Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Evolving Kubernetes

Mohan Pawar
September 25, 2018

Evolving Kubernetes

Introduction to Evolving Kubernetes at Google Cloud Developer Community, Mumbai. Explaning what is Kubernetes along with understanding the service discovery with a two tier application deployment demo. Thank you.

Mohan Pawar

September 25, 2018
Tweet

More Decks by Mohan Pawar

Other Decks in Technology

Transcript

  1. We must treat the data center itself as one massive

    warehouse-scale computer #GoogleNext18 #NextExtended
  2. Microservices Architecture • Modular • Easy to deploy • Scale

    Independently The Twelve-Factor App #GoogleNext18 #NextExtended
  3. What is Orchestration? “The planning or coordination of the elements

    of a situation to produce a desired effect, especially surreptitiously.” #GoogleNext18 #NextExtended
  4. The Dev people managing infrastructure just want a PaaS. The

    only requirement is: It has to be build by them #GoogleNext18 #NextExtended
  5. Kubernetes Key Concept Pod: Smallest Unit of Deployment in Kubernetes

    Replication Controller(Replica Set): A loop that drives the current state to desired state Service: A set of running pods that work together Volumes: Pod level storage and configuration #GoogleNext18 #NextExtended
  6. Service Discovery • Persistent Endpoint for the pods • Internal

    or External IPs • Enables loose coupling b/w micro-services #GoogleNext18 #NextExtended
  7. Service Types 1. ClusterIP (internal) -- the default type means

    that this Service is only visible inside of the cluster 2. NodePort gives each node in the cluster an externally accessible IP and 3. LoadBalancer adds a load balancer from the cloud provider which forwards traffic from the service to Nodes within it. #GoogleNext18 #NextExtended
  8. Evolving Stack... Connect, Manage and Secure Services End application Packaging

    e.g. tarball Better cluster Deployment #GoogleNext18 #NextExtended
  9. Istio • Policy - Create a policy between the application.

    • Observability - Observer the behaviour • Security - per application instance • Reliability - consistent performance according to specification “Kubernetes changed how we deploy applications, Istio is going to change how we connect, manage and secure them.”
  10. Kubernetes Best Practices • Building smaller containers. • Organizing many

    projects with Namespace • Health checking with Readiness and Liveness Probe • Mapping external services • Upgrade a cluster with zero downtime
  11. Security Checklist for K8s • Scan all your docker images

    for vulnerability testing • Use RBAC over ABAC and assign optimum privileges to respective teams. • Configure a Security Context for a Pod running your service. • All the service endpoints should be protected. • The datastore like etcd must be secured. • Secret keys, encryption keys should be rotated over a period of time. • Only admin should have access to `kubectl` • Continuous Monitoring, log aggregation and analysis, etc.
  12. Future of K8s • Kubernetes ease the deployment and management

    of containerized application and services. • Containers, Micro-services, Kubernetes are long way to go. • Leverage the serverless technology to use resources for smaller period of time. • It will be great to see kubernetes into ML domain, IoT devices, blockchain technology or even self-driving cars running using kubernetes.