Distributed System with Kubernetes

Transcript

1. Mohan Pawar, Continuum @mohan08p Location Building Distributed Systems with Kubernetes

2. 2 Agenda 1. What is Distributed System ? 2. Dev

   and DevOps Experience 3. Container Evolution 4. Container Orchestration 5. K8s Architecture

3. What is Distributed System ? “A collection of independent computers

   that appear to its users as one computer.” - Andrew Tannenbaum

4. Three Characteristics • The computers operate concurrently • The computers

   fail independently • The computer do not share a global clock

5. 5

6. 6

7. 7

8. The Dev people managing infrastructure just want a PaaS. The

   only requirement is: It has to be build by them

9. 9 Source: What is kubernetes?

10. 10

11. Containers are future deployment units.

12. We must treat the data center itself as one massive

    warehouse-scale computer

13. Kubernetes is a framework for building distributed platforms.

14. 14

15. Microservices Architecture • Modular • Easy to deploy • Scale

    Independently The Twelve-Factor App

16. 16

17. What is Orchestration ? “The planning or coordination of the

    elements of a situation to produce a desired effect, especially surreptitiously.”

18. 18

19. 19

20. Kubernetes Key Concepts Pod: Smallest Unit of Deployment in Kubernetes

    Replication Controller(Replica Set): A loop that drives the current state to desired state Service: A set of running pods that work together Volumes: Pod level storage and configuration

21. Service Discovery 1. ClusterIP (internal) -- the default type means

    that this Service is only visible inside of the cluster 2. NodePort gives each node in the cluster an externally accessible IP and 3. LoadBalancer adds a load balancer from the cloud provider which forwards traffic from the service to Nodes within it.

22. 22

23. Create Deploy Simulate End Chart Data Source Info Demo Time

    • Using Kubernetes Engine to Deploy Apps with Regional Persistent Disks

24. Kubernetes ease the Canary and Blue-Green deployments

25. Istio • Policy - Create a policy between the application.

    • Observability - Observer the behaviour • Security - per application instance • Reliability - consistent performance according to specification “Kubernetes changed how we deploy applications, Istio is going to change how we connect, manage and secure them.”

26. Kubernetes Best Practices • Building smaller containers. • Organizing many

    projects with Namespace • Health checking with Readiness and Liveness Probe • Mapping external services • Upgrade a cluster with zero downtime Source: Kubernetes Best Practices

27. Security Checklist for K8s • Scan all your docker images

    for vulnerability testing • Use RBAC over ABAC and assign optimum privileges to respective teams. • Configure a Security Context for a Pod running your service. • All the service endpoints should be protected. • The datastore like etcd must be secured. • Secret keys, encryption keys should be rotated over a period of time. • Only admin should have access to `kubectl` • Continuous Monitoring, log aggregation and analysis, etc.

28. Kubernetes Roadmap • Kubernetes ease the deployment and management of

    containerized application and services. • Containers, Micro-services, Kubernetes are long way to go. • Leverage the serverless technology to use resources for smaller period of time. • It will be great to see kubernetes into ML domain, IoT devices, blockchain technology or even self-driving cars running kubernetes.

29. Location Q/A

30. Location Thank you! /in/mohan08p @mohan08p