Kubernetes: A Cautionary Tale (Minnebar)

Transcript

1. Kubernetes: A Cautionary Tale

2. C.H. ROBINSON Accelerating commerce through the worlds most powerful supply

   chain platform

3. Our people, processes, and technology improve the world's transportation and

   supply chains, delivering exceptional value to our customers and suppliers. OVERVIEW $16.6B in 2018 Gross 
 Revenues 15,000+ Employees Worldwide 123K Active Customers Worldwide 73K Active Carriers and Suppliers 1100+ IT Employees in 14 Countries

4. AI USE CASES PRESCRIPTIVE & PREDICTIVE PERSONALIZED FLEET OPTIMIZATION MODEL

   BASED PRICING MAKE CONNECTIONS
5. None

6. Kubernetes experience?

7. None
8. None
9. None
10. None

11. So what do you do? (A view from early 2018)

12. • Why K8s? (Hint: Might not be right for you)

    • One Approach • How Goals Changed • What We Learned • What Remained

13. Why Kubernetes (k8s)?

14. Why containers?

15. None

16. When do I need Kubernetes (k8s)?

17. 1. Cloud Hosted (flexibility) 2. Automation (CI/CD) 3. Culture (people

    matter) 4. Microservices 5. Containers 6. Orchestration (e.g. Kubernetes) https://container-solutions.com/when-is-the-wrong-time-to-use-kubernetes/
18. None
19. None

20. Why not Swarm?

21. How hard is K8s to learn?

22. “It depends.” ;) (Not polished in late 2017)

23. None
24. None
25. None

26. In 2019?

27. None
28. None
29. None
30. None
31. None
32. None
33. None
34. None
35. None
36. None
37. None
38. None
39. None
40. None

41. Valuable for my team? – we learned a lot… …

    and apps stayed up.

42. Valuable for my company? Definitely.

43. None
44. None
45. None
46. None
47. None
48. None
49. None
50. None
51. None
52. None
53. None
54. None

55. What We Learned • Don’t roll your own • Certificates

    are important • Networking knowledge is critical • Secrets aren’t secret • Some apps don’t benefit

56. Don’t Roll Your Own If you don’t sell k8s, don’t

    build it • ~22 Hosted solutions • ~28 Cloud turnkey solutions • ~18 On-premises turnkey solutions https://kubernetes.io/docs/setup/pick-right-solution/

57. Certificates Are Important You need to “generate TLS certificates for

    the following components: etcd, kube-apiserver, kube-controller- manager, kube-scheduler, kubelet, and kube-proxy.” … And that’s before even considering your apps.

58. Networking Knowledge is Critical “Kubernetes cluster networking is perhaps one

    of the most complex components of the Kubernetes infrastructure because it involves so many layers and parts (e.g., container-to-container networking, Pod networking, services, ingress, load balancers), and many users are struggling to make sense of it all.” - Kirill Goltsman, Supergiant

59. Secrets Aren’t Secret • ENV vs volume mount • Base64

    encoding in cluster • `kubeseal` • HashiCorp Vault

60. Some Apps Don’t Benefit • Where do they scale? •

    Are they “cluster-aware”? • What about failed deployments?

61. What Remains • CI/CD into K8s • How to get

    our nodes (vendor?) • Improved storage, external state • Namespaces and environments

62. Multiple Environments • Dev == Minikube? • Integration == Namespace?

    Cluster? • Production == 1+ clusters? • Testing apps vs testing k8s upgrades

63. Closing • Think before you k8s - do you need

    it? • Plan to learn - in stages, over time • People matter - especially networking folk ;) • Expect plans to evolve • Blaine? Eden Prairie?