Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Tarmak, why do we need another Kubernetes provisioner?

Mattias Gees
February 05, 2019
Programming
1
230

Tarmak, why do we need another Kubernetes provisioner?

This is a talk given at cfgmgmtcamp 2019

Tarmak is an open-source toolkit for Kubernetes cluster lifecycle management.
It is focused on best-practice cluster security, management and operation.
This talk will clarify the reasoning behind creating Tarmak, the architecture and technologies used.
With Tarmak we tried to not reinvent the full wheel, that is why we have chosen to depend on a lot open-source tools (Terraform, Puppet, Vault, …).
This talk will explain how all of this is tied together.

Mattias Gees

February 05, 2019
Tweet

More Decks by Mattias Gees

See All by Mattias Gees
A Cloud Native Journey At Scale (Belgium Kubernetes Meetup)
mattiasgees
0
29
Pod autoscaling with custom-metrics
mattiasgees
0
68
Lightning Talk Prometheus
mattiasgees
0
59
Terraform workspaces
mattiasgees
0
96
Introduction to Ansible
mattiasgees
0
94

Other Decks in Programming

See All in Programming
Java 22 Overview
kishida
1
190
R言語の環境構築と基礎 Tokyo.R 112
bob3bob3
0
280
Git Rebase
bkuhlmann
11
1.6k
Git Lint
bkuhlmann
4
760
Komplexe Oberflächen mit SVG und der Web Animation API
joergneumann
0
680
Node.js v22 で変わること
yosuke_furukawa
PRO
11
3.9k
CREってこういうこと? 体験入社 - 提案資料 - / what-is-cre-trial-employment
shinden
1
520
Goのエラースタックトレースの歴史と今後
sonatard
10
1.8k
AmperとFleetを使ったAndroidアプリ
yoppie
0
250
PHP8.3の機能を振り返る / Review of PHP 8.3 features
seike460
PRO
1
120
Snowflakeで眠ったデータを起こそう!
estie
0
140
Hanami and htmx
bkuhlmann
0
220

Featured

See All Featured
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
14
1.5k
Scaling GitHub
holman
457
140k
A Tale of Four Properties
chriscoyier
152
22k
Optimising Largest Contentful Paint
csswizardry
12
2.4k
Designing on Purpose - Digital PM Summit 2013
jponch
111
6.5k
Teambox: Starting and Learning
jrom
128
8.4k
The Invisible Side of Design
smashingmag
294
49k
Happy Clients
brianwarren
92
6.4k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
7
3.4k
Art, The Web, and Tiny UX
lynnandtonic
290
19k
What’s in a name? Adding method to the madness
productmarketing
PRO
17
2.7k
Fashionably flexible responsive web design (full day workshop)
malarkey
398
65k

Transcript

  1. jetstack.io Tarmak, why do we need another Kubernetes provisioner? Presented

    by Mattias Gees @MattiasGees

  2. Mattias Gees jetstack.io @MattiasGees • Solutions Engineer @ Jetstack •

    Marathon runner

  3. What is Tarmak? jetstack.io @MattiasGees Tarmak is an open-source toolkit

    for Kubernetes cluster lifecycle management. It is focused on best-practice cluster security, management and operation. https://github.com/jetstack/tarmak

  4. jetstack.io Kubernetes kubectl storage (etcd) API server scheduler controller-manager Node

    kubelet proxy docker Node kubelet proxy docker Control Plane Other clients jetstack.io @MattiasGees

  5. History jetstack.io @MattiasGees • 1st and 2nd generation (around k8s

    1.0) ◦ CoreOS ◦ CloudFormation and Terraform ◦ Cloud-init Bash ◦ Ruby and Shell scripts

  6. Lessons jetstack.io @MattiasGees • Immutable is not always needed •

    Testing / Debugging • Dependencies need to be versioned • PKI Management • Terraform abstraction

  7. Motivations jetstack.io @MattiasGees • Shorter feedback loop • Reusability of

    code • Continuous roll-out of changes • Dry-run • Tried and tested tools

  8. Motivations jetstack.io @MattiasGees • Immutable can be expensive and slow

    • Desired vs actual • Stateful application

  9. jetstack.io Components jetstack.io @MattiasGees

  10. jetstack.io Components jetstack.io @MattiasGees

  11. jetstack.io @MattiasGees Architecture

  12. Packer jetstack.io @MattiasGees • Prepare images • Faster start-up

  13. Terraform jetstack.io @MattiasGees • Cloud Infrastructure • Previously: multi stack

    • Tarmak provider • Now: 1 stack

  14. Vault jetstack.io @MattiasGees • PKI Management • Vault-unsealer • Backed

    by Consul • Short lived certificates • Automatic renew

  15. Vault jetstack.io @MattiasGees

  16. Puppet jetstack.io @MattiasGees • Config of servers • Desired vs

    actual state

  17. Wing jetstack.io @MattiasGees • Wrapper • Installed with boot-init •

    Get Puppet manifests • Puppet apply • Report status

  18. jetstack.io Wing tarmak storage (etcd) wing-server instance-a wing puppet instance-b

    wing puppet Wing server jetstack.io @MattiasGees

  19. Go jetstack.io @MattiasGees • Glue • Validation • Verification •

    Customization

  20. Tarmak config jetstack.io @MattiasGees

  21. Tarmak config jetstack.io @MattiasGees

  22. Demo jetstack.io @MattiasGees

  23. Advantages jetstack.io @MattiasGees • Security • Encryption • Close to

    upstream Kubernetes • Cluster Autoscaler • Logging to Elasticsearch • Monitoring • Multiple instance pools

  24. Downsides jetstack.io @MattiasGees • Rolling upgrades are a pain •

    Spot instances • Logging outputs • AWS only* • No public images *

  25. [email protected] @MattiasGees @JetstackHQ Thank you. jetstack.io