jug real world kubernetes agenda
play

JUG Real World Kubernetes Agenda - Introduction Agenturclient - - PowerPoint PPT Presentation

Nov 08, 2023 •140 likes •845 views

JUG Real World Kubernetes Agenda - Introduction Agenturclient - Architecture Agenturclient - Kubernetes Deployment - HA-Setup - Demo - Istio Introduction Florian Lscher Solution Architect and Co-Founder Skills CV Solution

  1. JUG Real World Kubernetes

  2. Agenda - Introduction Agenturclient - Architecture Agenturclient - Kubernetes Deployment - HA-Setup - Demo - Istio Introduction

  3. Florian Lüscher Solution Architect and Co-Founder Skills CV Solution Architecture seit 2018 ▪ ▪ Cloud & Continuous Delivery dsi engineering ag ▪ Machine Learning 2013 - 2018 ▪ ▪ Java, Python, .NET (Core) Zühlke Engineering AG ▪ Web 2010 - 2013 ▪ ▪ FHNW Computer Science 2005 - 2009 ▪ Software Development Apprenticeship

  4. Wir helfen unseren Partnern intelligente Services zu entwickeln. www.dsiag.ch

  5. Agenturclient

  7. Agenturclient - Allows SBB business customers to sell tickets - SBB is contract partner and responsible for customer care - These business customers usually are domestic and foreign travel agencies - It allows to sell regular tickets, touristic offerings and super saver tickets - Refunds are possible too

  9. How much did we earn building the software?

  10. How much do we earn operating the software?

  11. How much do we earn maintaining the software?

  12. How do we earn money?

  13. Aligned Business Models - We aligned our business models - SBB Gets income over Tickets sales via their platform - Travel Agencies Earn a commission when selling tickets - dsi engineering Charges a fee for every ticket sold

  14. Aligned Business Models No discussions and contract negotiations over change requests instead business driven discussions about return on investment

  15. Aligned Business Models No finger pointing or blaming during operation instead mutual interest in operating high quality software

  16. Aligned Business Models No development project and application lifecycle management from the customer instead everybody does what they do best

  17. Agenturclient Architecture

  19. Agenturclient - Technologies - Vue frontend - Served directly from Spring Boot Backend - Spring Boot MVC Application - Offers REST interface to frontend - Authorizes users using Keycloak groups - Stateless - MySQL as storage backend

  20. Agenturclient - HA-Setup - Our Spring Boot backend is completely stateless - We run multiple instances - Accessing SBB’s B2P service - We want to have control over timeouts - Automatic retries within timeout on network errors - Circuit breaking is disabled - We use Hystrix to achieve this. Today, resilience4j would the tool of choice.

  21. Agenturclient - Keycloak - Open Source Identity and Access Management - Upstream of RedHat SSO - Implements standard protocols - OpenID Connect, OAuth 2.0 and SAML 2.0 - Allows Central Management of Users, Roles and Groups - Identity Brokering is possible - OpenID Connect or SAML 2.0 IdPs - Clustering is supported - For scalability and availability

  22. Agenturclient Deployment

  23. Deployment - Requirements - We don’t have our own infrastructure - We deploy to the cloud, from the cloud - No operation of own build server - We want to be able to deploy to prod as frequently as we like - Number of concurrent users is limited - 98.3% availability is promised to clients - 15 minutes response time

  24. Agenturclient - Pipeline Overview

  25. Agenturclient - Pipeline

  26. Zero Downtime Deployments apiVersion: apps/v1 kind: Deployment metadata: name: hello-dep namespace: default spec: replicas: 2 strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 25% maxSurge: 1 template: spec: containers: - image: test

  27. Agenturclient - Graceful Shutdown - We don’t want to lose requests during shutdown. - Therefore we wait on the internal Tomcat Thread Pool to finish all requests

  28. Agenturclient - Keycloak - Agenturclient has about 3500 concurrent users - Users can be managed by the travel agencies - Change rate is low - They usually login in the morning and stay logged in the whole day - Therefore we don’t have high performance requirements - Scalability not needed - Cluster is still needed - In order to achieve a highly available setup

  29. Keycloak High Availability

  30. Agenturclient - Keycloak HA-Setup https://www.keycloak.org/docs/6.0/server_installation/

  31. Agenturclient - Keycloak HA-Setup - Keycloak HA requires an Infinistan In-Memory Grid to store sessions and users - Users and sessions are stored in an Infinispan Replicated Cache - Infinispan uses JGroups for networking in Clustered-Mode - JGroups - Requires a discovery mechanism to discover all cluster nodes - Establishes IP-Multicast between the cluster nodes

  32. Agenturclient - Keycloak@K8s - Service discovery done via Kubernetes Services - Two services are created - Cluster-IP service to access keycloak nodes - Headless service allows discovery of all cluster nodes JGROUPS_DISCOVERY_PROTOCOL="dns.DNS_PING" JGROUPS_DISCOVERY_PROPERTIES="dns_query=keycloak-cluster.default.svc.cluster.local"

  33. Agenturclient - Keycloak@K8s

  34. Agenturclient - Keycloak@K8s /# dig keycloak-service.default.svc.cluster.local ; <<>> DiG 9.11.3-1ubuntu1.3-Ubuntu <<>> keycloak-service.default.svc.cluster.local ;; QUESTION SECTION: ;keycloak-service.default.svc.cluster.local. IN A ;; ANSWER SECTION: keycloak-service.default.svc.cluster.local. 30 IN A 10.0.1.10

  35. Agenturclient - Keycloak@K8s /# dig keycloak-cluster.default.svc.cluster.local ; <<>> DiG 9.11.3-1ubuntu1.3-Ubuntu <<>> keycloak-cluster.default.svc.cluster.local ;; QUESTION SECTION: ;keycloak-cluster.default.svc.cluster.local. IN A ;; ANSWER SECTION: keycloak-cluster.default.svc.cluster.local. 30 IN A 10.0.2.13 keycloak-cluster.default.svc.cluster.local. 30 IN A 10.0.3.16

  36. Agenturclient - Keycloak@Cloud - JGroups IP-Multicast is not supported in public clouds - Switch transport stack to TCP - We updated Keycloak Docker-Files to - have TCP as standard - Allow reconfiguration using environment variables

  37. Pod A Pod can host multiple containers.

  38. Pod These containers share: Network ▪ Same unique IP Address Same Port Range Can communicate using localhost Storage ▪ Volumes can be accessed by all containers

  39. DEMO

  40. Are we really highly available now? - What happens if a node goes down? - What happens if cluster maintenance requires to take a node offline?

  41. apiVersion: apps/v1 kind: Deployment metadata: Node Affinity name: agenturclient-deployment labels: app: agenturclient We want to tolerate the outage of a spec: replicas: 2 node. template: spec: affinity: podAntiAffinity : Kubernetes offers affinity rules to requiredDuringSchedulingIgnoredDuringExecution: decide which nodes are eligible for - labelSelector: a pod to be scheduled upon. matchExpressions: - key: "app" operator: In values: - agenturclient topologyKey: "kubernetes.io/hostname"

  42. apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: Disruption Budget name: agenturclient-pdb spec: minAvailable: 1 We don’t want to take all nodes selector: matchLabels: offline when upgrading the cluster. app: agenturclient A PodDisruptionBudget controls how many Pods of a deployment should be available during regular maintenance. A node is not evicted if it would violate a Pod disruption budget.

  43. Agenturclient @ Google Kubernetes Engine What’s missing? - More insights into network traffic - Between our services and to external systems - Traffic encryption everywhere, by default - Because we run in a public cloud - Policy enforcement - Restrict unallowed network traffic

  44. Istio Service Mesh

  46. Istio Overview

  47. Istio Overview

  48. Istio Overview

  49. DEMO

  50. Istio Overview - Envoy Envoy is an open source edge and service proxy, designed for cloud-native applications.

  51. Istio Overview - Envoy Sits between every network connection. This allows for: - Circuit Breaking - Retries - Logging, Tracing & Monitoring - Policy Enforcement - Fault Injection - Traffic Routing - mTLS

  52. Istio Overview - Pilot Pilot configures all the envoy sidecar proxies. It uses metadata it receives from the environment it runs in (e.g. Kubernetes).

  53. DEMO

  55. Istio Overview - Mixer Mixer is responsible for - Checking request against policy rules - Forward telemetry and logging to Backends To avoid a single point of failure the sidecar proxies cache policies and mixer itself serves as a cache in front of backend systems. Mixer provides several adapters to monitoring systems.

  56. Istio Overview - Mixer Mixer provides several adapters to monitoring systems. It is possible to use these adapters to add more attributes to requests. These attributes can be used in expressions to specify different rules.

  57. DEMO

  58. Istio Overview - Citadel

  59. Istio Overview - Citadel Citadel uses SPIFFE (https://spiffe.io) to issue certificates. On Kubernetes: 1. Citadel watches the Kubernetes apiserver. Every Service Account gets a X509 cert 2. When a Pod is startet, the certificate information is mounted 3. Citadel rotates these certificates regularly 4. Pilot configured the envoy proxies

  60. Istio Overview

  61. Conclusions

Recommend

JUG Bern Real World Kubernetes Agenda - Introduction Agenturclient - Architecture

JUG Bern Real World Kubernetes Agenda - Introduction Agenturclient - Architecture

JUG Bern Real World Kubernetes Agenda - Introduction Agenturclient - Architecture Agenturclient - Kubernetes Deployment - HA-Setup - Demo - Istio Introduction Florian Lscher Software Engineer and Co-Founder Skills CV Solution

1.48k views • 70 slides
Airflow on Kubernetes: Containerizing your Workflows By Michael Hewitt Agenda Kubernetes

Airflow on Kubernetes: Containerizing your Workflows By Michael Hewitt Agenda Kubernetes

Airflow on Kubernetes: Containerizing your Workflows By Michael Hewitt Agenda Kubernetes Overview 1 Airflows integration with Kubernetes 2 Deployment of Airflow on Kubernetes 3 Kubernetes Pod Operator and its benefits 4 DAG Development

2.79k views • 14 slides
From Laptop to the World With Kubernetes @saturnism @googlecloud #kubernetes Ray Tsang

From Laptop to the World With Kubernetes @saturnism @googlecloud #kubernetes Ray Tsang

From Laptop to the World With Kubernetes @saturnism @googlecloud #kubernetes Ray Tsang Developer Advocate Google Cloud Platform @saturnism | +RayTsang @saturnism @googlecloud #kubernetes Ray Tsang Developer Architect Traveler

1.29k views • 65 slides
Stateful workloads on kubernetes with ceph Agenda CaaS Kubernetes

Stateful workloads on kubernetes with ceph Agenda CaaS Kubernetes

Stateful workloads on kubernetes with ceph Agenda CaaS Kubernetes Ceph Storage Operation NVRAMOS 2019 10/28/2019 Cloud Service Model On Premises IaaS CaaS PaaS SaaS Applications Applications

660 views • 36 slides
XML in the real world XML in the real world XML agentzh ( )

XML in the real world XML in the real world XML agentzh ( )

XML in the real world XML in the real world XML agentzh ( ) 2006.10 RSS is cool ! RSS RSS Really Simple Syndication Tired of checking your favorite news and blogs sites everyday?

786 views • 75 slides
Real-time Replication in the Real World Richard E. Baum C. Thomas Tyler 2 Agenda Provide an

Real-time Replication in the Real World Richard E. Baum C. Thomas Tyler 2 Agenda Provide an

Real-time Replication in the Real World Richard E. Baum C. Thomas Tyler 2 Agenda Provide an overview of replication solutions Discuss relevant new 2009.2 features Review some real-world solutions 3 Terminology High

481 views • 45 slides
Kubernetes Administration from Zero to (junior) Hero Lszl Budai Component Soft Ltd.

Kubernetes Administration from Zero to (junior) Hero Lszl Budai Component Soft Ltd.

Kubernetes Administration from Zero to (junior) Hero Lszl Budai Component Soft Ltd. Agenda 1.Introduction 2.Accessing the kubernetes API 3.Kubernetes workloads 4.Accessing applications 5.Volumes and persistent storage 2 (c) 2018

1.17k views • 57 slides
Scaling model training From flexible training APIs to resource management with Kubernetes Kelley

Scaling model training From flexible training APIs to resource management with Kubernetes Kelley

Scaling model training From flexible training APIs to resource management with Kubernetes Kelley Rivoire, Stripe Real World Machine Learning (@ Stripe) Stripe provides a toolkit to start and run an internet business We need to make

713 views • 44 slides
Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like -

Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like -

Continuous Kubernetes Security @sublimino and @controlplaneio Im: - Andy - Dev-like - Sec-ish - Ops-y Is this Kubernetes cluster secure? EPIC FAIL GIF How secure is Kubernetes? What this Kubernetes talk is about Common Pwns

1.18k views • 113 slides
Data Management in Kubernetes Using Kanister T om Manville | April 25th, 2018 2 3 4 yes* 5

Data Management in Kubernetes Using Kanister T om Manville | April 25th, 2018 2 3 4 yes* 5

Data Management in Kubernetes Using Kanister T om Manville | April 25th, 2018 2 3 4 yes* 5 Database Operations in Kubernetes kanister.io 6 Agenda Background DB in a container DB in Kubernetes Kanister Use

767 views • 42 slides
Kubernetes Matthias Haeussler Mirna Alaisami Overview Overview Kubernetes is an open-source

Kubernetes Matthias Haeussler Mirna Alaisami Overview Overview Kubernetes is an open-source

Kubernetes Matthias Haeussler Mirna Alaisami Overview Overview Kubernetes is an open-source platform designed to automate deploying , scaling , and operating application containers . Kubernetes v1.0 was released in 2015. It utilizes

916 views • 52 slides
K8s or Die! You must do Kubernetes. Or should you? If so when, where, why? How?! Marco Ceppi

K8s or Die! You must do Kubernetes. Or should you? If so when, where, why? How?! Marco Ceppi

K8s or Die! You must do Kubernetes. Or should you? If so when, where, why? How?! Marco Ceppi @marcoceppi Ryan Beisner @ryanbeisner Why Kubernetes Computing in the modern age Virtual Process Machines Containers Traditional Container

516 views • 24 slides
Robotic Process Automation 10 Real World Use Cases Kscope 2019 | Seattle, WA 06/26/2019 Agenda

Robotic Process Automation 10 Real World Use Cases Kscope 2019 | Seattle, WA 06/26/2019 Agenda

Robotic Process Automation 10 Real World Use Cases Kscope 2019 | Seattle, WA 06/26/2019 Agenda What Well Cover Today 1. 5. Introduction Q&amp;A 2. What is RPA? 3. Does RPA Matter? 4. RPA Countdown 10 Real World Use Cases 3 RPA

442 views • 40 slides
UK REAL ESTATE MARKET JOHN SLADE 1 June 2017 Agenda A CHANGING WORLD LONDONS

UK REAL ESTATE MARKET JOHN SLADE 1 June 2017 Agenda A CHANGING WORLD LONDONS

UK REAL ESTATE MARKET JOHN SLADE 1 June 2017 Agenda A CHANGING WORLD LONDONS BOUNCEBACKABILITY MY CAREER TAKE ADVANTAGE OF CHANGE ECONOMIC CHALLENGES BNPPRE IS CHANGING 2 1. A Changing World 1. A Changing World do we still

320 views • 20 slides
Contributing to kubernetes Who am I? Senior Software Engineer at Gojek Organizer at Kubernetes

Contributing to kubernetes Who am I? Senior Software Engineer at Gojek Organizer at Kubernetes

Contributing to kubernetes Who am I? Senior Software Engineer at Gojek Organizer at Kubernetes &amp; Cloud Native Meetups in Jakarta and Bandung https://www.meetup.com/jakarta-kubernetes/ https://www.meetup.com/Microservice-JKT/ You can find

709 views • 47 slides
Armada Kubernetes multi-cluster batch scheduler 1 / 12 Introduction G-Research - Compute

Armada Kubernetes multi-cluster batch scheduler 1 / 12 Introduction G-Research - Compute

Armada Kubernetes multi-cluster batch scheduler 1 / 12 Introduction G-Research - Compute Platform Engineering Team We build tools around HTCondor clusters and Kubernetes clusters 2 / 12 Agenda 1. Project requirements 2. Current options 3.

732 views • 12 slides
Deployment Strategies on Kubernetes By Etienne Tremel Software engineer at Container Solutions

Deployment Strategies on Kubernetes By Etienne Tremel Software engineer at Container Solutions

Deployment Strategies on Kubernetes By Etienne Tremel Software engineer at Container Solutions @etiennetremel February 13th, 2017 Agenda Kubernetes in brief Look at 6 different strategies Recreate Ramped Blue/Green

822 views • 61 slides
Developing Kubernetes Services at Airbnb Scale @MELANIECEBULA What is kubernetes?

Developing Kubernetes Services at Airbnb Scale @MELANIECEBULA What is kubernetes?

@MELANIECEBULA / MARCH 2019 / CON LONDON Developing Kubernetes Services at Airbnb Scale @MELANIECEBULA What is kubernetes? @MELANIECEBULA Who am I? A BRIEF HISTORY @MELANIECEBULA Why Microservices? 4000000 3000000 2000000 MONOLITH

1.74k views • 111 slides
How Real-World Evidence Is Playing Out In The Real World Moderator Mary Jo Laffler Executive

How Real-World Evidence Is Playing Out In The Real World Moderator Mary Jo Laffler Executive

How Real-World Evidence Is Playing Out In The Real World Moderator Mary Jo Laffler Executive Editor Scrip Bridget Silverman Presenters Managing Editor Pink Sheet Ben Gutierrez Head, US Value Evidence &amp; Outcomes GlaxoSmithKline

371 views • 33 slides
Real Students Real World Real Work Real Life: A Plan for a Holistic Approach to Supporting

Real Students Real World Real Work Real Life: A Plan for a Holistic Approach to Supporting

Real Students Real World Real Work Real Life: A Plan for a Holistic Approach to Supporting Students to and Through Market Value Asset Attainment 4th highest-ranked Strategic Plan Alignment Every student will demonstrate global

499 views • 24 slides
Delivering Kubernetes Apps with Helm Michelle Noorali @michellenoorali Adnan Abdulhussein

Delivering Kubernetes Apps with Helm Michelle Noorali @michellenoorali Adnan Abdulhussein

Delivering Kubernetes Apps with Helm Michelle Noorali @michellenoorali Adnan Abdulhussein @prydonius Adam Reese @areese Agenda Intro to Kubernetes Intro to Helm Helm Demo Chart Package and Repositories Lessons learned

545 views • 40 slides
Kubernetes Networking and Istio Apurva Bhandari $whoami SRE / DevOps Docker &amp; Kubernetes

Kubernetes Networking and Istio Apurva Bhandari $whoami SRE / DevOps Docker &amp; Kubernetes

Kubernetes Networking and Istio Apurva Bhandari $whoami SRE / DevOps Docker &amp; Kubernetes Enthusiast Speaker at Meetups Email: apurvbhandari@gmail.com LinkedIn: https://www.linkedin.com/in/apurvabhandari-linux GitHub:

2.17k views • 28 slides
Eventual Consistency Eventual Consistency In the real world In the real world or Why you

Eventual Consistency Eventual Consistency In the real world In the real world or Why you

Eventual Consistency Eventual Consistency In the real world In the real world or Why you already know Eventual Consistency /usr/bin/whoami Chris Molozian Client Services Engineer, Basho EMEA Basho Technologies cmolozian@basho.com 03

371 views • 34 slides
AGENDA Discussion topics: Why M-DoF? - Replicating real-world excitations in - Test Method

AGENDA Discussion topics: Why M-DoF? - Replicating real-world excitations in - Test Method

AGENDA Discussion topics: Why M-DoF? - Replicating real-world excitations in - Test Method Comparison the lab helps identify potentially new - System Design failure modes - CUBE System - Can be a more accurate - TENSOR System

597 views • 12 slides

More recommend