SlideShare a Scribd company logo

ING Data Services hosted on ICHP DoK Amsterdam 2023

DoKC, profile picture
DoKC

The document provides an overview of the ING Container Hosting Platform (ICHP) and its data services, emphasizing the platform's features such as scalability, compliance, and automation. It compares ICHP v1 and v2, highlighting improvements in infrastructure provision, security measures, and deployment processes. Additionally, it discusses various storage layer options and data service responsibilities to optimize persistent data management within containerized environments.

Technology
1 of 35
Download to read offline
1
2
3
4
5
Most read
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Most read
21
Most read
22
23
24
25
26
27
28
29
30
31
32
33
34
35
April 2023 Tor Bendiksen and Luuk Stolk, ING ICHP Tiger Team Stateful workloads on a container platform Data Services hosted on ICHP
2 1. Introduction 2. Containers and (Non-)Persistence 3. Data Services hosted on ICHP 4. ICHP v1 vs ICHP v2 5. Storage Layer Options Agenda
3 Introduction
Our Market Leaders We serve 37 million customers in more than 40 countries Our Challengers & Growth markets § Netherlands* § Belgium § Luxembourg § Australia § France ** § Germany § Italy § Spain Wholesale Banking international network and global franchises Challengers Markets Growth Markets Market Leaders Map highlights countries where ING has an office (**) In 2022, ING discontinued its retail activities in these markets § Poland § Romania § Turkey § Philippines ** § Stakes in Asia (*) ING’s corporate head office is located in Amsterdam, The Netherlands 4 Get to know us Tor Bendiksen Luuk Stolk Our purpose Empowering people to stay a Step ahead in life and in business Our priorities Sustainability at the heart Superior customer experience ING at a glance
5 What is ICHP ING Container Hosting Platform Standardized OpenShift/Kubernetes hosting platform Namespace as a Service for container workloads on ING Private Cloud Dedicated clusters for hosting Data Services Self Service through ING Cloud Portal Integration with Azure DevOps for application workload deployment Based on Bare Metal for all consumer workloads With over 2000 namespaces on non-production and 500 on production
6 Containers and (non-)persistence
Containers and Non-Persistence 7 Worker Node 1 • Pods and containers are ephermeral / volatile • Apps in containers should be stateless processes • No persistency inside the container for (12 factor) apps Worker Node 2 * https://12factor.net/
Worker Node 2 Containers and Persistence 8 Worker Node 1 • Use external data services for persistence • Generic services for common persistent data store solutions DBaaS Bind config S3 ELK
9 Data Services hosted on ICHP
Data Services hosted on ICHP 10 Work Load– Worker Nodes Ingress / Routing PostgreSQL Elastic Cluster • Ready to deploy platform • Compliancy • Cost reduction • Leverage platform capabilities for ü Scalability ü Resilience ü Automation
Keep your data SAFE – ELKaaS use case 11 Portworx Ø Scalability of platform Ø Availability Ø Fast Ø Elasticity + 2 cores + 100 GB
Keep your data SAFE – HA/DR Cluster 1 Portworx Cluster 2 Portworx Data Center 1 Data Center 2
Service Model for Data Services 13 Kubernetes Platform Azure DevOps NaaS ICHP Namespace Namespace Namespace IPC Portal Request Deploy IPC Consumer Use Kubernetes Platform NaaS ICHP Namespace Namespace Namespace Data Service Data Service Instance Data Service Owner Responsibility Portworx • Data replication • Resilient to for instance node / volume outages • Backup / restore • Zone aware deployment • Local storage capability with persistent volume interface • (Technical) capabilities to guarantee local storage SLA • Namespace as a Service • Compliant platform
Double Replication, to do or not to do 14 Portworx S3 Snapshot Replication Replication Preventing nodes or disks to become single point of failure for data availability
15 Projects on Data Services v2 ELKaaS • Elastic 8 • Custom ELKaaS Operator MDPL • RTK2 primary • IAT • Many additional components Cloud Pak for Data • Data lake workloads • IBM backed • Portworx based See also: ING Booth (S75) MDPL session: Thursday 16:30 – 17:30
Past, Current and Potential Data Services candidates 16 Messaging/ Eventing Pulsar Kafka • AKS SAS Viya 4 Undecided PSQL CloudNative PG operator Undecided
Scale / sizing of implementations ICHP v2 17 Cores Memory Pods Storage Namespaces Bandwidth Nodes Stateless Non Prod 2304 27648 GB 24000 n/a 2600 2x 25 GB per node 36 Stateless Prod 1536 18432 GB 5000 n/a 475 2x 25 GB per node 24 MDPL 1536 18432 GB 5500 153 / 122 TB 20 4x 25 GB per node 24 ELKaaS 1280 15360 GB 2800 2150 / 1720 TB 170 4x 25 GB per node 20 CP4D 640 7860 GB n/a 14 / 12 TB n/a 4x 25 GB per node 10 * ICHPv1 Stateless ü Namespaces Prod: 612 Non-Prod: 3500 ü Pods Prod: 18500 Non-Prod: 25000 ü Nodes Prod: 80 Non-Prod: 300
Risk & security ICHP v2 18 Security Event Monitoring / Anomaly Detection Falco, Kubernetes audit logs State Compliancy OpenShift Compliance Operator, NIST based Policy Management Kyverno State enforcement / configuration drift detection GitOps - Argo CD Image scanning (shift left) Prisma Cloud Immutability • No high privileged access to clusters and nodes • No terminal and ssh access to containers in Acceptance and Production • Read-only access to namespaces, only deployments through Azure DevOps pipelines • No privileged containers • No local persistency except for Data Services Multi-tenancy • Network policies • Resource quotas See also: April 19th 11:00 - Thijs Ebbers & Diana Iordan: Zero Privilege Architectures
19 ICHPv1 vs ICHPv2
20 What has changed • Openshift 4 • Installer Provisioned Infrastructure • Hands off installation • Hands off running • GitOps
21 Drift Detection and Reconciliation Target environment Git Repo Pull Request Pull code Automatically… Detect deviations in your target environment from the desired state (in Git) Enforce the desired state
22 GitOps@ICHP – What do we use it for? Deploy and manage ICHP clusters Server / OoenShift configuration Feature deployment and configuration E.g. API’s, Logging and Monitoring, Risk and Security tooling (TSCM, SEM, etc) Bare OpenShift cluster incl. GitOps Configure Server / OpenShift ADO Pipeline Install features OpenShift GitOps See also: ING Booth (S75) GitOps session: Wednesday 16:30 – 17:30
23 Storage Layer Options
Portworx 24 Pros • Class leading • The only viable early choice • Unbeatable speed • Enterprise ready • Good support • Rapid development Cons • Documentation • Aggressive caching • Rapid development
Rook 25 • Rook used for orchestration • Ceph for storage backend • File, Block and Object storage • Replication across nodes/zones • Feature parity in primary use Components • Ceph-mon • Ceph-osd • Ceph-mds • Ceph-rgw • Ceph-mgr
26 In a Nutshell
27 ICHP Data Service Hosting Characteristics • Not for direct use by application containers Ø Application containers should continue to use data services for persistency • Dynamic volume provisioning (no pre allocation required) with Portworx • Dedicated storage clusters for • Serving storage volumes • Running data service related container workload • Use of local disks (SATA SSD – RAID 5) • Namespaced volumes (not accessible from other namespaces) • Support for fully automated provisioning • Infrastructure platform risk controls covered • No overcommit on storage allocation • Availability zone awareness
28 Questions?
29 Thank you and come see us at KubeCon! April 19th 11:00 Talk Thijs Ebbers & Diana Iordan: Zero Privilege Architectures April 19th 16:30 Talk Adnan Hodzic: K8s, Resistance is Futile April 20th 10:30 Booth S75 Tor Bendiksen & Luuk Stolk: Meet the Speakers April 20th 11:30 Booth S75 Mark de Jong & Rob de Boer: ICHP Workload deployment Quality April 20th 12:30 Booth S75 Robbin Siepman: ICHP Namespace as a Service April 18th 16:30 Booth S75 Arijan Luiken & Salvatore Vitale: Banking Observability at Scale Booth S75 Jan-Willem Bijma & Kamil Nocon: GitOps@ING
SlideShare.net/ING @ING_News LinkedIn.com/company/ING YouTube.com/ING Flickr.com/INGGroup Facebook.com/ING ing.com Medium.com/ing-blog Follow us
ING Data Services hosted on ICHP DoK Amsterdam 2023
32 Backup Slides
Availability - Red / Blue zone awareness 33 Portworx App X App X
Why Data Services? 34 • Cost effective • Keep applications as ‘disposable’ components • Dealing with persistent data is complex • Very specific requirements that can (potentially) break compliancy • Therefore: single stakeholder, solution pattern and concern
Keep your data SAFE 35 Scalable Add nodes Add disks Available Replication Zone aware Fast Local SSD Short I/O path Elastic Fast pod (auto)scaling Resize on demand How? • Run data services on a Kubernetes compatible container based storage provider • Portworx

More Related Content

PPTX
Oracle Cloud Infrastructure Overview Deck.pptx
LabibKhairi
 
PDF
ING Container Hosting Platform - 3 years onward_with Kube_for distribution.pdf
Thijs Ebbers
 
PDF
ING microServices
Andrei Rugina
 
PPTX
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Timothy McAliley
 
PDF
Top Trends in Application Architecture That Enable.pdf
MantoshKumarSingh7
 
PDF
Introduction to Azure
Robert Crane
 
PPSX
Cloud Architecture - Multi Cloud, Edge, On-Premise
Araf Karsh Hamid
 
PDF
A Cloud Journey - Move to the Oracle Cloud
Markus Michalewicz
 
Oracle Cloud Infrastructure Overview Deck.pptx
LabibKhairi
 
ING Container Hosting Platform - 3 years onward_with Kube_for distribution.pdf
Thijs Ebbers
 
ING microServices
Andrei Rugina
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Timothy McAliley
 
Top Trends in Application Architecture That Enable.pdf
MantoshKumarSingh7
 
Introduction to Azure
Robert Crane
 
Cloud Architecture - Multi Cloud, Edge, On-Premise
Araf Karsh Hamid
 
A Cloud Journey - Move to the Oracle Cloud
Markus Michalewicz
 

What's hot (20)

PDF
How to implement DevOps in your Organization
Dalibor Blazevic
 
PDF
History of IT Service Management Practices and Standards
Rob Akershoek
 
PPTX
Enterprise Architecture for Dummies
Sebastien Juras
 
PDF
Cloud architecture with the ArchiMate Language
Iver Band
 
PDF
Microsoft Azure Overview
David J Rosenthal
 
PPTX
TIBCO vs MuleSoft Differentiators
Satish Nannapaneni
 
PPTX
Google Cloud Fundamentals by CloudZone
Idan Tohami
 
PPTX
DevOps and Build Automation
Heiswayi Nrird
 
PPTX
cloud-migrations.pptx
John Mulhall
 
PDF
Foundry technical intro
esseemme69
 
PDF
IT4IT real life examples & myths and rumors dispelled
Tony Price
 
PDF
Let's build Developer Portal with Backstage
Opsta
 
PPTX
TOGAF Reference Models
Paul Sullivan
 
PDF
Azure Arc Overview from Microsoft
David J Rosenthal
 
PPTX
Getting started with azure event hubs and stream analytics services
EastBanc Tachnologies
 
PPTX
Introduction to Azure Databricks
James Serra
 
PDF
Microsoft 365 eEnterprise E5 Overview
David J Rosenthal
 
PDF
Iasa UK Archimate Overview
Iasa UK
 
PPSX
On-premise to Microsoft Azure Cloud Migration.
Emtec Inc.
 
PPTX
Databricks Fundamentals
Dalibor Wijas
 
How to implement DevOps in your Organization
Dalibor Blazevic
 
History of IT Service Management Practices and Standards
Rob Akershoek
 
Enterprise Architecture for Dummies
Sebastien Juras
 
Cloud architecture with the ArchiMate Language
Iver Band
 
Microsoft Azure Overview
David J Rosenthal
 
TIBCO vs MuleSoft Differentiators
Satish Nannapaneni
 
Google Cloud Fundamentals by CloudZone
Idan Tohami
 
DevOps and Build Automation
Heiswayi Nrird
 
cloud-migrations.pptx
John Mulhall
 
Foundry technical intro
esseemme69
 
IT4IT real life examples & myths and rumors dispelled
Tony Price
 
Let's build Developer Portal with Backstage
Opsta
 
TOGAF Reference Models
Paul Sullivan
 
Azure Arc Overview from Microsoft
David J Rosenthal
 
Getting started with azure event hubs and stream analytics services
EastBanc Tachnologies
 
Introduction to Azure Databricks
James Serra
 
Microsoft 365 eEnterprise E5 Overview
David J Rosenthal
 
Iasa UK Archimate Overview
Iasa UK
 
On-premise to Microsoft Azure Cloud Migration.
Emtec Inc.
 
Databricks Fundamentals
Dalibor Wijas
 
Ad

Similar to ING Data Services hosted on ICHP DoK Amsterdam 2023 (20)

PDF
Running containers in production, the ING story
Thijs Ebbers
 
PDF
Ceph Day Amsterdam 2015: Measuring and predicting performance of Ceph clusters
Ceph Community
 
PDF
Gestione gerarchica dei dati con SUSE Enterprise Storage e HPE DMF
SUSE Italy
 
PDF
Solving k8s persistent workloads using k8s DevOps style
MayaData
 
PPTX
Ceph, Open Source, and the Path to Ubiquity in Storage - AACS Meetup 2014
Patrick McGarry
 
PDF
The state of SQL-on-Hadoop in the Cloud
DataWorks Summit/Hadoop Summit
 
PPTX
Big data talk barcelona - jsr - jc
James Saint-Rossy
 
PPTX
20190620 accelerating containers v3
Tim Bell
 
PDF
Quick-and-Easy Deployment of a Ceph Storage Cluster
Patrick Quairoli
 
PPTX
Lessons From HPE: From Batch To Streaming For 20 Billion Sensors With Lightbe...
Lightbend
 
PPTX
Containers and Big Data
DataWorks Summit
 
PPT
Apache hadoop and hive
srikanthhadoop
 
PDF
Modeling, estimating, and predicting Ceph (Linux Foundation - Vault 2015)
Lars Marowsky-Brée
 
PDF
HPE Hadoop Solutions - From use cases to proposal
DataWorks Summit
 
PDF
DevNation Tech Talk: Getting GitOps
Red Hat Developers
 
PDF
Presentation ING for ISC2 Secure Summits EMEA
Thijs Ebbers
 
PDF
Containers and Big Data
DataWorks Summit
 
PPTX
HPE Hybrid HPC strategy including UberCloud Containers
Thomas Francis
 
PPTX
Ceph Day Berlin: Measuring and predicting performance of Ceph clusters
Ceph Community
 
PDF
Containers and Big Data
DataWorks Summit
 
Running containers in production, the ING story
Thijs Ebbers
 
Ceph Day Amsterdam 2015: Measuring and predicting performance of Ceph clusters
Ceph Community
 
Gestione gerarchica dei dati con SUSE Enterprise Storage e HPE DMF
SUSE Italy
 
Solving k8s persistent workloads using k8s DevOps style
MayaData
 
Ceph, Open Source, and the Path to Ubiquity in Storage - AACS Meetup 2014
Patrick McGarry
 
The state of SQL-on-Hadoop in the Cloud
DataWorks Summit/Hadoop Summit
 
Big data talk barcelona - jsr - jc
James Saint-Rossy
 
20190620 accelerating containers v3
Tim Bell
 
Quick-and-Easy Deployment of a Ceph Storage Cluster
Patrick Quairoli
 
Lessons From HPE: From Batch To Streaming For 20 Billion Sensors With Lightbe...
Lightbend
 
Containers and Big Data
DataWorks Summit
 
Apache hadoop and hive
srikanthhadoop
 
Modeling, estimating, and predicting Ceph (Linux Foundation - Vault 2015)
Lars Marowsky-Brée
 
HPE Hadoop Solutions - From use cases to proposal
DataWorks Summit
 
DevNation Tech Talk: Getting GitOps
Red Hat Developers
 
Presentation ING for ISC2 Secure Summits EMEA
Thijs Ebbers
 
Containers and Big Data
DataWorks Summit
 
HPE Hybrid HPC strategy including UberCloud Containers
Thomas Francis
 
Ceph Day Berlin: Measuring and predicting performance of Ceph clusters
Ceph Community
 
Containers and Big Data
DataWorks Summit
 
Ad

More from DoKC (20)

PDF
Distributed Vector Databases - What, Why, and How
DoKC
 
PDF
Is It Safe? Security Hardening for Databases Using Kubernetes Operators
DoKC
 
PDF
Stop Worrying and Keep Querying, Using Automated Multi-Region Disaster Recovery
DoKC
 
PDF
Transforming Data Processing with Kubernetes: Journey Towards a Self-Serve Da...
DoKC
 
PDF
The State of Stateful on Kubernetes
DoKC
 
PDF
Colocating Data Workloads and Web Services on Kubernetes to Improve Resource ...
DoKC
 
PDF
Make Your Kafka Cluster Production-Ready
DoKC
 
PDF
Dynamic Large Scale Spark on Kubernetes: Empowering the Community with Argo W...
DoKC
 
PDF
Run PostgreSQL in Warp Speed Using NVMe/TCP in the Cloud
DoKC
 
PDF
The Kubernetes Native Database
DoKC
 
PDF
Implementing data and databases on K8s within the Dutch government
DoKC
 
PDF
StatefulSets in K8s - DoK Talks #154
DoKC
 
PDF
Running PostgreSQL in Kubernetes: from day 0 to day 2 with CloudNativePG - Do...
DoKC
 
PDF
Analytics with Apache Superset and ClickHouse - DoK Talks #151
DoKC
 
PPTX
Overcoming challenges with protecting and migrating data in multi-cloud K8s e...
DoKC
 
PDF
Evaluating Cloud Native Storage Vendors - DoK Talks #147
DoKC
 
PDF
Kubernetes Cluster Upgrade Strategies and Data: Best Practices for your State...
DoKC
 
PDF
We will Dok You! - The journey to adopt stateful workloads on k8s
DoKC
 
PPTX
Mastering MongoDB on Kubernetes, the power of operators
DoKC
 
PDF
Leveraging Running Stateful Workloads on Kubernetes for the Benefit of Develo...
DoKC
 
Distributed Vector Databases - What, Why, and How
DoKC
 
Is It Safe? Security Hardening for Databases Using Kubernetes Operators
DoKC
 
Stop Worrying and Keep Querying, Using Automated Multi-Region Disaster Recovery
DoKC
 
Transforming Data Processing with Kubernetes: Journey Towards a Self-Serve Da...
DoKC
 
The State of Stateful on Kubernetes
DoKC
 
Colocating Data Workloads and Web Services on Kubernetes to Improve Resource ...
DoKC
 
Make Your Kafka Cluster Production-Ready
DoKC
 
Dynamic Large Scale Spark on Kubernetes: Empowering the Community with Argo W...
DoKC
 
Run PostgreSQL in Warp Speed Using NVMe/TCP in the Cloud
DoKC
 
The Kubernetes Native Database
DoKC
 
Implementing data and databases on K8s within the Dutch government
DoKC
 
StatefulSets in K8s - DoK Talks #154
DoKC
 
Running PostgreSQL in Kubernetes: from day 0 to day 2 with CloudNativePG - Do...
DoKC
 
Analytics with Apache Superset and ClickHouse - DoK Talks #151
DoKC
 
Overcoming challenges with protecting and migrating data in multi-cloud K8s e...
DoKC
 
Evaluating Cloud Native Storage Vendors - DoK Talks #147
DoKC
 
Kubernetes Cluster Upgrade Strategies and Data: Best Practices for your State...
DoKC
 
We will Dok You! - The journey to adopt stateful workloads on k8s
DoKC
 
Mastering MongoDB on Kubernetes, the power of operators
DoKC
 
Leveraging Running Stateful Workloads on Kubernetes for the Benefit of Develo...
DoKC
 

Recently uploaded (20)

PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
KodekX | Application Modernization Development
KodekX
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
A Presentation on Artificial Intelligence
memembruh336
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Teaching material agriculture food technology
LiaRayya
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Approach and Philosophy of On baking technology
30anthuong17
 

ING Data Services hosted on ICHP DoK Amsterdam 2023

  • 1. April 2023 Tor Bendiksen and Luuk Stolk, ING ICHP Tiger Team Stateful workloads on a container platform Data Services hosted on ICHP
  • 2. 2 1. Introduction 2. Containers and (Non-)Persistence 3. Data Services hosted on ICHP 4. ICHP v1 vs ICHP v2 5. Storage Layer Options Agenda
  • 4. Our Market Leaders We serve 37 million customers in more than 40 countries Our Challengers & Growth markets § Netherlands* § Belgium § Luxembourg § Australia § France ** § Germany § Italy § Spain Wholesale Banking international network and global franchises Challengers Markets Growth Markets Market Leaders Map highlights countries where ING has an office (**) In 2022, ING discontinued its retail activities in these markets § Poland § Romania § Turkey § Philippines ** § Stakes in Asia (*) ING’s corporate head office is located in Amsterdam, The Netherlands 4 Get to know us Tor Bendiksen Luuk Stolk Our purpose Empowering people to stay a Step ahead in life and in business Our priorities Sustainability at the heart Superior customer experience ING at a glance
  • 5. 5 What is ICHP ING Container Hosting Platform Standardized OpenShift/Kubernetes hosting platform Namespace as a Service for container workloads on ING Private Cloud Dedicated clusters for hosting Data Services Self Service through ING Cloud Portal Integration with Azure DevOps for application workload deployment Based on Bare Metal for all consumer workloads With over 2000 namespaces on non-production and 500 on production
  • 7. Containers and Non-Persistence 7 Worker Node 1 • Pods and containers are ephermeral / volatile • Apps in containers should be stateless processes • No persistency inside the container for (12 factor) apps Worker Node 2 * https://12factor.net/
  • 8. Worker Node 2 Containers and Persistence 8 Worker Node 1 • Use external data services for persistence • Generic services for common persistent data store solutions DBaaS Bind config S3 ELK
  • 10. Data Services hosted on ICHP 10 Work Load– Worker Nodes Ingress / Routing PostgreSQL Elastic Cluster • Ready to deploy platform • Compliancy • Cost reduction • Leverage platform capabilities for ü Scalability ü Resilience ü Automation
  • 11. Keep your data SAFE – ELKaaS use case 11 Portworx Ø Scalability of platform Ø Availability Ø Fast Ø Elasticity + 2 cores + 100 GB
  • 12. Keep your data SAFE – HA/DR Cluster 1 Portworx Cluster 2 Portworx Data Center 1 Data Center 2
  • 13. Service Model for Data Services 13 Kubernetes Platform Azure DevOps NaaS ICHP Namespace Namespace Namespace IPC Portal Request Deploy IPC Consumer Use Kubernetes Platform NaaS ICHP Namespace Namespace Namespace Data Service Data Service Instance Data Service Owner Responsibility Portworx • Data replication • Resilient to for instance node / volume outages • Backup / restore • Zone aware deployment • Local storage capability with persistent volume interface • (Technical) capabilities to guarantee local storage SLA • Namespace as a Service • Compliant platform
  • 14. Double Replication, to do or not to do 14 Portworx S3 Snapshot Replication Replication Preventing nodes or disks to become single point of failure for data availability
  • 15. 15 Projects on Data Services v2 ELKaaS • Elastic 8 • Custom ELKaaS Operator MDPL • RTK2 primary • IAT • Many additional components Cloud Pak for Data • Data lake workloads • IBM backed • Portworx based See also: ING Booth (S75) MDPL session: Thursday 16:30 – 17:30
  • 16. Past, Current and Potential Data Services candidates 16 Messaging/ Eventing Pulsar Kafka • AKS SAS Viya 4 Undecided PSQL CloudNative PG operator Undecided
  • 17. Scale / sizing of implementations ICHP v2 17 Cores Memory Pods Storage Namespaces Bandwidth Nodes Stateless Non Prod 2304 27648 GB 24000 n/a 2600 2x 25 GB per node 36 Stateless Prod 1536 18432 GB 5000 n/a 475 2x 25 GB per node 24 MDPL 1536 18432 GB 5500 153 / 122 TB 20 4x 25 GB per node 24 ELKaaS 1280 15360 GB 2800 2150 / 1720 TB 170 4x 25 GB per node 20 CP4D 640 7860 GB n/a 14 / 12 TB n/a 4x 25 GB per node 10 * ICHPv1 Stateless ü Namespaces Prod: 612 Non-Prod: 3500 ü Pods Prod: 18500 Non-Prod: 25000 ü Nodes Prod: 80 Non-Prod: 300
  • 18. Risk & security ICHP v2 18 Security Event Monitoring / Anomaly Detection Falco, Kubernetes audit logs State Compliancy OpenShift Compliance Operator, NIST based Policy Management Kyverno State enforcement / configuration drift detection GitOps - Argo CD Image scanning (shift left) Prisma Cloud Immutability • No high privileged access to clusters and nodes • No terminal and ssh access to containers in Acceptance and Production • Read-only access to namespaces, only deployments through Azure DevOps pipelines • No privileged containers • No local persistency except for Data Services Multi-tenancy • Network policies • Resource quotas See also: April 19th 11:00 - Thijs Ebbers & Diana Iordan: Zero Privilege Architectures
  • 20. 20 What has changed • Openshift 4 • Installer Provisioned Infrastructure • Hands off installation • Hands off running • GitOps
  • 21. 21 Drift Detection and Reconciliation Target environment Git Repo Pull Request Pull code Automatically… Detect deviations in your target environment from the desired state (in Git) Enforce the desired state
  • 22. 22 GitOps@ICHP – What do we use it for? Deploy and manage ICHP clusters Server / OoenShift configuration Feature deployment and configuration E.g. API’s, Logging and Monitoring, Risk and Security tooling (TSCM, SEM, etc) Bare OpenShift cluster incl. GitOps Configure Server / OpenShift ADO Pipeline Install features OpenShift GitOps See also: ING Booth (S75) GitOps session: Wednesday 16:30 – 17:30
  • 24. Portworx 24 Pros • Class leading • The only viable early choice • Unbeatable speed • Enterprise ready • Good support • Rapid development Cons • Documentation • Aggressive caching • Rapid development
  • 25. Rook 25 • Rook used for orchestration • Ceph for storage backend • File, Block and Object storage • Replication across nodes/zones • Feature parity in primary use Components • Ceph-mon • Ceph-osd • Ceph-mds • Ceph-rgw • Ceph-mgr
  • 27. 27 ICHP Data Service Hosting Characteristics • Not for direct use by application containers Ø Application containers should continue to use data services for persistency • Dynamic volume provisioning (no pre allocation required) with Portworx • Dedicated storage clusters for • Serving storage volumes • Running data service related container workload • Use of local disks (SATA SSD – RAID 5) • Namespaced volumes (not accessible from other namespaces) • Support for fully automated provisioning • Infrastructure platform risk controls covered • No overcommit on storage allocation • Availability zone awareness
  • 29. 29 Thank you and come see us at KubeCon! April 19th 11:00 Talk Thijs Ebbers & Diana Iordan: Zero Privilege Architectures April 19th 16:30 Talk Adnan Hodzic: K8s, Resistance is Futile April 20th 10:30 Booth S75 Tor Bendiksen & Luuk Stolk: Meet the Speakers April 20th 11:30 Booth S75 Mark de Jong & Rob de Boer: ICHP Workload deployment Quality April 20th 12:30 Booth S75 Robbin Siepman: ICHP Namespace as a Service April 18th 16:30 Booth S75 Arijan Luiken & Salvatore Vitale: Banking Observability at Scale Booth S75 Jan-Willem Bijma & Kamil Nocon: GitOps@ING
  • 33. Availability - Red / Blue zone awareness 33 Portworx App X App X
  • 34. Why Data Services? 34 • Cost effective • Keep applications as ‘disposable’ components • Dealing with persistent data is complex • Very specific requirements that can (potentially) break compliancy • Therefore: single stakeholder, solution pattern and concern
  • 35. Keep your data SAFE 35 Scalable Add nodes Add disks Available Replication Zone aware Fast Local SSD Short I/O path Elastic Fast pod (auto)scaling Resize on demand How? • Run data services on a Kubernetes compatible container based storage provider • Portworx