Kubernetes from the Ground Up
- 1. GENERAL DISTRIBUTION THE KUBERNETES PLATFORM FOR BIG IDEAS Dustin Humphries PaaS and App Dev Solutions Architect February 20, 2019
- 2. GENERAL DISTRIBUTION … so you want to do containers and Kubernetes?
- 3. GENERAL DISTRIBUTION YOUR DIFFERENTIATION DEPENDS ON YOUR ABILITY TO DELIVER APPLICATIONS FASTER CONTAINERS, KUBERNETES, MICROSERVICES & DEVOPS ARE KEY INGREDIENTS Innovation Culture Cloud-native Applications AI & Machine Learning Internet of Things Blockchain
- 4. GENERAL DISTRIBUTION KUBERNETES DONE RIGHT IS HARD INSTALL HARDENDEPLOY OPERATE ● Templating ● Validation ● OS Setup ● Identity & Security Access ● App Monitoring & Alerts ● Storage & Persistence ● Egress, Ingress & Integration ● Host Container Images ● Build/Deploy Methodology ● Platform Monitoring & Alerts ● Metering & Chargeback ● Platform Security Hardening ● Image Hardening ● Security Certifications ● Network Policy ● Disaster Recovery ● Resource Segmentation ● OS Upgrade & Patch ● Platform Upgrade & Patch ● Image Upgrade & Patch ● App Upgrade & Patch ● Security Patches ● Continuous Security Scanning ● Multi-environment Rollout ● Enterprise Container Registry ● Cluster & App Elasticity ● Monitor, Alert, Remediate ● Log Aggregation of enterprise users identify complexity of implementation and operations as the top blocker to adoption Source: The New Stack, The State of the Kubernetes Ecosystem, August 2017 75%
- 5. GENERAL DISTRIBUTION The Kubernetes platform for developers
- 6. GENERAL DISTRIBUTION Developers want to be productive and have choice Choice of architectures Choice of programming languages Choice of databases Choice of application services Choice of development tools Choice of build and deploy workflows They don’t want to have to worry about the infrastructure. Photo: rawpixel on Unsplash
- 7. CONFIDENTIAL - FOR INTERNAL USE ONLY 7 CONFIDENTIAL - FOR INTERNAL USE ONLY
- 8. CONFIDENTIAL - FOR INTERNAL USE ONLY 8 CONFIDENTIAL - FOR INTERNAL USE ONLY THE CLOUD-NATIVE APP DEV CHALLENGE
- 9. GENERAL DISTRIBUTION The Kubernetes platform for IT Operations
- 10. GENERAL DISTRIBUTION IT Operations needs secure, efficient and controlled processes Automated* provisioning Automated installations Automated security scanning Automated upgrades Automated backups And it needs to integrate with what you already have. *coming soon
- 12. Etcd Distributed, consistent key-value store used for config management, service discovery, and state management 12 Master Components Kube-controller-manager Daemon that watches the state of the cluster attempts to make changes based on current state and desired state Cloud-controller-manager Allows cloud providers to release code specific to their platform and interact independently with Kubernetes. Kube-apiserver API server used to expose Kubernetes control plane. Kube-scheduler Schedules pods and deploys them to nodes based on availability of requested resources
- 13. Kubelet Agent that runs on each node, and makes sure pods are running and healthy 13 Node Components Kube-proxy Enables service abstraction maintaining network rules on hosts and performs connection forwarding Container Runtime Software that is responsible for running containers. Docker, containerd, cri-o
- 14. But we need Networking… NETWORK
- 15. Where do I store my container images? IMAGE REGISTRY NETWORK
- 16. What about logging and metrics? IMAGE REGISTRY METRICS AND LOGGING NETWORK heapster
- 17. What about ALM? IMAGE REGISTRY APP LIFECYCLE MGMT METRICS AND LOGGING NETWORK
- 18. We need application services… IMAGE REGISTRY Application services e.g. database and messaging APP SERVICES APP LIFECYCLE MGMT METRICS AND LOGGING NETWORK
- 19. Enable Devops, with Self Service IMAGE REGISTRY SELF-SERVICE APP SERVICES APP LIFECYCLE MGMT METRICS AND LOGGING NETWORK
- 20. NOT ENOUGH, THERE IS MORE! Routing & Load Balancing Multi-tenancy CI/CD Pipelines Role-based Authorization Capacity Management Chargeback Vulnerability Scanning Container Isolation Image Build Automation Quota Management Teams and Collaboration Infrastructure Visibility
- 21. 21 OpenShift Application Lifecycle Management Build Automation Deployment Automation Service Catalog (Language Runtimes, Middleware, Databases) Self-Service Infrastructure Automation & Cockpit Container Business Automation Container Integration Container Data & Storage Container Web & Mobile Networking Storage Registry Logs & Metrics Security Container Orchestration & Cluster Management (kubernetes) Container Runtime & Packaging (docker) Enterprise Container Host Red Hat Enterprise LinuxAtomic Host Traditional, stateful, and cloud-native apps Developer Experience Enterprise Kubernetes++ container orchestration Trusted by Fortune Global 500 companies OPENSHIFT CONTAINER PLATFORM
- 22. GENERAL DISTRIBUTION The Kubernetes platform for your business “The moment we have an idea, we can start building.” Tobias Mohr, Head of Technology and Infrastructure, Lufthansa Technik
- 23. GENERAL DISTRIBUTION RED HAT OPENSHIFT BUSINESS VALUE 531% 5 Year ROI $1.29M Average annual benefits per 100 developers 8 MONTHS Payback period The Business Value of Red Hat OpenShift, IDC #US41845816, October 2017 https://www.redhat.com/en/resources/The-Business-Value-of-Red-Hat-OpenShift 66% 36% More applications per year Faster development lifecycle
- 24. GENERAL DISTRIBUTION HOW OPENSHIFT ENABLES DEVELOPER PRODUCTIVITY SPRING & JAVA EE MICROSERVICES FUNCTIONS LANGUAGES DATABASES APPLICATION SERVICES LINUX WINDOWS* * coming soon CODE BUILD TEST DEPLOY MONITORREVIEW Self-service Provisioning Automated build & deploy CI/CD pipelines Consistent environments Configuration management App logs & metrics
- 25. GENERAL DISTRIBUTION Fully automated day-1 and day-2 operations AUTOMATED CONTAINER OPERATIONS Infra provisioning Embedded OS Full-stack deployment On-premises and cloud Unified experience Secure defaults Network isolation Signing and policies Audit and logs Multi-cluster aware Monitoring and alerts Zero downtime upgrades Full-stack patch & upgrade Vulnerability scanning INSTALL HARDENDEPLOY OPERATE AUTOMATED OPERATIONS
- 26. GENERAL DISTRIBUTION ● https://docs.okd.io/latest/minishift/getting-started/installing.html ● To grant your user admin rights to view all projects run the following commands: ○ oc login –u system:admin ○ oc adm policy add-cluster-role-to-user admin <user> ○ oc adm policy add-cluster-role-to-user cluster-admin <user> ● Bluegreen project: ○ Feel free to fork my project and test: ■ https://github.com/dmhumph/bluegreen Minishift Links
- 27. GENERAL DISTRIBUTION ● Red Hat CodeReady Workspaces is included with OpenShift subscriptions ● https://developers.redhat.com/products/codeready-workspaces/overview/ Red Hat CodeReady Workspaces
- 29. 29 DIY CONTAINER STACK CHALLENGES Linux Container Runtime & Packaging Networking SecurityStorage Registry Logs & Metrics Container Orchestration & Cluster Management Application Lifecycle Management (CI / CD) Build Automation Deployment Automation Service Catalog (Language Runtimes, Middleware, Databases, …) Self-service Container ContainerContainer Container Container PublicPrivateVirtualPhysical Bring your own middleware, data & other services. Build out a service catalog / interface to enable self-service deployment. Take existing application build/CI & deployment tools and evolve to add container image build & mgt., continuous deployment, etc. Pull Kubernetes or other orchestration (Mesos, Swarm) from rapidly moving upstream & support / maintain yourself. Do all the work required to integrate it into your enterprise IT environment (networking, storage, registry, security, logging, metrics, etc.) Pull Docker container runtime from rapidly moving upstream and support, secure and maintain it yourself. Support and manage your own Linux community distro or build on existing RHEL or 3rd party commercial Linux offerings. GENERAL DISTRIBUTION