Upgrade to Pro — share decks privately, control downloads, hide ads and more …

A Cloud Native Journey At Scale (Belgium Kubern...

Mattias Gees
February 08, 2023
Technology
0
32

A Cloud Native Journey At Scale (Belgium Kubernetes Meetup)

Enterprises on their Cloud Native journey have 2 options, buy a Kubernetes Platform with all the bells and whistles or build one from scratch. When picking the latter, it allows you to create your own PaaS solution that fits your company's DNA and culture. This talk focuses on how an international financial institution leveraged the cloud and the Cloud Native landscape to build a scalable single-tenant Kubernetes platform that fits its culture and security requirements. Building out a scalable Kubernetes platform to more than 100 Kubernetes clusters comes with a lot of challenges in a big enterprise. During this talk, I will tell the story from where we started to today, the challenges we encountered and how we manage more than 100 Kubernetes clusters in an efficient way.

Mattias Gees

February 08, 2023
Tweet

More Decks by Mattias Gees

See All by Mattias Gees
Tarmak, why do we need another Kubernetes provisioner?
mattiasgees
1
250
Pod autoscaling with custom-metrics
mattiasgees
0
72
Lightning Talk Prometheus
mattiasgees
0
62
Terraform workspaces
mattiasgees
0
100
Introduction to Ansible
mattiasgees
0
110

Other Decks in Technology

See All in Technology
20240522 - 躍遷創作理念 @ PicCollage Workshop
dpys
0
290
Google Cloud で始める Cloud Run 〜AWSとの比較と実例デモで解説〜
risatube
PRO
0
130
ネットワーク可視化の世界
likr
7
5.6k
アジャイルチームが変化し続けるための組織文化とマネジメント・アプローチ / Agile management that enables ever-changing teams
kakehashi
2
1.6k
20241125 - AI 繪圖實戰魔法工作坊 @ 實踐大學
dpys
1
430
開発生産性向上! 育成を「改善」と捉えるエンジニア育成戦略
shoota
2
820
AWS re:Invent 2024 ふりかえり勉強会
yhana
0
680
怖くない!ゼロから始めるPHPソースコードコンパイル入門
colopl
0
230
MasterMemory v3 最速確認会
yucchiy
0
290
クレカ・銀行連携機能における “状態”との向き合い方 / SmartBank Engineer LT Event
smartbank
3
130
生成AIによるテスト設計支援プロセスの構築とプロセス内のボトルネック解消の取り組み / 20241220 Suguru Ishii
shift_evolve
0
160
20241218_今年はSLI/SLOの導入を頑張ってました!
zepprix
0
250

Featured

See All Featured
How to train your dragon (web standard)
notwaldorf
88
5.8k
The Language of Interfaces
destraynor
155
24k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
230
52k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
28
4.4k
Visualization
eitanlees
146
15k
Building a Scalable Design System with Sketch
lauravandoore
460
33k
Fireside Chat
paigeccino
34
3.1k
The Cost Of JavaScript in 2023
addyosmani
46
7.1k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3.1k
Measuring & Analyzing Core Web Vitals
bluesmoon
5
190
The Pragmatic Product Professional
lauravandoore
32
6.3k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k

Transcript

  1. jetstack.io Jetstack A Cloud Native Journey At Scale Mattias Gees

    Director of Tech Cloud Native Bristol

  2. jetstack.io Mattias Gees Director of Tech ✉ [email protected] 🐦 @MattiasGees

  3. jetstack.io Training Strategic Advisory Consulting Workshops and Discovery

  4. jetstack.io jetstack.io Agenda

  5. jetstack.io • Problem Statement • Decisions • Architecture • Journey

    • Challenges • Lessons learned

  6. jetstack.io Disclaimer: Jetstack is consulting for a global bank, unfortunately

    I can’t disclose the customer

  7. jetstack.io jetstack.io Problem Statement

  8. jetstack.io • Sprawl of non-compliant GKE clusters • Meeting compliance

    of all layers of Kubernetes is hard • Weeks of engineering to create a compliant application on GKE • Maintenance burden on the application teams • Developer experience is bad • Portability between different Kubernetes clusters is non-existent Problem Statement

  9. jetstack.io Decisions

  10. jetstack.io Single Tenant vs Multi Tenant

  11. jetstack.io Self Hosted vs Managed Service

  12. jetstack.io Architecture

  13. jetstack.io Customer Infrastructure Architecture Region Shared VPC Private VPC Ingress

    Proxies Compute Engine Egress Proxies Compute Engine Google Kubernetes Engine IAM Key Management Service Cloud Load Balancing Cloud Load Balancing Cloud Firewall Rules Cloud Router Cluster Add On Tooling Customer Applications

  14. jetstack.io Cluster Add Ons

  15. jetstack.io Cluster Add Ons

  16. jetstack.io Cluster Add Ons

  17. jetstack.io Cluster Add Ons

  18. jetstack.io jetstack.io Journey

  19. jetstack.io POC January 2021 - March 2021

  20. jetstack.io Provisioning Architecture

  21. jetstack.io { "name": "dev", "machine_type": "n1-standard-4", "region": "europ-west2", "egress_service": {

    "tags": [ "fwtag-external-service1", "fwtag-cloudsql", ] } } Customer Configuration

  22. jetstack.io MVP April 2021 - November 2021

  23. jetstack.io Provisioning Architecture

  24. jetstack.io Productionisation December 2021 - March 2022

  25. jetstack.io • Improving observability layer • Documenting Operating Model •

    Automation of recurring problems • Automation of processes Productionisation

  26. jetstack.io Live March 2022 - Now

  27. jetstack.io • Implemented testing framework • Improvements to reliability, security

    and scalability • Overhaul of the RBAC system • Small cost optimizations • Launch extra features ◦ Istio ◦ CSI Secret Store Driver ◦ Enablement of native GKE features Live

  28. jetstack.io jetstack.io Challenges

  29. jetstack.io • Kubernetes Cluster Resources • Backwards compatibility ◦ CRDs

    ◦ Images ◦ Changing behaviour of features • Licenses (AGPLv2) • Additional processes of a big enterprise • Processes not adapted to Cloud Native Challenges

  30. jetstack.io jetstack.io Lessons Learned

  31. jetstack.io • Early feedback from stakeholders was key • Product

    management helps with prioritizing • Healthy (engineering) culture is everything • Move fast and fix later (until production) • You can still be innovative in a regulated environment • Provide self-service to application teams Lessons Learned

  32. jetstack.io Thank you! 🚀 Q&A Mattias Gees Director of Tech

    Cloud Native Bristol