Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Tarmak, why do we need another Kubernetes provi...

Mattias Gees
February 05, 2019
Programming
1
250

Tarmak, why do we need another Kubernetes provisioner?

This is a talk given at cfgmgmtcamp 2019

Tarmak is an open-source toolkit for Kubernetes cluster lifecycle management.
It is focused on best-practice cluster security, management and operation.
This talk will clarify the reasoning behind creating Tarmak, the architecture and technologies used.
With Tarmak we tried to not reinvent the full wheel, that is why we have chosen to depend on a lot open-source tools (Terraform, Puppet, Vault, …).
This talk will explain how all of this is tied together.

Mattias Gees

February 05, 2019
Tweet

More Decks by Mattias Gees

See All by Mattias Gees
A Cloud Native Journey At Scale (Belgium Kubernetes Meetup)
mattiasgees
0
32
Pod autoscaling with custom-metrics
mattiasgees
0
72
Lightning Talk Prometheus
mattiasgees
0
62
Terraform workspaces
mattiasgees
0
100
Introduction to Ansible
mattiasgees
0
110

Other Decks in Programming

See All in Programming
どうして手を動かすよりもチーム内のコードレビューを優先するべきなのか
okashoi
3
790
コンテナをたくさん詰め込んだシステムとランタイムの変化
makihiro
1
170
テストケースの名前はどうつけるべきか?
orgachem
PRO
1
180
ドメインイベント増えすぎ問題
h0r15h0
2
530
menu基盤チームによるGoogle Cloudの活用事例~Application Integration, Cloud Tasks編~
yoshifumi_ishikura
0
130
Scalaから始めるOpenFeature入門 / Scalaわいわい勉強会 #4
arthur1
1
380
Go の GC の不得意な 部分を克服したい
taiyow
3
950
CloudflareStack でRAGに入門
asahiiwm
0
140
GitHubで育つ コラボレーション文化 : ニフティでのインナーソース挑戦事例 - 2024-12-16 GitHub Universe 2024 Recap in ZOZO
niftycorp
PRO
0
950
「Chatwork」Android版アプリを 支える単体テストの現在
okuzawats
0
200
fs2-io を試してたらバグを見つけて直した話
chencmd
0
270
Compose UIテストを使った統合テスト
hiroaki404
0
120

Featured

See All Featured
Docker and Python
trallard
43
3.2k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
33
2.7k
Thoughts on Productivity
jonyablonski
68
4.4k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
7k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
45
2.3k
The Cult of Friendly URLs
andyhume
78
6.1k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
49k
Six Lessons from altMBA
skipperchong
27
3.5k
The World Runs on Bad Software
bkeepers
PRO
66
11k
For a Future-Friendly Web
brad_frost
176
9.5k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
29
940
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
3
330

Transcript

  1. jetstack.io Tarmak, why do we need another Kubernetes provisioner? Presented

    by Mattias Gees @MattiasGees

  2. Mattias Gees jetstack.io @MattiasGees • Solutions Engineer @ Jetstack •

    Marathon runner

  3. What is Tarmak? jetstack.io @MattiasGees Tarmak is an open-source toolkit

    for Kubernetes cluster lifecycle management. It is focused on best-practice cluster security, management and operation. https://github.com/jetstack/tarmak

  4. jetstack.io Kubernetes kubectl storage (etcd) API server scheduler controller-manager Node

    kubelet proxy docker Node kubelet proxy docker Control Plane Other clients jetstack.io @MattiasGees

  5. History jetstack.io @MattiasGees • 1st and 2nd generation (around k8s

    1.0) ◦ CoreOS ◦ CloudFormation and Terraform ◦ Cloud-init Bash ◦ Ruby and Shell scripts

  6. Lessons jetstack.io @MattiasGees • Immutable is not always needed •

    Testing / Debugging • Dependencies need to be versioned • PKI Management • Terraform abstraction

  7. Motivations jetstack.io @MattiasGees • Shorter feedback loop • Reusability of

    code • Continuous roll-out of changes • Dry-run • Tried and tested tools

  8. Motivations jetstack.io @MattiasGees • Immutable can be expensive and slow

    • Desired vs actual • Stateful application

  9. jetstack.io Components jetstack.io @MattiasGees

  10. jetstack.io Components jetstack.io @MattiasGees

  11. jetstack.io @MattiasGees Architecture

  12. Packer jetstack.io @MattiasGees • Prepare images • Faster start-up

  13. Terraform jetstack.io @MattiasGees • Cloud Infrastructure • Previously: multi stack

    • Tarmak provider • Now: 1 stack

  14. Vault jetstack.io @MattiasGees • PKI Management • Vault-unsealer • Backed

    by Consul • Short lived certificates • Automatic renew

  15. Vault jetstack.io @MattiasGees

  16. Puppet jetstack.io @MattiasGees • Config of servers • Desired vs

    actual state

  17. Wing jetstack.io @MattiasGees • Wrapper • Installed with boot-init •

    Get Puppet manifests • Puppet apply • Report status

  18. jetstack.io Wing tarmak storage (etcd) wing-server instance-a wing puppet instance-b

    wing puppet Wing server jetstack.io @MattiasGees

  19. Go jetstack.io @MattiasGees • Glue • Validation • Verification •

    Customization

  20. Tarmak config jetstack.io @MattiasGees

  21. Tarmak config jetstack.io @MattiasGees

  22. Demo jetstack.io @MattiasGees

  23. Advantages jetstack.io @MattiasGees • Security • Encryption • Close to

    upstream Kubernetes • Cluster Autoscaler • Logging to Elasticsearch • Monitoring • Multiple instance pools

  24. Downsides jetstack.io @MattiasGees • Rolling upgrades are a pain •

    Spot instances • Logging outputs • AWS only* • No public images *

  25. [email protected] @MattiasGees @JetstackHQ Thank you. jetstack.io