Tweet
Tweet

Slide 1

Slide 1 text

Deploying Rock Solid Applications with Kubernetes https://bit.ly/2LafjmT @jelmersnoeck

Slide 2

Slide 2 text

FIND ME github.com/jelmersnoeck twitter.com/jelmersnoeck Jelmer Snoeck ABOUT ME - Tech Lead at manifold.co - <3 Kubernetes - <3 Golang

Slide 3

Slide 3 text

What even are Rock Solid Applications? @jelmersnoeck

Slide 4

Slide 4 text

Secure Applications @jelmersnoeck

Slide 5

Slide 5 text

Highly Available Applications @jelmersnoeck

Slide 6

Slide 6 text

@jelmersnoeck

Slide 7

Slide 7 text

Disclaimer: simplified YAML for demo purposes @jelmersnoeck

Slide 8

Slide 8 text

@jelmersnoeck

Slide 9

Slide 9 text

@jelmersnoeck

Slide 10

Slide 10 text

Security @jelmersnoeck

Slide 11

Slide 11 text

@jelmersnoeck

Slide 12

Slide 12 text

Pod Security Policies @jelmersnoeck

Slide 13

Slide 13 text

@jelmersnoeck

Slide 14

Slide 14 text

@jelmersnoeck

Slide 15

Slide 15 text

RBAC @jelmersnoeck

Slide 16

Slide 16 text

@jelmersnoeck

Slide 17

Slide 17 text

@jelmersnoeck

Slide 18

Slide 18 text

@jelmersnoeck

Slide 19

Slide 19 text

@jelmersnoeck

Slide 20

Slide 20 text

@jelmersnoeck

Slide 21

Slide 21 text

@jelmersnoeck

Slide 22

Slide 22 text

@jelmersnoeck

Slide 23

Slide 23 text

or… @jelmersnoeck

Slide 24

Slide 24 text

@jelmersnoeck

Slide 25

Slide 25 text

@jelmersnoeck

Slide 26

Slide 26 text

Network Policies @jelmersnoeck

Slide 27

Slide 27 text

@jelmersnoeck

Slide 28

Slide 28 text

@jelmersnoeck

Slide 29

Slide 29 text

@jelmersnoeck

Slide 30

Slide 30 text

Caveat: availability depends on your networking plugin @jelmersnoeck

Slide 31

Slide 31 text

Security @jelmersnoeck

Slide 32

Slide 32 text

High Availability @jelmersnoeck

Slide 33

Slide 33 text

What even is High Availability? @jelmersnoeck

Slide 34

Slide 34 text

This talk is not about High Availability for nodes @jelmersnoeck

Slide 35

Slide 35 text

@jelmersnoeck

Slide 36

Slide 36 text

@jelmersnoeck

Slide 37

Slide 37 text

@jelmersnoeck

Slide 38

Slide 38 text

Deployments @jelmersnoeck

Slide 39

Slide 39 text

Replicas + UpdateStrategy @jelmersnoeck

Slide 40

Slide 40 text

@jelmersnoeck

Slide 41

Slide 41 text

@jelmersnoeck

Slide 42

Slide 42 text

@jelmersnoeck

Slide 43

Slide 43 text

@jelmersnoeck

Slide 44

Slide 44 text

@jelmersnoeck

Slide 45

Slide 45 text

@jelmersnoeck

Slide 46

Slide 46 text

@jelmersnoeck

Slide 47

Slide 47 text

@jelmersnoeck

Slide 48

Slide 48 text

@jelmersnoeck

Slide 49

Slide 49 text

@jelmersnoeck

Slide 50

Slide 50 text

@jelmersnoeck

Slide 51

Slide 51 text

@jelmersnoeck

Slide 52

Slide 52 text

(Anti)Affinity @jelmersnoeck

Slide 53

Slide 53 text

@jelmersnoeck

Slide 54

Slide 54 text

@jelmersnoeck

Slide 55

Slide 55 text

@jelmersnoeck

Slide 56

Slide 56 text

@jelmersnoeck

Slide 57

Slide 57 text

@jelmersnoeck

Slide 58

Slide 58 text

Probes @jelmersnoeck

Slide 59

Slide 59 text

@jelmersnoeck

Slide 60

Slide 60 text

Caveat: Circular Dependencies @jelmersnoeck

Slide 61

Slide 61 text

Caveat: Circular Dependencies @jelmersnoeck

Slide 62

Slide 62 text

Caveat: Circular Dependencies @jelmersnoeck

Slide 63

Slide 63 text

Caveat: Circular Dependencies @jelmersnoeck

Slide 64

Slide 64 text

Caveat: Circular Dependencies @jelmersnoeck

Slide 65

Slide 65 text

PodDisruptionBudget @jelmersnoeck

Slide 66

Slide 66 text

@jelmersnoeck

Slide 67

Slide 67 text

@jelmersnoeck

Slide 68

Slide 68 text

@jelmersnoeck

Slide 69

Slide 69 text

@jelmersnoeck

Slide 70

Slide 70 text

@jelmersnoeck

Slide 71

Slide 71 text

@jelmersnoeck

Slide 72

Slide 72 text

Prevent misconfiguration @jelmersnoeck

Slide 73

Slide 73 text

Linting?

Slide 74

Slide 74 text

Webhooks!

Slide 75

Slide 75 text

@jelmersnoeck

Slide 76

Slide 76 text

@jelmersnoeck

Slide 77

Slide 77 text

@jelmersnoeck

Slide 78

Slide 78 text

@jelmersnoeck

Slide 79

Slide 79 text

@jelmersnoeck

Slide 80

Slide 80 text

@jelmersnoeck

Slide 81

Slide 81 text

Webhooks - Barbossa - Azure Kubernetes Policy Controller (OPA) - Anchore Engine - … @jelmersnoeck

Slide 82

Slide 82 text

We’re hiring… <3 @jelmersnoeck

Slide 83

Slide 83 text

Thanks I’ll be around for questions FIND ME github.com/jelmersnoeck twitter.com/jelmersnoeck SPECIAL THANKS TO twitter.com/megthesmith

Slide 84

Slide 84 text

Resources - https://hackernoon.com/deploying-rock-solid-applications-with-kubernetes-2 30fd9bb61f4 - https://thenewstack.io/myth-cloud-native-portability - https://kubernetes.io/docs/concepts/policy/pod-security-policy/ - https://kubernetes.io/docs/reference/access-authn-authz/rbac/ - https://kubernetes.io/docs/concepts/services-networking/network-policies/ - https://kubernetes.io/docs/concepts/workloads/controllers/deployment/ - https://container-solutions.com/kubernetes-deployment-strategies/ - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinit y-and-anti-affinity - https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ - https://kubernetes.io/docs/tasks/configure-pod-container/configure-livenes s-readiness-probes/ - https://banzaicloud.com/blog/k8s-admission-webhooks/ - https://github.com/jelmersnoeck/barbossa - https://github.com/Azure/kubernetes-policy-controller @jelmersnoeck