SlideShare une entreprise Scribd logo

On Prem Container Cloud - Lessons Learned

CodeOps Technologies LLP
CodeOps Technologies LLP

This document discusses best practices for setting up a Docker and Kubernetes environment. It covers topics like Docker storage drivers, Docker networking, Kubernetes authentication and authorization, exposing services, integrating logging and monitoring. The key recommendations are to use OverlayFS or Devicemapper storage, Calico networking, Kubernetes security policies, namespaces and RBAC, and Ingress for exposing services. ETCD backup and fault tolerance is also important.

Logiciels
1  sur  23
Télécharger pour lire hors ligne
Pradipta Banerjee (@pradipta_kr, www.cloudgeekz.com)
§ Cloud Native Stack § High Level requirements § Details
§ Whether to Dockerize ? § Which orchestration tool to use?
Host (Bare-metal or Virtual Machine) Linux O/S Monitoring/Mgmt Agents Docker Engine Docker Orchestration DevOps: • CI/CD Pipeline Tooling • Build Service • Trusted & Secure Registry • Image Scanning & Integrity • App & Image Governance • PaaS Operations • LifeCycle Management of Host and Containers • Cluster Management • Network Management • Storage Management • Monitoring & Alerting • User Management • Logging • Security • HA • Backup and Disaster Recovery Misc • Firewall • Load Balancer • Service Discovery • DNS • Proxy • Ingress • … Storage Network Single System View
§ Docker Host § VM/baremetal § Lifecycle management of hosts ? § Docker Storage for Containers and Volumes? § Network for Host and Docker Containers? § Docker Orchestration § Handling user authentication & authorization § How to expose services ? § How to access legacy backends ? § How to handle resource management for different users and teams ? § Handling HA, backup & restore § Docker Image Build & Distribution § Where to get the base images ? § How to handle multi-arch builds ? § How to scan the images for any existing vulnerabilities ? § Should the images be stored on public registry or private registry ? § Configuration management § How to manage keys, secrets and runtime configuration of containers? § Logging § What logging mechanism to use for containers and host ? § Should we use same or different logging mechanism for containers and host ? § Monitoring § How to monitor host & containers ? § How to integrate into existing enterprise wide monitoring solution ?
§ Every orchestration s/w (Kubernetes, Docker swarm, Mesos- marathon) is opinionated when it comes to describing a containerized application (pattern) § Developers and Operators need to be in agreement. § This session is mostly focused on Kubernetes
§ Key Points to Remember § AUFS is not supported by any Linux Distribution § OverlayFS is a good choice – check support statement § Devicemapper with Direct-LVM is a decent (& supported) option § https://docs.docker.com/engine/userguide/storagedriver/device- mapper-driver/ § Storage sizing depends on the role of the host § Building Docker images requires significantly more storage
§ NFS § HostPath § Use a specific directory or file on the host § The directory can be from local storage or external storage (eg. SAN) § Many more options in Kubernetes - Gluster, Ceph, etc. § NFS and HostPath are good options for on-prem Kubernetes deployments
§ Overlay (eg. Flannel) § Easier maintenance § Has performance overheads § Flat § Maintenance overheads (manual partitioning and management of IP address space) § Better performance § Layer-3 (eg. Calico) § Easier maintenance § Better performance § Provides network policy config § Calico is a good choice for Docker Networking with Kubernetes § Calico/Flannel comparison Ref: http://chunqi.li/2015/11/15/Battlefield-Calico- Flannel-Weave-and-Docker-Overlay-Network/
§ Base Image § From Public Registries like DockerHub § Create your own § Generic Best Practice § Use layering § One layer for base, one for user configuration and one for application § Leverage ‘USER’ directive to run programs inside container as non-root. § Use environment variables for runtime configuration § Use volumes for storing application data § Ensure regular scanning of images § Multi-architecture Builds § Use architecture emulators or native multi-arch build farms § Use fat (V2) image manifest or labels in the image name (ppc64le/mysql, mysql-ppc64le) § Example using arch emulator for multi-arch build - https://goo.gl/eU0Qbj
§ Run your own private registry leveraging opensource docker distribution code (available with all Linux distributions) § Commercial Docker orchestration tools ships with private registry (IBM Spectrum Conductor for Containers, RedHat OpenShift, Docker DataCenter etc) § Standalone 3rd party solutions available as well § Docker Trusted Registry (DTR) § Artifactory § Vulnerability Scanning of Docker Images § Integrated with 3rd party solutions § Setup your own (Clair, atomic-scan) § Example using Clair - https://goo.gl/Ff3ACw
§ Authentication § Static Password File § Certificate Based § Token Based § OpenID § KeyStone (required for LDAP/AD authentication) § Authorization § Role Based § Attribute Based § Example LDAP/AD authentication setup with Kubernetes - https://goo.gl/5qfy80
§ Use Kubernetes Namespaces § One namespace per user or group § Separate namespaces for Dev/Test/Staging/Build § Specify Resource Quota (cpu, mem, #pods, #services, #RCs, #PersistentVolumeClaims) for each namespace § Use the same Kubernetes cluster for dynamic builds § Example Jenkins Build Pipeline Setup: https://goo.gl/OvHKm1
§ Security Constraints § Allowed/Disallowed container operations § Explicitly add/remove Linux capabilities from containers § Disable Linux system calls § Allow/Disallow container to run as root § Pod Security Policy § Governs what actions a pod can perform § Selinux/AppArmor rules § Network Policies § Governs how Pods communicates with each other § Always set Kubernetes cluster wide security policies for production deployments § Example Cluster-wide Security Policy Setup - https://goo.gl/oBKm2S
§ Internal (service not accessible outside of Kubernetes cluster) § ClusterIP (kube-proxy) § External § External IPs § NodePort § Cloud Loadbalancer (for off-prem) § Ingress § Requires supported Ingress controllers eg. nginx, ha-proxy § 3rd party controllers (check with vendors) – F5, NetScaler etc. § Use Ingress for exposing services in Kubernetes
§ Kubernetes state is maintained in ETCD which is a distributed key-value store § Deployment considerations for ETCD § Fault-tolerant cluster § Storage for ETCD (Network and IO latency directly affects ETCD) § ETCD data backup and restore § Enable TLS § Deployment considerations for ETCD - https://goo.gl/n5VX1f
§ Explicitly create a Kubernetes Endpoint and a Service § Create a Kubernetes Endpoint with IP and Port details of the Legacy Backend § Create a Kubernetes Service to expose the Endpoint § Complete Example - https://goo.gl/V8TKnK
§ Docker Logging § Which docker logging driver to use – json, syslog, journald etc. § Kubernetes metadata is available as part of docker labels § Kubernetes Logging § If using systemd based Linux distro, then by default all logging is to journald § If ForwardToSyslog (/etc/systemd/journald.conf) is set to Yes, then logs will be available in syslog (rsyslog) as well § All kubernetes logs are in journald or /var/log/messages (if ForwardToSyslog is set to Yes). § Centralized logging § Docker/Kubernetes -> Rsyslog -> ELK § Docker/Kubernetes -> Rsyslog -> Splunk § Log rotation for Docker and Kubernetes is external and needs to be handled accordingly
Kubernetes Cluster Heapster (Aggregator) InfluxDB SinkSource Grafana • What if you want to integrate Kubernetes monitoring with your existing enterprise monitoring solution ? • Write your own sink ? • Use a different monitoring solution than Heapster • Note: Horizontal POD Autoscaling based on CPU utilization leverages Heapster ELK …
§ Docker Orchestration options are opinionated § OverlayFS or Devicemapper with Direct-LVM for Docker Storage § Plan for ETCD fault-tolerance, backup and restore § NFS and HostPath for Docker Volumes § Use Image Signing and Scanning § Calico for Docker networking (low-overhead, supports Kubernetes Network Policy) § Use Kubernetes Security Policies § Use Ingress for exposing Services § Use Kubernetes Authentication and RBAC Authorization § Use Kubernetes namespaces for efficient cluster resource management
On Prem Container Cloud - Lessons Learned

Recommandé

KUBERNETES AS A FRAMEWORK FOR WRITING DEVOPS & MICROSERVICES TOOLING
KUBERNETES AS A FRAMEWORK FOR WRITING DEVOPS & MICROSERVICES TOOLINGKUBERNETES AS A FRAMEWORK FOR WRITING DEVOPS & MICROSERVICES TOOLING
KUBERNETES AS A FRAMEWORK FOR WRITING DEVOPS & MICROSERVICES TOOLING
CodeOps Technologies LLP
 
Containers & Cloud Native Ops Cloud Foundry Approach
Containers & Cloud Native Ops Cloud Foundry ApproachContainers & Cloud Native Ops Cloud Foundry Approach
Containers & Cloud Native Ops Cloud Foundry Approach
CodeOps Technologies LLP
 
How to contribute to cloud native computing foundation (CNCF)
How to contribute to cloud native computing foundation (CNCF)How to contribute to cloud native computing foundation (CNCF)
How to contribute to cloud native computing foundation (CNCF)
Krishna-Kumar
 
Why kubernetes matters
Why kubernetes mattersWhy kubernetes matters
Why kubernetes matters
Platform9
 
Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
Kubernetes for Serverless - Serverless Summit 2017 - Krishna KumarKubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
CodeOps Technologies LLP
 
Automating CICD Pipeline with GitLab and Docker Containers for Java Applications
Automating CICD Pipeline with GitLab and Docker Containers for Java ApplicationsAutomating CICD Pipeline with GitLab and Docker Containers for Java Applications
Automating CICD Pipeline with GitLab and Docker Containers for Java Applications
Jelastic Multi-Cloud PaaS
 
DCEU 18: App-in-a-Box with Docker Application Packages
DCEU 18: App-in-a-Box with Docker Application PackagesDCEU 18: App-in-a-Box with Docker Application Packages
DCEU 18: App-in-a-Box with Docker Application Packages
Docker, Inc.
 
Building Cloud-Native Applications with Kubernetes, Helm and Kubeless
Building Cloud-Native Applications with Kubernetes, Helm and KubelessBuilding Cloud-Native Applications with Kubernetes, Helm and Kubeless
Building Cloud-Native Applications with Kubernetes, Helm and Kubeless
Bitnami
 

Recommandé

KUBERNETES AS A FRAMEWORK FOR WRITING DEVOPS & MICROSERVICES TOOLING
KUBERNETES AS A FRAMEWORK FOR WRITING DEVOPS & MICROSERVICES TOOLINGKUBERNETES AS A FRAMEWORK FOR WRITING DEVOPS & MICROSERVICES TOOLING
KUBERNETES AS A FRAMEWORK FOR WRITING DEVOPS & MICROSERVICES TOOLING
CodeOps Technologies LLP
 
Containers & Cloud Native Ops Cloud Foundry Approach
Containers & Cloud Native Ops Cloud Foundry ApproachContainers & Cloud Native Ops Cloud Foundry Approach
Containers & Cloud Native Ops Cloud Foundry Approach
CodeOps Technologies LLP
 
How to contribute to cloud native computing foundation (CNCF)
How to contribute to cloud native computing foundation (CNCF)How to contribute to cloud native computing foundation (CNCF)
How to contribute to cloud native computing foundation (CNCF)
Krishna-Kumar
 
Why kubernetes matters
Why kubernetes mattersWhy kubernetes matters
Why kubernetes matters
Platform9
 
Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
Kubernetes for Serverless - Serverless Summit 2017 - Krishna KumarKubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
Kubernetes for Serverless - Serverless Summit 2017 - Krishna Kumar
CodeOps Technologies LLP
 
Automating CICD Pipeline with GitLab and Docker Containers for Java Applications
Automating CICD Pipeline with GitLab and Docker Containers for Java ApplicationsAutomating CICD Pipeline with GitLab and Docker Containers for Java Applications
Automating CICD Pipeline with GitLab and Docker Containers for Java Applications
Jelastic Multi-Cloud PaaS
 
DCEU 18: App-in-a-Box with Docker Application Packages
DCEU 18: App-in-a-Box with Docker Application PackagesDCEU 18: App-in-a-Box with Docker Application Packages
DCEU 18: App-in-a-Box with Docker Application Packages
Docker, Inc.
 
Building Cloud-Native Applications with Kubernetes, Helm and Kubeless
Building Cloud-Native Applications with Kubernetes, Helm and KubelessBuilding Cloud-Native Applications with Kubernetes, Helm and Kubeless
Building Cloud-Native Applications with Kubernetes, Helm and Kubeless
Bitnami
 
Setup Hybrid Clusters Using Kubernetes Federation
Setup Hybrid Clusters Using Kubernetes FederationSetup Hybrid Clusters Using Kubernetes Federation
Setup Hybrid Clusters Using Kubernetes Federation
inwin stack
 
NetflixOSS for Triangle Devops Oct 2013
NetflixOSS for Triangle Devops Oct 2013NetflixOSS for Triangle Devops Oct 2013
NetflixOSS for Triangle Devops Oct 2013
aspyker
 
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
Docker, Inc.
 
DCEU 18: 5 Patterns for Success in Application Transformation
DCEU 18: 5 Patterns for Success in Application TransformationDCEU 18: 5 Patterns for Success in Application Transformation
DCEU 18: 5 Patterns for Success in Application Transformation
Docker, Inc.
 
Introduction to helm
Introduction to helmIntroduction to helm
Introduction to helm
Jeeva Chelladhurai
 
Dell Trials and Triumphs using Docker on Client Systems by Sean McGinnis and ...
Dell Trials and Triumphs using Docker on Client Systems by Sean McGinnis and ...Dell Trials and Triumphs using Docker on Client Systems by Sean McGinnis and ...
Dell Trials and Triumphs using Docker on Client Systems by Sean McGinnis and ...
Docker, Inc.
 
DCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any InfrastructureDCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any Infrastructure
Docker, Inc.
 
A curtain-raiser to the container world Docker & Kubernetes
A curtain-raiser to the container world Docker & KubernetesA curtain-raiser to the container world Docker & Kubernetes
A curtain-raiser to the container world Docker & Kubernetes
zekeLabs Technologies
 
Continuous Delivery to Kubernetes Using Helm
Continuous Delivery to Kubernetes Using HelmContinuous Delivery to Kubernetes Using Helm
Continuous Delivery to Kubernetes Using Helm
Adnan Abdulhussein
 
Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ
Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ
Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ
Docker, Inc.
 
How (and why) to roll your own Docker SaaS
How (and why) to roll your own Docker SaaSHow (and why) to roll your own Docker SaaS
How (and why) to roll your own Docker SaaS
Ryan Crawford
 
Structured Container Delivery by Oscar Renalias, Accenture
Structured Container Delivery by Oscar Renalias, AccentureStructured Container Delivery by Oscar Renalias, Accenture
Structured Container Delivery by Oscar Renalias, Accenture
Docker, Inc.
 
Creating a Kubernetes Operator in Java
Creating a Kubernetes Operator in JavaCreating a Kubernetes Operator in Java
Creating a Kubernetes Operator in Java
Rudy De Busscher
 
Multi-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with VeleroMulti-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with Velero
Kublr
 
Sebastien goasguen cloud stack the next year
Sebastien goasguen cloud stack the next yearSebastien goasguen cloud stack the next year
Sebastien goasguen cloud stack the next year
ShapeBlue
 
Kubernetes Architecture - beyond a black box - Part 1
Kubernetes Architecture - beyond a black box - Part 1Kubernetes Architecture - beyond a black box - Part 1
Kubernetes Architecture - beyond a black box - Part 1
Hao H. Zhang
 
Docker - A curtain raiser to the Container world
Docker - A curtain raiser to the Container worldDocker - A curtain raiser to the Container world
Docker - A curtain raiser to the Container world
zekeLabs Technologies
 
Sebastien goasguen cloud stack and docker
Sebastien goasguen cloud stack and dockerSebastien goasguen cloud stack and docker
Sebastien goasguen cloud stack and docker
ShapeBlue
 
Kubernetes 1.16 and rancher 2.3 enhancements
Kubernetes 1.16 and rancher 2.3 enhancementsKubernetes 1.16 and rancher 2.3 enhancements
Kubernetes 1.16 and rancher 2.3 enhancements
Saiyam Pathak
 
DevOps: Kubernetes + Helm with Azure
DevOps: Kubernetes + Helm with AzureDevOps: Kubernetes + Helm with Azure
DevOps: Kubernetes + Helm with Azure
Jessica Deen
 
Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...
Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...
Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...
CodeOps Technologies LLP
 
How to Contribute to Cloud Native Computing Foundation
How to Contribute to Cloud Native Computing FoundationHow to Contribute to Cloud Native Computing Foundation
How to Contribute to Cloud Native Computing Foundation
CodeOps Technologies LLP
 

Contenu connexe

Tendances

DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
Docker, Inc.
 
DCEU 18: 5 Patterns for Success in Application Transformation
DCEU 18: 5 Patterns for Success in Application TransformationDCEU 18: 5 Patterns for Success in Application Transformation
DCEU 18: 5 Patterns for Success in Application Transformation
Docker, Inc.
 
DCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any InfrastructureDCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any Infrastructure
Docker, Inc.
 
A curtain-raiser to the container world Docker & Kubernetes
A curtain-raiser to the container world Docker & KubernetesA curtain-raiser to the container world Docker & Kubernetes
A curtain-raiser to the container world Docker & Kubernetes
zekeLabs Technologies
 
Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ
Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ
Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ
Docker, Inc.
 
Structured Container Delivery by Oscar Renalias, Accenture
Structured Container Delivery by Oscar Renalias, AccentureStructured Container Delivery by Oscar Renalias, Accenture
Structured Container Delivery by Oscar Renalias, Accenture
Docker, Inc.
 
Multi-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with VeleroMulti-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with Velero
Kublr
 
Kubernetes Architecture - beyond a black box - Part 1
Kubernetes Architecture - beyond a black box - Part 1Kubernetes Architecture - beyond a black box - Part 1
Kubernetes Architecture - beyond a black box - Part 1
Hao H. Zhang
 

Tendances (20)

Setup Hybrid Clusters Using Kubernetes Federation
Setup Hybrid Clusters Using Kubernetes FederationSetup Hybrid Clusters Using Kubernetes Federation
Setup Hybrid Clusters Using Kubernetes Federation
 
NetflixOSS for Triangle Devops Oct 2013
NetflixOSS for Triangle Devops Oct 2013NetflixOSS for Triangle Devops Oct 2013
NetflixOSS for Triangle Devops Oct 2013
 
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
 
DCEU 18: 5 Patterns for Success in Application Transformation
DCEU 18: 5 Patterns for Success in Application TransformationDCEU 18: 5 Patterns for Success in Application Transformation
DCEU 18: 5 Patterns for Success in Application Transformation
 
Introduction to helm
Introduction to helmIntroduction to helm
Introduction to helm
 
Dell Trials and Triumphs using Docker on Client Systems by Sean McGinnis and ...
Dell Trials and Triumphs using Docker on Client Systems by Sean McGinnis and ...Dell Trials and Triumphs using Docker on Client Systems by Sean McGinnis and ...
Dell Trials and Triumphs using Docker on Client Systems by Sean McGinnis and ...
 
DCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any InfrastructureDCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any Infrastructure
 
A curtain-raiser to the container world Docker & Kubernetes
A curtain-raiser to the container world Docker & KubernetesA curtain-raiser to the container world Docker & Kubernetes
A curtain-raiser to the container world Docker & Kubernetes
 
Continuous Delivery to Kubernetes Using Helm
Continuous Delivery to Kubernetes Using HelmContinuous Delivery to Kubernetes Using Helm
Continuous Delivery to Kubernetes Using Helm
 
Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ
Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ
Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ
 
How (and why) to roll your own Docker SaaS
How (and why) to roll your own Docker SaaSHow (and why) to roll your own Docker SaaS
How (and why) to roll your own Docker SaaS
 
Structured Container Delivery by Oscar Renalias, Accenture
Structured Container Delivery by Oscar Renalias, AccentureStructured Container Delivery by Oscar Renalias, Accenture
Structured Container Delivery by Oscar Renalias, Accenture
 
Creating a Kubernetes Operator in Java
Creating a Kubernetes Operator in JavaCreating a Kubernetes Operator in Java
Creating a Kubernetes Operator in Java
 
Multi-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with VeleroMulti-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with Velero
 
Sebastien goasguen cloud stack the next year
Sebastien goasguen cloud stack the next yearSebastien goasguen cloud stack the next year
Sebastien goasguen cloud stack the next year
 
Kubernetes Architecture - beyond a black box - Part 1
Kubernetes Architecture - beyond a black box - Part 1Kubernetes Architecture - beyond a black box - Part 1
Kubernetes Architecture - beyond a black box - Part 1
 
Docker - A curtain raiser to the Container world
Docker - A curtain raiser to the Container worldDocker - A curtain raiser to the Container world
Docker - A curtain raiser to the Container world
 
Sebastien goasguen cloud stack and docker
Sebastien goasguen cloud stack and dockerSebastien goasguen cloud stack and docker
Sebastien goasguen cloud stack and docker
 
Kubernetes 1.16 and rancher 2.3 enhancements
Kubernetes 1.16 and rancher 2.3 enhancementsKubernetes 1.16 and rancher 2.3 enhancements
Kubernetes 1.16 and rancher 2.3 enhancements
 
DevOps: Kubernetes + Helm with Azure
DevOps: Kubernetes + Helm with AzureDevOps: Kubernetes + Helm with Azure
DevOps: Kubernetes + Helm with Azure
 

En vedette

Democratizing Serverless—The Open Source Fn Project - Serverless Summit
Democratizing Serverless—The Open Source Fn Project - Serverless SummitDemocratizing Serverless—The Open Source Fn Project - Serverless Summit
Democratizing Serverless—The Open Source Fn Project - Serverless Summit
CodeOps Technologies LLP
 

En vedette (13)

Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...
Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...
Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...
 
How to Contribute to Cloud Native Computing Foundation
How to Contribute to Cloud Native Computing FoundationHow to Contribute to Cloud Native Computing Foundation
How to Contribute to Cloud Native Computing Foundation
 
Application Security in a Container World - Akash Mahajan - BCC 2017
Application Security in a Container World - Akash Mahajan - BCC 2017Application Security in a Container World - Akash Mahajan - BCC 2017
Application Security in a Container World - Akash Mahajan - BCC 2017
 
Serverless: Why is it hot and What is it not?
Serverless: Why is it hot and What is it not?Serverless: Why is it hot and What is it not?
Serverless: Why is it hot and What is it not?
 
Creating Event Driven Serverless Applications - Sandeep - Adobe - Serverless ...
Creating Event Driven Serverless Applications - Sandeep - Adobe - Serverless ...Creating Event Driven Serverless Applications - Sandeep - Adobe - Serverless ...
Creating Event Driven Serverless Applications - Sandeep - Adobe - Serverless ...
 
Serverless Summit - Quiz
Serverless Summit - QuizServerless Summit - Quiz
Serverless Summit - Quiz
 
Serverless in azure
Serverless in azureServerless in azure
Serverless in azure
 
Serverless Architecture Patterns - Manoj Ganapathi - Serverless Summit
Serverless Architecture Patterns - Manoj Ganapathi - Serverless SummitServerless Architecture Patterns - Manoj Ganapathi - Serverless Summit
Serverless Architecture Patterns - Manoj Ganapathi - Serverless Summit
 
Serverless Summit India 2017: Fission
Serverless Summit India 2017: FissionServerless Summit India 2017: Fission
Serverless Summit India 2017: Fission
 
Blockchain - Apt Store for Serverless Apps - Nasir - Serverless Summit
Blockchain - Apt Store for Serverless Apps - Nasir - Serverless SummitBlockchain - Apt Store for Serverless Apps - Nasir - Serverless Summit
Blockchain - Apt Store for Serverless Apps - Nasir - Serverless Summit
 
IoT and Serverless - AWS - Serverless Summit - Madhusudan Shekar
IoT and Serverless - AWS - Serverless Summit - Madhusudan ShekarIoT and Serverless - AWS - Serverless Summit - Madhusudan Shekar
IoT and Serverless - AWS - Serverless Summit - Madhusudan Shekar
 
Democratizing Serverless—The Open Source Fn Project - Serverless Summit
Democratizing Serverless—The Open Source Fn Project - Serverless SummitDemocratizing Serverless—The Open Source Fn Project - Serverless Summit
Democratizing Serverless—The Open Source Fn Project - Serverless Summit
 
Build a Chatbot in Ten Minutes - Dave Kerr - Serverless Summit
Build a Chatbot in Ten Minutes - Dave Kerr - Serverless SummitBuild a Chatbot in Ten Minutes - Dave Kerr - Serverless Summit
Build a Chatbot in Ten Minutes - Dave Kerr - Serverless Summit
 

Similaire à On Prem Container Cloud - Lessons Learned

AWS re:Invent 2016: Service Integration Delivery and Automation Using Amazon ...
AWS re:Invent 2016: Service Integration Delivery and Automation Using Amazon ...AWS re:Invent 2016: Service Integration Delivery and Automation Using Amazon ...
AWS re:Invent 2016: Service Integration Delivery and Automation Using Amazon ...
Amazon Web Services
 
[WSO2Con EU 2018] Deploying Applications in K8S and Docker
[WSO2Con EU 2018] Deploying Applications in K8S and Docker[WSO2Con EU 2018] Deploying Applications in K8S and Docker
[WSO2Con EU 2018] Deploying Applications in K8S and Docker
WSO2
 
DOD 2016 - Stefan Thies - Monitoring and Log Management for Docker Swarm and...
DOD 2016 - Stefan Thies - Monitoring and Log Management for Docker Swarm and... DOD 2016 - Stefan Thies - Monitoring and Log Management for Docker Swarm and...
DOD 2016 - Stefan Thies - Monitoring and Log Management for Docker Swarm and...
PROIDEA
 
Containers in depth – Understanding how containers work to better work with c...
Containers in depth – Understanding how containers work to better work with c...Containers in depth – Understanding how containers work to better work with c...
Containers in depth – Understanding how containers work to better work with c...
All Things Open
 
Kubernetes Multitenancy Karl Isenberg - KubeCon NA 2019
Kubernetes Multitenancy Karl Isenberg - KubeCon NA 2019Kubernetes Multitenancy Karl Isenberg - KubeCon NA 2019
Kubernetes Multitenancy Karl Isenberg - KubeCon NA 2019
Karl Isenberg
 

Similaire à On Prem Container Cloud - Lessons Learned (20)

Best Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker ContainersBest Practices for Running Kafka on Docker Containers
Best Practices for Running Kafka on Docker Containers
 
Containers and Nutanix - Acropolis Container Services
Containers and Nutanix - Acropolis Container ServicesContainers and Nutanix - Acropolis Container Services
Containers and Nutanix - Acropolis Container Services
 
Docker and kubernetes_introduction
Docker and kubernetes_introductionDocker and kubernetes_introduction
Docker and kubernetes_introduction
 
CoreOS @Codetalks Hamburg
CoreOS @Codetalks HamburgCoreOS @Codetalks Hamburg
CoreOS @Codetalks Hamburg
 
AWS re:Invent 2016: Service Integration Delivery and Automation Using Amazon ...
AWS re:Invent 2016: Service Integration Delivery and Automation Using Amazon ...AWS re:Invent 2016: Service Integration Delivery and Automation Using Amazon ...
AWS re:Invent 2016: Service Integration Delivery and Automation Using Amazon ...
 
Container orchestration
Container orchestrationContainer orchestration
Container orchestration
 
Docker San Francisco Meetup April 2015 - The Docker Orchestration Ecosystem o...
Docker San Francisco Meetup April 2015 - The Docker Orchestration Ecosystem o...Docker San Francisco Meetup April 2015 - The Docker Orchestration Ecosystem o...
Docker San Francisco Meetup April 2015 - The Docker Orchestration Ecosystem o...
 
[WSO2Con EU 2018] Deploying Applications in K8S and Docker
[WSO2Con EU 2018] Deploying Applications in K8S and Docker[WSO2Con EU 2018] Deploying Applications in K8S and Docker
[WSO2Con EU 2018] Deploying Applications in K8S and Docker
 
DOD 2016 - Stefan Thies - Monitoring and Log Management for Docker Swarm and...
DOD 2016 - Stefan Thies - Monitoring and Log Management for Docker Swarm and... DOD 2016 - Stefan Thies - Monitoring and Log Management for Docker Swarm and...
DOD 2016 - Stefan Thies - Monitoring and Log Management for Docker Swarm and...
 
Devoxx France 2015 - The Docker Orchestration Ecosystem on Azure
Devoxx France 2015 - The Docker Orchestration Ecosystem on AzureDevoxx France 2015 - The Docker Orchestration Ecosystem on Azure
Devoxx France 2015 - The Docker Orchestration Ecosystem on Azure
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetes
 
PostgreSQL High Availability in a Containerized World
PostgreSQL High Availability in a Containerized WorldPostgreSQL High Availability in a Containerized World
PostgreSQL High Availability in a Containerized World
 
OpenStack Cinder, Implementation Today and New Trends for Tomorrow
OpenStack Cinder, Implementation Today and New Trends for TomorrowOpenStack Cinder, Implementation Today and New Trends for Tomorrow
OpenStack Cinder, Implementation Today and New Trends for Tomorrow
 
Metal-k8s presentation by Julien Girardin @ Paris Kubernetes Meetup
Metal-k8s presentation by Julien Girardin @ Paris Kubernetes MeetupMetal-k8s presentation by Julien Girardin @ Paris Kubernetes Meetup
Metal-k8s presentation by Julien Girardin @ Paris Kubernetes Meetup
 
Docker Enterprise Workshop - Technical
Docker Enterprise Workshop - TechnicalDocker Enterprise Workshop - Technical
Docker Enterprise Workshop - Technical
 
Introduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group CologneIntroduction to Docker & CoreOS - Symfony User Group Cologne
Introduction to Docker & CoreOS - Symfony User Group Cologne
 
Containers in depth – Understanding how containers work to better work with c...
Containers in depth – Understanding how containers work to better work with c...Containers in depth – Understanding how containers work to better work with c...
Containers in depth – Understanding how containers work to better work with c...
 
DevEx | there’s no place like k3s
DevEx | there’s no place like k3sDevEx | there’s no place like k3s
DevEx | there’s no place like k3s
 
Introduction to Containers: From Docker to Kubernetes and everything in-between
Introduction to Containers: From Docker to Kubernetes and everything in-betweenIntroduction to Containers: From Docker to Kubernetes and everything in-between
Introduction to Containers: From Docker to Kubernetes and everything in-between
 
Kubernetes Multitenancy Karl Isenberg - KubeCon NA 2019
Kubernetes Multitenancy Karl Isenberg - KubeCon NA 2019Kubernetes Multitenancy Karl Isenberg - KubeCon NA 2019
Kubernetes Multitenancy Karl Isenberg - KubeCon NA 2019
 

Plus de CodeOps Technologies LLP

Plus de CodeOps Technologies LLP (20)

AWS Serverless Event-driven Architecture - in lastminute.com meetup
AWS Serverless Event-driven Architecture - in lastminute.com meetupAWS Serverless Event-driven Architecture - in lastminute.com meetup
AWS Serverless Event-driven Architecture - in lastminute.com meetup
 
Understanding azure batch service
Understanding azure batch serviceUnderstanding azure batch service
Understanding azure batch service
 
DEVOPS AND MACHINE LEARNING
DEVOPS AND MACHINE LEARNINGDEVOPS AND MACHINE LEARNING
DEVOPS AND MACHINE LEARNING
 
SERVERLESS MIDDLEWARE IN AZURE FUNCTIONS
SERVERLESS MIDDLEWARE IN AZURE FUNCTIONSSERVERLESS MIDDLEWARE IN AZURE FUNCTIONS
SERVERLESS MIDDLEWARE IN AZURE FUNCTIONS
 
BUILDING SERVERLESS SOLUTIONS WITH AZURE FUNCTIONS
BUILDING SERVERLESS SOLUTIONS WITH AZURE FUNCTIONSBUILDING SERVERLESS SOLUTIONS WITH AZURE FUNCTIONS
BUILDING SERVERLESS SOLUTIONS WITH AZURE FUNCTIONS
 
APPLYING DEVOPS STRATEGIES ON SCALE USING AZURE DEVOPS SERVICES
APPLYING DEVOPS STRATEGIES ON SCALE USING AZURE DEVOPS SERVICESAPPLYING DEVOPS STRATEGIES ON SCALE USING AZURE DEVOPS SERVICES
APPLYING DEVOPS STRATEGIES ON SCALE USING AZURE DEVOPS SERVICES
 
BUILD, TEST & DEPLOY .NET CORE APPS IN AZURE DEVOPS
BUILD, TEST & DEPLOY .NET CORE APPS IN AZURE DEVOPSBUILD, TEST & DEPLOY .NET CORE APPS IN AZURE DEVOPS
BUILD, TEST & DEPLOY .NET CORE APPS IN AZURE DEVOPS
 
CREATE RELIABLE AND LOW-CODE APPLICATION IN SERVERLESS MANNER
CREATE RELIABLE AND LOW-CODE APPLICATION IN SERVERLESS MANNERCREATE RELIABLE AND LOW-CODE APPLICATION IN SERVERLESS MANNER
CREATE RELIABLE AND LOW-CODE APPLICATION IN SERVERLESS MANNER
 
CREATING REAL TIME DASHBOARD WITH BLAZOR, AZURE FUNCTION COSMOS DB AN AZURE S...
CREATING REAL TIME DASHBOARD WITH BLAZOR, AZURE FUNCTION COSMOS DB AN AZURE S...CREATING REAL TIME DASHBOARD WITH BLAZOR, AZURE FUNCTION COSMOS DB AN AZURE S...
CREATING REAL TIME DASHBOARD WITH BLAZOR, AZURE FUNCTION COSMOS DB AN AZURE S...
 
WRITE SCALABLE COMMUNICATION APPLICATION WITH POWER OF SERVERLESS
WRITE SCALABLE COMMUNICATION APPLICATION WITH POWER OF SERVERLESSWRITE SCALABLE COMMUNICATION APPLICATION WITH POWER OF SERVERLESS
WRITE SCALABLE COMMUNICATION APPLICATION WITH POWER OF SERVERLESS
 
Training And Serving ML Model Using Kubeflow by Jayesh Sharma
Training And Serving ML Model Using Kubeflow by Jayesh SharmaTraining And Serving ML Model Using Kubeflow by Jayesh Sharma
Training And Serving ML Model Using Kubeflow by Jayesh Sharma
 
Deploy Microservices To Kubernetes Without Secrets by Reenu Saluja
Deploy Microservices To Kubernetes Without Secrets by Reenu SalujaDeploy Microservices To Kubernetes Without Secrets by Reenu Saluja
Deploy Microservices To Kubernetes Without Secrets by Reenu Saluja
 
Leverage Azure Tech stack for any Kubernetes cluster via Azure Arc by Saiyam ...
Leverage Azure Tech stack for any Kubernetes cluster via Azure Arc by Saiyam ...Leverage Azure Tech stack for any Kubernetes cluster via Azure Arc by Saiyam ...
Leverage Azure Tech stack for any Kubernetes cluster via Azure Arc by Saiyam ...
 
YAML Tips For Kubernetes by Neependra Khare
YAML Tips For Kubernetes by Neependra KhareYAML Tips For Kubernetes by Neependra Khare
YAML Tips For Kubernetes by Neependra Khare
 
Must Know Azure Kubernetes Best Practices And Features For Better Resiliency ...
Must Know Azure Kubernetes Best Practices And Features For Better Resiliency ...Must Know Azure Kubernetes Best Practices And Features For Better Resiliency ...
Must Know Azure Kubernetes Best Practices And Features For Better Resiliency ...
 
Monitor Azure Kubernetes Cluster With Prometheus by Mamta Jha
Monitor Azure Kubernetes Cluster With Prometheus by Mamta JhaMonitor Azure Kubernetes Cluster With Prometheus by Mamta Jha
Monitor Azure Kubernetes Cluster With Prometheus by Mamta Jha
 
Jet brains space intro presentation
Jet brains space intro presentationJet brains space intro presentation
Jet brains space intro presentation
 
Functional Programming in Java 8 - Lambdas and Streams
Functional Programming in Java 8 - Lambdas and StreamsFunctional Programming in Java 8 - Lambdas and Streams
Functional Programming in Java 8 - Lambdas and Streams
 
Distributed Tracing: New DevOps Foundation
Distributed Tracing: New DevOps FoundationDistributed Tracing: New DevOps Foundation
Distributed Tracing: New DevOps Foundation
 
"Distributed Tracing: New DevOps Foundation" by Jayesh Ahire
"Distributed Tracing: New DevOps Foundation" by Jayesh Ahire "Distributed Tracing: New DevOps Foundation" by Jayesh Ahire
"Distributed Tracing: New DevOps Foundation" by Jayesh Ahire
 

Dernier

AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
masabamasaba
 

Dernier (20)

AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With SimplicityWSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 

On Prem Container Cloud - Lessons Learned

  • 2. § Cloud Native Stack § High Level requirements § Details
  • 3. § Whether to Dockerize ? § Which orchestration tool to use?
  • 4. Host (Bare-metal or Virtual Machine) Linux O/S Monitoring/Mgmt Agents Docker Engine Docker Orchestration DevOps: • CI/CD Pipeline Tooling • Build Service • Trusted & Secure Registry • Image Scanning & Integrity • App & Image Governance • PaaS Operations • LifeCycle Management of Host and Containers • Cluster Management • Network Management • Storage Management • Monitoring & Alerting • User Management • Logging • Security • HA • Backup and Disaster Recovery Misc • Firewall • Load Balancer • Service Discovery • DNS • Proxy • Ingress • … Storage Network Single System View
  • 5. § Docker Host § VM/baremetal § Lifecycle management of hosts ? § Docker Storage for Containers and Volumes? § Network for Host and Docker Containers? § Docker Orchestration § Handling user authentication & authorization § How to expose services ? § How to access legacy backends ? § How to handle resource management for different users and teams ? § Handling HA, backup & restore § Docker Image Build & Distribution § Where to get the base images ? § How to handle multi-arch builds ? § How to scan the images for any existing vulnerabilities ? § Should the images be stored on public registry or private registry ? § Configuration management § How to manage keys, secrets and runtime configuration of containers? § Logging § What logging mechanism to use for containers and host ? § Should we use same or different logging mechanism for containers and host ? § Monitoring § How to monitor host & containers ? § How to integrate into existing enterprise wide monitoring solution ?
  • 6.
  • 7. § Every orchestration s/w (Kubernetes, Docker swarm, Mesos- marathon) is opinionated when it comes to describing a containerized application (pattern) § Developers and Operators need to be in agreement. § This session is mostly focused on Kubernetes
  • 8.
  • 9. § Key Points to Remember § AUFS is not supported by any Linux Distribution § OverlayFS is a good choice – check support statement § Devicemapper with Direct-LVM is a decent (& supported) option § https://docs.docker.com/engine/userguide/storagedriver/device- mapper-driver/ § Storage sizing depends on the role of the host § Building Docker images requires significantly more storage
  • 10. § NFS § HostPath § Use a specific directory or file on the host § The directory can be from local storage or external storage (eg. SAN) § Many more options in Kubernetes - Gluster, Ceph, etc. § NFS and HostPath are good options for on-prem Kubernetes deployments
  • 11. § Overlay (eg. Flannel) § Easier maintenance § Has performance overheads § Flat § Maintenance overheads (manual partitioning and management of IP address space) § Better performance § Layer-3 (eg. Calico) § Easier maintenance § Better performance § Provides network policy config § Calico is a good choice for Docker Networking with Kubernetes § Calico/Flannel comparison Ref: http://chunqi.li/2015/11/15/Battlefield-Calico- Flannel-Weave-and-Docker-Overlay-Network/
  • 12. § Base Image § From Public Registries like DockerHub § Create your own § Generic Best Practice § Use layering § One layer for base, one for user configuration and one for application § Leverage ‘USER’ directive to run programs inside container as non-root. § Use environment variables for runtime configuration § Use volumes for storing application data § Ensure regular scanning of images § Multi-architecture Builds § Use architecture emulators or native multi-arch build farms § Use fat (V2) image manifest or labels in the image name (ppc64le/mysql, mysql-ppc64le) § Example using arch emulator for multi-arch build - https://goo.gl/eU0Qbj
  • 13. § Run your own private registry leveraging opensource docker distribution code (available with all Linux distributions) § Commercial Docker orchestration tools ships with private registry (IBM Spectrum Conductor for Containers, RedHat OpenShift, Docker DataCenter etc) § Standalone 3rd party solutions available as well § Docker Trusted Registry (DTR) § Artifactory § Vulnerability Scanning of Docker Images § Integrated with 3rd party solutions § Setup your own (Clair, atomic-scan) § Example using Clair - https://goo.gl/Ff3ACw
  • 14. § Authentication § Static Password File § Certificate Based § Token Based § OpenID § KeyStone (required for LDAP/AD authentication) § Authorization § Role Based § Attribute Based § Example LDAP/AD authentication setup with Kubernetes - https://goo.gl/5qfy80
  • 15. § Use Kubernetes Namespaces § One namespace per user or group § Separate namespaces for Dev/Test/Staging/Build § Specify Resource Quota (cpu, mem, #pods, #services, #RCs, #PersistentVolumeClaims) for each namespace § Use the same Kubernetes cluster for dynamic builds § Example Jenkins Build Pipeline Setup: https://goo.gl/OvHKm1
  • 16. § Security Constraints § Allowed/Disallowed container operations § Explicitly add/remove Linux capabilities from containers § Disable Linux system calls § Allow/Disallow container to run as root § Pod Security Policy § Governs what actions a pod can perform § Selinux/AppArmor rules § Network Policies § Governs how Pods communicates with each other § Always set Kubernetes cluster wide security policies for production deployments § Example Cluster-wide Security Policy Setup - https://goo.gl/oBKm2S
  • 17. § Internal (service not accessible outside of Kubernetes cluster) § ClusterIP (kube-proxy) § External § External IPs § NodePort § Cloud Loadbalancer (for off-prem) § Ingress § Requires supported Ingress controllers eg. nginx, ha-proxy § 3rd party controllers (check with vendors) – F5, NetScaler etc. § Use Ingress for exposing services in Kubernetes
  • 18. § Kubernetes state is maintained in ETCD which is a distributed key-value store § Deployment considerations for ETCD § Fault-tolerant cluster § Storage for ETCD (Network and IO latency directly affects ETCD) § ETCD data backup and restore § Enable TLS § Deployment considerations for ETCD - https://goo.gl/n5VX1f
  • 19. § Explicitly create a Kubernetes Endpoint and a Service § Create a Kubernetes Endpoint with IP and Port details of the Legacy Backend § Create a Kubernetes Service to expose the Endpoint § Complete Example - https://goo.gl/V8TKnK
  • 20. § Docker Logging § Which docker logging driver to use – json, syslog, journald etc. § Kubernetes metadata is available as part of docker labels § Kubernetes Logging § If using systemd based Linux distro, then by default all logging is to journald § If ForwardToSyslog (/etc/systemd/journald.conf) is set to Yes, then logs will be available in syslog (rsyslog) as well § All kubernetes logs are in journald or /var/log/messages (if ForwardToSyslog is set to Yes). § Centralized logging § Docker/Kubernetes -> Rsyslog -> ELK § Docker/Kubernetes -> Rsyslog -> Splunk § Log rotation for Docker and Kubernetes is external and needs to be handled accordingly
  • 21. Kubernetes Cluster Heapster (Aggregator) InfluxDB SinkSource Grafana • What if you want to integrate Kubernetes monitoring with your existing enterprise monitoring solution ? • Write your own sink ? • Use a different monitoring solution than Heapster • Note: Horizontal POD Autoscaling based on CPU utilization leverages Heapster ELK …
  • 22. § Docker Orchestration options are opinionated § OverlayFS or Devicemapper with Direct-LVM for Docker Storage § Plan for ETCD fault-tolerance, backup and restore § NFS and HostPath for Docker Volumes § Use Image Signing and Scanning § Calico for Docker networking (low-overhead, supports Kubernetes Network Policy) § Use Kubernetes Security Policies § Use Ingress for exposing Services § Use Kubernetes Authentication and RBAC Authorization § Use Kubernetes namespaces for efficient cluster resource management