SlideShare a Scribd company logo

6 Things You Need to Know to Safely Run Kubernetes

VMware Tanzu, profile picture
VMware Tanzu

This document is a presentation on safely running Kubernetes clusters. It discusses the need for soft multi-tenancy between namespaces, using a cloud-native approach to managing Kubernetes clusters, establishing clear roles and personas, handling stateful workloads, differences between Kubernetes implementations, and adopting new operational practices. The presentation provides examples and recommendations on each of these topics to help users run Kubernetes clusters safely and effectively.

Technology
Related topics:
Cloud Architecture
1 of 51
Downloaded 25 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
© Copyright 2018 Pivotal Software, Inc. All rights Reserved. Version 1.0 6 Things You Need to Know to Safely Run Kubernetes Cornelia Davis Vice President, Technology, Pivotal April 2019
Cover w/ Image Me? Developer (wasn’t Ops) Web architectures for >10 years Cloud-native for 6+ years Cloud Foundry for 6+ years Discount code 40% off!: 40cloudnat https://www.manning.com/books/cloud-native-patterns @cdavisafc
❤ 💕 💕 💕 ❤ ❤ 💕 🌈 🦋
6 Things You Need to Know to Safely Run Kubernetes
Let’s have a look at some things you need to get right…
#1 - Soft Multi-tenancy
K8s Cluster Kubernetes Master
Kubernetes Master API Server Controller Manager DNS Scheduler … …
Kubernetes Master API Server Controller Manager DNS Scheduler … Kubelet Kube Proxy Kubelet Kube Proxy
Kubernetes Master API Server Controller Manager DNS Scheduler … Namespace 1: Kubelet Kube Proxy Kubelet Kube Proxy Namespace 2: These are all shared components That are not namespace aware!!!
Kubernetes Master API Server Controller Manager DNS Scheduler … Namespace 1: Kubelet Kube Proxy Kubelet Kube Proxy Namespace 2: Limitations: ● Noisy neighbors (workloads can affect other tenants) ● Tenants share the same network ● Tenants share DNS ● Tenants share Configuration ● …
https://blog.jessfraz.com/post/hard-multi-tenancy-in-kubernetes/
Kubernetes Master API Server Controller Manager DNS Scheduler … Namespace 1: Kubelet Kube Proxy Kubelet Kube Proxy Namespace 2: The suggestion: Give each tenant their own set of K8s controller components.
Kubernetes Master API Server Controller Manager DNS Scheduler Kubelet Kube Proxy Kubelet Kube Proxy Tenant 1: Kubernetes Master API Server Controller Manager DNS Scheduler Kubelet Kube Proxy Kubelet Kube Proxy Tenant 2: Leverage 20 years of maturity in hypervisor- based security!
Multi-cluster https://content.pivotal.io/blog/kubernetes-one-cluster-or-many
#2 - Cloud-native Cluster Management
Kubernetes Takes Care of Your Workloads Image Cache etcd K8s Master Worker Worker Worker Kubernetes Scheduler Desired State Actual State Replica Set Controller LoadBalancer
But who is taking care of your Kubernetes?
VMs are Monitored IaaSBOSH Worker AGENT Master AGENT etcd AGENT Message Bus Health Monitor Responses: pager email monitoring ressurector … BOSH Director Desired State Actual State Message Bus
VMs are Monitored IaaSBOSH Worker AGENT Master AGENT etcd AGENT Message Bus Health Monitor Responses: pager email monitoring ressurector … BOSH Director Desired State Actual State Worker AGENT etcd AGENT BOSH Director Message Bus
VMs are Monitored IaaSBOSH Worker AGENT Master AGENT etcd AGENT Message Bus Health Monitor Responses: pager email monitoring ressurector … BOSH Director Desired State Actual State CPI BOSH Director Message Bus Worker AGENT etcd AGENT
PKS does for your Kubernetes what Kubernetes does for your apps
#3 - Who are Your Personas?
Teams Delivering Outcomes Platform Team Application Team Iteratively building and delivering digital offerings to the consumer Enabling the app teams all while maintaining Security Compliance Resilience Cost Efficiency Your Application Code Virtualized Infrastructure
6 Things You Need to Know to Safely Run Kubernetes
Warning!!! kubectl delete deploy kubectl delete node This is workload related. This is cluster related!
#4 - Stateful Services?
https://twitter.com/kelseyhightower/status/963413508300812295 But a even more has happened since then!
Kubernetes Master Stateless workloads: ● Can be moved around ● Aided by service discovery ● Don’t have a particular start order ● Bind to backing services for state
Kubernetes Master
Kubernetes Master Stateful workloads: ● Start order dependencies ● Storage % & % &
Kubernetes Master Stateful workloads: ● Start order dependencies ● Storage Kubernetes abstractions: ● Stateful sets ● Persistent volumes/persistent volume claims % & % &
Kubernetes Master Stateful workloads: ● Start order dependencies ● Storage Kubernetes abstractions: ● Stateful sets ● Persistent volumes/persistent volume claims % & % &
Warning!!! Availability Zone 1 Availability Zone2 ? ? Storage classes have different behaviors Data replication needs to be handled out of band
#5 - K8s is K8s is K8s - right? (Spoiler alert: Nope)
https://twitter.com/kelseyhightower/status/935252923721793536
You are probably doing multi-cloud kubectl PKS AKS GKE EKS
Kubernetes Master API Server Controller Manager DNS Scheduler … … There are 150 flags you can set on startup There are many different controllers that affect workload behaviors Your chosen machine types can affect your workloads (i.e. standard CPU vs. GPU) Cluster addons affect your workloads
You are probably doing multi-cloud kubectl PKS AKS GKE EKS Different cluster configurations -> Different workload behaviors
6 Things You Need to Know to Safely Run Kubernetes
You are probably doing multi-cloud kubectl PKS PKS PKS PKS Same cluster configurations across all clouds
#6 - New Operational Practices
You are probably doing multi-cloud kubectl PKS AKS GKE EKS pks az gcloud aws 4 times the: - Skills - Scripts - Runbooks - …
Where should the abstractions lie? kubectl PKS PKS PKS PKS pks pks pks pks
https://content.pivotal.io/blog/happy-monday-how-to-fix-a-kubernetes-cve-before-your-boss-and-the-rest-of-the-world-reads-about-it
Embedded OS (Windows & Linux) NSX-T CPI (15 methods) v1 v2 v3 ... CVEs Product Updates vSphere Azure & 
 Azure StackGoogle CloudAWSOpenstack Pivotal
 Network “3Rs” Concourse Repair — CVEs Repave Rotate — Credhub Pivotal Application Service (PAS) Pivotal Container Service (PKS) Pivotal Services
 Marketplace Pivotal Function Service (PFS) Do you trust your software delivery supply chain? https://www.youtube.com/watch?v=1qcTu2QUtrU
6 Things You Need to Know to Safely Run Kubernetes
Slaying Dragons
Slaying Dragons 1. Think about your tenancy needs 2.You need something to take care of your Kubernetes clusters 3.Great care needed in establishing roles and permissions 4.Stateful workloads work - need to be deliberate about persistence 5.There is no such thing as “Vanilla Kubernetes” 6.Establish new operational practices
Transforming How The World Builds Software © Copyright 2017 Pivotal Software, Inc. All rights Reserved.
Cover w/ Image Me? Developer (wasn’t Ops) Web architectures for >10 years Cloud-native for 6+ years Cloud Foundry for 6+ years Discount code 40% off!: 40cloudnat https://www.manning.com/books/cloud-native-patterns @cdavisafc

More Related Content

PDF
You Might Just be a Functional Programmer Now
cornelia davis
 
PDF
Pivotal Cloud Foundry 2.5: A First Look
VMware Tanzu
 
PDF
Zero-downtime deployment of Micro-services with Kubernetes
Wojciech Barczyński
 
PDF
PCF: Platform for a New Era - Kubernetes for the Enterprise - London
VMware Tanzu
 
PDF
Pivotal Cloud Foundry 2.0: First Look
VMware Tanzu
 
PDF
Kubernetes Docker Container Implementation Ppt PowerPoint Presentation Slide ...
SlideTeam
 
PDF
Kubernetes: one cluster or many
cornelia davis
 
PPTX
Building Developer Pipelines with PKS, Harbor, Clair, and Concourse
VMware Tanzu
 
You Might Just be a Functional Programmer Now
cornelia davis
 
Pivotal Cloud Foundry 2.5: A First Look
VMware Tanzu
 
Zero-downtime deployment of Micro-services with Kubernetes
Wojciech Barczyński
 
PCF: Platform for a New Era - Kubernetes for the Enterprise - London
VMware Tanzu
 
Pivotal Cloud Foundry 2.0: First Look
VMware Tanzu
 
Kubernetes Docker Container Implementation Ppt PowerPoint Presentation Slide ...
SlideTeam
 
Kubernetes: one cluster or many
cornelia davis
 
Building Developer Pipelines with PKS, Harbor, Clair, and Concourse
VMware Tanzu
 

What's hot (20)

PDF
Kube Your Enthusiasm - Paul Czarkowski
VMware Tanzu
 
PPTX
Basics of Kubernetes on BOSH: Run Production-grade Kubernetes on the SDDC
Matt McNeeney
 
PDF
Helm - Package Manager for Kubernetes
Knoldus Inc.
 
PDF
Cloud Native Microservices with Spring Cloud
Conor Svensson
 
PDF
Pivotal Container Service (PKS) at SF Cloud Foundry Meetup
cornelia davis
 
PPTX
What is Windows Azure Platform
David Chou
 
PPTX
12 Factor App
Erkan Erol
 
PDF
Spring Boot Observability
VMware Tanzu
 
PDF
쿠버네티스를 이용한 기능 브랜치별 테스트 서버 만들기 (GitOps CI/CD)
충섭 김
 
PDF
Intro to GKE and app deployment with Kubernetes
GDG Cloud Bengaluru
 
PDF
Welcome - Kubernetes for the Enterprise - London
VMware Tanzu
 
PDF
Weave GitOps Core Overview (Free GitOps Workshop)
Weaveworks
 
PDF
PCF Cloud-Native Workshop Slides
VMware Tanzu
 
PDF
Getting MongoDB to a Developer Fast - Kubernetes for the Enterprise - London
VMware Tanzu
 
PPTX
Delivering Cloud Native Batch Solutions - Dodd Pfeffer
VMware Tanzu
 
PPTX
Kubernetes: від знайомства до використання у CI/CD
Stfalcon Meetups
 
PPTX
Going Serverless with Kubeless In Google Container Engine (GKE)
Bitnami
 
PPTX
Microservices with kubernetes @190316
Jupil Hwang
 
PDF
Kubernetes Multi-cluster without Federation - Kubecon EU 2018
Rob Szumski
 
PDF
What’s New in Spring Data MongoDB
VMware Tanzu
 
Kube Your Enthusiasm - Paul Czarkowski
VMware Tanzu
 
Basics of Kubernetes on BOSH: Run Production-grade Kubernetes on the SDDC
Matt McNeeney
 
Helm - Package Manager for Kubernetes
Knoldus Inc.
 
Cloud Native Microservices with Spring Cloud
Conor Svensson
 
Pivotal Container Service (PKS) at SF Cloud Foundry Meetup
cornelia davis
 
What is Windows Azure Platform
David Chou
 
12 Factor App
Erkan Erol
 
Spring Boot Observability
VMware Tanzu
 
쿠버네티스를 이용한 기능 브랜치별 테스트 서버 만들기 (GitOps CI/CD)
충섭 김
 
Intro to GKE and app deployment with Kubernetes
GDG Cloud Bengaluru
 
Welcome - Kubernetes for the Enterprise - London
VMware Tanzu
 
Weave GitOps Core Overview (Free GitOps Workshop)
Weaveworks
 
PCF Cloud-Native Workshop Slides
VMware Tanzu
 
Getting MongoDB to a Developer Fast - Kubernetes for the Enterprise - London
VMware Tanzu
 
Delivering Cloud Native Batch Solutions - Dodd Pfeffer
VMware Tanzu
 
Kubernetes: від знайомства до використання у CI/CD
Stfalcon Meetups
 
Going Serverless with Kubeless In Google Container Engine (GKE)
Bitnami
 
Microservices with kubernetes @190316
Jupil Hwang
 
Kubernetes Multi-cluster without Federation - Kubecon EU 2018
Rob Szumski
 
What’s New in Spring Data MongoDB
VMware Tanzu
 
Ad

Similar to 6 Things You Need to Know to Safely Run Kubernetes (20)

PPTX
Episode 2: Deploying Kubernetes at Scale
Mesosphere Inc.
 
PDF
Cloud-Native Operations with Kubernetes and CI/CD
VMware Tanzu
 
PPTX
Pivotal Container Service Overview
VMware Tanzu
 
PDF
PKS: The What and How of Enterprise-Grade Kubernetes
VMware Tanzu
 
PDF
Kubermatic.pdf
LibbySchulze
 
PDF
Kubermatic CNCF Webinar - start.kubermatic.pdf
LibbySchulze
 
PDF
Where should I run my code? Serverless, Containers, Virtual Machines and more
Bret McGowen - NYC Google Developer Advocate
 
PDF
Rancher Rodeo 13 mai 2022
SUSE
 
PDF
Kubo (Cloud Foundry Container Platform): Your Gateway Drug to Cloud-native
VMware Tanzu
 
PDF
Kubo (Cloud Foundry Container Platform): Your Gateway Drug to Cloud-native
cornelia davis
 
PDF
1. CNCF kubernetes meetup - Ondrej Sika
Juraj Hantak
 
PDF
Amazon Container Services – 유재석 (AWS 솔루션즈 아키텍트)
Amazon Web Services Korea
 
PDF
AWS Container Services – 유재석 (AWS 솔루션즈 아키텍트)
Amazon Web Services Korea
 
PPTX
GIDS 2019: Developing Apps with Containers, Functions and Cloud Services
Patrick Chanezon
 
PDF
Rancher Rodeo
SUSE
 
PDF
'DOCKER' & CLOUD: ENABLERS For DEVOPS
ACA IT-Solutions
 
PDF
Docker and Cloud - Enables for DevOps - by ACA-IT
Stijn Wijndaele
 
PDF
Kubernetes at Google Cloud Community Copenhagen
Kevin Simper
 
PDF
AWS 고객사를 위한 ‘AWS 컨테이너 교육’ - 유재석, AWS 솔루션즈 아키텍트
Amazon Web Services Korea
 
PPTX
Operating Kubernetes at Scale (Australia Presentation)
Mesosphere Inc.
 
Episode 2: Deploying Kubernetes at Scale
Mesosphere Inc.
 
Cloud-Native Operations with Kubernetes and CI/CD
VMware Tanzu
 
Pivotal Container Service Overview
VMware Tanzu
 
PKS: The What and How of Enterprise-Grade Kubernetes
VMware Tanzu
 
Kubermatic.pdf
LibbySchulze
 
Kubermatic CNCF Webinar - start.kubermatic.pdf
LibbySchulze
 
Where should I run my code? Serverless, Containers, Virtual Machines and more
Bret McGowen - NYC Google Developer Advocate
 
Rancher Rodeo 13 mai 2022
SUSE
 
Kubo (Cloud Foundry Container Platform): Your Gateway Drug to Cloud-native
VMware Tanzu
 
Kubo (Cloud Foundry Container Platform): Your Gateway Drug to Cloud-native
cornelia davis
 
1. CNCF kubernetes meetup - Ondrej Sika
Juraj Hantak
 
Amazon Container Services – 유재석 (AWS 솔루션즈 아키텍트)
Amazon Web Services Korea
 
AWS Container Services – 유재석 (AWS 솔루션즈 아키텍트)
Amazon Web Services Korea
 
GIDS 2019: Developing Apps with Containers, Functions and Cloud Services
Patrick Chanezon
 
Rancher Rodeo
SUSE
 
'DOCKER' & CLOUD: ENABLERS For DEVOPS
ACA IT-Solutions
 
Docker and Cloud - Enables for DevOps - by ACA-IT
Stijn Wijndaele
 
Kubernetes at Google Cloud Community Copenhagen
Kevin Simper
 
AWS 고객사를 위한 ‘AWS 컨테이너 교육’ - 유재석, AWS 솔루션즈 아키텍트
Amazon Web Services Korea
 
Operating Kubernetes at Scale (Australia Presentation)
Mesosphere Inc.
 
Ad

More from VMware Tanzu (20)

PDF
Spring into AI presented by Dan Vega 5/14
VMware Tanzu
 
PDF
What AI Means For Your Product Strategy And What To Do About It
VMware Tanzu
 
PDF
Make the Right Thing the Obvious Thing at Cardinal Health 2023
VMware Tanzu
 
PPTX
Enhancing DevEx and Simplifying Operations at Scale
VMware Tanzu
 
PDF
Spring Update | July 2023
VMware Tanzu
 
PPTX
Platforms, Platform Engineering, & Platform as a Product
VMware Tanzu
 
PPTX
Building Cloud Ready Apps
VMware Tanzu
 
PDF
Spring Boot 3 And Beyond
VMware Tanzu
 
PDF
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
VMware Tanzu
 
PDF
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
VMware Tanzu
 
PDF
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
VMware Tanzu
 
PPTX
tanzu_developer_connect.pptx
VMware Tanzu
 
PDF
Tanzu Virtual Developer Connect Workshop - French
VMware Tanzu
 
PDF
Tanzu Developer Connect Workshop - English
VMware Tanzu
 
PDF
Virtual Developer Connect Workshop - English
VMware Tanzu
 
PDF
Tanzu Developer Connect - French
VMware Tanzu
 
PDF
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
VMware Tanzu
 
PDF
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
VMware Tanzu
 
PDF
SpringOne Tour: The Influential Software Engineer
VMware Tanzu
 
PDF
SpringOne Tour: Domain-Driven Design: Theory vs Practice
VMware Tanzu
 
Spring into AI presented by Dan Vega 5/14
VMware Tanzu
 
What AI Means For Your Product Strategy And What To Do About It
VMware Tanzu
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
VMware Tanzu
 
Enhancing DevEx and Simplifying Operations at Scale
VMware Tanzu
 
Spring Update | July 2023
VMware Tanzu
 
Platforms, Platform Engineering, & Platform as a Product
VMware Tanzu
 
Building Cloud Ready Apps
VMware Tanzu
 
Spring Boot 3 And Beyond
VMware Tanzu
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
VMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
VMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
VMware Tanzu
 
tanzu_developer_connect.pptx
VMware Tanzu
 
Tanzu Virtual Developer Connect Workshop - French
VMware Tanzu
 
Tanzu Developer Connect Workshop - English
VMware Tanzu
 
Virtual Developer Connect Workshop - English
VMware Tanzu
 
Tanzu Developer Connect - French
VMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
VMware Tanzu
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
VMware Tanzu
 
SpringOne Tour: The Influential Software Engineer
VMware Tanzu
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
VMware Tanzu
 

Recently uploaded (20)

PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Teaching material agriculture food technology
LiaRayya
 
A Presentation on Artificial Intelligence
memembruh336
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
KodekX | Application Modernization Development
KodekX
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 

6 Things You Need to Know to Safely Run Kubernetes