【第2回】はじめてのRancherシリーズ「Hosted Rancher編」

Transcript

1. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 1

   © Copyright 2020 Rancher Labs. All Rights Reserved. 1 Hosted Rancher 2020/06/05 CHENG Field Engineer

2. About me Jianqiang Cheng（ͪΜ） Field Engineer at Rancher Labs. [email protected]

   slack.rancher.jp ▪Favorite technologies: Rancher, Kubernetes, AWS, Jenkins. ▪Certifications:

3. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 3

   3 Agenda • Why Rancher? • Why Hosted Rancher? • Demo

4. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 4

   Rancher – Kubernetes Management Platform

5. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 5

   Container Image Application Code Application Dependencies Container Image

6. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 6

   Container Image Container Image Container Container Container

7. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 7

   Containers are great……..but Managing a couple – no problem

8. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 8

   Containers are great……..but How about managing many? How do we address: Networking, Security, Scheduling, Automation, etc?

9. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 9

   DEV DATA CENTER CLOUD BRANCH EDGE ü Common API & Packaging ü Health Checks/HA ü Load Balancing ü Overlay Networking ü Network Security Policies ü Backup and Recovery ü Autoscaling ü Service Discovery ü Networking ü RBAC & Access Control © Copyright 2020 Rancher Labs. All Rights Reserved. 9 Kubernetes

10. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 10

    Kubernetesを正しく管理出来なければ、 オーバーヘッドとリスクを発生させる可能性 集中的な管理と 可視化が出来ない 一貫した セキュリティポリシーが 適用出来ていない 管理がサイロ化 されていることがある よくあるKubernetesクラスタの実情は、 © Copyright 2020 Rancher Labs. All Rights Reserved. 10

11. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 11

    Rancherは幅広いプラットフォームに対応 Hybrid Cloud、Multi Cloud一元管理を実現 Infrastructure ITOps DevOps - Provisioning - Auth/RBAC - Policy - Security - Capacity © Copyright 2020 Rancher Labs. All Rights Reserved. 11 - User Interface - Service Catalog - CI/CD - Monitoring - Logging - Alerting クラスタ一元管理 セルフサービス クラスタ環境の利用 Amazon EKS Azure AKS Google GKE Cloud Datacenter Dev Branch Edge Windows Linux

12. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 12

    Kubernetes KubernetesΤίγεςϜ͕ɺ๲େͳ΋ͷͰ͢ - https://landscape.cncf.io (These are just the Storage projects)

13. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 13

    RancherがKubernetesにもたらすもの 13 Network & Storage Registry App Catalog Monitoring Kubernetes Container Runtime CI/CD Service Mesh Logging Security RBAC & PSP Authentication What Rancher takes an SLA on Manage all this? … or this? Rancher Certified Integrations Cloud Datacenter Dev Branch Edge Google GKE Azure AKS Amazon EKS

14. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 14

    UseCase – Alpaca Japan

15. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 15

    Alpaca Japanのインフラ 引用：https://speakerdeck.com/taishin/rancherday2019-alpacajapan

16. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 16

    Rancherによる課題解決 引用：https://speakerdeck.com/taishin/rancherday2019-alpacajapan

17. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 17

    Rancherによる課題解決 引用：https://speakerdeck.com/taishin/rancherday2019-alpacajapan

18. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 18

    Rancherによる課題解決 引用：https://speakerdeck.com/taishin/rancherday2019-alpacajapan

19. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 19

    Rancherによる課題解決 引用：https://speakerdeck.com/taishin/rancherday2019-alpacajapan

20. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 20

    Hosted Rancher

21. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 21

    nRancherの構築と運用の手間を省きたい n運用管理メンバーが足りない n環境関連の問合せを減らしたい Customer Pain Points nRancherの構築運用のベストプラクティスが知らない nRancherバージョンアップの作業に不安を感じる nノンコア業務のRancher運用を他社に任せたい

22. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 22

    Typical Rancher Deployment Rancher HA Deployment etcd etcd etcd Endpoint URL On-premises infrastructure Cloud infrastructure Imported Clusters EKS AKS GKE Vanity URL Endpoint Hosted Rancher HA Deployment

23. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 23

    Rancher recommended set up model Rancher Management Server Cluster - prod All-in-one nodes (cp/etcd/worker) Node Node Node Node Node Node Node Node Node Node Node Managed Kubernetes Cluster 1 – prod Node Node Node Node Node Node Node Node Node Managed Kubernetes Cluster 2 – prod Node Control Plane etcd Worker Worker Node Node Node Node Node Node Node Cluster 3- Hosted K8S - prod Control Plane etcd Node Worker Cloud Hosted (GKE, EKS, AKS) Environment The Rancher Management Server cluster manages all downstream k8s. The k8s required to run Rancher are not counted in the down stream Rancher host count. No cost. Rancher hosts are the downstream Kubernetes compute nodes managed by the Rancher Management Server cluster. Control Plane etcd Worker

24. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 24

    How Hosted Rancher works RDS ALB ASG VPC Downstream cluster (on-prem datacenter) Downstream clusters (cloud-hosted) Customer on-prem datacenter RKE Etcd Nodes RKE Control Plane Nodes Control Plane MS AD or LDAP Route 53 DNS API/UI over HTTPS/TLS (443) Customer RKE Worker Nodes RKE Worker Nodes RKE Worker Nodes Worker Nodes RKE Worker Nodes vSphere Nodes VPC Peering or VPN Splunk Elasticsearch etc Websocket over HTTPS/TLS (443)

25. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 25

    Hosted RancherͷϝϦοτ Add-on to Platinum subscription ‘White glove’ DevOps service with 99.9% SLA Remote monitoring and log management by Rancher’s experts Hosted Rancher control plane, available 24/7/365 Stress-free upgrades, security patches & backups Maintain full visibility & control of downstream clusters 24/7/365の稼働 99.9%の可用性 Rancher管理者権限の付与 Rancher定期メンテナンス不要 Rancher運用監視不要 サポートの追加オプションとして提供

26. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 26

    • Amazon Web Services (AWS) • Packer & Terraform • Ubuntu Server 18.04.3 LTS • K8s -> K3s • Docker -> Containerd • etcd -> MySQL using RDS • Prometheus Monitoring & Alerting (via Rancher) • Longhorn (for metrics persistent storage) • Latest stable Rancher Tech Stack

27. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 27

    Demo

28. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 28

    RancherがKubernetesにもたらすもの 28 Network & Storage Registry App Catalog Monitoring Kubernetes Container Runtime CI/CD Service Mesh Logging Security RBAC & PSP Authentication What Rancher takes an SLA on Manage all this? … or this? Rancher Certified Integrations Cloud Datacenter Dev Branch Edge Google GKE Azure AKS Amazon EKS

29. © Copyright 2020 Rancher Labs. All Rights Reserved. Confidential 31

    5IBOLT ͋Γ͕ͱ͏͍͟͝·͢ɻ