Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Das Gruselkabinett des Dr. Kube

Nicolas Byl
September 06, 2018
Technology
0
200

Das Gruselkabinett des Dr. Kube

Nicolas Byl

September 06, 2018
Tweet

More Decks by Nicolas Byl

See All by Nicolas Byl
Lean Prototyping for Industrial-IoT Projects
nbyl
0
13
DevSecOps - Vom Unikum zur gut geölten Maschine
nbyl
0
35
Securing your software supply chain
nbyl
0
180
Keeping-Up-WithUpstream.pdf
nbyl
0
64
Dr. Kube und der Helm - Anatomie einer CD-Pipeline
nbyl
0
63
Securing the "other" supply chain
nbyl
0
180
Kubernetes - Auf die Cluster, Fertig, Los!
nbyl
0
86
Helm - Kubernetes Deployments richtig gemacht
nbyl
0
66
It's the developers, stupid!
nbyl
0
100

Other Decks in Technology

See All in Technology
Data-Centric AIのためのベンチマーク
x_ttyszk
0
460
ChatGPTがもたらす新しいチーム開発の現場
satoshirobatofujimoto
0
170
ChatGPTを聞き手にしよう
niryuu
0
420
Microsoft Build 2023 で発表された Cosmos DB の注目アップデート / Microsoft Build 2023 Cosmos DB update
miyake
1
130
NAB Show 2023 動画技術関連レポート / NAB Show 2023 Report
cyberagentdevelopers
PRO
1
120
[春のDojo祭り'23] いまからでも遅くない!データベース超入門 ハンズオン編
leekwangsoo1995
2
310
MySQL and Vitess (and Kubernetes) at HubSpot
jfg956
0
150
ChatGPTをどう使うか?(JJUGナイトセミナー5/23)
shin_higuchi
0
720
Антихрупкость в IT или как полюбить изменения
alexanderbyndyu
0
290
ジェネレーティブAI実践入門/20230524
yoshidashingo
5
2.6k
組織の立ち上げと体制変更の1年
tarappo
2
510
NestJS をかじってみた / MIERUNE BBQ #01 / #mierune
tacck
0
190

Featured

See All Featured
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
39
3.7k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
9
780
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
176
9.4k
How GitHub Uses GitHub to Build GitHub
holman
466
280k
Happy Clients
brianwarren
90
5.9k
Clear Off the Table
cherdarchuk
81
300k
Building a Scalable Design System with Sketch
lauravandoore
451
31k
The Language of Interfaces
destraynor
149
21k
The Cult of Friendly URLs
andyhume
70
5.2k
Mobile First: as difficult as doing things right
swwweet
213
8k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
350
28k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
16
1.3k

Transcript

  1. 1
    BED-CON 2018

    View Slide

  2. 2

    View Slide

  3. 3
    http://pxhere.com/de/photo/901604

    View Slide

  4. 4
    CRONJOBS
    4
    https://pxhere.com/de/photo/237

    View Slide

  5. 5

    View Slide

  6. 6

    View Slide

  7. 7

    View Slide

  8. 8
    • Use Kubernetes CronJobs
    • Cluster-wide Scheduling
    • Save Ressources
    • https://kubernetes.io/docs/tasks/job/automated-tasks-
    with-cron-jobs

    View Slide

  9. 9
    APPLICATION
    SERVER
    9
    http://pxhere.com/de/photo/1241325

    View Slide

  10. 10
    • Deploying multiple Server
    instances, sharing a volume.
    • Applications are deployed to
    volume
    • Flaws
    • No Rolling-Upgrades
    • Manual Rollback
    • Single Point of Failure
    • What is your artifact?
    Persistent Volume
    /usr/local/tomcat/webapps/
    ROOT.war
    App1.war

    View Slide

  11. 11
    VIEL HILFT VIEL
    1
    1
    https://pxhere.com/de/photo/819785

    View Slide

  12. 12
    1
    2
    https://pxhere.com/de/photo/499735

    View Slide

  13. 13
    1
    3
    https://pxhere.com/de/photo/500088

    View Slide

  14. 14
    1
    4
    https://pxhere.com/de/photo/497849

    View Slide

  15. 15
    Use small base images
    1
    Short startup times
    No debugging tools
    Split different runtimes across different containers
    Lookout for your image size (e.g. package caches, …)
    2
    3
    4
    5
    15
    1
    5
    Small is beautiful
    https://pxhere.com/de/photo/864475

    View Slide

  16. 16
    • You don’t need debugging, you
    need observability:
    • Pod Lifecycles
    • Scaling
    • Cluster Rebalancing
    • Monitoring
    • Metrics
    • Cluster State
    • Tracing

    View Slide

  17. 17
    GOD POD
    1
    7
    https://pxhere.com/de/photo/1061483

    View Slide

  18. 18
    • Running processes inside your
    container behing some init system
    (systemd, supervisord, …)
    • Hiding process state from your
    container runtime.
    • Restarts?
    • Separation of concerns?
    • Logs?
    • Patching?
    • Start-Up Times?
    Docker Container
    • supervisord
    • Application 1
    • Application 2
    • …
    • Applicaiton N

    View Slide

  19. 19
    • The bigger your pods, the harder
    your scheduling
    • Horizontal Scaling?
    • Pods are scheduled, upgraded and
    restarted as a unit
    • Use one pod per container, unless
    you know what you’re doing!
    Pod
    Application 1
    Application 2
    Application 3
    Application N

    View Slide

  20. 20
    MATROSCHKA
    CLUSTER
    2
    0
    https://pxhere.com/de/photo/842115

    View Slide

  21. 21

    View Slide

  22. 22
    • A technology is matroschka complete when it can be
    deployed onto itself.
    • The matroschka level is the number of layers between a
    deployment and the hosting deployment of the same
    technology.

    View Slide

  23. 23
    Nesting other clusters inside Kubernetes is tricky
    1
    Use StatefulSets for predictable Hostnames and
    Storage Provisioning
    Use clusters with reasonable recovery times from split
    brains and node failures
    Consider re-architecting your application into stateless
    containers
    2
    3
    4
    23
    2
    3
    https://pxhere.com/de/photo/864475

    View Slide

  24. 24
    POD THE BUILDER
    2
    4
    https://pxhere.com/de/photo/1087298

    View Slide

  25. 25
    • Docker Daemon is needed to build
    docker images
    • Solution: Passthrough of socket into
    build container
    • Paraphrasing: You are granting
    control of your host to not yet
    verified code.
    Host
    Build
    Docker
    Daemon
    App
    App
    Socket

    View Slide

  26. 26
    Possible solution: Docker-in-Docker (still need
    priviledged access to the linux kernel)
    1
    Evaluate alternative builders: kaniko, jib
    Mitigation: Split clusters between development and
    other stages
    Caveat: If building in cluster, look at serviceaccount,
    too!
    2
    3
    4
    26
    2
    6
    https://pxhere.com/de/photo/864475
    https://pxhere.com/de/photo/833821

    View Slide

  27. 27
    DER LETZTE
    SCHREI
    2
    7
    https://pxhere.com/de/photo/764418

    View Slide

  28. JOHN DOE
    28
    https://pxhere.com/de/photo/1059431

    View Slide

  29. 29
    • Which version are you running now?
    • Docker-Tags are not immutable
    • Rolling Upgrades work only when
    definitions are changed
    • What was deployed at what time?

    View Slide

  30. 30

    View Slide

  31. 31
    [email protected]
    31
    http://www.twitter.com/NicolasByl

    View Slide

  32. 32
    BONUSLEVEL:
    SWEET MEMORIES
    3
    2
    https://pxhere.com/de/photo/992494

    View Slide

  33. 33
    • Kubernetes knows hard and soft
    limits for memory and CPU
    • Take care if doing manually!
    • Strategies:
    • Hide behind workflow tool
    • Teach your users
    • compliance-check your deployments
    • Use an aware Runtime!
    (JDK 9+)

    View Slide