Podman on Kubernetes Cluster Production Grade

by Estu Fardani

Slide 1

Slide 1 text

Required Magic advanced technology Podman on Kubernetes Cluster Production Grade

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

About Me ● Estu Fardani / tuanpembual ● openSUSE ID ● Cloud Engineer ● Deploy DevOps Culture and K8S

Slide 4

Slide 4 text

Agenda ● Why a hard way ? Challenge will face ● How to do? ● Design Production Grade ● Expand Design ● Install Stuff ● Testing ● Q&A

Slide 5

Slide 5 text

Why so hard ? ● Solved with Kubic, but ... ● Cloud provider with ISO upload is minority ● Or run openSUSE is limited (Leap 42.3, 15(?)) ● Podman + Cri-O on Kubernetes Platform, where?

Slide 6

Slide 6 text

How to do? ● No openSUSE on AWS,GCP. But SLES available. ● Use Alibaba Cloud, with Leap 15.2 ● Podman +Cri-O need kube 1.19, only on Tumbleweed ● Install Leap 15.2 and upgrade to Tumbleweed

Slide 7

Slide 7 text

Design Production Grade ● High Availability ● Self Healing ● Auto-scaling Support ● Isolation (DMZ)

Slide 8

Slide 8 text

Design Production Grade

Slide 9

Slide 9 text

Expand Design ● Add more nodes ● Add more features ● Remove potential SPOF (single point of failure)

Slide 10

Slide 10 text

Expand Design

Slide 11

Slide 11 text

Load Balance and API Gateway

Slide 12

Slide 12 text

Install Stuff | Where is podman? ## Upgrade to Tumbleweed $ zypper dup $ modprobe overlay $ modprobe br_netfilter $ vim /etc/sysctl.conf net.ipv4.ip_forward = 1 net.ipv4.conf.all.forwarding = 1 net.bridge.bridge-nf-call-iptables = 1 $ sysctl -p $ zypper in cri-o cri-tools kubernetes-kubeadm kubernetes-client podman $ systemctl enable kubelet $ systemctl start kubelet $ kubeadm init #on master $ kubectl apply -f calico.yml $ kubeadm join #on node

Slide 13

Slide 13 text

Testing.. Create simple yaml for k8s as usual - nginx testing - service using nodeport

Slide 14

Slide 14 text

YAML # deployment spec: containers: - name: hello image: tuanpembual/hello imagePullPolicy: Always ports: - name: http containerPort: 80 protocol: TCP # service spec: type: NodePort selector: app: hello ports: - name: http nodePort: 30000 port: 80 targetPort: 80

Slide 15

Slide 15 text

Open: http://147.139.169.40:30000/

Slide 16

Slide 16 text

References ● https://tuanpembual.wordpress.com/2019/12/23/high-availability- kubernetes-cluster-di-alibaba-cloud/ ● https://tuanpembual.wordpress.com/2020/10/15/run-opensuse- kubic-like-k8s-podman-cri-o-on-alibaba-cloud/

Slide 17

Slide 17 text

Q & A

Slide 18

Slide 18 text

All text and image content in this document is licensed under the Creative Commons Attribution-Share Alike 4.0 License (unless otherwise specified). “LibreOffice” and “The Document Foundation” are registered trademarks. Their respective logos and icons are subject to international copyright laws. The use of these thereof is subject to trademark policy. Finish Thank You