2. 22
High-performing IT organizations
deploy 46x more frequently with 440x
shorter lead times; their failure rate is
5x lower and they recover 96x faster.
2017 State of DevOps Report by Puppet Labs
4. 4
•Founder and CEO, Nirmata
•Developing large-scale distributed
systems since the early 90’s
(Go, Java, JS, C++)
•Expertise in centralized
management for complex
distributed systems.
Jim Bugwadia
6. 6
Businesses that deliver faster, win!
Dev -> QA -> Ops
Infrastructure as Pets
Configuration
Management
Monoliths in VMs
DevOps
Infrastructure as Cattle
Immutable
images
Microservices in Containers
7. 7
•Kubernetes is an open source
container orchestration solution
originally developed by Google
now part of CNCF
•Kubernetes is designed for
microservices but can support
stateful applications
Kubernetes
(Greek for “helmsman" or "pilot")
9. 9
• Builds on Google’s 10+ years of
experience with containers
• Robust, scalable, and extensible
• Governed by the Cloud-Native
Compute Foundation (CNCF)
Why Kubernetes
13. 13
• kube-apiserver: front-end for the Kubernetes control-
plane
• etcd: datastore for the cluster
• kube-controller-manager: controllers for routine
cluster tasks
• cloud-controller-manager: controllers specific to cloud
providers
• kube-scheduler: assigns Pods to nodes
Master nodes run Kubernetes
components
15. 15
•DNS: serves DNS for Kubernetes components and
containers. Consider as required.
•Heapster: provides container resource monitoring. Is
used for Horizontal Pod Autoscaling.
•Web UI: dashboard to monitor and manage the cluster.
Common Add-ons
16. 16
• K8s networking follows these principles:
1. All containers can communicate with all other containers
without NAT
2. All nodes can communicate with all containers (and vice-
versa) without NAT
3. The IP that a container sees itself as is the same IP that others
see it as
• Each pod gets its own IP address
• CNI is the plugin model used by the Kubelet to
invoke the networking implementation
• CNI plugins: Calico, Contiv, Flannel , GCE, …
Networking
17. 17
•Pods can contain one or more Volumes
• Volume types: emptyDir, hostPath,
persistentVolumeClaim, secret, awsElasticBlockStore,
AzureDiskVolume, …
•A PersistentVolumeClaim requests a
PersistentVolume that may be dynamically
provisioned.
• Admins can configure StorageClasses for persistent
volume claims like “bronze”, “silver”, or “gold”. A
storage class has a Provisioner, like AzureDisk.
Storage
22. 22
•Basic unit of application deployment
•Contains
• One or more Containers
• One or more PVCs
•Other constructs
• nodeSelector
• affinity
• serviceAccountName
• secrets
• initContainers
Pods
Pod
Container
Secrets
Persistent
Volume Claim
23. 23
•Pods can be managed individually, but
don’t do this!
•Pods lifecycles are best managed using
one of:
• Deployments
• StatefulSets
• DaemonSets
•Less often used:
• ReplicaSets (Deployments manage ReplicaSets)
• Jobs (short-lived run-to-completion tasks)
Managing Pods
24. 24
•Deployments automatically
create (and delete) ReplicaSets
•Rollout: a new ReplicaSet is created and scaled
up. The existing ReplicaSet is scaled down.
•Rollback: only impacts the Pod template. Can
rollback to a specific revision ID.
•Rolling upgrade strategy
tunables:
• maxUnavailable
• maxSurge
Deployment
Pod
Deployment
Replica Set
25. 25
•Pods with stable identities
• names, network, storage
•Ordered creation, updates, scaling, and
deletion
• Pods are created, and named, in order from {0…N-1}
•Use for clustered apps that use client-
side identities
• ZooKeeperAddresses: “zoo-1:2181, zoo-2:2181, zoo-3:2181”
StatefulSet
26. 26
•Ensures that all Nodes run an instance
of a Pod
•Useful for monitoring & security
agents, log daemons, etc.
•A node selector can be used to target a
subset of nodes
DaemonSet
27. 27
•Service
• provides load-balancing. Addressed via IP (cluster
IP) or a DNS name.
•Network Policy
• manages routing rules across pods (east-west
traffic.)
•Ingress
• manages external routes to services (north-south
traffic.) An Ingress Controller does the load-
balancing. Ingress Resources specify the rules.
Networking your app
29. 29
• Most apps will contain one or more
services / tiers
• And each service will have:
• Deployment ReplicaSet Pod Container(s)
• Service
• Ingress
• Network Policy
• Persistent Volume Claim(s)
Modeling a Kubernetes Application
External facing services only
33. 33
1. Microservices and containers enable
enterprise DevOps best practices
2. Kubernetes provides a powerful,
scalable, and extensible platform to
run containers
3. Every enterprise should consider
building a Kubernetes strategy
Summary
34. 34
• Single management plane
across multiple clusters
• Secure and scalable
multi-cloud management
• Seamless integrations for
continuous delivery
Nirmata simplifies Kubernetes
for enterprise DevOps teams