Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Kubernetes: A Cautionary Tale (Minnebar)

Kubernetes: A Cautionary Tale (Minnebar)

The gap between Minikube and Kubernetes in production is vast and full of pain. Want to know what it's like to implement Kubernetes in production for the first time before you collect the bumps and bruises yourself? Join me to learn about the ups and downs of one company's initial experience - including who was involved, the scope, and what was intentionally deferred.

We will cover:
* Why even consider Kubernetes (Hint: you might not benefit from it!)
* How a real company approached their first proof-of-concept
* How goals changed during implementation of k8s
* What we learned so far
* What we still need to learn

Joshua Sheppard

April 27, 2019
Tweet

More Decks by Joshua Sheppard

Other Decks in Technology

Transcript

  1. Our people, processes, and technology improve the world's transportation and

    supply chains, delivering exceptional value to our customers and suppliers. OVERVIEW $16.6B in 2018 Gross 
 Revenues 15,000+ Employees Worldwide 123K Active Customers Worldwide 73K Active Carriers and Suppliers 1100+ IT Employees in 14 Countries
  2. • Why K8s? (Hint: Might not be right for you)

    • One Approach • How Goals Changed • What We Learned • What Remained
  3. 1. Cloud Hosted (flexibility) 2. Automation (CI/CD) 3. Culture (people

    matter) 4. Microservices 5. Containers 6. Orchestration (e.g. Kubernetes) https://container-solutions.com/when-is-the-wrong-time-to-use-kubernetes/
  4. What We Learned • Don’t roll your own • Certificates

    are important • Networking knowledge is critical • Secrets aren’t secret • Some apps don’t benefit
  5. Don’t Roll Your Own If you don’t sell k8s, don’t

    build it • ~22 Hosted solutions • ~28 Cloud turnkey solutions • ~18 On-premises turnkey solutions https://kubernetes.io/docs/setup/pick-right-solution/
  6. Certificates Are Important You need to “generate TLS certificates for

    the following components: etcd, kube-apiserver, kube-controller- manager, kube-scheduler, kubelet, and kube-proxy.” … And that’s before even considering your apps.
  7. Networking Knowledge is Critical “Kubernetes cluster networking is perhaps one

    of the most complex components of the Kubernetes infrastructure because it involves so many layers and parts (e.g., container-to-container networking, Pod networking, services, ingress, load balancers), and many users are struggling to make sense of it all.” - Kirill Goltsman, Supergiant
  8. Secrets Aren’t Secret • ENV vs volume mount • Base64

    encoding in cluster • `kubeseal` • HashiCorp Vault
  9. Some Apps Don’t Benefit • Where do they scale? •

    Are they “cluster-aware”? • What about failed deployments?
  10. What Remains • CI/CD into K8s • How to get

    our nodes (vendor?) • Improved storage, external state • Namespaces and environments
  11. Multiple Environments • Dev == Minikube? • Integration == Namespace?

    Cluster? • Production == 1+ clusters? • Testing apps vs testing k8s upgrades
  12. Closing • Think before you k8s - do you need

    it? • Plan to learn - in stages, over time • People matter - especially networking folk ;) • Expect plans to evolve • Blaine? Eden Prairie?