Kubernetes 201: Taking your Managed Kubernetes service to the next level

A presentation at OVHcloud Summit in October 2019 in Paris, France by Horacio Gonzalez

Slide 1

Slide 1

ROOM 2 05.00 PM Kubernetes 201 Giovanni Clément Horacio Gonzalez Product Unit Director @gioindahouz DevRel @LostInBrittany

Slide 2

Slide 2

Beyond the first deployment So I have deployed my distributed architecture on K8s, everything is good now, isn’t it?

Slide 3

Slide 3

The long path to production

Slide 4

Slide 4

Describing some of those traps To ease and empower your path to production

Slide 5

Slide 5

Security Hardening your Kubernetes

Slide 6

Slide 6

Kubernetes is insecure by design It’s a feature, not a bug It’s up to the K8s admin to secure it according to their needs

Slide 7

Slide 7

Not everybody has the same security needs

Slide 8

Slide 8

Kubernetes allows to enforce security practices as needed

Slide 9

Slide 9

Listing some good practices

Slide 10

Slide 10

Close open access Close all by default, open only the needed ports Follow the least privileged principle

Slide 11

Slide 11

Define and implement RBAC According to your needs

Slide 12

Slide 12

Define and implement network policies

Slide 13

Slide 13

Use RBAC and Network Policies to isolate your sensitive workload

Slide 14

Slide 14

Always keep up to date Both Kubernetes and plugins

Slide 15

Slide 15

And remember, even the best can get hacked Remain attentive, don’t get too confident

Slide 16

Slide 16

Extensibility Enhance your Kubernetes

Slide 17

Slide 17

Kubernetes is modular Let’s see how some of those plugins can help you

Slide 18

Slide 18

Istio A service mesh for Kubernetes… and much more!

Slide 19

Slide 19

Istio: A service mesh but not only

Slide 20

Slide 20

Service discovery

Slide 21

Slide 21

Traffic control

Slide 22

Slide 22

Encrypting internal communications

Slide 23

Slide 23

Routing and load balancing

Slide 24

Slide 24

Rolling upgrades

Slide 25

Slide 25

Rolling upgrades

Slide 26

Slide 26

Rolling upgrades

Slide 27

Slide 27

Rolling upgrades

Slide 28

Slide 28

Rolling upgrades

Slide 29

Slide 29

Rolling upgrades

Slide 30

Slide 30

Rolling upgrades

Slide 31

Slide 31

Rolling upgrades

Slide 32

Slide 32

Rolling upgrades

Slide 33

Slide 33

A/B testing

Slide 34

Slide 34

Monitoring your cluster

Slide 35

Slide 35

Velero Backing up your Kubernetes

Slide 36

Slide 36

Kubernetes: Desired State Management

Slide 37

Slide 37

YAML files allows to clone a cluster

Slide 38

Slide 38

But what about the data?

Slide 39

Slide 39

Velero Backup and migrate Kubernetes applications and their persistent volumes

Slide 40

Slide 40

S3 based backup On any S3 protocol compatible store

Slide 41

Slide 41

Backup all or part of a cluster

Slide 42

Slide 42

Schedule backups

Slide 43

Slide 43

Backups hooks

Slide 44

Slide 44

Conclusion And one more thing…

Slide 45

Slide 45

Kubernetes is powerful It can make Developers’ and DevOps’ lives easier

Slide 46

Slide 46

But there is a price: operating it Lot of things to think about

Slide 47

Slide 47

We have seen some of them

Slide 48

Slide 48

One more thing… Who should do what?

Slide 49

Slide 49

Different roles Each role asks for very different knowledge and skill sets

Slide 50

Slide 50

Most companies don’t need to operate the clusters As they don’t build and rack their own servers!

Slide 51

Slide 51

If you don’t need to build it, choose a certified managed solution You get the cluster, the operator get the problems

Slide 52

Slide 52

Like our OVH Managed Kubernetes Made with 💗 by the Platform team

Slide 53

Slide 53

Do you want to try? Send me an email to get some vouchers… horacio.gonzalez@corp.ovh.com

Slide 54

Slide 54

Thank you for listening Any Question