$30 off During Our Annual Pro Sale. View Details »

Kubernetes: A Cautionary Tale (Minnebar)

Kubernetes: A Cautionary Tale (Minnebar)

The gap between Minikube and Kubernetes in production is vast and full of pain. Want to know what it's like to implement Kubernetes in production for the first time before you collect the bumps and bruises yourself? Join me to learn about the ups and downs of one company's initial experience - including who was involved, the scope, and what was intentionally deferred.

We will cover:
* Why even consider Kubernetes (Hint: you might not benefit from it!)
* How a real company approached their first proof-of-concept
* How goals changed during implementation of k8s
* What we learned so far
* What we still need to learn

Joshua Sheppard

April 27, 2019

More Decks by Joshua Sheppard

Other Decks in Technology


  1. Kubernetes: A Cautionary Tale

    View Slide

    Accelerating commerce through the worlds most powerful supply chain platform

    View Slide

  3. Our people, processes, and technology improve the world's transportation and
    supply chains, delivering exceptional value to our customers and suppliers.
    in 2018 Gross 

    Active Customers
    Active Carriers
    and Suppliers
    IT Employees in
    14 Countries

    View Slide


    View Slide

  5. View Slide

  6. Kubernetes experience?

    View Slide

  7. View Slide

  8. View Slide

  9. View Slide

  10. View Slide

  11. So what do you do?
    (A view from early 2018)

    View Slide

  12. • Why K8s? (Hint: Might not be right for you)
    • One Approach
    • How Goals Changed
    • What We Learned
    • What Remained

    View Slide

  13. Why Kubernetes (k8s)?

    View Slide

  14. Why containers?

    View Slide

  15. View Slide

  16. When do I need Kubernetes (k8s)?

    View Slide

  17. 1. Cloud Hosted (flexibility)
    2. Automation (CI/CD)
    3. Culture (people matter)
    4. Microservices
    5. Containers
    6. Orchestration (e.g. Kubernetes)

    View Slide

  18. View Slide

  19. View Slide

  20. Why not Swarm?

    View Slide

  21. How hard is K8s to learn?

    View Slide

  22. “It depends.” ;)
    (Not polished in late 2017)

    View Slide

  23. View Slide

  24. View Slide

  25. View Slide

  26. In 2019?

    View Slide

  27. View Slide

  28. View Slide

  29. View Slide

  30. View Slide

  31. View Slide

  32. View Slide

  33. View Slide

  34. View Slide

  35. View Slide

  36. View Slide

  37. View Slide

  38. View Slide

  39. View Slide

  40. View Slide

  41. Valuable for my team?
    – we learned a lot…
    … and apps stayed up.

    View Slide

  42. Valuable for my company?

    View Slide

  43. View Slide

  44. View Slide

  45. View Slide

  46. View Slide

  47. View Slide

  48. View Slide

  49. View Slide

  50. View Slide

  51. View Slide

  52. View Slide

  53. View Slide

  54. View Slide

  55. What We Learned
    • Don’t roll your own
    • Certificates are important
    • Networking knowledge is critical
    • Secrets aren’t secret
    • Some apps don’t benefit

    View Slide

  56. Don’t Roll Your Own
    If you don’t sell k8s, don’t build it
    • ~22 Hosted solutions
    • ~28 Cloud turnkey solutions
    • ~18 On-premises turnkey solutions

    View Slide

  57. Certificates Are Important
    You need to “generate TLS certificates
    for the following components: etcd,
    kube-apiserver, kube-controller-
    manager, kube-scheduler, kubelet,
    and kube-proxy.”
    … And that’s before even considering your apps.

    View Slide

  58. Networking Knowledge is Critical
    “Kubernetes cluster networking is perhaps one of the most
    complex components of the Kubernetes infrastructure because
    it involves so many layers and parts (e.g., container-to-container
    networking, Pod networking, services, ingress, load balancers),
    and many users are struggling to make sense of it all.”
    - Kirill Goltsman, Supergiant

    View Slide

  59. Secrets Aren’t Secret
    • ENV vs volume mount
    • Base64 encoding in cluster
    • `kubeseal`
    • HashiCorp Vault

    View Slide

  60. Some Apps Don’t Benefit
    • Where do they scale?
    • Are they “cluster-aware”?
    • What about failed deployments?

    View Slide

  61. What Remains
    • CI/CD into K8s
    • How to get our nodes (vendor?)
    • Improved storage, external state
    • Namespaces and environments

    View Slide

  62. Multiple Environments
    • Dev == Minikube?
    • Integration == Namespace? Cluster?
    • Production == 1+ clusters?
    • Testing apps vs testing k8s upgrades

    View Slide

  63. Closing
    • Think before you k8s - do you need it?
    • Plan to learn - in stages, over time
    • People matter - especially networking folk ;)
    • Expect plans to evolve
    • Blaine? Eden Prairie?

    View Slide