SlideShare a Scribd company logo

Centralizing Kubernetes and Container Operations

Download as PPTX, PDF
Kublr, profile picture
Kublr

The document discusses the importance of centralized operations for Kubernetes and container management, emphasizing Kublr's platform which aids enterprises in adopting these technologies. Key features include self-service governance, reliability, and support for multi-cluster environments, highlighting the operational aspects of Kubernetes such as monitoring, logging, and security. The presentation also mentions best practices for infrastructure automation, centralized monitoring, and log management using tools like Prometheus and Elasticsearch.

Technology
1 of 23
Downloaded 26 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Centralizing Kubernetes and Container Operations Oleg Chunikhin | CTO, Kublr
Introductions Oleg Chunikhin CTO, Kublr • Nearly 20 years in the field of software architecture and development. • Joined Kublr as the CTO in 2016. • Kublr is an enterprise Kubernetes management and operations platform that helps accelerate Kubernetes adoption and containerized applications management for enterprises.
History • Custom software development company • Dozens of projects per year • Varying target environments: clouds, on-prem, hybrid • Unified application delivery and ops platform wanted: monitoring, logs, security, multiple env, ...
Docker and Kubernetes to the Rescue • Docker is great, but local • Kubernetes is great... when it is up and running • Who sets up and operates K8S clusters? • Who takes care of operational aspects at scale? • How do you provide governance and ensure compliance?
Enterprise Kubernetes Needs Developers SRE/Ops/DevOps/SecOps • Self-service • Compatible • Conformant • Configurable • Open & Flexible • Org multi-tenancy • Single pane of glass • Operations • Monitoring • Log collection • Image management • Identity management • Security • Reliability • Performance • Portability
Kubernetes Management Platform Wanted • Portability – clouds, on-prem, air-gapped, different OS’ • Centralized multi-cluster operations saves resources – many environments (dev, prod, QA, ...), teams, applications • Self-service and governance for Kubernetes operations • Reliability – cluster self-healing, self-reliance • Limited management profile – cloud and K8S API • Architecture – flexible, open, pluggable, compatible • Sturdy – secure, scalable, modular, HA, DR etc.
Central Control Plane: Operations K8S Clusters Cloud(s) Data center API UI Log collection Operations Monitoring Authn and authz, SSO, federation Audit Image Repo Infrastructure management Backup & DR Dev K8S API Cloud API Prod PoC Dev
Central Control Plane: Operations
Infrastructure Automation Cluster: Self-Sufficiency Central control plane MASTER KUBLR overlay network, discovery, connectivity K8s Master Components: etcd, scheduler, API, controller Docker KUBELET KUBLRKUBELET NODE Docker overlay network, discovery, connectivity Infrastructure and Application containers Orchestration Store Secrets discovery Simple orchestration and configuration agent
Cluster: Portability • (Almost) everything runs in containers • Simple (single-binary) management agent • Minimal store requirements • Shared, eventually consistent • Secure: RW files for masters, RO for nodes • Thus the store can be anything: S3, SA, NFS, rsynced dir, provided files, ... • Minimal infra automation requirements • Configure and run configuration agent • Enable access to the store • Can be AWS CF, Azure ARM, BOSH, Ansible, ... • Load balancer is not required for multi-master; each agent can independently fail over to a healthy master Infrastructure Automation MASTER KUBLR overlay network, discovery, connectivity K8s Master Components: etcd, scheduler, API, controller Docker KUBELET KUBLRKUBELET NODE Docker overlay network, discovery, connectivity Infrastructure and Application containers Orchestration Store Secrets discovery
Cluster: Reliability • Rely on underlying platform as much as possible • ASG on AWS • IAM on AWS for store access • SA on Azure, S3 on AWS • ARM on Azure, CF on AWS • Minimal infrastructure SLA tolerate temporary failures • Multi-muster API failover on nodes • Resource management, memory requests and limits for OS and k8s components Infrastructure Automation MASTER KUBLR overlay network, discovery, connectivity K8s Master Components: etcd, scheduler, API, controller Docker KUBELET KUBLRKUBELET NODE Docker overlay network, discovery, connectivity Infrastructure and Application containers Orchestration Store
Central Control Plane: Logs and Metrics K8S Clusters Cloud(s) Data center API UI Operations Authn and authz, SSO, federation Image Repo Infrastructure management Backup & DR Dev K8S API Cloud API Prod PoC Dev Log collection Monitoring Audit
Centralized Monitoring and Log Collection. Why Bother? • Prometheus and ELK are heavy and not easy to operate; need attention and at least 4-8 Gb RAM... each, per cluster • Cloud/SaaS monitoring is not always permitted or available • Existing monitoring is often not container-aware • No aggregated view and analysis • No alerting governance
K8S Monitoring with Prometheus • Discover nodes, services, pods via K8S API • Query metrics from discovered endpoints • Endpoint are accessed directly via internal cluster addresses Kubernetes Cluster Prometheus Nodes K8S API Grafana Pods Discovery Srv Metrics
Centralized Monitoring Cluster registry PROMETHEUSGrafana K8S Proxy API nodes, pods, service endpoints Ship externally Ship externally Prometheus config Prometheus data Configurator Control plane KUBERNETES CLUSTER Prometheus (collector) Prometheus (collector)
Centralized Monitoring: Considerations • Prometheus resource usage tuning • Long-term storage (m3) • Configuration file growth with many clusters • Metrics labeling • Additional load on API server
Centralized Monitoring
K8S Logging with Elasticsearch • Fluentd runs on nodes • OS, K8s, and container logs collected and shipped to Elasticsearch • Kibana for visualization Kubernetes Cluster Elasticsearch Kibana Pods Logs
Prometheus (collector) RabbitMQ Centralized Log Collection Cluster registry K8S Proxy API Port forwarding MQTT Ship externally Messaging config Configurator Control plane RabbitMQ Shovel ElasticsearchLogstash Fluentd KUBERNETES CLUSTER filter filter analyze Ship externally MQTT Forwarder filter
Centralized Log Collection: Considerations • Tune Elasticsearch resource usage • Take into account additional load on API server • Log index structure normalization { "data": { "elasticsearch": { "version": "6.x" } } } { "flatData": [ { "key": "elasticsearch.version", "type": "string", "key_type": "elasticsearch.version.string", "value_string": "6.x" }, ... ] }
The Rest: Considerations • Identity management Use Identity Broker (e.g. KeyCloak): Users, Authn, Autzn, SSO, RBAC, Federation, ... • Backup and disaster recovery K8s metadata + app data/volumes: full cluster recovery or copy Docker image management Docker image registry (e.g. Nexus, Artifactory, Docker Hub); image scanning; air-gapped or isolated environment: image registries proxying and caching, “system” images
Q&A
Oleg Chunikhin Chief Technology Officer oleg@kublr.com @olgch Kublr | kublr.com @kublr Thank you!

More Related Content

PPTX
The Evolution of your Kubernetes Cluster
Kublr
 
PPTX
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Kublr
 
PDF
Kubernetes as Infrastructure Abstraction
Kublr
 
PPTX
Kubernetes data science and machine learning
Kublr
 
PPTX
Application Portability with Kubernetes (k8)
Kublr
 
PDF
Introduction to Kubernetes RBAC
Kublr
 
PPTX
Building Portable Applications with Kubernetes
Kublr
 
PDF
Kubernetes stack reliability
Oleg Chunikhin
 
The Evolution of your Kubernetes Cluster
Kublr
 
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Kublr
 
Kubernetes as Infrastructure Abstraction
Kublr
 
Kubernetes data science and machine learning
Kublr
 
Application Portability with Kubernetes (k8)
Kublr
 
Introduction to Kubernetes RBAC
Kublr
 
Building Portable Applications with Kubernetes
Kublr
 
Kubernetes stack reliability
Oleg Chunikhin
 

What's hot (20)

PDF
Centralizing Kubernetes Management in Restrictive Environments
Kublr
 
PPTX
Implement Advanced Scheduling Techniques in Kubernetes
Kublr
 
PPTX
Kubernetes in Highly Restrictive Environments
Kublr
 
PDF
Openstack days sv building highly available services using kubernetes (preso)
Allan Naim
 
PDF
Multi-cloud Kubernetes BCDR with Velero
Kublr
 
PDF
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...
Josef Adersberger
 
PDF
Setup Hybrid Clusters Using Kubernetes Federation
inwin stack
 
PDF
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Cloud Native Day Tel Aviv
 
PPTX
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)
Kublr
 
PDF
Managing kubernetes deployment with operators
Cloud Technology Experts
 
PDF
Kubernetes Networking 101
Kublr
 
PPTX
A Million ways of Deploying a Kubernetes Cluster
Jimmy Lu
 
PPTX
Kubernetes 1.16 and rancher 2.3 enhancements
Saiyam Pathak
 
PDF
Sf bay area Kubernetes meetup dec8 2016 - deployment models
Peter Ss
 
PDF
MongoDB.local DC 2018: MongoDB Ops Manager + Kubernetes
MongoDB
 
PPTX
Spinnaker on Kubernetes
Jinwoong Kim
 
PDF
WTF Do We Need a Service Mesh?
Anton Weiss
 
PDF
From Code to Kubernetes
Daniel Oliveira Filho
 
PPTX
Advanced Scheduling in Kubernetes
Kublr
 
PDF
Helm - Package Manager for Kubernetes
Knoldus Inc.
 
Centralizing Kubernetes Management in Restrictive Environments
Kublr
 
Implement Advanced Scheduling Techniques in Kubernetes
Kublr
 
Kubernetes in Highly Restrictive Environments
Kublr
 
Openstack days sv building highly available services using kubernetes (preso)
Allan Naim
 
Multi-cloud Kubernetes BCDR with Velero
Kublr
 
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...
Josef Adersberger
 
Setup Hybrid Clusters Using Kubernetes Federation
inwin stack
 
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Cloud Native Day Tel Aviv
 
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)
Kublr
 
Managing kubernetes deployment with operators
Cloud Technology Experts
 
Kubernetes Networking 101
Kublr
 
A Million ways of Deploying a Kubernetes Cluster
Jimmy Lu
 
Kubernetes 1.16 and rancher 2.3 enhancements
Saiyam Pathak
 
Sf bay area Kubernetes meetup dec8 2016 - deployment models
Peter Ss
 
MongoDB.local DC 2018: MongoDB Ops Manager + Kubernetes
MongoDB
 
Spinnaker on Kubernetes
Jinwoong Kim
 
WTF Do We Need a Service Mesh?
Anton Weiss
 
From Code to Kubernetes
Daniel Oliveira Filho
 
Advanced Scheduling in Kubernetes
Kublr
 
Helm - Package Manager for Kubernetes
Knoldus Inc.
 
Ad

Similar to Centralizing Kubernetes and Container Operations (20)

PDF
DevOpsDays Houston 2019 - Terry Shea - Centralizing Kubernetes Operations
DevOpsDays Houston
 
PDF
Kubernetes – An open platform for container orchestration
inovex GmbH
 
PPTX
Application portability with kubernetes
Oleg Chunikhin
 
PPTX
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
VMUG IT
 
PPTX
Moby KubeCon 2017
Patrick Chanezon
 
PDF
Intro into Rook and Ceph on Kubernetes
Kublr
 
PDF
Deploying kubernetes at scale on OpenStack
Victor Palma
 
PDF
DevConf.cz - Introduction to Kubernetes Operators for Databases
Juarez Junior
 
PDF
How Self-Healing Nodes and Infrastructure Management Impact Reliability
Kublr
 
PDF
Why kubernetes for Serverless (FaaS)
Krishna-Kumar
 
PDF
Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
CodeOps Technologies LLP
 
PDF
Hybrid architecture solutions with kubernetes and the cloud native stack
Kublr
 
PPTX
Container Conf 2017: Rancher Kubernetes
Vishal Biyani
 
PPTX
Introduction to Kubernetes
Vishal Biyani
 
PPTX
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Cynthia Thomas
 
PDF
Accelerate Application Innovation Journey with Azure Kubernetes Service
WinWire Technologies Inc
 
PDF
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Docker, Inc.
 
PDF
Navigating the Container Orchestration Maze
Alex Vranceanu
 
PDF
OSDC 2018 | Three years running containers with Kubernetes in Production by T...
NETWAYS
 
PDF
Monitoring kubernetes across data center and cloud
Datadog
 
DevOpsDays Houston 2019 - Terry Shea - Centralizing Kubernetes Operations
DevOpsDays Houston
 
Kubernetes – An open platform for container orchestration
inovex GmbH
 
Application portability with kubernetes
Oleg Chunikhin
 
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
VMUG IT
 
Moby KubeCon 2017
Patrick Chanezon
 
Intro into Rook and Ceph on Kubernetes
Kublr
 
Deploying kubernetes at scale on OpenStack
Victor Palma
 
DevConf.cz - Introduction to Kubernetes Operators for Databases
Juarez Junior
 
How Self-Healing Nodes and Infrastructure Management Impact Reliability
Kublr
 
Why kubernetes for Serverless (FaaS)
Krishna-Kumar
 
Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
CodeOps Technologies LLP
 
Hybrid architecture solutions with kubernetes and the cloud native stack
Kublr
 
Container Conf 2017: Rancher Kubernetes
Vishal Biyani
 
Introduction to Kubernetes
Vishal Biyani
 
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Cynthia Thomas
 
Accelerate Application Innovation Journey with Azure Kubernetes Service
WinWire Technologies Inc
 
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Docker, Inc.
 
Navigating the Container Orchestration Maze
Alex Vranceanu
 
OSDC 2018 | Three years running containers with Kubernetes in Production by T...
NETWAYS
 
Monitoring kubernetes across data center and cloud
Datadog
 
Ad

More from Kublr (9)

PDF
Container Runtimes and Tooling, v2
Kublr
 
PDF
Container Runtimes and Tooling
Kublr
 
PDF
Kubernetes in Hybrid Environments with Submariner
Kublr
 
PDF
Kubernetes Ingress 101
Kublr
 
PDF
Kubernetes persistence 101
Kublr
 
PDF
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Kublr
 
PDF
Kubernetes 101
Kublr
 
PDF
Setting up CI/CD Pipeline with Kubernetes and Kublr step by-step
Kublr
 
PDF
How to Run Kubernetes in Restrictive Environments
Kublr
 
Container Runtimes and Tooling, v2
Kublr
 
Container Runtimes and Tooling
Kublr
 
Kubernetes in Hybrid Environments with Submariner
Kublr
 
Kubernetes Ingress 101
Kublr
 
Kubernetes persistence 101
Kublr
 
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Kublr
 
Kubernetes 101
Kublr
 
Setting up CI/CD Pipeline with Kubernetes and Kublr step by-step
Kublr
 
How to Run Kubernetes in Restrictive Environments
Kublr
 

Recently uploaded (20)

PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPTX
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PDF
GamePlan Trading System Review: Professional Trader's Honest Take
SOFTTECHHUB
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Advanced IT Governance
University of Hertfordshire
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
GamePlan Trading System Review: Professional Trader's Honest Take
SOFTTECHHUB
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Teaching material agriculture food technology
LiaRayya
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Advanced IT Governance
University of Hertfordshire
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 

Centralizing Kubernetes and Container Operations

  • 1. Centralizing Kubernetes and Container Operations Oleg Chunikhin | CTO, Kublr
  • 2. Introductions Oleg Chunikhin CTO, Kublr • Nearly 20 years in the field of software architecture and development. • Joined Kublr as the CTO in 2016. • Kublr is an enterprise Kubernetes management and operations platform that helps accelerate Kubernetes adoption and containerized applications management for enterprises.
  • 3. History • Custom software development company • Dozens of projects per year • Varying target environments: clouds, on-prem, hybrid • Unified application delivery and ops platform wanted: monitoring, logs, security, multiple env, ...
  • 4. Docker and Kubernetes to the Rescue • Docker is great, but local • Kubernetes is great... when it is up and running • Who sets up and operates K8S clusters? • Who takes care of operational aspects at scale? • How do you provide governance and ensure compliance?
  • 5. Enterprise Kubernetes Needs Developers SRE/Ops/DevOps/SecOps • Self-service • Compatible • Conformant • Configurable • Open & Flexible • Org multi-tenancy • Single pane of glass • Operations • Monitoring • Log collection • Image management • Identity management • Security • Reliability • Performance • Portability
  • 6. Kubernetes Management Platform Wanted • Portability – clouds, on-prem, air-gapped, different OS’ • Centralized multi-cluster operations saves resources – many environments (dev, prod, QA, ...), teams, applications • Self-service and governance for Kubernetes operations • Reliability – cluster self-healing, self-reliance • Limited management profile – cloud and K8S API • Architecture – flexible, open, pluggable, compatible • Sturdy – secure, scalable, modular, HA, DR etc.
  • 7. Central Control Plane: Operations K8S Clusters Cloud(s) Data center API UI Log collection Operations Monitoring Authn and authz, SSO, federation Audit Image Repo Infrastructure management Backup & DR Dev K8S API Cloud API Prod PoC Dev
  • 9. Infrastructure Automation Cluster: Self-Sufficiency Central control plane MASTER KUBLR overlay network, discovery, connectivity K8s Master Components: etcd, scheduler, API, controller Docker KUBELET KUBLRKUBELET NODE Docker overlay network, discovery, connectivity Infrastructure and Application containers Orchestration Store Secrets discovery Simple orchestration and configuration agent
  • 10. Cluster: Portability • (Almost) everything runs in containers • Simple (single-binary) management agent • Minimal store requirements • Shared, eventually consistent • Secure: RW files for masters, RO for nodes • Thus the store can be anything: S3, SA, NFS, rsynced dir, provided files, ... • Minimal infra automation requirements • Configure and run configuration agent • Enable access to the store • Can be AWS CF, Azure ARM, BOSH, Ansible, ... • Load balancer is not required for multi-master; each agent can independently fail over to a healthy master Infrastructure Automation MASTER KUBLR overlay network, discovery, connectivity K8s Master Components: etcd, scheduler, API, controller Docker KUBELET KUBLRKUBELET NODE Docker overlay network, discovery, connectivity Infrastructure and Application containers Orchestration Store Secrets discovery
  • 11. Cluster: Reliability • Rely on underlying platform as much as possible • ASG on AWS • IAM on AWS for store access • SA on Azure, S3 on AWS • ARM on Azure, CF on AWS • Minimal infrastructure SLA tolerate temporary failures • Multi-muster API failover on nodes • Resource management, memory requests and limits for OS and k8s components Infrastructure Automation MASTER KUBLR overlay network, discovery, connectivity K8s Master Components: etcd, scheduler, API, controller Docker KUBELET KUBLRKUBELET NODE Docker overlay network, discovery, connectivity Infrastructure and Application containers Orchestration Store
  • 12. Central Control Plane: Logs and Metrics K8S Clusters Cloud(s) Data center API UI Operations Authn and authz, SSO, federation Image Repo Infrastructure management Backup & DR Dev K8S API Cloud API Prod PoC Dev Log collection Monitoring Audit
  • 13. Centralized Monitoring and Log Collection. Why Bother? • Prometheus and ELK are heavy and not easy to operate; need attention and at least 4-8 Gb RAM... each, per cluster • Cloud/SaaS monitoring is not always permitted or available • Existing monitoring is often not container-aware • No aggregated view and analysis • No alerting governance
  • 14. K8S Monitoring with Prometheus • Discover nodes, services, pods via K8S API • Query metrics from discovered endpoints • Endpoint are accessed directly via internal cluster addresses Kubernetes Cluster Prometheus Nodes K8S API Grafana Pods Discovery Srv Metrics
  • 15. Centralized Monitoring Cluster registry PROMETHEUSGrafana K8S Proxy API nodes, pods, service endpoints Ship externally Ship externally Prometheus config Prometheus data Configurator Control plane KUBERNETES CLUSTER Prometheus (collector) Prometheus (collector)
  • 16. Centralized Monitoring: Considerations • Prometheus resource usage tuning • Long-term storage (m3) • Configuration file growth with many clusters • Metrics labeling • Additional load on API server
  • 18. K8S Logging with Elasticsearch • Fluentd runs on nodes • OS, K8s, and container logs collected and shipped to Elasticsearch • Kibana for visualization Kubernetes Cluster Elasticsearch Kibana Pods Logs
  • 19. Prometheus (collector) RabbitMQ Centralized Log Collection Cluster registry K8S Proxy API Port forwarding MQTT Ship externally Messaging config Configurator Control plane RabbitMQ Shovel ElasticsearchLogstash Fluentd KUBERNETES CLUSTER filter filter analyze Ship externally MQTT Forwarder filter
  • 20. Centralized Log Collection: Considerations • Tune Elasticsearch resource usage • Take into account additional load on API server • Log index structure normalization { "data": { "elasticsearch": { "version": "6.x" } } } { "flatData": [ { "key": "elasticsearch.version", "type": "string", "key_type": "elasticsearch.version.string", "value_string": "6.x" }, ... ] }
  • 21. The Rest: Considerations • Identity management Use Identity Broker (e.g. KeyCloak): Users, Authn, Autzn, SSO, RBAC, Federation, ... • Backup and disaster recovery K8s metadata + app data/volumes: full cluster recovery or copy Docker image management Docker image registry (e.g. Nexus, Artifactory, Docker Hub); image scanning; air-gapped or isolated environment: image registries proxying and caching, “system” images
  • 22. Q&A
  • 23. Oleg Chunikhin Chief Technology Officer oleg@kublr.com @olgch Kublr | kublr.com @kublr Thank you!

Editor's Notes

  • #4: Where the project comes from Company overview Kubernetes as a solution – standardized delivery platform Kubernetes is great for managing containers, but who manages Kubernetes? How to streamline monitoring and collection of logs with multiple Kubernetes clusters?
  • #7: Requirements Portability – support for cloud environments, on prem deployment, and isolated deployments Multi-cluster operations support Centralized log collection and monitoring Reliability – self healing, modularity, cluster self-reliance Limited connectivity profile – do not require many ports Architecture – flexible, open, pluggable Security
  • #10: The control plane is only critically involved in the cluster when the cluster is created The control plane uses cloud specific infrastructure management automation frameworks – CF, ARM, BOSH, VMware, etc. After the cluster infrastructure is created and configured, the cluster does not need the control plane Self-coordination via the orchestration store Orchestration store and underlying platform are the only coordination devices the cluster needs to operate and recover failures from Masters and nodes are configured for the orchestration store access Master(s) will try to get secrets and discovery information from the store; if not available – will generate and publish a new set With multiple masters – the latest published package wins Nodes will take the latest published data and use it.
  • #14: Prometheus
  • #15: Prometheus
  • #16: Control plane keeps track of managed clusters Configurator reconfigures Prometheus when cluster list changes Prometheus configuration is in K8S config maps