SlideShare une entreprise Scribd logo

Building a CI/CD driven infrastructure for managing kubernetes clusters on bare metal

TEC Campus
TEC Campus

This presentation was held at the 2018 ContainerDays in Hamburg, Germany on June 19, 2018

Présentations et discours publics
1  sur  22
Télécharger pour lire hors ligne
Stephan Fudeus, Expert Continuous Delivery
 Dr. Sascha Mühlbach, Expert Infrastructure Architect BUILDING A CI/CD DRIVEN INFRASTRUCTURE FOR MANAGING KUBERNETES CLUSTERS ON BARE METAL

1&1 Mail & Media Development & Technology GmbH United Internet / 1&1 Mail & Media 18.06.18!2 United Internet ▪ is a leading European internet specialist ▪ > 9000 employees ▪ 90k servers in 10 data centers ▪ Access • DSL and mobile ▪ Applications • Hosting • Consumer (WEB.DE etc.) 1&1 Mail & Media ▪ main brands GMX, WEB.DE and MAIL.COM ▪ various services around a free or paid mail account (calendar, news portal, cloud storage) ▪ 33 million active users / month
1&1 Mail & Media Development & Technology GmbH Speakers 18.06.18!3 ▪ Stephan Fudeus ▪ Joined 1&1 in 2005 ▪ Long-term experience in building highly scalable multi-tenant applications ▪ Product Owner and TechLead for our Kubernetes Clusters ▪ Twitter: @der_sfu ▪ Dr. Sascha Mühlbach ▪ Expert Infrastructure Architect ▪ 15 years professional experience ▪ Responsible for the global operations strategy of the applications and systems infrastructure
1&1 Mail & Media Development & Technology GmbH ■ Motivation / Environment ■ Cluster-Design ■ Network-Setup ■ Load Balancing and Cluster Ingress ■ Deployment ■ Git-driven cluster operations ■ Multi-Tenancy ■ Onboarding & Training !4 Agenda 18.06.18
1&1 Mail & Media Development & Technology GmbH Motivation 18.06.18!5 ▪ Why Container? ▪ Strong coupling between code and application runtime environment ▪ One build responsibility ▪ Hide core infrastructure from application ▪ Reproducibility in development ▪ Follow new standards in software development ▪ Requirements ▪ Reliable platform that provides the same level of availability that our existing environment is delivering ▪ Efficient deployment for geo-redundant services in multiple data centers ▪ Self-service for the development and application teams ▪ Multi-tenancy with strong separation for security reasons ▪ Must fit into the existing network environment ▪ Mostly automated operation of the base Kubernetes platform
1&1 Mail & Media Development & Technology GmbH Environment 6/18/18!6 ▪ Organizational Environment ▪ Approx. 25 Dev Teams with 10 Ops Teams ▪ Strong organizational separation between PM / Dev / Ops ▪ Ops Teams provide 24/7 and are responsible for operating the application and the operating system stack ▪ One dedicated Ops Team to build and run the Kubernetes platform ▪ Technical Environment ▪ Existing infrastructure of bare metal and virtual machines (KVM, ESX) ▪ All servers are Puppet managed • Our infrastructure has ~15.000 Puppet clients ▪ Majority of services are written in Java ▪ Ongoing transition to CD and microservices ▪ 3 datacenters (2 in DE, 1 in US) that are owned by us
1&1 Mail & Media Development & Technology GmbH Cluster Design 18.06.18!7
1&1 Mail & Media Development & Technology GmbH Network Setup for Frontend Zone !8 ▪ Integration of existing F5 BigIP load balancing platform with their features ▪ Service IPs are BGP-routed to Balancer and then forwarded with SNAT to NodePorts ▪ BGP enables global redundancy ▪ No public IPs inside Kubernetes cluster kube-proxy kube-proxy kube-proxy POD POD POD POD POD ServiceType: NodePort 10.8.0.1:30001 10.8.0.2:30001 10.8.0.3:30001 82.165.230.17:443 Pool Member 10.8.0.1:30001 10.8.0.2:30001 10.8.0.3:30001 F5 - K8S KubernetesAPI REST Calls Worker Node
1&1 Mail & Media Development & Technology GmbH Network configuration via ConfigMap for F5 18.06.18!9
1&1 Mail & Media Development & Technology GmbH ▪ In backend networks, we use MetalLB (no specific Layer 7 requirements) ▪ Service IPs are BGP-announced with ECMP distribution (easy scaling) ▪ LoadBalancing only with K8S base algorithms or ingress controller features Network Setup for Backend Zone 18.06.18!10 kube-proxy kube-proxy kube-proxy POD POD POD POD POD Worker Node MetalLB 10.176.0.6:80 MetalLB
1&1 Mail & Media Development & Technology GmbH Network configuration via Service for MetalLB 18.06.18!11
1&1 Mail & Media Development & Technology GmbH Load Balancing & Cluster Ingress 18.06.18!12 ▪ Additional L7 ingress support by using Traefik ▪ Easier maintenance via wildcard DNS and wildcard TLS cert ▪ Additional functionalities ▪ Load balancing (wrr, drr) ▪ Circuit breaking ▪ HTTP/HTTPS redirect ▪ Host-based / Path-based routing ▪ Health-Checks ▪ Session-Stickyness ▪ Multiple ingress domains ▪ Personal namespaces ▪ System services ▪ Applications
1&1 Mail & Media Development & Technology GmbH Lessons Learned Load Balancing 18.06.18!13 ▪ F5 with BIG-IP Controller for Kubernetes ▪ Solves the automation issue ▪ Provides all loadbalancing features of the existing platform ▪ Nodeport balancing mode has some caveats ▪ Extensive use of SNAT in our environment sometimes difficult to debug ▪ Not all features of the F5 configuration implemented yet ▪ MetalLB ▪ Works well with our BGP setup ▪ Has some limitations, e.g., balancing methods ▪ ECMP distribution may drop open connections on every topology change (e.g. during rolling upgrades) ▪ Traefik ▪ Needs to be combined with MetalLB for BGP functionality ▪ Separation of ingress domains with multiple controllers
1&1 Mail & Media Development & Technology GmbH Deployment 18.06.18!14 ▪ Container Linux ▪ No SSH by default – fully automated operations ▪ Only the essential base system, reduced attack surface ▪ etcd, apiserver, kubelet managed via systemd ▪ Automated processes based on changes in an etcd instances ▪ Matchbox / Terraform ▪ Creation of ignition files via terraform and confd based on data in dedicated etcd ▪ Updates triggered via GitLab-CI ▪ Additional manual Gitlab-CI jobs for deployment of addons, namespaces, … ▪ Own H/A Image Registry ▪ User management via OIDC by using Dex for LDAP integration ▪ Vault as Cluster-CA
1&1 Mail & Media Development & Technology GmbH Git-driven cluster operations 18.06.18!15 ▪ Maturity level via 3 branches (master, integration, production) ▪ All cluster operations are triggered based on Gitlab-CI pipelines ▪ automatically on git-pushes to relevant branch ▪ manually triggered jobs for cluster changes ▪ scheduled jobs for periodic changes (namespace updates / purges) ▪ The amount of clusters makes this a bit cumbersome
1&1 Mail & Media Development & Technology GmbH Git-driven operations use cases 18.06.18!16 ▪ Full redeployment of clusters ▪ Only if cluster is broken, will wipe everything ▪ Will redeploy all nodes in parallel ▪ Rolling upgrade of clusters ▪ Usually done on a weekly basis ▪ Will wipe and reset nodes one by one ▪ Namespaces update ▪ Nightly updates for production ▪ on-push for integration ▪ Addon update ▪ Addons as helm charts, rendered via helm template and injected via kubectl apply ▪ Done ad-hoc for addon changes without redeployment
1&1 Mail & Media Development & Technology GmbH18.06.18!17
1&1 Mail & Media Development & Technology GmbH Multi Tenancy 18.06.18!18 ▪ Common platform for several teams ▪ PodSecurityPolicies (no-root, no host-net, r/o layers) ▪ Dedicated resources for teams • Dedicated in-cluster prometheus for scraping • Configurable log-sink (Elasticsearch, Kafka) ▪ Authentication via OIDC <-> Dex <-> LDAP ▪ Maximum separation between teams targeted ▪ Namespaces are a „managed“ resource ▪ Resource constraints defined centrally per namespace ▪ Users are restricted to their namespaces via RBAC ▪ Network policies ▪ Team-centric „helper“ namespace • e.g. $team-helper • Used for managed resources, e.g. team-prometheus ▪ Individual namespaces per (group of) application and stage • $team-$app-live, $team-$app-prelive
1&1 Mail & Media Development & Technology GmbH Multi Tenancy 18.06.18!19 ▪ Dedicated namespaces for individuals ▪ Purpose: Training, PoC, Experiments ▪ Daily process to read users from LDAP and generate and flush namespaces ▪ Service exposure via central ingress controller (traefik)
1&1 Mail & Media Development & Technology GmbH Namespace-Config via yaml 18.06.18!20 Rendered via helm 36 resulting manifests: 1 kind: Deployment 1 kind: Ingress 1 kind: Service 2 kind: ConfigMap 2 kind: ServiceAccount 4 kind: LimitRange 4 kind: Namespace 4 kind: ResourceQuota 8 kind: NetworkPolicy 9 kind: RoleBinding
1&1 Mail & Media Development & Technology GmbH Onboarding & Training 18.06.18!21 ▪ 4 training blocks for system administrators (1-2 days each) ▪ Docker & Kubernetes ▪ GoCD & Helm • Pipeline Design • Helm Templating ▪ Development Techniques for Ops • Repositories and versioning • Secure Software Development Lifecycle ▪ Operating Container Applications • Monitoring, Logging and Failure Handling • Operations Lifecycle
1&1 Mail & Media Development & Technology GmbH Links 18.06.18!22 ▪ F5-Ctrl (https://github.com/F5Networks/k8s-bigip-ctlr) ▪ MetalLB (https://metallb.universe.tf/) ▪ Traefik (https://traefik.io/) ▪ Dex (https://github.com/coreos/dex) ▪ https://jobs.1und1.de/ ▪ https://web.de ▪ https://www.gmx.net ▪ https://www.mail.com ▪ https://www.united-internet.de/

Recommandé

Messaging For the Cloud and Microservices
Messaging For the Cloud and MicroservicesMessaging For the Cloud and Microservices
Messaging For the Cloud and MicroservicesRob Davies
 
McAfee Open Source Insight - Aharon Robbins - OpenStack Day Israel 2017
McAfee Open Source Insight - Aharon Robbins - OpenStack Day Israel 2017McAfee Open Source Insight - Aharon Robbins - OpenStack Day Israel 2017
McAfee Open Source Insight - Aharon Robbins - OpenStack Day Israel 2017Cloud Native Day Tel Aviv
 
Nagios Conference 2014 - Jeremy Rust - Avoiding Downtime Using Linux High Ava...
Nagios Conference 2014 - Jeremy Rust - Avoiding Downtime Using Linux High Ava...Nagios Conference 2014 - Jeremy Rust - Avoiding Downtime Using Linux High Ava...
Nagios Conference 2014 - Jeremy Rust - Avoiding Downtime Using Linux High Ava...Nagios
 
OpenStack Upgrade - It can be done! Koby Holzer, Liran Cohen - OpenStack Day ...
OpenStack Upgrade - It can be done! Koby Holzer, Liran Cohen - OpenStack Day ...OpenStack Upgrade - It can be done! Koby Holzer, Liran Cohen - OpenStack Day ...
OpenStack Upgrade - It can be done! Koby Holzer, Liran Cohen - OpenStack Day ...Cloud Native Day Tel Aviv
 
Connecting applicationswitha mq
Connecting applicationswitha mqConnecting applicationswitha mq
Connecting applicationswitha mqRob Davies
 
Hannes end-of-the-router-tnc17
Hannes end-of-the-router-tnc17Hannes end-of-the-router-tnc17
Hannes end-of-the-router-tnc17Hannes Gredler
 
Securing the Helix Platform at Citrix
Securing the Helix Platform at CitrixSecuring the Helix Platform at Citrix
Securing the Helix Platform at CitrixPerforce
 
JBoss Architect Meetup - December 2013 - JBoss Fuse in Vodafone’s Global Inte...
JBoss Architect Meetup - December 2013 - JBoss Fuse in Vodafone’s Global Inte...JBoss Architect Meetup - December 2013 - JBoss Fuse in Vodafone’s Global Inte...
JBoss Architect Meetup - December 2013 - JBoss Fuse in Vodafone’s Global Inte...JBossArchitectForum
 

Recommandé

Messaging For the Cloud and Microservices
Messaging For the Cloud and MicroservicesMessaging For the Cloud and Microservices
Messaging For the Cloud and MicroservicesRob Davies
 
McAfee Open Source Insight - Aharon Robbins - OpenStack Day Israel 2017
McAfee Open Source Insight - Aharon Robbins - OpenStack Day Israel 2017McAfee Open Source Insight - Aharon Robbins - OpenStack Day Israel 2017
McAfee Open Source Insight - Aharon Robbins - OpenStack Day Israel 2017Cloud Native Day Tel Aviv
 
Nagios Conference 2014 - Jeremy Rust - Avoiding Downtime Using Linux High Ava...
Nagios Conference 2014 - Jeremy Rust - Avoiding Downtime Using Linux High Ava...Nagios Conference 2014 - Jeremy Rust - Avoiding Downtime Using Linux High Ava...
Nagios Conference 2014 - Jeremy Rust - Avoiding Downtime Using Linux High Ava...Nagios
 
OpenStack Upgrade - It can be done! Koby Holzer, Liran Cohen - OpenStack Day ...
OpenStack Upgrade - It can be done! Koby Holzer, Liran Cohen - OpenStack Day ...OpenStack Upgrade - It can be done! Koby Holzer, Liran Cohen - OpenStack Day ...
OpenStack Upgrade - It can be done! Koby Holzer, Liran Cohen - OpenStack Day ...Cloud Native Day Tel Aviv
 
Connecting applicationswitha mq
Connecting applicationswitha mqConnecting applicationswitha mq
Connecting applicationswitha mqRob Davies
 
Hannes end-of-the-router-tnc17
Hannes end-of-the-router-tnc17Hannes end-of-the-router-tnc17
Hannes end-of-the-router-tnc17Hannes Gredler
 
Securing the Helix Platform at Citrix
Securing the Helix Platform at CitrixSecuring the Helix Platform at Citrix
Securing the Helix Platform at CitrixPerforce
 
JBoss Architect Meetup - December 2013 - JBoss Fuse in Vodafone’s Global Inte...
JBoss Architect Meetup - December 2013 - JBoss Fuse in Vodafone’s Global Inte...JBoss Architect Meetup - December 2013 - JBoss Fuse in Vodafone’s Global Inte...
JBoss Architect Meetup - December 2013 - JBoss Fuse in Vodafone’s Global Inte...JBossArchitectForum
 
Fabric8 mq
Fabric8 mqFabric8 mq
Fabric8 mqRob Davies
 
Nagios Conference 2014 - Andy Brist - Nagios XI Failover and HA Solutions
Nagios Conference 2014 - Andy Brist - Nagios XI Failover and HA SolutionsNagios Conference 2014 - Andy Brist - Nagios XI Failover and HA Solutions
Nagios Conference 2014 - Andy Brist - Nagios XI Failover and HA SolutionsNagios
 
Data OnTAP Cluster Mode Administrator
Data OnTAP Cluster Mode AdministratorData OnTAP Cluster Mode Administrator
Data OnTAP Cluster Mode AdministratorArchana Parameshwari
 
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise EditionMarcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise EditionNagios
 
RedisConf17 - Explosion of Data at the Edge in Equinix
RedisConf17 - Explosion of Data at the Edge in EquinixRedisConf17 - Explosion of Data at the Edge in Equinix
RedisConf17 - Explosion of Data at the Edge in EquinixRedis Labs
 
[INSIGHT OUT 2011] A25 2 TB highly available mysql solution(alex)
[INSIGHT OUT 2011] A25 2 TB highly available mysql solution(alex)[INSIGHT OUT 2011] A25 2 TB highly available mysql solution(alex)
[INSIGHT OUT 2011] A25 2 TB highly available mysql solution(alex)Insight Technology, Inc.
 
From ClearCase to Perforce Helix: Breakthroughs in Scalability at Intel
From ClearCase to Perforce Helix: Breakthroughs in Scalability at IntelFrom ClearCase to Perforce Helix: Breakthroughs in Scalability at Intel
From ClearCase to Perforce Helix: Breakthroughs in Scalability at IntelPerforce
 
NetApp C-mode for 7 mode engineers
NetApp C-mode for 7 mode engineersNetApp C-mode for 7 mode engineers
NetApp C-mode for 7 mode engineerssubtitle
 
My personal journey through the World of Open Source! How What Was Old Beco...
My personal journey through the World of Open Source! How What Was Old Beco...My personal journey through the World of Open Source! How What Was Old Beco...
My personal journey through the World of Open Source! How What Was Old Beco...Ceph Community
 
Bitsy graph database
Bitsy graph databaseBitsy graph database
Bitsy graph databaseLambdaZen LLC
 
LINE's Infrastructure Platform: How It Scales Massive Services and Maintains ...
LINE's Infrastructure Platform: How It Scales Massive Services and Maintains ...LINE's Infrastructure Platform: How It Scales Massive Services and Maintains ...
LINE's Infrastructure Platform: How It Scales Massive Services and Maintains ...LINE Corporation
 
ClueCon 2017
ClueCon 2017ClueCon 2017
ClueCon 2017Luca Pradovera
 
Cache Tiering and Erasure Coding
Cache Tiering and Erasure CodingCache Tiering and Erasure Coding
Cache Tiering and Erasure CodingShinobu Kinjo
 
Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...
Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...
Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...Cloud Native Day Tel Aviv
 
5 Ways to Avoid Server and Application Downtime
5 Ways to Avoid Server and Application Downtime5 Ways to Avoid Server and Application Downtime
5 Ways to Avoid Server and Application DowntimeNeverfail Group
 
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike PlaceOSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike PlaceNETWAYS
 
Nagios Conference 2014 - Sam Lansing - Advanced Features of Nagios XI
Nagios Conference 2014 - Sam Lansing - Advanced Features of Nagios XINagios Conference 2014 - Sam Lansing - Advanced Features of Nagios XI
Nagios Conference 2014 - Sam Lansing - Advanced Features of Nagios XINagios
 
Architecting for Scale
Architecting for ScaleArchitecting for Scale
Architecting for ScalePooyan Jamshidi
 
Building a Router
Building a RouterBuilding a Router
Building a RouterHannes Gredler
 
OpenStack State of Fibre Channel
OpenStack State of Fibre ChannelOpenStack State of Fibre Channel
OpenStack State of Fibre Channelhemna6969
 
Kubernetes in a grown environment and integration into continuous delivery
Kubernetes in a grown environment and integration into continuous deliveryKubernetes in a grown environment and integration into continuous delivery
Kubernetes in a grown environment and integration into continuous deliveryTEC Campus
 
How to run a bank on Apache CloudStack
How to run a bank on Apache CloudStackHow to run a bank on Apache CloudStack
How to run a bank on Apache CloudStackgjdevos
 

Contenu connexe

Tendances

Nagios Conference 2014 - Andy Brist - Nagios XI Failover and HA Solutions
Nagios Conference 2014 - Andy Brist - Nagios XI Failover and HA SolutionsNagios Conference 2014 - Andy Brist - Nagios XI Failover and HA Solutions
Nagios Conference 2014 - Andy Brist - Nagios XI Failover and HA SolutionsNagios
 
Data OnTAP Cluster Mode Administrator
Data OnTAP Cluster Mode AdministratorData OnTAP Cluster Mode Administrator
Data OnTAP Cluster Mode AdministratorArchana Parameshwari
 
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise EditionMarcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise EditionNagios
 
RedisConf17 - Explosion of Data at the Edge in Equinix
RedisConf17 - Explosion of Data at the Edge in EquinixRedisConf17 - Explosion of Data at the Edge in Equinix
RedisConf17 - Explosion of Data at the Edge in EquinixRedis Labs
 
[INSIGHT OUT 2011] A25 2 TB highly available mysql solution(alex)
[INSIGHT OUT 2011] A25 2 TB highly available mysql solution(alex)[INSIGHT OUT 2011] A25 2 TB highly available mysql solution(alex)
[INSIGHT OUT 2011] A25 2 TB highly available mysql solution(alex)Insight Technology, Inc.
 
From ClearCase to Perforce Helix: Breakthroughs in Scalability at Intel
From ClearCase to Perforce Helix: Breakthroughs in Scalability at IntelFrom ClearCase to Perforce Helix: Breakthroughs in Scalability at Intel
From ClearCase to Perforce Helix: Breakthroughs in Scalability at IntelPerforce
 
NetApp C-mode for 7 mode engineers
NetApp C-mode for 7 mode engineersNetApp C-mode for 7 mode engineers
NetApp C-mode for 7 mode engineerssubtitle
 
My personal journey through the World of Open Source! How What Was Old Beco...
My personal journey through the World of Open Source! How What Was Old Beco...My personal journey through the World of Open Source! How What Was Old Beco...
My personal journey through the World of Open Source! How What Was Old Beco...Ceph Community
 
Bitsy graph database
Bitsy graph databaseBitsy graph database
Bitsy graph databaseLambdaZen LLC
 
LINE's Infrastructure Platform: How It Scales Massive Services and Maintains ...
LINE's Infrastructure Platform: How It Scales Massive Services and Maintains ...LINE's Infrastructure Platform: How It Scales Massive Services and Maintains ...
LINE's Infrastructure Platform: How It Scales Massive Services and Maintains ...LINE Corporation
 
Cache Tiering and Erasure Coding
Cache Tiering and Erasure CodingCache Tiering and Erasure Coding
Cache Tiering and Erasure CodingShinobu Kinjo
 
Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...
Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...
Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...Cloud Native Day Tel Aviv
 
5 Ways to Avoid Server and Application Downtime
5 Ways to Avoid Server and Application Downtime5 Ways to Avoid Server and Application Downtime
5 Ways to Avoid Server and Application DowntimeNeverfail Group
 
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike PlaceOSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike PlaceNETWAYS
 
Nagios Conference 2014 - Sam Lansing - Advanced Features of Nagios XI
Nagios Conference 2014 - Sam Lansing - Advanced Features of Nagios XINagios Conference 2014 - Sam Lansing - Advanced Features of Nagios XI
Nagios Conference 2014 - Sam Lansing - Advanced Features of Nagios XINagios
 
OpenStack State of Fibre Channel
OpenStack State of Fibre ChannelOpenStack State of Fibre Channel
OpenStack State of Fibre Channelhemna6969
 

Tendances (20)

Fabric8 mq
Fabric8 mqFabric8 mq
Fabric8 mq
 
Nagios Conference 2014 - Andy Brist - Nagios XI Failover and HA Solutions
Nagios Conference 2014 - Andy Brist - Nagios XI Failover and HA SolutionsNagios Conference 2014 - Andy Brist - Nagios XI Failover and HA Solutions
Nagios Conference 2014 - Andy Brist - Nagios XI Failover and HA Solutions
 
Data OnTAP Cluster Mode Administrator
Data OnTAP Cluster Mode AdministratorData OnTAP Cluster Mode Administrator
Data OnTAP Cluster Mode Administrator
 
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise EditionMarcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
Marcus Rochelle - Landis+Gyr - Monitoring with Nagios Enterprise Edition
 
RedisConf17 - Explosion of Data at the Edge in Equinix
RedisConf17 - Explosion of Data at the Edge in EquinixRedisConf17 - Explosion of Data at the Edge in Equinix
RedisConf17 - Explosion of Data at the Edge in Equinix
 
[INSIGHT OUT 2011] A25 2 TB highly available mysql solution(alex)
[INSIGHT OUT 2011] A25 2 TB highly available mysql solution(alex)[INSIGHT OUT 2011] A25 2 TB highly available mysql solution(alex)
[INSIGHT OUT 2011] A25 2 TB highly available mysql solution(alex)
 
From ClearCase to Perforce Helix: Breakthroughs in Scalability at Intel
From ClearCase to Perforce Helix: Breakthroughs in Scalability at IntelFrom ClearCase to Perforce Helix: Breakthroughs in Scalability at Intel
From ClearCase to Perforce Helix: Breakthroughs in Scalability at Intel
 
NetApp C-mode for 7 mode engineers
NetApp C-mode for 7 mode engineersNetApp C-mode for 7 mode engineers
NetApp C-mode for 7 mode engineers
 
My personal journey through the World of Open Source! How What Was Old Beco...
My personal journey through the World of Open Source! How What Was Old Beco...My personal journey through the World of Open Source! How What Was Old Beco...
My personal journey through the World of Open Source! How What Was Old Beco...
 
Bitsy graph database
Bitsy graph databaseBitsy graph database
Bitsy graph database
 
LINE's Infrastructure Platform: How It Scales Massive Services and Maintains ...
LINE's Infrastructure Platform: How It Scales Massive Services and Maintains ...LINE's Infrastructure Platform: How It Scales Massive Services and Maintains ...
LINE's Infrastructure Platform: How It Scales Massive Services and Maintains ...
 
ClueCon 2017
ClueCon 2017ClueCon 2017
ClueCon 2017
 
Cache Tiering and Erasure Coding
Cache Tiering and Erasure CodingCache Tiering and Erasure Coding
Cache Tiering and Erasure Coding
 
Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...
Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...
Muli Ben-Yehuda, Stratoscale - The Road to a Hyper-Converged OpenStack, OpenS...
 
5 Ways to Avoid Server and Application Downtime
5 Ways to Avoid Server and Application Downtime5 Ways to Avoid Server and Application Downtime
5 Ways to Avoid Server and Application Downtime
 
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike PlaceOSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
OSDC 2018 | Introduction to SaltStack in the Modern Data Center by Mike Place
 
Nagios Conference 2014 - Sam Lansing - Advanced Features of Nagios XI
Nagios Conference 2014 - Sam Lansing - Advanced Features of Nagios XINagios Conference 2014 - Sam Lansing - Advanced Features of Nagios XI
Nagios Conference 2014 - Sam Lansing - Advanced Features of Nagios XI
 
Architecting for Scale
Architecting for ScaleArchitecting for Scale
Architecting for Scale
 
Building a Router
Building a RouterBuilding a Router
Building a Router
 
OpenStack State of Fibre Channel
OpenStack State of Fibre ChannelOpenStack State of Fibre Channel
OpenStack State of Fibre Channel
 

Similaire à Building a CI/CD driven infrastructure for managing kubernetes clusters on bare metal

Kubernetes in a grown environment and integration into continuous delivery
Kubernetes in a grown environment and integration into continuous deliveryKubernetes in a grown environment and integration into continuous delivery
Kubernetes in a grown environment and integration into continuous deliveryTEC Campus
 
How to run a bank on Apache CloudStack
How to run a bank on Apache CloudStackHow to run a bank on Apache CloudStack
How to run a bank on Apache CloudStackgjdevos
 
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVM
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVMSven Vogel: Running CloudStack and OpenShift with NetApp on KVM
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVMShapeBlue
 
ZaloPay Merchant Platform on K8S on-premise
ZaloPay Merchant Platform on K8S on-premiseZaloPay Merchant Platform on K8S on-premise
ZaloPay Merchant Platform on K8S on-premiseChau Thanh
 
Capital One Delivers Risk Insights in Real Time with Stream Processing
Capital One Delivers Risk Insights in Real Time with Stream ProcessingCapital One Delivers Risk Insights in Real Time with Stream Processing
Capital One Delivers Risk Insights in Real Time with Stream Processingconfluent
 
OpenStack + Cloud Foundry for the OpenStack Boston Meetup
OpenStack + Cloud Foundry for the OpenStack Boston MeetupOpenStack + Cloud Foundry for the OpenStack Boston Meetup
OpenStack + Cloud Foundry for the OpenStack Boston Meetupragss
 
Build your own private Cloud environment
Build your own private Cloud environmentBuild your own private Cloud environment
Build your own private Cloud environmentNico Meisenzahl
 
DNUG46 - Build your own private Cloud environment
DNUG46 - Build your own private Cloud environmentDNUG46 - Build your own private Cloud environment
DNUG46 - Build your own private Cloud environmentpanagenda
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesJosef Adersberger
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesQAware GmbH
 
Automated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge CloudsAutomated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge CloudsJay Bryant
 
Případová studie Fortuna aneb Veeam dostupnost v praxi
Případová studie Fortuna aneb Veeam dostupnost v praxiPřípadová studie Fortuna aneb Veeam dostupnost v praxi
Případová studie Fortuna aneb Veeam dostupnost v praxiMarketingArrowECS_CZ
 
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...Sanjeev Rampal
 
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ... The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...Josef Adersberger
 
Migrating Hundreds of Legacy Applications to Kubernetes - The Good, the Bad, ...
Migrating Hundreds of Legacy Applications to Kubernetes - The Good, the Bad, ...Migrating Hundreds of Legacy Applications to Kubernetes - The Good, the Bad, ...
Migrating Hundreds of Legacy Applications to Kubernetes - The Good, the Bad, ...QAware GmbH
 
Scalable Service-Oriented Middleware over IP
Scalable Service-Oriented Middleware over IPScalable Service-Oriented Middleware over IP
Scalable Service-Oriented Middleware over IPDai Yang
 
Introduction to HPC & Supercomputing in AI
Introduction to HPC & Supercomputing in AIIntroduction to HPC & Supercomputing in AI
Introduction to HPC & Supercomputing in AITyrone Systems
 
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...NETWAYS
 
Containers and Kubernetes
Containers and KubernetesContainers and Kubernetes
Containers and KubernetesAltoros
 
z13: New Opportunities – if you dare!
z13: New Opportunities – if you dare!z13: New Opportunities – if you dare!
z13: New Opportunities – if you dare!Michael Erichsen
 

Similaire à Building a CI/CD driven infrastructure for managing kubernetes clusters on bare metal (20)

Kubernetes in a grown environment and integration into continuous delivery
Kubernetes in a grown environment and integration into continuous deliveryKubernetes in a grown environment and integration into continuous delivery
Kubernetes in a grown environment and integration into continuous delivery
 
How to run a bank on Apache CloudStack
How to run a bank on Apache CloudStackHow to run a bank on Apache CloudStack
How to run a bank on Apache CloudStack
 
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVM
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVMSven Vogel: Running CloudStack and OpenShift with NetApp on KVM
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVM
 
ZaloPay Merchant Platform on K8S on-premise
ZaloPay Merchant Platform on K8S on-premiseZaloPay Merchant Platform on K8S on-premise
ZaloPay Merchant Platform on K8S on-premise
 
Capital One Delivers Risk Insights in Real Time with Stream Processing
Capital One Delivers Risk Insights in Real Time with Stream ProcessingCapital One Delivers Risk Insights in Real Time with Stream Processing
Capital One Delivers Risk Insights in Real Time with Stream Processing
 
OpenStack + Cloud Foundry for the OpenStack Boston Meetup
OpenStack + Cloud Foundry for the OpenStack Boston MeetupOpenStack + Cloud Foundry for the OpenStack Boston Meetup
OpenStack + Cloud Foundry for the OpenStack Boston Meetup
 
Build your own private Cloud environment
Build your own private Cloud environmentBuild your own private Cloud environment
Build your own private Cloud environment
 
DNUG46 - Build your own private Cloud environment
DNUG46 - Build your own private Cloud environmentDNUG46 - Build your own private Cloud environment
DNUG46 - Build your own private Cloud environment
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to Kubernetes
 
Patterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to KubernetesPatterns and Pains of Migrating Legacy Applications to Kubernetes
Patterns and Pains of Migrating Legacy Applications to Kubernetes
 
Automated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge CloudsAutomated Deployment and Management of Edge Clouds
Automated Deployment and Management of Edge Clouds
 
Případová studie Fortuna aneb Veeam dostupnost v praxi
Případová studie Fortuna aneb Veeam dostupnost v praxiPřípadová studie Fortuna aneb Veeam dostupnost v praxi
Případová studie Fortuna aneb Veeam dostupnost v praxi
 
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
 
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ... The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...
The Good, the Bad and the Ugly of Migrating Hundreds of Legacy Applications ...
 
Migrating Hundreds of Legacy Applications to Kubernetes - The Good, the Bad, ...
Migrating Hundreds of Legacy Applications to Kubernetes - The Good, the Bad, ...Migrating Hundreds of Legacy Applications to Kubernetes - The Good, the Bad, ...
Migrating Hundreds of Legacy Applications to Kubernetes - The Good, the Bad, ...
 
Scalable Service-Oriented Middleware over IP
Scalable Service-Oriented Middleware over IPScalable Service-Oriented Middleware over IP
Scalable Service-Oriented Middleware over IP
 
Introduction to HPC & Supercomputing in AI
Introduction to HPC & Supercomputing in AIIntroduction to HPC & Supercomputing in AI
Introduction to HPC & Supercomputing in AI
 
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...
OSMC 2019 | Monitoring Alerts and Metrics on Large Power Systems Clusters by ...
 
Containers and Kubernetes
Containers and KubernetesContainers and Kubernetes
Containers and Kubernetes
 
z13: New Opportunities – if you dare!
z13: New Opportunities – if you dare!z13: New Opportunities – if you dare!
z13: New Opportunities – if you dare!
 

Dernier

VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesPooja Nehwal
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Hasting Chen
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsaqsarehman5055
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaKayode Fayemi
 
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Delhi Call girls
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar TrainingKylaCullinane
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIINhPhngng3
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxraffaeleoman
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...Sheetaleventcompany
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Vipesco
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxmohammadalnahdi22
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfSkillCertProExams
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubssamaasim06
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatmentnswingard
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoKayode Fayemi
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfSenaatti-kiinteistöt
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardsticksaastr
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 

Dernier (20)

VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animals
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
Busty Desi⚡Call Girls in Sector 51 Noida Escorts >༒8448380779 Escort Service-...
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
 
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
 

Building a CI/CD driven infrastructure for managing kubernetes clusters on bare metal

  • 1. Stephan Fudeus, Expert Continuous Delivery
 Dr. Sascha Mühlbach, Expert Infrastructure Architect BUILDING A CI/CD DRIVEN INFRASTRUCTURE FOR MANAGING KUBERNETES CLUSTERS ON BARE METAL

  • 2. 1&1 Mail & Media Development & Technology GmbH United Internet / 1&1 Mail & Media 18.06.18!2 United Internet ▪ is a leading European internet specialist ▪ > 9000 employees ▪ 90k servers in 10 data centers ▪ Access • DSL and mobile ▪ Applications • Hosting • Consumer (WEB.DE etc.) 1&1 Mail & Media ▪ main brands GMX, WEB.DE and MAIL.COM ▪ various services around a free or paid mail account (calendar, news portal, cloud storage) ▪ 33 million active users / month
  • 3. 1&1 Mail & Media Development & Technology GmbH Speakers 18.06.18!3 ▪ Stephan Fudeus ▪ Joined 1&1 in 2005 ▪ Long-term experience in building highly scalable multi-tenant applications ▪ Product Owner and TechLead for our Kubernetes Clusters ▪ Twitter: @der_sfu ▪ Dr. Sascha Mühlbach ▪ Expert Infrastructure Architect ▪ 15 years professional experience ▪ Responsible for the global operations strategy of the applications and systems infrastructure
  • 4. 1&1 Mail & Media Development & Technology GmbH ■ Motivation / Environment ■ Cluster-Design ■ Network-Setup ■ Load Balancing and Cluster Ingress ■ Deployment ■ Git-driven cluster operations ■ Multi-Tenancy ■ Onboarding & Training !4 Agenda 18.06.18
  • 5. 1&1 Mail & Media Development & Technology GmbH Motivation 18.06.18!5 ▪ Why Container? ▪ Strong coupling between code and application runtime environment ▪ One build responsibility ▪ Hide core infrastructure from application ▪ Reproducibility in development ▪ Follow new standards in software development ▪ Requirements ▪ Reliable platform that provides the same level of availability that our existing environment is delivering ▪ Efficient deployment for geo-redundant services in multiple data centers ▪ Self-service for the development and application teams ▪ Multi-tenancy with strong separation for security reasons ▪ Must fit into the existing network environment ▪ Mostly automated operation of the base Kubernetes platform
  • 6. 1&1 Mail & Media Development & Technology GmbH Environment 6/18/18!6 ▪ Organizational Environment ▪ Approx. 25 Dev Teams with 10 Ops Teams ▪ Strong organizational separation between PM / Dev / Ops ▪ Ops Teams provide 24/7 and are responsible for operating the application and the operating system stack ▪ One dedicated Ops Team to build and run the Kubernetes platform ▪ Technical Environment ▪ Existing infrastructure of bare metal and virtual machines (KVM, ESX) ▪ All servers are Puppet managed • Our infrastructure has ~15.000 Puppet clients ▪ Majority of services are written in Java ▪ Ongoing transition to CD and microservices ▪ 3 datacenters (2 in DE, 1 in US) that are owned by us
  • 7. 1&1 Mail & Media Development & Technology GmbH Cluster Design 18.06.18!7
  • 8. 1&1 Mail & Media Development & Technology GmbH Network Setup for Frontend Zone !8 ▪ Integration of existing F5 BigIP load balancing platform with their features ▪ Service IPs are BGP-routed to Balancer and then forwarded with SNAT to NodePorts ▪ BGP enables global redundancy ▪ No public IPs inside Kubernetes cluster kube-proxy kube-proxy kube-proxy POD POD POD POD POD ServiceType: NodePort 10.8.0.1:30001 10.8.0.2:30001 10.8.0.3:30001 82.165.230.17:443 Pool Member 10.8.0.1:30001 10.8.0.2:30001 10.8.0.3:30001 F5 - K8S KubernetesAPI REST Calls Worker Node
  • 9. 1&1 Mail & Media Development & Technology GmbH Network configuration via ConfigMap for F5 18.06.18!9
  • 10. 1&1 Mail & Media Development & Technology GmbH ▪ In backend networks, we use MetalLB (no specific Layer 7 requirements) ▪ Service IPs are BGP-announced with ECMP distribution (easy scaling) ▪ LoadBalancing only with K8S base algorithms or ingress controller features Network Setup for Backend Zone 18.06.18!10 kube-proxy kube-proxy kube-proxy POD POD POD POD POD Worker Node MetalLB 10.176.0.6:80 MetalLB
  • 11. 1&1 Mail & Media Development & Technology GmbH Network configuration via Service for MetalLB 18.06.18!11
  • 12. 1&1 Mail & Media Development & Technology GmbH Load Balancing & Cluster Ingress 18.06.18!12 ▪ Additional L7 ingress support by using Traefik ▪ Easier maintenance via wildcard DNS and wildcard TLS cert ▪ Additional functionalities ▪ Load balancing (wrr, drr) ▪ Circuit breaking ▪ HTTP/HTTPS redirect ▪ Host-based / Path-based routing ▪ Health-Checks ▪ Session-Stickyness ▪ Multiple ingress domains ▪ Personal namespaces ▪ System services ▪ Applications
  • 13. 1&1 Mail & Media Development & Technology GmbH Lessons Learned Load Balancing 18.06.18!13 ▪ F5 with BIG-IP Controller for Kubernetes ▪ Solves the automation issue ▪ Provides all loadbalancing features of the existing platform ▪ Nodeport balancing mode has some caveats ▪ Extensive use of SNAT in our environment sometimes difficult to debug ▪ Not all features of the F5 configuration implemented yet ▪ MetalLB ▪ Works well with our BGP setup ▪ Has some limitations, e.g., balancing methods ▪ ECMP distribution may drop open connections on every topology change (e.g. during rolling upgrades) ▪ Traefik ▪ Needs to be combined with MetalLB for BGP functionality ▪ Separation of ingress domains with multiple controllers
  • 14. 1&1 Mail & Media Development & Technology GmbH Deployment 18.06.18!14 ▪ Container Linux ▪ No SSH by default – fully automated operations ▪ Only the essential base system, reduced attack surface ▪ etcd, apiserver, kubelet managed via systemd ▪ Automated processes based on changes in an etcd instances ▪ Matchbox / Terraform ▪ Creation of ignition files via terraform and confd based on data in dedicated etcd ▪ Updates triggered via GitLab-CI ▪ Additional manual Gitlab-CI jobs for deployment of addons, namespaces, … ▪ Own H/A Image Registry ▪ User management via OIDC by using Dex for LDAP integration ▪ Vault as Cluster-CA
  • 15. 1&1 Mail & Media Development & Technology GmbH Git-driven cluster operations 18.06.18!15 ▪ Maturity level via 3 branches (master, integration, production) ▪ All cluster operations are triggered based on Gitlab-CI pipelines ▪ automatically on git-pushes to relevant branch ▪ manually triggered jobs for cluster changes ▪ scheduled jobs for periodic changes (namespace updates / purges) ▪ The amount of clusters makes this a bit cumbersome
  • 16. 1&1 Mail & Media Development & Technology GmbH Git-driven operations use cases 18.06.18!16 ▪ Full redeployment of clusters ▪ Only if cluster is broken, will wipe everything ▪ Will redeploy all nodes in parallel ▪ Rolling upgrade of clusters ▪ Usually done on a weekly basis ▪ Will wipe and reset nodes one by one ▪ Namespaces update ▪ Nightly updates for production ▪ on-push for integration ▪ Addon update ▪ Addons as helm charts, rendered via helm template and injected via kubectl apply ▪ Done ad-hoc for addon changes without redeployment
  • 17. 1&1 Mail & Media Development & Technology GmbH18.06.18!17
  • 18. 1&1 Mail & Media Development & Technology GmbH Multi Tenancy 18.06.18!18 ▪ Common platform for several teams ▪ PodSecurityPolicies (no-root, no host-net, r/o layers) ▪ Dedicated resources for teams • Dedicated in-cluster prometheus for scraping • Configurable log-sink (Elasticsearch, Kafka) ▪ Authentication via OIDC <-> Dex <-> LDAP ▪ Maximum separation between teams targeted ▪ Namespaces are a „managed“ resource ▪ Resource constraints defined centrally per namespace ▪ Users are restricted to their namespaces via RBAC ▪ Network policies ▪ Team-centric „helper“ namespace • e.g. $team-helper • Used for managed resources, e.g. team-prometheus ▪ Individual namespaces per (group of) application and stage • $team-$app-live, $team-$app-prelive
  • 19. 1&1 Mail & Media Development & Technology GmbH Multi Tenancy 18.06.18!19 ▪ Dedicated namespaces for individuals ▪ Purpose: Training, PoC, Experiments ▪ Daily process to read users from LDAP and generate and flush namespaces ▪ Service exposure via central ingress controller (traefik)
  • 20. 1&1 Mail & Media Development & Technology GmbH Namespace-Config via yaml 18.06.18!20 Rendered via helm 36 resulting manifests: 1 kind: Deployment 1 kind: Ingress 1 kind: Service 2 kind: ConfigMap 2 kind: ServiceAccount 4 kind: LimitRange 4 kind: Namespace 4 kind: ResourceQuota 8 kind: NetworkPolicy 9 kind: RoleBinding
  • 21. 1&1 Mail & Media Development & Technology GmbH Onboarding & Training 18.06.18!21 ▪ 4 training blocks for system administrators (1-2 days each) ▪ Docker & Kubernetes ▪ GoCD & Helm • Pipeline Design • Helm Templating ▪ Development Techniques for Ops • Repositories and versioning • Secure Software Development Lifecycle ▪ Operating Container Applications • Monitoring, Logging and Failure Handling • Operations Lifecycle
  • 22. 1&1 Mail & Media Development & Technology GmbH Links 18.06.18!22 ▪ F5-Ctrl (https://github.com/F5Networks/k8s-bigip-ctlr) ▪ MetalLB (https://metallb.universe.tf/) ▪ Traefik (https://traefik.io/) ▪ Dex (https://github.com/coreos/dex) ▪ https://jobs.1und1.de/ ▪ https://web.de ▪ https://www.gmx.net ▪ https://www.mail.com ▪ https://www.united-internet.de/