Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Kubernetes: A Cautionary Tale - KCDC 2019

Kubernetes: A Cautionary Tale - KCDC 2019

The gap between Minikube and Kubernetes in production is vast and full of pain. Want to know what it's like to implement Kubernetes in production for the first time before you collect the bumps and bruises yourself? Join me to learn about the ups and downs of one company's initial experience - including who was involved, the scope, and what was intentionally deferred.

We will cover:
* Why even consider Kubernetes (Hint: you might not benefit from it!)
* How a real company approached their first proof-of-concept
* How goals changed during implementation of k8s
* What we learned so far
* What we still need to learn

Joshua Sheppard

July 18, 2019

More Decks by Joshua Sheppard

Other Decks in Technology


  1. Our people, processes, and technology improve the world's transportation and

    supply chains, delivering exceptional value to our customers and suppliers. OVERVIEW $16.6B in 2018 Gross 
 Revenues 15,000+ Employees Worldwide 123K Active Customers Worldwide 73K Active Carriers and Suppliers 1100+ IT Employees in 14 Countries
  2. •CHR acquired FreightQuote in 2015 •1200+ employees in KC office

    •Grew from 38 to 65 in IT - much in last 18mo •C#/.NET, React, Node in micro services •Supports largest, most profitable division •Hiring!
  3. • Why K8s? (Hint: Might not be right for you)

    • One Approach • How Goals Changed • What We Learned • What Remained
  4. 1. Cloud Hosted (flexibility) 2. Automation (CI/CD) 3. Culture (people

    matter) 4. Microservices 5. Containers 6. Orchestration (e.g. Kubernetes) https://container-solutions.com/when-is-the-wrong-time-to-use-kubernetes/
  5. What We Learned • Don’t roll your own • Certificates

    are important • Networking knowledge is critical • Secrets aren’t secret • Some apps don’t benefit
  6. Don’t Roll Your Own If you don’t sell k8s, don’t

    build it • ~22 Hosted solutions • ~28 Cloud turnkey solutions • ~18 On-premises turnkey solutions https://kubernetes.io/docs/setup/pick-right-solution/
  7. Certificates Are Important You need to “generate TLS certificates for

    the following components: etcd, kube-apiserver, kube-controller- manager, kube-scheduler, kubelet, and kube-proxy.” … And that’s before even considering your apps.
  8. Networking Knowledge is Critical “Kubernetes cluster networking is perhaps one

    of the most complex components of the Kubernetes infrastructure because it involves so many layers and parts (e.g., container-to-container networking, Pod networking, services, ingress, load balancers), and many users are struggling to make sense of it all.” - Kirill Goltsman, Supergiant
  9. Secrets Aren’t Secret • ENV vs volume mount • Base64

    encoding in cluster • `kubeseal` • HashiCorp Vault
  10. Some Apps Don’t Benefit • Where do they scale? •

    Are they “cluster-aware”? • What about failed deployments?
  11. What Remains • Maintenance needs? • CI/CD into K8s •

    How to get our nodes (vendor?) • Improved storage, external state • Namespaces and environments
  12. Multiple Environments • Dev == Minikube? • Integration == Namespace?

    Cluster? • Production == 1+ clusters? • Testing apps vs testing k8s upgrades
  13. Closing • Think before you k8s - do you need

    it? • Plan to learn - in stages, over time • People matter - especially networking folk ;) • Expect plans to evolve • KC? MN? Kube