Slide 1

Slide 1 text

How to Make Kubernetes Rhyme with Prod-Readiness Tiffany Jernigan VMware Matthias Häußler Novatec

Slide 2

Slide 2 text

@maeddes @tiffanyfayj Who we are Tiffany Jernigan Sr. Dev Advocate, VMware @tiffanyfayj Matthias Häußler Chief Technologist, Novatec @maeddes

Slide 3

Slide 3 text

@maeddes @tiffanyfayj Why this talk?

Slide 4

Slide 4 text

@maeddes @tiffanyfayj

Slide 5

Slide 5 text

@maeddes @tiffanyfayj 🎉 🎉 🥰 🥰 🥳

Slide 6

Slide 6 text

@maeddes @tiffanyfayj What is production readiness?

Slide 7

Slide 7 text

@maeddes @tiffanyfayj 🎉 🎉 🥰 🥰 🥳

Slide 8

Slide 8 text

@maeddes @tiffanyfayj Prod readiness in detail ● Has undergone rigorous testing and quality assurance ● Ensured it’s reliable, stable and secure ● Performs optimally under expected load and traffic conditions ● Adaptive to unexpected load/traffic conditions and failures ● Properly documented & described ● Consistently and repeatably buildable ● Monitored and Observable - Ability to identify and resolve issues quickly ● "Future-proofing": Being able to upgrade to patch security issues

Slide 9

Slide 9 text

@maeddes @tiffanyfayj What does “vanilla” Kubernetes provide?

Slide 10

Slide 10 text

@maeddes @tiffanyfayj @maeddes @tiffanyfayj

Slide 11

Slide 11 text

@maeddes @tiffanyfayj @maeddes @tiffanyfayj

Slide 12

Slide 12 text

@maeddes @tiffanyfayj @maeddes @tiffanyfayj

Slide 13

Slide 13 text

@maeddes @tiffanyfayj @maeddes @tiffanyfayj

Slide 14

Slide 14 text

@maeddes @tiffanyfayj @maeddes @tiffanyfayj

Slide 15

Slide 15 text

@maeddes @tiffanyfayj

Slide 16

Slide 16 text

@maeddes @tiffanyfayj

Slide 17

Slide 17 text

@maeddes @tiffanyfayj What is “vanilla” Kubernetes missing?

Slide 18

Slide 18 text

@maeddes @tiffanyfayj Summary

Slide 19

Slide 19 text

@maeddes @tiffanyfayj Infrastructure

Slide 20

Slide 20 text

@maeddes @tiffanyfayj Infrastructure

Slide 21

Slide 21 text

@maeddes @tiffanyfayj Networking - Inbound traffic @maeddes @tiffanyfayj

Slide 22

Slide 22 text

@maeddes @tiffanyfayj Networking - Traffic control

Slide 23

Slide 23 text

@maeddes @tiffanyfayj Networking - Traffic control

Slide 24

Slide 24 text

@maeddes @tiffanyfayj O11y

Slide 25

Slide 25 text

@maeddes @tiffanyfayj O11y

Slide 26

Slide 26 text

@maeddes @tiffanyfayj Security - API Access / RBAC

Slide 27

Slide 27 text

@maeddes @tiffanyfayj Workloads

Slide 28

Slide 28 text

@maeddes @tiffanyfayj Workloads

Slide 29

Slide 29 text

@maeddes @tiffanyfayj Workloads

Slide 30

Slide 30 text

@maeddes @tiffanyfayj Workloads

Slide 31

Slide 31 text

@maeddes @tiffanyfayj GitSecOps

Slide 32

Slide 32 text

@maeddes @tiffanyfayj “Summary”

Slide 33

Slide 33 text

@maeddes @tiffanyfayj Summary

Slide 34

Slide 34 text

@maeddes @tiffanyfayj pod logs logs observability kubelet logs control plane logs metrics-server metrics time series database (Prom, etc) tracing tracing ingress controller networking service mesh Gateway API network policies security secret manager PVC backups infrastructure/ backups control plane backups (if applicable) cluster autoscaler (when applicable)

Slide 35

Slide 35 text

No content

Slide 36

Slide 36 text

@maeddes @tiffanyfayj Infrastructure

Slide 37

Slide 37 text

@maeddes @tiffanyfayj Network

Slide 38

Slide 38 text

@maeddes @tiffanyfayj Observability

Slide 39

Slide 39 text

@maeddes @tiffanyfayj Security

Slide 40

Slide 40 text

@maeddes @tiffanyfayj Workloads

Slide 41

Slide 41 text

@maeddes @tiffanyfayj And now what?

Slide 42

Slide 42 text

@maeddes @tiffanyfayj

Slide 43

Slide 43 text

@maeddes @tiffanyfayj Management

Slide 44

Slide 44 text

@maeddes @tiffanyfayj @maeddes @tiffanyfayj

Slide 45

Slide 45 text

@maeddes @tiffanyfayj Novatec Training Environment

Slide 46

Slide 46 text

@maeddes @tiffanyfayj

Slide 47

Slide 47 text

@maeddes @tiffanyfayj Cloud vs On-Prem

Slide 48

Slide 48 text

@maeddes @tiffanyfayj Managed vs Self-Hosted @maeddes @tiffanyfayj

Slide 49

Slide 49 text

@maeddes @tiffanyfayj

Slide 50

Slide 50 text

@maeddes @tiffanyfayj Summary ● In the end there is no right or wrong, it is more about the decision where to invest the time and money ■ Maintain the stack yourself -> Invest in the skill and have it in-house ■ Have someone done it for you -> Invest in service providers ● In general we recommend to use the highest abstraction possible Don’t solve problems which have already been solved! ● Using and relying on a ready tested platform will let you focus more on higher abstractions -> your apps! ● If there is a managed solution that suits your needs -> use it! ● If you want to manage the stack yourself -> get enablement & consultancy

Slide 51

Slide 51 text

@maeddes @tiffanyfayj Please reach out to us! Tiffany Jernigan Sr. Dev Advocate, VMware @tiffanyfayj Matthias Häußler Chief Technologist, Novatec @maeddes Feedback :)

Slide 52

Slide 52 text

No content

Slide 53

Slide 53 text

@maeddes @tiffanyfayj Sponsor Shout-Out! Thank you to our Session Recording Sponsor: