10 kube commandments we ve been in the game for years
play

10 Kube Commandments We've been in the game for years That in - PowerPoint PPT Presentation

Mar 19, 2024 •341 likes •1.01k views

10 Kube Commandments We've been in the game for years That in itself is admirable There's rules to this biz We wrote y'all a manual A step-by-step conf talk for you to get... Your clusters on track And not your releases pushed back Bryan

  1. 10 Kube Commandments

  2. We've been in the game for years

  3. That in itself is admirable

  4. There's rules to this biz

  5. We wrote y'all a manual

  6. A step-by-step conf talk for you to get...

  7. Your clusters on track

  8. And not your releases pushed back

  9. Bryan Liles Staff Software Engineer Heptio Lots of years Years of Experience @bryanl

  10. Carlos Amedee Senior Software Engineer DigitalOcean Observability Cloud Compute Services Systems Engineering @cagedmantis

  11. Rule Number Uno To go fast, you must start slow

  12. Rule Number Uno To go fast, you must start deliberately

  13. Public Cloud Datacenter Your Desktop

  14. Public Cloud Datacenter Your Desktop • GKE on Google Cloud • Minikube • kubeadm • AKS on Azure • Minik8s • *lots of vendors* • *lots of vendors* • Docker for Mac or Windows

  15. Not Declarative Public Cloud Datacenter X X • GKE on Google Cloud • kubeadm • AKS on Azure • *lots of vendors* • *lots of vendors*

  16. Cluster API

  17. Number Two Always let them know your next move

  18. Your next move is the images you'll deploy to your cluster

  19. Build Image Host Image

  20. docker build

  21. docker build • buildah • img • GCP Container Builder

  22. Why are you still building your containers with root privileges?

  23. Rule Number Three Never trust nobody: Hookup up that Pod Security Policy

  24. apiVersion: extensions/v1beta1 kind: PodSecurityPolicy metadata: name: how-not-to-get-robbed spec: privileged: false runAsUser: rule: MustRunAsNonRoot seLinux: rule: RunAsAny fsGroup: rule: RunAsAny supplementalGroups: rule: RunAsAny volumes: - nfs

  25. Number Four I know you heard this before: Never get high off what Kube supplies

  26. Custom Resource Definition Custom CRD Controller

  27. Custom Resources Pattern K8s External Resource Custom CRD Controller Native Resource

  28. Custom Resources Pattern Custom CRD Operator Controller

  29. Custom Resources Pattern Native Resource Native Custom CRD Resource Controller Native Resource

  30. Rule Number Five Communicating With Pods Never Mix Internal and External Traffic

  31. Ingress Tra ffi c

  32. Cluster IP apiVersion: v1 Proxy kind: Service metadata: name: sample-service spec: selector: app: sample-app Service type: ClusterIP ports: - name: http port: 80 targetPort: 80 protocol: TCP Pod Pod Pod

  33. Node Port Service apiVersion: v1 kind: Service metadata: name: my-nodeport-service spec: Pod Pod Pod Pod selector: app: my-app type: NodePort ports: - name: http port: 80 targetPort: 80 nodePort: 30036 protocol: TCP

  34. Load Balancer Load Balancer apiVersion: v1 kind: Service metadata: name: sample-lb Service spec: selector: app: some-app type: LoadBalancer ports: - name: http port: 80 Pod Pod Pod targetPort: 80 protocol: TCP

  35. Ingress apiVersion: extensions/v1beta1 Ingress kind: Ingress metadata: name: my-ingress spec: backend: serviceName: other Service Service servicePort: 8080 rules: - host: foo.mydomain.com http: paths: - backend: serviceName: foo Pod Pod Pod Pod Pod Pod servicePort: 8080 - host: mydomain.com http: paths: - path: /bar/* backend: serviceName: bar servicePort: 8080

  36. Egress Tra ffi c

  37. Egress apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: sample-network-policy spec: podSelector: matchLabels: role: my-app policyTypes: - Egress egress: - to: - ipBlock: cidr: 10.0.0.0/24

  38. Service Mesh

  39. Rule Number Six If You Think You Know What’s Happening In Your Cluster… Forget it.

  40. Observability What’s happening in your cluster?

  41. What’s happening on your cluster?

  42. Metrics and Alerting

  43. Logging

  44. Distributed Tracing

  45. Observability Dashboard

  46. Horizontal Pod Autoscaler

  47. Rule Number Seven Keep your storage and the business rules to manage it completely separated.

  48. Storage

  49. Easily create your own storage implementation

  50. Persistent Volume Snapshots

  51. Number 8: Using Tools

  52. Package Configuration Management Management

  53. Package Management • Helm 2 • Bounds of YAML

  54. Configuration Management • ksonnet • Pulumi • Ballerina

  56. Other types of tools? • ska ff old • kustomize

  57. Number 9: Extending Kubernetes

  58. What happens if you get an API for free?

  59. What happens when you outgrow the Kubernetes API?

  60. Number 10: A live word called refinement -- Building On Kubernetes

  61. App 1 App 2 App 3 Cluster "On top of Kubernetes"

  62. App 1 App 2 App 3 Cluster "On Kubernetes"

  63. Follow these rules

  64. You'll have mad bread to break up

  65. If not, 24 hours of on-call with constant wake ups.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Ten Commandments: Commandments 1-3 The Ten Commandments God chose the Israelites,

The Ten Commandments: Commandments 1-3 The Ten Commandments God chose the Israelites,

The Ten Commandments: Commandments 1-3 The Ten Commandments God chose the Israelites, descendants of Abraham, to be people particularly holy to Himself. To them was given the promise of the Messiah, who would be the Savior of the

549 views • 22 slides
RCIA 6: The First Three Commandments 6: The First Three Commandments Scene from the movie The

RCIA 6: The First Three Commandments 6: The First Three Commandments Scene from the movie The

9/2/2019 RCIA 6: The First Three Commandments 6: The First Three Commandments Scene from the movie The Ten Commandments 2 6: The First Three Commandments Exodus 20:2-17 3 1 9/2/2019 6: The First Three Commandments Gods Law

465 views • 12 slides
Review of Synchrotron Radiation based Diagnostics for Transverse Profile Measurements Gero Kube

Review of Synchrotron Radiation based Diagnostics for Transverse Profile Measurements Gero Kube

Review of Synchrotron Radiation based Diagnostics for Transverse Profile Measurements Gero Kube DESY / MDI gero.kube@desy.de Introduction Small Emittance Measurements Non-standard Profile Measurements D eutsches E lektronen SY

705 views • 55 slides
Kube-Knots: Resource Harvesting through Dynamic Container Orchestration in GPU-based Datacenters

Kube-Knots: Resource Harvesting through Dynamic Container Orchestration in GPU-based Datacenters

Kube-Knots: Resource Harvesting through Dynamic Container Orchestration in GPU-based Datacenters Prashanth Thinakaran , Jashwant Raj Gunasekaran, Bikash Sharma, Chita Das, Mahmut Kandemir September 25th, IEEE CLUSTER19 Motivation Sub-PF GPU

942 views • 32 slides
The 10 Commandments of Release Engineering Dinah McNutt Google, Inc. Overview This talk is

The 10 Commandments of Release Engineering Dinah McNutt Google, Inc. Overview This talk is

The 10 Commandments of Release Engineering Dinah McNutt Google, Inc. Overview This talk is really about "Build & Release", not just "Release" Focus is on server-side software The commandments are solutions to

358 views • 16 slides
Pencil Beam Scanning (PBS) in Radiotherapy of Malignant Lymphomas J. Kube PTC Prague, Czech

Pencil Beam Scanning (PBS) in Radiotherapy of Malignant Lymphomas J. Kube PTC Prague, Czech

Pencil Beam Scanning (PBS) in Radiotherapy of Malignant Lymphomas J. Kube PTC Prague, Czech Rep. Why proton beam therapy Why protons ? - Have Br Bragg peak and th they stop op in in th the tis tissue - Radio iobiological effec

452 views • 33 slides
e-Bug Junior Game Junior Game Game Style Game Process Demo Game Mechanics and

e-Bug Junior Game Junior Game Game Style Game Process Demo Game Mechanics and

e-Bug Junior Game Junior Game Game Style Game Process Demo Game Mechanics and Learning Outcomes Feedback to date and evaluation plans Game Style Game style encompasses two genres of game o Platform game fast action

575 views • 22 slides
e-Bug Senior Game Senior Game Game Style Game Process Demo Game Puzzles and

e-Bug Senior Game Senior Game Game Style Game Process Demo Game Puzzles and

e-Bug Senior Game Senior Game Game Style Game Process Demo Game Puzzles and Learning Outcomes Feedback to date and evaluation plans Game Style Game is a detective game where the player investigates microbial problems.

572 views • 19 slides
Introduction Let's start with an extreme example. After three years on the market, according to

Introduction Let's start with an extreme example. After three years on the market, according to

Introduction Let's start with an extreme example. After three years on the market, according to analytics site Think Gaming 's estimates, the tower defense hit game Clash of Clans is still the top grossing mobile game today, bringing in an

812 views • 38 slides
D r o u g h 33.6 -45.5 33.6 -45.5 11 years 5.4 years 11 years 5.4 years years t

D r o u g h 33.6 -45.5 33.6 -45.5 11 years 5.4 years 11 years 5.4 years years t

D r o u g h 33.6 -45.5 33.6 -45.5 11 years 5.4 years 11 years 5.4 years years t years Figure 2. Precipitation anomalies during 11 years of the dust bowl (1930-1940) Station Set-up Montana Mesonet January 2018 4 36 ranchers

533 views • 36 slides
LET US PRAY FOR BILLY JOEL 1 THE GREATEST COMMANDMENTS One of them, a lawyer, asked Him a

LET US PRAY FOR BILLY JOEL 1 THE GREATEST COMMANDMENTS One of them, a lawyer, asked Him a

LET US PRAY FOR BILLY JOEL 1 THE GREATEST COMMANDMENTS One of them, a lawyer, asked Him a question , testing 2 Him, Teacher, which is the great commandment in the Law? And He said to him, Y OU SHALL LOVE YHWH YOUR G OD WITH ALL

286 views • 26 slides
THE TEN COMMANDMENTS. People who want to live or work together make rules for themselves. The

THE TEN COMMANDMENTS. People who want to live or work together make rules for themselves. The

THE TEN COMMANDMENTS. People who want to live or work together make rules for themselves. The rules give them freedom to live as they wish, but at the same time, be responsible for the happiness of the whole group. This story is found in the

677 views • 11 slides
in the InsurTech Game Winners & Losers in the InsurTech Game The emergence of InsurTech has

in the InsurTech Game Winners & Losers in the InsurTech Game The emergence of InsurTech has

Winners & Losers in the InsurTech Game Winners & Losers in the InsurTech Game The emergence of InsurTech has dramatically impacted the traditional insurance space in recent years, and the increasing levels of interest and investment

339 views • 5 slides
2018 Annual Meeting OUTLINE Ten Commandments for Hydrogeologists Groundwater Flow Modeling

2018 Annual Meeting OUTLINE Ten Commandments for Hydrogeologists Groundwater Flow Modeling

presented by Steven T. Finch, Jr. CPG, PG JSAI 2018 Annual Meeting OUTLINE Ten Commandments for Hydrogeologists Groundwater Flow Modeling Concepts Pressure Response Versus Travel Time Head Gradients Well Construction and data

472 views • 20 slides
12 Commandments of Monitors in Python Synchronization class BK: def __init__(self): I. Thou

12 Commandments of Monitors in Python Synchronization class BK: def __init__(self): I. Thou

12 Commandments of Monitors in Python Synchronization class BK: def __init__(self): I. Thou shalt name your self.lock = Lock() VIII. Honor thy shared synchronization variables data with an invariant, properly self.hungrykid =

670 views • 27 slides
AGE* 13 YEARS OF AGE AND OLDER PREVIOUS GAME EXPERIENCE* NA PREVIOUS CERTIFICATION EXPERIENCE*

AGE* 13 YEARS OF AGE AND OLDER PREVIOUS GAME EXPERIENCE* NA PREVIOUS CERTIFICATION EXPERIENCE*

GRASSROO SSROOT T CER ERTIFIC FICATIO ATION N REQ EQUIREM REMEN ENTS ENROLLMENT REGISTRATION AGE* 13 YEARS OF AGE AND OLDER PREVIOUS GAME EXPERIENCE* NA PREVIOUS CERTIFICATION EXPERIENCE* NA TRAINING ONLINE + IN-PERSON GRASSROOTS

332 views • 19 slides
OpenStack und Heat Standardisierte Test- und Entwicklungsumgebungen iX OpenStack Konferenz

OpenStack und Heat Standardisierte Test- und Entwicklungsumgebungen iX OpenStack Konferenz

OpenStack und Heat Standardisierte Test- und Entwicklungsumgebungen iX OpenStack Konferenz 2015 15. April 2015 Thomas Krgel Linux Consultant & Developer B1 Systems GmbH kaergel@b1-systems.de B1 Systems GmbH - Linux/Open Source

504 views • 49 slides
AADHAAR ENABLED BENEFIT DISBURSEMENT SYSTEM IN AP & TELANGANA 09 th Oct 2014 Agenda

AADHAAR ENABLED BENEFIT DISBURSEMENT SYSTEM IN AP & TELANGANA 09 th Oct 2014 Agenda

AADHAAR ENABLED BENEFIT DISBURSEMENT SYSTEM IN AP & TELANGANA 09 th Oct 2014 Agenda Introduction ICT Overview DC Infrastructure Technology Model Fund and Process Flows PoTD Process Flow Exception Handling

590 views • 20 slides
Multi-Language Infrastructure as Code The Cloud is the New Operating System: Lets Program It

Multi-Language Infrastructure as Code The Cloud is the New Operating System: Lets Program It

Multi-Language Infrastructure as Code The Cloud is the New Operating System: Lets Program It Joe Duffy @funcOfJoe Pulumi Founder and CEO 6/26/19 - QCon NYC Why Infrastructure as Code? Standing on the Shoulders of Giants 2 Why

572 views • 34 slides
StreamGlobe Adaptive Query Processing and Optimization in Streaming P2P Environments A. Kemper,

StreamGlobe Adaptive Query Processing and Optimization in Streaming P2P Environments A. Kemper,

Lehrstuhl Informatik III: Datenbanksysteme StreamGlobe Adaptive Query Processing and Optimization in Streaming P2P Environments A. Kemper, R. Kuntschke, and B. Stegmaier TU Mnchen Fakultt fr Informatik Lehrstuhl III: Datenbanksysteme

193 views • 17 slides
Networking in AWS Carl Simpson Technical Architect, Zen Internet Limited

Networking in AWS Carl Simpson Technical Architect, Zen Internet Limited

Networking in AWS Carl Simpson Technical Architect, Zen Internet Limited carl.simpson@zeninternet.co.uk About Me: About Me: Technical Architect Cloud & Hosting @ Zen Internet Limited About Me: Technical Architect Cloud

2.06k views • 167 slides
Enterprise Data Unification Powered by Machine Learning Jerome Gransac Confidential

Enterprise Data Unification Powered by Machine Learning Jerome Gransac Confidential

Enterprise Data Unification Powered by Machine Learning Jerome Gransac Confidential Confidential HI-IS Big Data Event Intro Tamr Overview Background Use Cases & Customer Success Technology & Differentiation

439 views • 40 slides
Teaching Your Toaster New Tricks Or doing cool things with IoT About Me About me

Teaching Your Toaster New Tricks Or doing cool things with IoT About Me About me

Teaching Your Toaster New Tricks Or doing cool things with IoT About Me About me Student Researcher at Cal Poly Pomona Learn by doing! Focus on Internet of Things and Embedded Devices Participate in CCDC, CPTC, and CTF

725 views • 71 slides
INSIDER SUMMIT 2019 Insights at the Insider Summit Thinking and dreaming about TBM!

INSIDER SUMMIT 2019 Insights at the Insider Summit Thinking and dreaming about TBM!

INSIDER SUMMIT 2019 Insights at the Insider Summit Thinking and dreaming about TBM! Every company is a technology company Speed is the new currency and data is the new oil! We must increase our clock speed! Cloud is not a

357 views • 24 slides

More recommend