SlideShare a Scribd company logo

Kube Your Enthusiasm - Paul Czarkowski

VMware Tanzu, profile picture
VMware Tanzu

This document provides an overview of container platforms and Kubernetes concepts. It discusses hardware platforms, infrastructure as a service (IaaS), container as a service (CaaS), platform as a service (PaaS), and function as a service (FaaS). It then covers Kubernetes architecture and resources like pods, services, volumes, replica sets, deployments, and stateful sets. Examples are given of using kubectl to deploy and manage applications on Kubernetes.

Software
Related topics:
Software Developer
1 of 193
Downloaded 48 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
© Copyright 2018 Pivotal Software, Inc. All rights Reserved. Paul Czarkowski pczarkowski@pivotal.io Twitter: @pczarkowski Kube Your Enthusiasm
© Copyright 2018 Pivotal Software, Inc. All rights Reserved. Paul Czarkowski pczarkowski@pivotal.io Twitter: @pczarkowski Kube Your Enthusiasm
Kube Your Enthusiasm - Paul Czarkowski
Cover w/ Image Topics ■ Platforms ■ Containers ■ Kubernetes ■ Helm ■ Spinnaker ■ Operators ■ Pivotal Container Service ■ Cloud Native Operations
Platforms
What is a platform ? https://en.wikipedia.org/wiki/Computing_platform
Software runs on a platform
Platforms abstract complexity
Different platforms abstract differently
Hardware IaaS CaaS PaaS FaaS HPE, Dell, IBM, Lenovo AWS, Microsoft Azure, GCP, VMware PKS, GKE, OpenShift, AWS Fargate, Kubernetes PCF, Azure App Service, Heroku AWS Lambda, Azure Functions, OpenWhisk, kubeless, PFS
A modern software platform provides API driven compute resources.
API Users Storage Compute NetworkDatabase AccessArtifacts Creative Commons [1] Jon Trillana [2] Simon Child 1 2
API Users Systems Admin Network Engineer SecurityDBA QA Storage Admin
Kube Your Enthusiasm - Paul Czarkowski
Traditional Ticket Based Human Toil IaaS Hardware Platform PXE boot ? 15 More Control Less Control Less Efficiency More Efficiency
Traditional Ticket Based Human Toil Build App Artifact Container Runtime Container Hosts Infrastructure Platform Infrastructure As Code IaaS API Config Management IaaS Hardware Platform PXE boot ? 16 More Control Less Control Less Efficiency More Efficiency
Traditional Ticket Based Human Toil Build App Artifact App → to the Platform Container Runtime Container Hosts PaaS Application Platform Infrastructure Platform Application Platform Infrastructure As Code IaaS API CF APIConfig Management IaaS Hardware Platform PXE boot ? 17 More Control Less Control Less Efficiency More Efficiency
Traditional Ticket Based Human Toil Build App Artifact Build App Container(s) App → to the Platform Container Runtime Container Hosts CaaS Container Orchestrator PaaS Application Platform Infrastructure Platform Container Platform Application Platform Infrastructure As Code More Control Less Control Less Efficiency More Efficiency IaaS API CF API K8s API Config Management Deployment Manifest IaaS Hardware Platform PXE boot ? 18
Traditional Ticket Based Human Toil Build App Artifact Build App Container(s) App → to the Platform Container Runtime Container Hosts CaaS Container Orchestrator PaaS Application Platform Infrastructure Platform Container Platform Application Platform Infrastructure As Code More Control Less Control Less Efficiency More Efficiency IaaS API CF API K8s API Config Management Deployment Manifest IaaS Hardware Platform PXE boot ? 19 ????? PaaS Application Platform Function Platform ??? API
Traditional Ticket Based Human Toil Build App Artifact Build App Container(s) App → to the Platform Container Runtime Container Hosts CaaS Container Orchestrator PaaS Application Platform Infrastructure Platform Container Platform Application Platform Infrastructure As Code More Control Less Control Less Efficiency More Efficiency IaaS API CF API K8s API Config Management Deployment Manifest IaaS Hardware Platform PXE boot ? 20 ????? PaaS Application Platform Function Platform ??? API
Traditional Ticket Based Human Toil Build App Artifact Build App Container(s) App → to the Platform Container Runtime Container Hosts CaaS Container Orchestrator PaaS Application Platform VMware aws/gce/azure Pivotal Container Service Pivotal App Service Infrastructure As Code Pivotal Cloud Foundry 2.0 More Control Less Control Less Efficiency More Efficiency IaaS API CF API K8s API Config Management Deployment Manifest IaaS Dell Or whatever PXE boot ? 21 ????? PaaS Application Platform Pivotal Function Service ??? API
Build App Container(s) CaaS Container Orchestrator Pivotal Container Service Pivotal Cloud Foundry 2.0 More Control Less Control Less Efficiency More Efficiency K8s API Deployment Manifest 22
APP APP APP APP Gitlab Concourse Spinnaker
Containers
Kube Your Enthusiasm - Paul Czarkowski
Kube Your Enthusiasm - Paul Czarkowski
Saurabh Gupta. "Containers and Pivotal Cloud Foundry" 2016.
FROM maven:3.6-jdk-11-slim as BUILD COPY . /src WORKDIR /src RUN mvn install -DskipTests FROM openjdk:11.0.1-jre-slim-stretch EXPOSE 8080 WORKDIR /app ARG JAR=hello-0.0.1-SNAPSHOT.jar COPY --from=BUILD /src/target/$JAR /app.jar ENTRYPOINT ["java","-jar","/app.jar"]
$ docker build -t paulczar/hello . $ docker push paulczar/hello $ docker pull paulczar/hello $ docker run -d -p 8080:8080 paulczar/hello
Kube Your Enthusiasm - Paul Czarkowski
Kube Your Enthusiasm - Paul Czarkowski
Kubernetes
Hardware IaaS CaaS PaaS FaaS Strategic goal: Push as many workloads as technically feasible to the top of the platform hierarchy Higher flexibility and less enforcement of standards Lower development complexity and higher operational efficiency
Kube Your Enthusiasm - Paul Czarkowski
Vs
Vs
Worker Master API Server Users Control Plane Data Plane etcd Cloud Ctrl Manager Kubelet kube-proxy docker Scheduler Controller Manager
Master Master Master API Server Users Control Plane Data Plane etcd Cloud Ctrl Manager Worker Kubelet kube-proxy docker Scheduler Controller Manager Worker Kubelet kube-proxy docker Worker Kubelet kube-proxy docker Flannel Flannel Flannel
Controllers
Desired State Actual State
Unix Philosophy: Do one thing. Do it well.
$ kubectl
Imperative $ kubectl run hello --image=paulczar/go-hello-world $ kubectl scale hello --replicas=3 $ kubectl create service clusterip hello --tcp=80:80
Declarative $ kubectl apply -f hello-world.yaml
Declarative Vs Imperative
manifests
Imperative apiVersion: v1 kind: Pod metadata: name: hello spec: containers: - image: paulczar/go-hello-world imagePullPolicy: Always name: hello
Resources
● Pods ● Services ● Volumes
POD
one or more containers that share a network and storage
the minimum scalable unit of your application
MASTER Node 1 Node 2 Node 3 Node 4 hello kubelet kubelet kubelet kubelet Scheduler Pod Name: hello Image: hello1
MASTER Node 1 Node 2 Node 3 Node 4 hello kubelet kubelet kubelet kubelet Scheduler hello Pod Name: hello Image: hello1
MASTER Node 1 Node 2 Node 3 Node 4 hello kubelet kubelet kubelet kubelet Scheduler Pod Name: hello Image: hello1
Replica Set
MASTER Node 1 Node 2 Node 3 Node 4 hello-a kubelet kubelet kubelet kubelet Scheduler Controller Manager Replica Set Name: hello Image: hello1 Size: 3 hello-ghello-s Pod Name: hello-a Image: hello1 Pod Name: hello-b Image: hello1 Pod Name: hello-c Image: hello1
MASTER Node 1 Node 2 Node 3 Node 4 hello-a kubelet kubelet kubelet kubelet Scheduler Controller Manager Replica Set Name: hello Image: hello1 Size: 3 hello-ghello-s hello-d Pod Name: hello-a Image: hello1 Pod Name: hello-b Image: hello1 Pod Name: hello-d Image: hello1
MASTER Node 1 Node 2 Node 3 Node 4 hello-a kubelet kubelet kubelet kubelet Scheduler Controller Manager Replica Set Name: hello Image: hello1 Size: 5 hello-ghello-s hello-d hello-t hello-z Pod Name: hello-a Image: hello1 Pod Name: hello-a Image: hello1 Pod Name: hello-a Image: hello1 Pod Name: hello-a Image: hello1 Pod Name: hello-a Image: hello1
MASTER Node 1 Node 2 Node 3 Node 4 kubelet kubelet kubelet kubelet Scheduler Controller Manager Replica Set Name: hello Image: hello1 Size: 0
Deployment
MASTER Node 1 Node 2 Node 3 Node 4 hello-A-c kubelet kubelet kubelet kubelet Scheduler Controller Manager Deployment Name: hello Image: hello1 Size: 3 hello-A-ghello-A-s Replica Set Name: hello-A Image: hello1 Size: 3
MASTER Node 1 Node 2 Node 3 Node 4 hello-A-c kubelet kubelet kubelet kubelet Scheduler Controller Manager Deployment Name: hello Image: hello2 Size: 3 hello-A-ghello-A-s Replica Set Name: hello-A Image: hello1 Size: 3 Replica Set Name: hello-B Image: hello2 Size: 3 hello-B-g hello-B-r hello-B-c
MASTER Node 1 Node 2 Node 3 Node 4 kubelet kubelet kubelet kubelet Scheduler Controller Manager Deployment Name: hello Image: hello2 Size: 3 Replica Set Name: hello-A Image: hello1 Size: 0 Replica Set Name: hello-B Image: hello2 Size: 3 hello-B-g hello-B-r hello-B-c
StatefulSet
MASTER Node 1 Node 2 Node 3 Node 4 hello-1 kubelet kubelet kubelet kubelet Scheduler Controller Manager StatefulSet Name: db Image: hello1 Size: 3 Pod Name: hello-1 Image: hello1
MASTER Node 1 Node 2 Node 3 Node 4 hello-1 kubelet kubelet kubelet kubelet Scheduler Controller Manager StatefulSet Name: hello Image: hello1 Size: 3 hello-2 Pod Name: hello-1 Image: hello1 Pod Name: hello-2 Image: hello1
MASTER Node 1 Node 2 Node 3 Node 4 hello-1 kubelet kubelet kubelet kubelet Scheduler Controller Manager StatefulSet Name: hello Image: hello1 Size: 3 hello-3hello-2 Pod Name: hello-1 Image: hello1 Pod Name: hello-2 Image: hello1 Pod Name: hello-3 Image: hello1
MASTER Node 1 Node 2 Node 3 Node 4 db-1 kubelet kubelet kubelet kubelet Scheduler Controller Manager StatefulSet Name: db Image: cassandra Size: 3 db-3db-2 Pod Name: hello-a Image: Pod Name: hello-b Image: Pod Name: db-1 Image: ... vol vol vol Pod Name: hello-a Image: Pod Name: hello-b Image: PVC Name: db-1 Image: ...
$ kubectl
$ kubectl run hello --image=paulczar/hello -- port=8080
● kubectl run created a deployment “deployments.apps/hello” NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE deployment.apps/hello 1 1 1 1 1m ● The deployment created a replicaset “replicaset.apps/hello-64f6bf9dd4” NAME DESIRED CURRENT READY AGE replicaset.apps/hello-64f6bf9dd4 1 1 1 1m ● Which created a pod “pod/hello-64f6bf9dd4-tq5dq” NAME READY STATUS RESTARTS AGE pod/hello-64f6bf9dd4-tq5dq 1/1 Running 0 2s
$ kubectl scale --replicas=3 deployment/hello
$ kubectl scale --replicas=3 deployment/hello deployment.extensions/hello scaled $ kubectl get all NAME READY STATUS RESTARTS AGE pod/hello-64f6bf9dd4-2bndq 1/1 Running 0 15m pod/hello-64f6bf9dd4-4kq9l 0/1 ContainerCreating 0 2s pod/hello-64f6bf9dd4-8lkcs 1/1 Running 0 5s NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE deployment.apps/hello 3 3 2 3 16m NAME DESIRED CURRENT READY AGE replicaset.apps/hello-64f6bf9dd4 3 3 2 16m
$ kubectl edit deployment hello ... spec: containers: - env: - name: MESSAGE value: HELLO I LOVE YOU!!!! image: paulczar/go-hello imagePullPolicy: Always name: hello
$ kubectl get all NAME READY STATUS RESTARTS AGE pod/hello-5c75b546c7-4lwnn 1/1 Running 0 1m pod/hello-5c75b546c7-bwxxq 1/1 Running 0 1m pod/hello-5c75b546c7-sl2pg 1/1 Running 0 1m NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE deployment.apps/hello 3 3 3 3 23m NAME DESIRED CURRENT READY AGE replicaset.apps/hello-5c75b546c7 3 3 3 1m replicaset.apps/hello-64f6bf9dd4 0 0 0 23m
$ kubectl port-forward deployment/hello 8080 Forwarding from 127.0.0.1:8080 -> 8080 $ curl localhost:8080 <html><head><title>HELLO I LOVE YOU!!!!</title></head><body>HELLO I LOVE YOU!!!!!</body></html>
Service
$ kubectl expose deployment hello --type=LoadBalancer --port 80 --target-port 8080
kubectl expose deployment hello ● creates a service with a ClusterIP that acts as an internal loadbalancer to all pods in the “hello” deployment --type=LoadBalancer ● Creates a NodePort ● Configures a LoadBalancer to access the pods via the NodePort $ kubectl get services NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello LoadBalancer 10.39.248.123 35.184.17.129 80:30468/TCP 5m $ curl 35.184.17.129 <html><head><title>HELLO I LOVE YOU!!!!</title></head><body>HELLO I LOVE YOU!!!!!</body></html>
Service track Pods based on metadata and provides connectivity and service discovery (DNS, Env variables) for them. Type ClusterIP (default) exposes service on a cluster-internal IP. Container Container Pod app=bacon Container Container Pod app=bacon Service app=bacon 10.3.55.7
Service track Pods based on metadata and provides connectivity and service discovery (DNS, Env variables) for them. Type NodePort extends ClusterIP to expose services on each node’s IP via a static port. Container Container Pod app=bacon Container Container Pod app=bacon Service app=bacon 10.3.55.7 192.168.0.5:4530 K8s Worker K8s Worker 192.168.0.6:4530
Service track Pods based on metadata and provides connectivity and service discovery (DNS, Env variables) for them. Type LoadBalancer extends NodePort to configure a cloud provider’s load balancer using the cloud-controller-manager. Container Container Pod app=bacon Container Container Pod app=bacon Service app=bacon 10.3.55.7 192.168.0.5:4530 K8s Worker K8s Worker 192.168.0.6:4530 Load Balancer 33.6.5.22:80
Ingress a controller that manages an external entity to provide load balancing, SSL termination and name-based virtual hosting to services based on a set of rules. Ingress Service app=bacon https://example.com Service app=eggs /bacon /eggs
Volume
Container Container Pod Volume Is [effectively] a Directory, possibly with data in it, available to all containers in a Pod. Usually Shares lifecycle of a Pod (Created when Pod is created, destroyed when Pod is destroyed). Persistent Volumes outlive Pods. Can be mounted from local disk, or from a network storage device such as a EBS volume, iscsi, NFS, etc.
Config Map / Secret
$ kubectl create configmap hello --from-literal=’message=Hello S1T’
kubectl create configmap hello --from-file=index.html ● creates a configmap called “hello” containing the contents index.html $ kubectl get configmap hello -o yaml apiVersion: v1 kind: ConfigMap metadata: name: hello data: index.html: "<html>n<head>nt<title>Hello to my friends</title>n</head>n<body>ntHello to my friendsn</body>n</html>nn"
kubectl create secret generic hello --from-file=index.html ● creates a secret called “hello” containing a base64 hash of contents index.html $ kubectl get secret hello -o yaml apiVersion: v1 kind: Secret metadata: name: hello data: index.html: PGh0bWw+CjxoZWFkPgoJPHRpdGxlPkhlbGxvIHRvIG15IGZyaWVuZHM8L3RpdGxlPgo8L2hlYWQ+Cjxib2R5 PgoJSGVsbG8gdG8gbXkgZnJpZW5kcwo8L2JvZHk+CjwvaHRtbD4KCg==
Provides key-value pairs to be injected into a pod much like user-data is injected into a Virtual Machine in the cloud. Allows you to do last minute configuration of applications running on Kubernetes such as setting a database host, or a admin password. ConfigMaps store values as strings, Secrets store them as byte arrays (serialized as base64 encoded strings). Secrets are [currently] not encrypted by default. This is likely to change. Can be injected as files in a Volume, or as Environment Variables. ConfigMaps/Secrets (user-data)
Kube Your Enthusiasm - Paul Czarkowski
Helm
Helm is the best way to find, share, and use software built for Kubernetes @pczarkowski
custom load balancer Chart.yaml Values.yaml templates/ ci services db
Discover & launch great Kubernetes-ready apps Search charts 231 charts ready to deploy Wordpress, Jenkins, Kubeless... Secure | https://hub.kubeapps.com @pczarkowski
apiVersion: v1 kind: ConfigMap metadata: name: {{ .Chart.name }}-cm data: db: {{ .Value.db }} apiVersion: apps/v1beta1 kind: Deployment metadata: name: {{ .Chart.name }}-app labels: app: {{ .Chart.name }} ... ... spec: containers: - image: paulczar/hello name: hello volumeMounts: - name: config mountPath: /etc/hello volumes: - name: config configMap: name: {{ .Chart.name }}-cm apiVersion: v1 kind: Service metadata: name: {{ .Chart.name }}-svc labels: app: {{ .Chart.name }}-world spec: ports: - port: {{ .Value.port }} protocol: TCP targetPort: 8080 selector: app: {{ .Chart.name }}-world type: NodePort @pczarkowski
$ helm install --name staging . --set db=’user:pass@staging.mysql/dbname’ $ helm install --name production . --set db=’user:pass@production.mysql/dbname’ @pczarkowski
$ helm create
Spinnaker
https://medium.com/netflix-techblog/announcing-ribbon-tying-the-netflix-mid -tier-services-together-a89346910a62
https://giphy.com/gifs/frustrated-keyboard-g8GfH3i5F0hby @pczarkowski
https://unsplash.com/photos/WHWYBmtn3_0 @pczarkowski
+ @pczarkowski
APP APP APP APP Gitlab Concourse Spinnaker @pczarkowski
Cluster Management ● Server Group ● Cluster ● Applications ● Load Balancer ● Firewall Pipelines ● Pipeline ● Stage ● Deployment Strategies @pczarkowski
Multi-Cloud Inventory ● Server Group ● Cluster ● Applications ● Load Balancer ● Firewall Actions and Reactions ● Pipeline ● Stage ● Deployment Strategies @pczarkowski
@pczarkowski
Cluster Management ● Server Group ● Cluster ● Applications ● Load Balancer ● Firewall Deployment Management ● Pipeline ● Stage ● Deployment Strategies Deployment Strategies
Spinnaker Cloud API App App App @pczarkowski
@pczarkowski
Halyard https://en.wikipedia.org/wiki/Halyard
@pczarkowski
Kube Your Enthusiasm - Paul Czarkowski
Extending Kubernetes
Watchers Watch the Kubernetes API for changes to resources and perform arbitrary actions.
Watchers Prometheus watches Services and Pods for certain annotations ...
Kube Your Enthusiasm - Paul Czarkowski
Watchers Spring Cloud Kubernetes watches Services and Endpoints to do service discovery on kubernetes.
It also watches and reads ConfigMaps to allow for dynamic configuration of your applications.
Dynamic Access Control After a request is authorized it goes through Admission Control
Dynamic Access Control Image Policy Webhook
Dynamic Access Control Admission Webhook
Dynamic Access Control Initializers
Custom Controllers Kubernetes functionality is implemented using controllers.
Custom Controllers The External DNS Controller
Custom Controllers The Cert Manager Controller
Operators
Kube Your Enthusiasm - Paul Czarkowski
Operators GCP Cloud Compute Operator https://github.com/paulczar/gcp-cloud-compute-operator
Operators https://github.com/paulczar/gcp-cloud-compute-operator
Pivotal Container Service
> kubectl Storage NetworkingCompute Kubernetes Dashboard Dev / Apps IT / Ops App User Kubernetes is a Runtime for Containerized Workloads
Storage NetworkingCompute Dev / Apps App User IT / Ops > kubectl Kubernetes Dashboard Load Balancing / Routing Container Image Registry App Monitoring App Logging OS Updates OS Images K8S Updates K8S Images Log & Monitor Recover & Restart Backup & Restore External Data Services Cluster Provisioning Provision & Scale Command Line / API Management GUI Monitoring GUI ...but Kubernetes alone is not enough for enterprises
Storage NetworkingCompute Pivotal Container Service (PKS) provides what’s missing Dev / Apps App User IT / Ops > kubectl Kubernetes Dashboard Load Balancing / Routing Container Image Registry OS Updates OS Images K8S Updates K8S Images Log & Monitor Recover & Restart Backup & Restore External Data Services Cluster Provisioning Provision & Scale App Logging PKS Control Plane > pks Operations Manager vRealize Operations* *integration GCP Service Broker
Storage NetworkingCompute Dev / Apps App User IT / Ops > kubectl Kubernetes Dashboard Load Balancing / Routing Container Image Registry K8S Updates Log & Monitor Backup & Restore External Data Services Cluster Provisioning App Logging PKS Control Plane GCP Service Broker > pks Operations Manager vRealize Operations* *integration on any Cloud
Embedded OS (Windows & Linux) NSX-T CPI (15 methods) v1 v2 v3 ... CVEs Product Updates Java | .NET | NodeJS Pivotal Application Service (PAS) Application Code & Frameworks Buildpacks | Spring Boot | Spring Cloud | Steeltoe Elastic | Packaged Software | Spark Pivotal Container Service (PKS) >cf push >kubectl run YOU build the containerWE build the container vSphere Azure & Azure StackGoogle CloudAWSOpenstack Pivotal Network “3Rs” Github Concourse Concourse Pivotal Services Marketplace Pivotal and Partner Products Continuous delivery Public Cloud Services Customer Managed Services OpenServiceBrokerAPI Repair — CVEs Repave Rotate — Credhub
BOSH Reliable and consistent operational experience for any cloud. BOSH Harbor NSX-T Kubernetes K8s Cluster K8s Cluster K8s Cluster PKS Control Plane Use the PKS CLI and API to create, operate, and scale your clusters. VMware GCP Azure Openstack AWS PKSControlPlane Built with open-source Kubernetes Constant compatibility with the latest stable release of Google Kubernetes Engine—no proprietary extensions. Harbor An enterprise-class container registry. Includes vulnerability scanning, identity management, and more. NSX-T Network management, security, and load balancing out-of-the-box with VMware NSX-T. Multi-cloud, multi-hypervisor. Enterprise-Grade Kubernetes
What PKS adds to Kubernetes PKS value-added features Built into Kubernetes Multi-container pods Stateful Sets of pods Persistent disks Single tenant ingress Pod scaling and high availability Rolling upgrades to pods Cluster provisioning and scaling Embedded, hardened Operating System Monitoring and recovery of cluster VMs and processes Rolling upgrades to cluster infrastructure Secure multi-tenant ingress Secure container registry
PKS Vision To provide enterprise customers with the ability to safely and efficiently deliver container services on their preferred infrastructure so that they can excel in their market with a cloud native platform
PKS does for your Kubernetes what Kubernetes does for your apps
Operational Efficiency ● Employ 500:1 developer to operator ratio ● Perform zero-downtime upgrades ● Runs the same way on every public/private cloud Developer Productivity Comprehensive Security ● Accelerate feedback loops by improving delivery velocity ● Focus on applications, not infrastructure ● Give developers the tools and frameworks to build resilient apps ● Adopt a defense-in-depth approach ● Continuously update platforms to limit threat impact ● Apply the 3 R’s → repair, repave, rotate ● Run platforms that stays online under all circumstances ● Scale up and down, in and out, through automation ● Deploy multi-cloud resilience patterns High Availability Platform Team Delivering Real Value
Opsing the PKS
BOSH Pivotal Container Service Platform Ops Pivotal Ops Manager PKS tile upload and config Pivotal Network Install Installing PKS NSX-T
PKSControlPlane GCP Service Broker Harbor BOSH Pivotal Container Service Platform Ops deploy Install Pivotal Ops Manager Installing PKS NSX-T
… or ... Pivotal NetworkConcourse pipelinePlatform Ops Execute Verify pre-reqs Provision infrastructure Download binaries Install Product Config Install PKS
PKS User Interaction ● The PKS Management VM runs the PKS API together with the Broker, UAA and a MySQL DB. ● ● The PKS API orchestrates the initial kubernetes cluster deployments and scaling of those clusters. ● A single PKS VM can manage hundreds of Kubernetes cluster. ● The PKS CLI is a single binary that can be installed on a Mac, Windows, or Linux to drive the PKS API. PKS CLI PKS Management VM PKS API
Creating a new K8s Cluster Platform User PKSControlPlane CLI API PKS CREATE CLUSTER BOSH deploy Kubernetes cluster Create Harbor NSX-T GCP SB Master Worker WorkerWorker etcd Worker Master etcd
Deploying a Kubernetes Cluster via PKS BOSH PKS CONTROL PLANE PKS API MySQL PivotalOpsManager Master / etcd Worker 1 Worker 2 cluster UAA BROKER
Availability Zone B Availability Zone A Health Management and HA (1) Kubelet watches and restart containers Kubelet Kube-proxy Pod Pod K8s Node Pod API Server Kube Scheduler K8s Master Controller Manager Bosh agent Bosh agent Bosh Health Manager Watches and restarts VMs Availability Zone A Availability Zone B 4 levels of built-in High Availability (2) BOSH agent watches and restarts processes (3) BOSH HM watches and restarts VMs (4) BOSH distributes deployments across AZs
Multi-Tenancy PKSControlPlane Kubernetes cluster Kubernetes cluster Harbor GCP SB NSX-T BOSH Kubernetes cluster Master Worker Worker etcd Worker Master etcd Worker How to isolate and secure access from different tenants?
Deployment Topologies & Multi-Tenancy Multi-cluster Single cluster K8s Cluster A K8s Cluster BOSH Namespace A Namespace B Namespace C BOSH K8s Cluster B K8s Cluster C NSX-T cluster-based namespace-based PKSControlPlane PKSControlPlane
Multiple Kubernetes clusters deployed and managed independently by BOSH Independent networks with independent policies. Each cluster has a separate Master and Workers, with possibly different configs and resources (volumes, namespaces, policies, affinity rules) Provides complete isolation for multiple tenants Single Kubernetes cluster deployed by BOSH Different tenants use different Kubernetes Namespaces NSX-T is used to logically isolate each tenant’s network (Namespace) Provides logical multi-tenant isolation for managing a single cluster Multi-cluster Single cluster cluster-based namespace-based Deployment Topologies & Multi-Tenancy
Scaling a Kubernetes Cluster Platform User PKSControlPlane CLI API PKS SCALE CLUSTER BOSH deploy Kubernetes cluster Scale Harbor NSX-T GCP SB Master Worker WorkerWorker etcd Worker Master etcd Worker
A new security patch is released for Kubernetes. Pivotal releases a new CVE for PKS within a few hours. The Platform Operator can then apply the CVE with no platform downtime.
BOSH Pivotal Container Service Platform Ops Pivotal Ops Manager PKS tile upload and config Pivotal Network Update Platform Ops updates PKS New!! PKSControlPlane GCP Service Broker Harbor NSX-T Kubernetes cluster Master Worker WorkerWorker etcd Worker Master etcd Worker
PKSControlPlane GCP Service Broker Harbor BOSH Pivotal Container Service Platform Ops deploy Update Pivotal Ops Manager Platform Ops updates PKS Rolling Updates NSX-T Kubernetes cluster Master Worker WorkerWorker etcd Worker Master etcd Worker
… or ... Pivotal NetworkConcourse pipelinePlatform Ops Execute Verify pre-reqs Verify current install Download updated binaries Rolling Updates Config Update PKS
Ghost Clusters
Eat your own Dog Food.
Identify Candidates for PKS 1
BUCKET 1 Independent Software Vendor (ISV) COTS BUCKET 2 Middleware Vendor BUCKET 3 .NET Core or .NET (Windows Server) BUCKET 4 Legacy Java BUCKET 5 Modern Java Application Prioritization Criteria Vendor provided software (ISV or COTS) or no access to source code IBM Websphere, Weblogic, Mulesoft, TIBCO etc 3-5 years old Java (under 7 years old) Java (Spring / NO Application Server Specific libraries) Vendor provides PCF buildpack, docker images or kubernetes artifacts Vendor provides PCF buildpack, docker images, kubernetes artifacts Access to source code Access to source code Access to source code Vendor availability to support the migration Vendor availability to support the migration Limited or no Windows dependencies Linux or Windows Server Linux Server Limited or no access to the code Example Example ISV product. Depends on MySQL DB and stores large files on disk. Example app that is built on WebSphere. No dependency on WebSphere libraries. Example app. 4 services built using .NET core and uses Microsoft SQL Server. Example app uses Java EE, fronted by API gateway ISV product, uses OracleDB. Example App uses Spring Boot, 6 Microservices, some legacy data sources but there are behind an API. Application 1 ? Application 2 ? Application n…? First Round: App Portfolio Identification by Bucket
TIME Methodology TECHNICALQUALITY BUSINESS VALUEWORSE BETTER WORSEBETTER Tolerate Invest MigrateEliminate * Gartner’s TIME methodology for Application Portfolio Rationalization TECHNICAL QUALITY - Technical Debt Level BUSINESS VALUE - Revenue / Cost Impact Identify top 10s list
TIME Methodology TECHNICALQUALITY BUSINESS VALUEWORSE BETTER WORSEBETTER Tolerate Invest MigrateEliminate * Gartner’s TIME methodology for Application Portfolio Rationalization TECHNICAL QUALITY - Technical Debt Level BUSINESS VALUE - Revenue / Cost Impact Identify top 10s list
Kube Your Enthusiasm - Paul Czarkowski
Cloud Native Operations
Kube Your Enthusiasm - Paul Czarkowski
Kube Your Enthusiasm - Paul Czarkowski
Kube Your Enthusiasm - Paul Czarkowski
Source: "It's All About Delivering: A Journey From AWS to Cloud Foundry," Daniel Basten, Talanx, s1p 2018.
Sources: "Sky is the Limit for Cloud Foundry at AirFrance-KLM," Nathan Wattimena & Fabien Lebrere, AirFrance-KLM, Oct. 2018.; “Why Change? Small batch thinking,” Coté, Sep. 2018; "Transformation Digitale de la Direction Enterprise France," Philippe Benaben, Gan Zifroni, Nicolas Gilot, Orange France, July 2018.
Kube Your Enthusiasm - Paul Czarkowski
APP APP APP APP Gitlab Concourse Spinnaker
https://medium.com/netflix-techblog/how-we-build-code-at-netflix-c5d9bd727f15
Kube Your Enthusiasm - Paul Czarkowski
Kube Your Enthusiasm - Paul Czarkowski
Kube Your Enthusiasm - Paul Czarkowski
APP APP APP APP Gitlab Concourse Spinnaker
APP APP APP APP Gitlab Concourse Spinnaker
You’re no longer an IT team
You’re a Platform Team
You’re a Product Team The Platform is your product
Infra Services App Platform Change!!! Platform Team Application Team Build common services for App Teams Take business requirements and turn them into features IaaS Virtual Infrastructure Physical Infrastructure Abstract infrastructure complexity with easy consumption DBaaSELK App2App1 App3 Middleware ML Creds/CertsMessaging ??? Container Services Container Hosts | Kubernetes Infrastructure Team
Measure AUTOMATE Share CULTURE LEAN LEAN
https://youtu.be/McV0Q5GY-fM
http://engineering.pivotal.io/post/transformation-roi/
Source: "Adopting PCF At An Automobile Manufacturer," Thomas Seibert and Gregor Zurowski, s1p 2017.
PLATFORM VALUE STREAM AND METRICS REPLATFORM > MODERNIZE > OPTIMIZE ESTABLISH, MEASURE AND UPDATE KEY OBJECTIVES AND RESULTS (OKRs) SPEED & AGILITY STABILITY SCALABILITY SAVINGS $SECURITY 40-60%* More Projects With Same Staff Millions Annual Savings on HW, SW and Support 25-50%* Fewer Support Incidents 40%* Faster Patching Delivery @ Zero Downtime -90%* Time to Scale $ $ % Measure and Share
Sample CIO Dashboard 60 Days Avg Lead Time 500 Stories per week 10% Apps on a CD Pipeline to Prod 15ms Avg Response Time YTD 60 Mins MTTR YTD 20% % of Systems Patched YTD 125 Mins Total Impacted User Minutes YTD 20 Releases in last month Speed Stability & Security
Kube Your Enthusiasm - Paul Czarkowski
Kube Your Enthusiasm - Paul Czarkowski
Kube Your Enthusiasm - Paul Czarkowski
Transforming How The World Builds Software © Copyright 2019 Pivotal Software, Inc. All rights Reserved.

More Related Content

PPTX
Bootiful Reactive Testing - Mario Gray
VMware Tanzu
 
PDF
6 Things You Need to Know to Safely Run Kubernetes
VMware Tanzu
 
PDF
GitOps - Operation By Pull Request
Kasper Nissen
 
PDF
Zero-downtime deployment of Micro-services with Kubernetes
Wojciech Barczyński
 
PDF
Kubernetes Multi-cluster without Federation - Kubecon EU 2018
Rob Szumski
 
PDF
You Might Just be a Functional Programmer Now
cornelia davis
 
PDF
5 Habits of High-Velocity Teams Using Kubernetes
Codefresh
 
PPTX
Going Serverless with Kubeless In Google Container Engine (GKE)
Bitnami
 
Bootiful Reactive Testing - Mario Gray
VMware Tanzu
 
6 Things You Need to Know to Safely Run Kubernetes
VMware Tanzu
 
GitOps - Operation By Pull Request
Kasper Nissen
 
Zero-downtime deployment of Micro-services with Kubernetes
Wojciech Barczyński
 
Kubernetes Multi-cluster without Federation - Kubecon EU 2018
Rob Szumski
 
You Might Just be a Functional Programmer Now
cornelia davis
 
5 Habits of High-Velocity Teams Using Kubernetes
Codefresh
 
Going Serverless with Kubeless In Google Container Engine (GKE)
Bitnami
 

What's hot (20)

PDF
Kubernetes: one cluster or many
cornelia davis
 
PDF
Updating Kubernetes With Helm Charts: Build, Test, Deploy with Codefresh and...
Codefresh
 
PPTX
Intro to Helm for Kubernetes
Carlos E. Salazar
 
PDF
Spring on Kubernetes
Jay Lee
 
PPTX
KubeCon 2019 - Scaling your cluster (both ways)
Patrick Chanezon
 
PPTX
Docker Enterprise Workshop - Technical
Patrick Chanezon
 
PDF
Knative And Pivotal Function As a Service
Jay Lee
 
PDF
Weave GitOps Core Overview (Free GitOps Workshop)
Weaveworks
 
PPTX
Knative goes
 beyond serverless | Alexandre Roman
KCDItaly
 
PDF
Cloud Native CI/CD with GitOps
Kasper Nissen
 
PPTX
KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...
Patrick Chanezon
 
PDF
Spring Boot Observability
VMware Tanzu
 
PDF
Rehosting apps between k8s clusters and automating deployment using crane c...
LibbySchulze
 
PDF
PuppetConf 2017: Kubernetes in the Cloud w/ Puppet + Google Container Engine-...
Puppet
 
PDF
Kubecon seattle 2018 workshop slides
Weaveworks
 
PPTX
Spring Boot apps in Kubernetes
Carlos E. Salazar
 
PDF
Helm - Package Manager for Kubernetes
Knoldus Inc.
 
PDF
Serverless with Spring Cloud Function, Knative and riff #SpringOneTour #s1t
Toshiaki Maki
 
PDF
What's Coming in Apache Airflow 2.0 - PyDataWarsaw 2019
Jarek Potiuk
 
PDF
SPRING BOOT DANS UN CONTAINER OUTILS ET PRATIQUES
VMware Tanzu
 
Kubernetes: one cluster or many
cornelia davis
 
Updating Kubernetes With Helm Charts: Build, Test, Deploy with Codefresh and...
Codefresh
 
Intro to Helm for Kubernetes
Carlos E. Salazar
 
Spring on Kubernetes
Jay Lee
 
KubeCon 2019 - Scaling your cluster (both ways)
Patrick Chanezon
 
Docker Enterprise Workshop - Technical
Patrick Chanezon
 
Knative And Pivotal Function As a Service
Jay Lee
 
Weave GitOps Core Overview (Free GitOps Workshop)
Weaveworks
 
Knative goes
 beyond serverless | Alexandre Roman
KCDItaly
 
Cloud Native CI/CD with GitOps
Kasper Nissen
 
KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...
Patrick Chanezon
 
Spring Boot Observability
VMware Tanzu
 
Rehosting apps between k8s clusters and automating deployment using crane c...
LibbySchulze
 
PuppetConf 2017: Kubernetes in the Cloud w/ Puppet + Google Container Engine-...
Puppet
 
Kubecon seattle 2018 workshop slides
Weaveworks
 
Spring Boot apps in Kubernetes
Carlos E. Salazar
 
Helm - Package Manager for Kubernetes
Knoldus Inc.
 
Serverless with Spring Cloud Function, Knative and riff #SpringOneTour #s1t
Toshiaki Maki
 
What's Coming in Apache Airflow 2.0 - PyDataWarsaw 2019
Jarek Potiuk
 
SPRING BOOT DANS UN CONTAINER OUTILS ET PRATIQUES
VMware Tanzu
 
Ad

Similar to Kube Your Enthusiasm - Paul Czarkowski (20)

PDF
Kube Your Enthusiasm - Tyler Britten
VMware Tanzu
 
PDF
Using Spinnaker to Create a Development Workflow on Kubernetes - Paul Czarkowski
VMware Tanzu
 
PDF
Spring Into Kubernetes DFW
VMware Tanzu
 
PDF
Download full Managing Kubernetes operating Kubernetes clusters in the real w...
duduhasikul
 
PDF
Kubernetes Basics - ICP Workshop Batch II
PT Datacomm Diangraha
 
PPTX
K8s in 3h - Kubernetes Fundamentals Training
Piotr Perzyna
 
PDF
Kubernetes Architecture - beyond a black box - Part 1
Hao H. Zhang
 
PDF
Kubernetes for Java developers
Robert Barr
 
PDF
Introduction_to_Kubernetes_Worflow_of_Kubernetes_during_deployment_on_Elastic...
Khan Baba
 
PPTX
Kubernetes
Anastasios Gogos
 
PDF
Managing Kubernetes operating Kubernetes clusters in the real world First Edi...
jayedmonotbp
 
PDF
kubernetes.pdf
crezzcrezz
 
PDF
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
Amazon Web Services Korea
 
PPTX
TRAINING_ABOUT_KUBERNETES_Nguyen_Si_Nhan.pptx
nhannguyensi
 
PDF
Cloud-Native Operations with Kubernetes and CI/CD
VMware Tanzu
 
PDF
Kubernetes Up And Running Dive Into The Future Of Infrastructure 2nd Brendan ...
xnhazusvop532
 
PPTX
Aks: k8s e azure
Alessandro Melchiori
 
PPTX
How kubernetes operators can rescue dev secops in midst of a pandemic updated
Shikha Srivastava
 
PDF
Kubernetes in Action First Edition Marko Luksa
linnjhmkoq2198
 
PDF
Kubernetes in Action First Edition Marko Luksa
faregyasuko
 
Kube Your Enthusiasm - Tyler Britten
VMware Tanzu
 
Using Spinnaker to Create a Development Workflow on Kubernetes - Paul Czarkowski
VMware Tanzu
 
Spring Into Kubernetes DFW
VMware Tanzu
 
Download full Managing Kubernetes operating Kubernetes clusters in the real w...
duduhasikul
 
Kubernetes Basics - ICP Workshop Batch II
PT Datacomm Diangraha
 
K8s in 3h - Kubernetes Fundamentals Training
Piotr Perzyna
 
Kubernetes Architecture - beyond a black box - Part 1
Hao H. Zhang
 
Kubernetes for Java developers
Robert Barr
 
Introduction_to_Kubernetes_Worflow_of_Kubernetes_during_deployment_on_Elastic...
Khan Baba
 
Kubernetes
Anastasios Gogos
 
Managing Kubernetes operating Kubernetes clusters in the real world First Edi...
jayedmonotbp
 
kubernetes.pdf
crezzcrezz
 
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
Amazon Web Services Korea
 
TRAINING_ABOUT_KUBERNETES_Nguyen_Si_Nhan.pptx
nhannguyensi
 
Cloud-Native Operations with Kubernetes and CI/CD
VMware Tanzu
 
Kubernetes Up And Running Dive Into The Future Of Infrastructure 2nd Brendan ...
xnhazusvop532
 
Aks: k8s e azure
Alessandro Melchiori
 
How kubernetes operators can rescue dev secops in midst of a pandemic updated
Shikha Srivastava
 
Kubernetes in Action First Edition Marko Luksa
linnjhmkoq2198
 
Kubernetes in Action First Edition Marko Luksa
faregyasuko
 
Ad

More from VMware Tanzu (20)

PDF
Spring into AI presented by Dan Vega 5/14
VMware Tanzu
 
PDF
What AI Means For Your Product Strategy And What To Do About It
VMware Tanzu
 
PDF
Make the Right Thing the Obvious Thing at Cardinal Health 2023
VMware Tanzu
 
PPTX
Enhancing DevEx and Simplifying Operations at Scale
VMware Tanzu
 
PDF
Spring Update | July 2023
VMware Tanzu
 
PPTX
Platforms, Platform Engineering, & Platform as a Product
VMware Tanzu
 
PPTX
Building Cloud Ready Apps
VMware Tanzu
 
PDF
Spring Boot 3 And Beyond
VMware Tanzu
 
PDF
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
VMware Tanzu
 
PDF
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
VMware Tanzu
 
PDF
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
VMware Tanzu
 
PPTX
tanzu_developer_connect.pptx
VMware Tanzu
 
PDF
Tanzu Virtual Developer Connect Workshop - French
VMware Tanzu
 
PDF
Tanzu Developer Connect Workshop - English
VMware Tanzu
 
PDF
Virtual Developer Connect Workshop - English
VMware Tanzu
 
PDF
Tanzu Developer Connect - French
VMware Tanzu
 
PDF
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
VMware Tanzu
 
PDF
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
VMware Tanzu
 
PDF
SpringOne Tour: The Influential Software Engineer
VMware Tanzu
 
PDF
SpringOne Tour: Domain-Driven Design: Theory vs Practice
VMware Tanzu
 
Spring into AI presented by Dan Vega 5/14
VMware Tanzu
 
What AI Means For Your Product Strategy And What To Do About It
VMware Tanzu
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
VMware Tanzu
 
Enhancing DevEx and Simplifying Operations at Scale
VMware Tanzu
 
Spring Update | July 2023
VMware Tanzu
 
Platforms, Platform Engineering, & Platform as a Product
VMware Tanzu
 
Building Cloud Ready Apps
VMware Tanzu
 
Spring Boot 3 And Beyond
VMware Tanzu
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
VMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
VMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
VMware Tanzu
 
tanzu_developer_connect.pptx
VMware Tanzu
 
Tanzu Virtual Developer Connect Workshop - French
VMware Tanzu
 
Tanzu Developer Connect Workshop - English
VMware Tanzu
 
Virtual Developer Connect Workshop - English
VMware Tanzu
 
Tanzu Developer Connect - French
VMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
VMware Tanzu
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
VMware Tanzu
 
SpringOne Tour: The Influential Software Engineer
VMware Tanzu
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
VMware Tanzu
 

Recently uploaded (20)

PDF
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
PDF
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
PDF
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
PDF
medical staffing services at VALiNTRY
Tiyan Grayson
 
PDF
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PDF
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PDF
Nekopoi APK 2025 free lastest update
umarali35kp
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
PDF
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
PDF
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PPTX
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
PDF
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
PDF
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
PPTX
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
PDF
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
medical staffing services at VALiNTRY
Tiyan Grayson
 
Softaken Excel to vCard Converter Software.pdf
markwillsonmw004
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
Nekopoi APK 2025 free lastest update
umarali35kp
 
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
Audit Checklist Design Aligning with ISO, IATF, and Industry Standards — Omne...
rohnjim07
 
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
Odoo POS Development Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
Upgrade and Innovation Strategies for SAP ERP Customers
Virendra Rai, PMP
 
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
Transform Your Business with a Software ERP System
Canada Software Company
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 

Kube Your Enthusiasm - Paul Czarkowski

  • 1. © Copyright 2018 Pivotal Software, Inc. All rights Reserved. Paul Czarkowski pczarkowski@pivotal.io Twitter: @pczarkowski Kube Your Enthusiasm
  • 2. © Copyright 2018 Pivotal Software, Inc. All rights Reserved. Paul Czarkowski pczarkowski@pivotal.io Twitter: @pczarkowski Kube Your Enthusiasm
  • 4. Cover w/ Image Topics ■ Platforms ■ Containers ■ Kubernetes ■ Helm ■ Spinnaker ■ Operators ■ Pivotal Container Service ■ Cloud Native Operations
  • 6. What is a platform ? https://en.wikipedia.org/wiki/Computing_platform
  • 7. Software runs on a platform
  • 10. Hardware IaaS CaaS PaaS FaaS HPE, Dell, IBM, Lenovo AWS, Microsoft Azure, GCP, VMware PKS, GKE, OpenShift, AWS Fargate, Kubernetes PCF, Azure App Service, Heroku AWS Lambda, Azure Functions, OpenWhisk, kubeless, PFS
  • 11. A modern software platform provides API driven compute resources.
  • 12. API Users Storage Compute NetworkDatabase AccessArtifacts Creative Commons [1] Jon Trillana [2] Simon Child 1 2
  • 15. Traditional Ticket Based Human Toil IaaS Hardware Platform PXE boot ? 15 More Control Less Control Less Efficiency More Efficiency
  • 16. Traditional Ticket Based Human Toil Build App Artifact Container Runtime Container Hosts Infrastructure Platform Infrastructure As Code IaaS API Config Management IaaS Hardware Platform PXE boot ? 16 More Control Less Control Less Efficiency More Efficiency
  • 17. Traditional Ticket Based Human Toil Build App Artifact App → to the Platform Container Runtime Container Hosts PaaS Application Platform Infrastructure Platform Application Platform Infrastructure As Code IaaS API CF APIConfig Management IaaS Hardware Platform PXE boot ? 17 More Control Less Control Less Efficiency More Efficiency
  • 18. Traditional Ticket Based Human Toil Build App Artifact Build App Container(s) App → to the Platform Container Runtime Container Hosts CaaS Container Orchestrator PaaS Application Platform Infrastructure Platform Container Platform Application Platform Infrastructure As Code More Control Less Control Less Efficiency More Efficiency IaaS API CF API K8s API Config Management Deployment Manifest IaaS Hardware Platform PXE boot ? 18
  • 19. Traditional Ticket Based Human Toil Build App Artifact Build App Container(s) App → to the Platform Container Runtime Container Hosts CaaS Container Orchestrator PaaS Application Platform Infrastructure Platform Container Platform Application Platform Infrastructure As Code More Control Less Control Less Efficiency More Efficiency IaaS API CF API K8s API Config Management Deployment Manifest IaaS Hardware Platform PXE boot ? 19 ????? PaaS Application Platform Function Platform ??? API
  • 20. Traditional Ticket Based Human Toil Build App Artifact Build App Container(s) App → to the Platform Container Runtime Container Hosts CaaS Container Orchestrator PaaS Application Platform Infrastructure Platform Container Platform Application Platform Infrastructure As Code More Control Less Control Less Efficiency More Efficiency IaaS API CF API K8s API Config Management Deployment Manifest IaaS Hardware Platform PXE boot ? 20 ????? PaaS Application Platform Function Platform ??? API
  • 21. Traditional Ticket Based Human Toil Build App Artifact Build App Container(s) App → to the Platform Container Runtime Container Hosts CaaS Container Orchestrator PaaS Application Platform VMware aws/gce/azure Pivotal Container Service Pivotal App Service Infrastructure As Code Pivotal Cloud Foundry 2.0 More Control Less Control Less Efficiency More Efficiency IaaS API CF API K8s API Config Management Deployment Manifest IaaS Dell Or whatever PXE boot ? 21 ????? PaaS Application Platform Pivotal Function Service ??? API
  • 22. Build App Container(s) CaaS Container Orchestrator Pivotal Container Service Pivotal Cloud Foundry 2.0 More Control Less Control Less Efficiency More Efficiency K8s API Deployment Manifest 22
  • 27. Saurabh Gupta. "Containers and Pivotal Cloud Foundry" 2016.
  • 28. FROM maven:3.6-jdk-11-slim as BUILD COPY . /src WORKDIR /src RUN mvn install -DskipTests FROM openjdk:11.0.1-jre-slim-stretch EXPOSE 8080 WORKDIR /app ARG JAR=hello-0.0.1-SNAPSHOT.jar COPY --from=BUILD /src/target/$JAR /app.jar ENTRYPOINT ["java","-jar","/app.jar"]
  • 29. $ docker build -t paulczar/hello . $ docker push paulczar/hello $ docker pull paulczar/hello $ docker run -d -p 8080:8080 paulczar/hello
  • 33. Hardware IaaS CaaS PaaS FaaS Strategic goal: Push as many workloads as technically feasible to the top of the platform hierarchy Higher flexibility and less enforcement of standards Lower development complexity and higher operational efficiency
  • 35. Vs
  • 36. Vs
  • 37. Worker Master API Server Users Control Plane Data Plane etcd Cloud Ctrl Manager Kubelet kube-proxy docker Scheduler Controller Manager
  • 38. Master Master Master API Server Users Control Plane Data Plane etcd Cloud Ctrl Manager Worker Kubelet kube-proxy docker Scheduler Controller Manager Worker Kubelet kube-proxy docker Worker Kubelet kube-proxy docker Flannel Flannel Flannel
  • 41. Unix Philosophy: Do one thing. Do it well.
  • 43. Imperative $ kubectl run hello --image=paulczar/go-hello-world $ kubectl scale hello --replicas=3 $ kubectl create service clusterip hello --tcp=80:80
  • 44. Declarative $ kubectl apply -f hello-world.yaml
  • 47. Imperative apiVersion: v1 kind: Pod metadata: name: hello spec: containers: - image: paulczar/go-hello-world imagePullPolicy: Always name: hello
  • 50. POD
  • 51. one or more containers that share a network and storage
  • 52. the minimum scalable unit of your application
  • 53. MASTER Node 1 Node 2 Node 3 Node 4 hello kubelet kubelet kubelet kubelet Scheduler Pod Name: hello Image: hello1
  • 54. MASTER Node 1 Node 2 Node 3 Node 4 hello kubelet kubelet kubelet kubelet Scheduler hello Pod Name: hello Image: hello1
  • 55. MASTER Node 1 Node 2 Node 3 Node 4 hello kubelet kubelet kubelet kubelet Scheduler Pod Name: hello Image: hello1
  • 57. MASTER Node 1 Node 2 Node 3 Node 4 hello-a kubelet kubelet kubelet kubelet Scheduler Controller Manager Replica Set Name: hello Image: hello1 Size: 3 hello-ghello-s Pod Name: hello-a Image: hello1 Pod Name: hello-b Image: hello1 Pod Name: hello-c Image: hello1
  • 58. MASTER Node 1 Node 2 Node 3 Node 4 hello-a kubelet kubelet kubelet kubelet Scheduler Controller Manager Replica Set Name: hello Image: hello1 Size: 3 hello-ghello-s hello-d Pod Name: hello-a Image: hello1 Pod Name: hello-b Image: hello1 Pod Name: hello-d Image: hello1
  • 59. MASTER Node 1 Node 2 Node 3 Node 4 hello-a kubelet kubelet kubelet kubelet Scheduler Controller Manager Replica Set Name: hello Image: hello1 Size: 5 hello-ghello-s hello-d hello-t hello-z Pod Name: hello-a Image: hello1 Pod Name: hello-a Image: hello1 Pod Name: hello-a Image: hello1 Pod Name: hello-a Image: hello1 Pod Name: hello-a Image: hello1
  • 60. MASTER Node 1 Node 2 Node 3 Node 4 kubelet kubelet kubelet kubelet Scheduler Controller Manager Replica Set Name: hello Image: hello1 Size: 0
  • 62. MASTER Node 1 Node 2 Node 3 Node 4 hello-A-c kubelet kubelet kubelet kubelet Scheduler Controller Manager Deployment Name: hello Image: hello1 Size: 3 hello-A-ghello-A-s Replica Set Name: hello-A Image: hello1 Size: 3
  • 63. MASTER Node 1 Node 2 Node 3 Node 4 hello-A-c kubelet kubelet kubelet kubelet Scheduler Controller Manager Deployment Name: hello Image: hello2 Size: 3 hello-A-ghello-A-s Replica Set Name: hello-A Image: hello1 Size: 3 Replica Set Name: hello-B Image: hello2 Size: 3 hello-B-g hello-B-r hello-B-c
  • 64. MASTER Node 1 Node 2 Node 3 Node 4 kubelet kubelet kubelet kubelet Scheduler Controller Manager Deployment Name: hello Image: hello2 Size: 3 Replica Set Name: hello-A Image: hello1 Size: 0 Replica Set Name: hello-B Image: hello2 Size: 3 hello-B-g hello-B-r hello-B-c
  • 66. MASTER Node 1 Node 2 Node 3 Node 4 hello-1 kubelet kubelet kubelet kubelet Scheduler Controller Manager StatefulSet Name: db Image: hello1 Size: 3 Pod Name: hello-1 Image: hello1
  • 67. MASTER Node 1 Node 2 Node 3 Node 4 hello-1 kubelet kubelet kubelet kubelet Scheduler Controller Manager StatefulSet Name: hello Image: hello1 Size: 3 hello-2 Pod Name: hello-1 Image: hello1 Pod Name: hello-2 Image: hello1
  • 68. MASTER Node 1 Node 2 Node 3 Node 4 hello-1 kubelet kubelet kubelet kubelet Scheduler Controller Manager StatefulSet Name: hello Image: hello1 Size: 3 hello-3hello-2 Pod Name: hello-1 Image: hello1 Pod Name: hello-2 Image: hello1 Pod Name: hello-3 Image: hello1
  • 69. MASTER Node 1 Node 2 Node 3 Node 4 db-1 kubelet kubelet kubelet kubelet Scheduler Controller Manager StatefulSet Name: db Image: cassandra Size: 3 db-3db-2 Pod Name: hello-a Image: Pod Name: hello-b Image: Pod Name: db-1 Image: ... vol vol vol Pod Name: hello-a Image: Pod Name: hello-b Image: PVC Name: db-1 Image: ...
  • 71. $ kubectl run hello --image=paulczar/hello -- port=8080
  • 72. ● kubectl run created a deployment “deployments.apps/hello” NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE deployment.apps/hello 1 1 1 1 1m ● The deployment created a replicaset “replicaset.apps/hello-64f6bf9dd4” NAME DESIRED CURRENT READY AGE replicaset.apps/hello-64f6bf9dd4 1 1 1 1m ● Which created a pod “pod/hello-64f6bf9dd4-tq5dq” NAME READY STATUS RESTARTS AGE pod/hello-64f6bf9dd4-tq5dq 1/1 Running 0 2s
  • 73. $ kubectl scale --replicas=3 deployment/hello
  • 74. $ kubectl scale --replicas=3 deployment/hello deployment.extensions/hello scaled $ kubectl get all NAME READY STATUS RESTARTS AGE pod/hello-64f6bf9dd4-2bndq 1/1 Running 0 15m pod/hello-64f6bf9dd4-4kq9l 0/1 ContainerCreating 0 2s pod/hello-64f6bf9dd4-8lkcs 1/1 Running 0 5s NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE deployment.apps/hello 3 3 2 3 16m NAME DESIRED CURRENT READY AGE replicaset.apps/hello-64f6bf9dd4 3 3 2 16m
  • 75. $ kubectl edit deployment hello ... spec: containers: - env: - name: MESSAGE value: HELLO I LOVE YOU!!!! image: paulczar/go-hello imagePullPolicy: Always name: hello
  • 76. $ kubectl get all NAME READY STATUS RESTARTS AGE pod/hello-5c75b546c7-4lwnn 1/1 Running 0 1m pod/hello-5c75b546c7-bwxxq 1/1 Running 0 1m pod/hello-5c75b546c7-sl2pg 1/1 Running 0 1m NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE deployment.apps/hello 3 3 3 3 23m NAME DESIRED CURRENT READY AGE replicaset.apps/hello-5c75b546c7 3 3 3 1m replicaset.apps/hello-64f6bf9dd4 0 0 0 23m
  • 77. $ kubectl port-forward deployment/hello 8080 Forwarding from 127.0.0.1:8080 -> 8080 $ curl localhost:8080 <html><head><title>HELLO I LOVE YOU!!!!</title></head><body>HELLO I LOVE YOU!!!!!</body></html>
  • 79. $ kubectl expose deployment hello --type=LoadBalancer --port 80 --target-port 8080
  • 80. kubectl expose deployment hello ● creates a service with a ClusterIP that acts as an internal loadbalancer to all pods in the “hello” deployment --type=LoadBalancer ● Creates a NodePort ● Configures a LoadBalancer to access the pods via the NodePort $ kubectl get services NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello LoadBalancer 10.39.248.123 35.184.17.129 80:30468/TCP 5m $ curl 35.184.17.129 <html><head><title>HELLO I LOVE YOU!!!!</title></head><body>HELLO I LOVE YOU!!!!!</body></html>
  • 81. Service track Pods based on metadata and provides connectivity and service discovery (DNS, Env variables) for them. Type ClusterIP (default) exposes service on a cluster-internal IP. Container Container Pod app=bacon Container Container Pod app=bacon Service app=bacon 10.3.55.7
  • 82. Service track Pods based on metadata and provides connectivity and service discovery (DNS, Env variables) for them. Type NodePort extends ClusterIP to expose services on each node’s IP via a static port. Container Container Pod app=bacon Container Container Pod app=bacon Service app=bacon 10.3.55.7 192.168.0.5:4530 K8s Worker K8s Worker 192.168.0.6:4530
  • 83. Service track Pods based on metadata and provides connectivity and service discovery (DNS, Env variables) for them. Type LoadBalancer extends NodePort to configure a cloud provider’s load balancer using the cloud-controller-manager. Container Container Pod app=bacon Container Container Pod app=bacon Service app=bacon 10.3.55.7 192.168.0.5:4530 K8s Worker K8s Worker 192.168.0.6:4530 Load Balancer 33.6.5.22:80
  • 84. Ingress a controller that manages an external entity to provide load balancing, SSL termination and name-based virtual hosting to services based on a set of rules. Ingress Service app=bacon https://example.com Service app=eggs /bacon /eggs
  • 86. Container Container Pod Volume Is [effectively] a Directory, possibly with data in it, available to all containers in a Pod. Usually Shares lifecycle of a Pod (Created when Pod is created, destroyed when Pod is destroyed). Persistent Volumes outlive Pods. Can be mounted from local disk, or from a network storage device such as a EBS volume, iscsi, NFS, etc.
  • 87. Config Map / Secret
  • 88. $ kubectl create configmap hello --from-literal=’message=Hello S1T’
  • 89. kubectl create configmap hello --from-file=index.html ● creates a configmap called “hello” containing the contents index.html $ kubectl get configmap hello -o yaml apiVersion: v1 kind: ConfigMap metadata: name: hello data: index.html: "<html>n<head>nt<title>Hello to my friends</title>n</head>n<body>ntHello to my friendsn</body>n</html>nn"
  • 90. kubectl create secret generic hello --from-file=index.html ● creates a secret called “hello” containing a base64 hash of contents index.html $ kubectl get secret hello -o yaml apiVersion: v1 kind: Secret metadata: name: hello data: index.html: PGh0bWw+CjxoZWFkPgoJPHRpdGxlPkhlbGxvIHRvIG15IGZyaWVuZHM8L3RpdGxlPgo8L2hlYWQ+Cjxib2R5 PgoJSGVsbG8gdG8gbXkgZnJpZW5kcwo8L2JvZHk+CjwvaHRtbD4KCg==
  • 91. Provides key-value pairs to be injected into a pod much like user-data is injected into a Virtual Machine in the cloud. Allows you to do last minute configuration of applications running on Kubernetes such as setting a database host, or a admin password. ConfigMaps store values as strings, Secrets store them as byte arrays (serialized as base64 encoded strings). Secrets are [currently] not encrypted by default. This is likely to change. Can be injected as files in a Volume, or as Environment Variables. ConfigMaps/Secrets (user-data)
  • 93. Helm
  • 94. Helm is the best way to find, share, and use software built for Kubernetes @pczarkowski
  • 96. Discover & launch great Kubernetes-ready apps Search charts 231 charts ready to deploy Wordpress, Jenkins, Kubeless... Secure | https://hub.kubeapps.com @pczarkowski
  • 97. apiVersion: v1 kind: ConfigMap metadata: name: {{ .Chart.name }}-cm data: db: {{ .Value.db }} apiVersion: apps/v1beta1 kind: Deployment metadata: name: {{ .Chart.name }}-app labels: app: {{ .Chart.name }} ... ... spec: containers: - image: paulczar/hello name: hello volumeMounts: - name: config mountPath: /etc/hello volumes: - name: config configMap: name: {{ .Chart.name }}-cm apiVersion: v1 kind: Service metadata: name: {{ .Chart.name }}-svc labels: app: {{ .Chart.name }}-world spec: ports: - port: {{ .Value.port }} protocol: TCP targetPort: 8080 selector: app: {{ .Chart.name }}-world type: NodePort @pczarkowski
  • 98. $ helm install --name staging . --set db=’user:pass@staging.mysql/dbname’ $ helm install --name production . --set db=’user:pass@production.mysql/dbname’ @pczarkowski
  • 106. Cluster Management ● Server Group ● Cluster ● Applications ● Load Balancer ● Firewall Pipelines ● Pipeline ● Stage ● Deployment Strategies @pczarkowski
  • 107. Multi-Cloud Inventory ● Server Group ● Cluster ● Applications ● Load Balancer ● Firewall Actions and Reactions ● Pipeline ● Stage ● Deployment Strategies @pczarkowski
  • 109. Cluster Management ● Server Group ● Cluster ● Applications ● Load Balancer ● Firewall Deployment Management ● Pipeline ● Stage ● Deployment Strategies Deployment Strategies
  • 116. Watchers Watch the Kubernetes API for changes to resources and perform arbitrary actions.
  • 117. Watchers Prometheus watches Services and Pods for certain annotations ...
  • 119. Watchers Spring Cloud Kubernetes watches Services and Endpoints to do service discovery on kubernetes.
  • 120. It also watches and reads ConfigMaps to allow for dynamic configuration of your applications.
  • 121. Dynamic Access Control After a request is authorized it goes through Admission Control
  • 122. Dynamic Access Control Image Policy Webhook
  • 125. Custom Controllers Kubernetes functionality is implemented using controllers.
  • 127. Custom Controllers The Cert Manager Controller
  • 133. > kubectl Storage NetworkingCompute Kubernetes Dashboard Dev / Apps IT / Ops App User Kubernetes is a Runtime for Containerized Workloads
  • 134. Storage NetworkingCompute Dev / Apps App User IT / Ops > kubectl Kubernetes Dashboard Load Balancing / Routing Container Image Registry App Monitoring App Logging OS Updates OS Images K8S Updates K8S Images Log & Monitor Recover & Restart Backup & Restore External Data Services Cluster Provisioning Provision & Scale Command Line / API Management GUI Monitoring GUI ...but Kubernetes alone is not enough for enterprises
  • 135. Storage NetworkingCompute Pivotal Container Service (PKS) provides what’s missing Dev / Apps App User IT / Ops > kubectl Kubernetes Dashboard Load Balancing / Routing Container Image Registry OS Updates OS Images K8S Updates K8S Images Log & Monitor Recover & Restart Backup & Restore External Data Services Cluster Provisioning Provision & Scale App Logging PKS Control Plane > pks Operations Manager vRealize Operations* *integration GCP Service Broker
  • 136. Storage NetworkingCompute Dev / Apps App User IT / Ops > kubectl Kubernetes Dashboard Load Balancing / Routing Container Image Registry K8S Updates Log & Monitor Backup & Restore External Data Services Cluster Provisioning App Logging PKS Control Plane GCP Service Broker > pks Operations Manager vRealize Operations* *integration on any Cloud
  • 137. Embedded OS (Windows & Linux) NSX-T CPI (15 methods) v1 v2 v3 ... CVEs Product Updates Java | .NET | NodeJS Pivotal Application Service (PAS) Application Code & Frameworks Buildpacks | Spring Boot | Spring Cloud | Steeltoe Elastic | Packaged Software | Spark Pivotal Container Service (PKS) >cf push >kubectl run YOU build the containerWE build the container vSphere Azure & Azure StackGoogle CloudAWSOpenstack Pivotal Network “3Rs” Github Concourse Concourse Pivotal Services Marketplace Pivotal and Partner Products Continuous delivery Public Cloud Services Customer Managed Services OpenServiceBrokerAPI Repair — CVEs Repave Rotate — Credhub
  • 138. BOSH Reliable and consistent operational experience for any cloud. BOSH Harbor NSX-T Kubernetes K8s Cluster K8s Cluster K8s Cluster PKS Control Plane Use the PKS CLI and API to create, operate, and scale your clusters. VMware GCP Azure Openstack AWS PKSControlPlane Built with open-source Kubernetes Constant compatibility with the latest stable release of Google Kubernetes Engine—no proprietary extensions. Harbor An enterprise-class container registry. Includes vulnerability scanning, identity management, and more. NSX-T Network management, security, and load balancing out-of-the-box with VMware NSX-T. Multi-cloud, multi-hypervisor. Enterprise-Grade Kubernetes
  • 139. What PKS adds to Kubernetes PKS value-added features Built into Kubernetes Multi-container pods Stateful Sets of pods Persistent disks Single tenant ingress Pod scaling and high availability Rolling upgrades to pods Cluster provisioning and scaling Embedded, hardened Operating System Monitoring and recovery of cluster VMs and processes Rolling upgrades to cluster infrastructure Secure multi-tenant ingress Secure container registry
  • 140. PKS Vision To provide enterprise customers with the ability to safely and efficiently deliver container services on their preferred infrastructure so that they can excel in their market with a cloud native platform
  • 141. PKS does for your Kubernetes what Kubernetes does for your apps
  • 142. Operational Efficiency ● Employ 500:1 developer to operator ratio ● Perform zero-downtime upgrades ● Runs the same way on every public/private cloud Developer Productivity Comprehensive Security ● Accelerate feedback loops by improving delivery velocity ● Focus on applications, not infrastructure ● Give developers the tools and frameworks to build resilient apps ● Adopt a defense-in-depth approach ● Continuously update platforms to limit threat impact ● Apply the 3 R’s → repair, repave, rotate ● Run platforms that stays online under all circumstances ● Scale up and down, in and out, through automation ● Deploy multi-cloud resilience patterns High Availability Platform Team Delivering Real Value
  • 144. BOSH Pivotal Container Service Platform Ops Pivotal Ops Manager PKS tile upload and config Pivotal Network Install Installing PKS NSX-T
  • 145. PKSControlPlane GCP Service Broker Harbor BOSH Pivotal Container Service Platform Ops deploy Install Pivotal Ops Manager Installing PKS NSX-T
  • 146. … or ... Pivotal NetworkConcourse pipelinePlatform Ops Execute Verify pre-reqs Provision infrastructure Download binaries Install Product Config Install PKS
  • 147. PKS User Interaction ● The PKS Management VM runs the PKS API together with the Broker, UAA and a MySQL DB. ● ● The PKS API orchestrates the initial kubernetes cluster deployments and scaling of those clusters. ● A single PKS VM can manage hundreds of Kubernetes cluster. ● The PKS CLI is a single binary that can be installed on a Mac, Windows, or Linux to drive the PKS API. PKS CLI PKS Management VM PKS API
  • 148. Creating a new K8s Cluster Platform User PKSControlPlane CLI API PKS CREATE CLUSTER BOSH deploy Kubernetes cluster Create Harbor NSX-T GCP SB Master Worker WorkerWorker etcd Worker Master etcd
  • 149. Deploying a Kubernetes Cluster via PKS BOSH PKS CONTROL PLANE PKS API MySQL PivotalOpsManager Master / etcd Worker 1 Worker 2 cluster UAA BROKER
  • 150. Availability Zone B Availability Zone A Health Management and HA (1) Kubelet watches and restart containers Kubelet Kube-proxy Pod Pod K8s Node Pod API Server Kube Scheduler K8s Master Controller Manager Bosh agent Bosh agent Bosh Health Manager Watches and restarts VMs Availability Zone A Availability Zone B 4 levels of built-in High Availability (2) BOSH agent watches and restarts processes (3) BOSH HM watches and restarts VMs (4) BOSH distributes deployments across AZs
  • 151. Multi-Tenancy PKSControlPlane Kubernetes cluster Kubernetes cluster Harbor GCP SB NSX-T BOSH Kubernetes cluster Master Worker Worker etcd Worker Master etcd Worker How to isolate and secure access from different tenants?
  • 152. Deployment Topologies & Multi-Tenancy Multi-cluster Single cluster K8s Cluster A K8s Cluster BOSH Namespace A Namespace B Namespace C BOSH K8s Cluster B K8s Cluster C NSX-T cluster-based namespace-based PKSControlPlane PKSControlPlane
  • 153. Multiple Kubernetes clusters deployed and managed independently by BOSH Independent networks with independent policies. Each cluster has a separate Master and Workers, with possibly different configs and resources (volumes, namespaces, policies, affinity rules) Provides complete isolation for multiple tenants Single Kubernetes cluster deployed by BOSH Different tenants use different Kubernetes Namespaces NSX-T is used to logically isolate each tenant’s network (Namespace) Provides logical multi-tenant isolation for managing a single cluster Multi-cluster Single cluster cluster-based namespace-based Deployment Topologies & Multi-Tenancy
  • 154. Scaling a Kubernetes Cluster Platform User PKSControlPlane CLI API PKS SCALE CLUSTER BOSH deploy Kubernetes cluster Scale Harbor NSX-T GCP SB Master Worker WorkerWorker etcd Worker Master etcd Worker
  • 155. A new security patch is released for Kubernetes. Pivotal releases a new CVE for PKS within a few hours. The Platform Operator can then apply the CVE with no platform downtime.
  • 156. BOSH Pivotal Container Service Platform Ops Pivotal Ops Manager PKS tile upload and config Pivotal Network Update Platform Ops updates PKS New!! PKSControlPlane GCP Service Broker Harbor NSX-T Kubernetes cluster Master Worker WorkerWorker etcd Worker Master etcd Worker
  • 157. PKSControlPlane GCP Service Broker Harbor BOSH Pivotal Container Service Platform Ops deploy Update Pivotal Ops Manager Platform Ops updates PKS Rolling Updates NSX-T Kubernetes cluster Master Worker WorkerWorker etcd Worker Master etcd Worker
  • 158. … or ... Pivotal NetworkConcourse pipelinePlatform Ops Execute Verify pre-reqs Verify current install Download updated binaries Rolling Updates Config Update PKS
  • 162. BUCKET 1 Independent Software Vendor (ISV) COTS BUCKET 2 Middleware Vendor BUCKET 3 .NET Core or .NET (Windows Server) BUCKET 4 Legacy Java BUCKET 5 Modern Java Application Prioritization Criteria Vendor provided software (ISV or COTS) or no access to source code IBM Websphere, Weblogic, Mulesoft, TIBCO etc 3-5 years old Java (under 7 years old) Java (Spring / NO Application Server Specific libraries) Vendor provides PCF buildpack, docker images or kubernetes artifacts Vendor provides PCF buildpack, docker images, kubernetes artifacts Access to source code Access to source code Access to source code Vendor availability to support the migration Vendor availability to support the migration Limited or no Windows dependencies Linux or Windows Server Linux Server Limited or no access to the code Example Example ISV product. Depends on MySQL DB and stores large files on disk. Example app that is built on WebSphere. No dependency on WebSphere libraries. Example app. 4 services built using .NET core and uses Microsoft SQL Server. Example app uses Java EE, fronted by API gateway ISV product, uses OracleDB. Example App uses Spring Boot, 6 Microservices, some legacy data sources but there are behind an API. Application 1 ? Application 2 ? Application n…? First Round: App Portfolio Identification by Bucket
  • 163. TIME Methodology TECHNICALQUALITY BUSINESS VALUEWORSE BETTER WORSEBETTER Tolerate Invest MigrateEliminate * Gartner’s TIME methodology for Application Portfolio Rationalization TECHNICAL QUALITY - Technical Debt Level BUSINESS VALUE - Revenue / Cost Impact Identify top 10s list
  • 164. TIME Methodology TECHNICALQUALITY BUSINESS VALUEWORSE BETTER WORSEBETTER Tolerate Invest MigrateEliminate * Gartner’s TIME methodology for Application Portfolio Rationalization TECHNICAL QUALITY - Technical Debt Level BUSINESS VALUE - Revenue / Cost Impact Identify top 10s list
  • 170. Source: "It's All About Delivering: A Journey From AWS to Cloud Foundry," Daniel Basten, Talanx, s1p 2018.
  • 171. Sources: "Sky is the Limit for Cloud Foundry at AirFrance-KLM," Nathan Wattimena & Fabien Lebrere, AirFrance-KLM, Oct. 2018.; “Why Change? Small batch thinking,” Coté, Sep. 2018; "Transformation Digitale de la Direction Enterprise France," Philippe Benaben, Gan Zifroni, Nicolas Gilot, Orange France, July 2018.
  • 180. You’re no longer an IT team
  • 182. You’re a Product Team The Platform is your product
  • 183. Infra Services App Platform Change!!! Platform Team Application Team Build common services for App Teams Take business requirements and turn them into features IaaS Virtual Infrastructure Physical Infrastructure Abstract infrastructure complexity with easy consumption DBaaSELK App2App1 App3 Middleware ML Creds/CertsMessaging ??? Container Services Container Hosts | Kubernetes Infrastructure Team
  • 187. Source: "Adopting PCF At An Automobile Manufacturer," Thomas Seibert and Gregor Zurowski, s1p 2017.
  • 188. PLATFORM VALUE STREAM AND METRICS REPLATFORM > MODERNIZE > OPTIMIZE ESTABLISH, MEASURE AND UPDATE KEY OBJECTIVES AND RESULTS (OKRs) SPEED & AGILITY STABILITY SCALABILITY SAVINGS $SECURITY 40-60%* More Projects With Same Staff Millions Annual Savings on HW, SW and Support 25-50%* Fewer Support Incidents 40%* Faster Patching Delivery @ Zero Downtime -90%* Time to Scale $ $ % Measure and Share
  • 189. Sample CIO Dashboard 60 Days Avg Lead Time 500 Stories per week 10% Apps on a CD Pipeline to Prod 15ms Avg Response Time YTD 60 Mins MTTR YTD 20% % of Systems Patched YTD 125 Mins Total Impacted User Minutes YTD 20 Releases in last month Speed Stability & Security
  • 193. Transforming How The World Builds Software © Copyright 2019 Pivotal Software, Inc. All rights Reserved.