? Kube