A presentation at OVHcloud Kubernetes Tech Lab Spain in in Spain by Horacio Gonzalez
OVHcloud Kubernetes Tech Lab Spain Horacio Gonzalez 2023-02-07 - Bilbao 2023-02-08 - Madrid 2023-02-09 - Valencia
¡WiFi! Network: WAYCO Password: VLC-5unc1t4
Who are we? Introducing myself and introducing OVHcloud
Horacio Gonzalez @LostInBrittany Spaniard Lost in Brittany Flutter
OVHcloud Web Cloud & Telcom 30 Data Centers in 12 locations 1 Million+ Servers produced since 1999 Private Cloud 34 Points of Presence on a 20 TBPS Bandwidth Network 1.5 Million Customers across 132 countries Public Cloud 2200 Employees worldwide 3.8 Million Websites hosting Storage 115K Private Cloud VMS running 1.5 Billion Euros Invested since 2016 300K Public Cloud instances running P.U.E. 1.09 Energy efficiency indicator 380K Physical Servers running in our data centers 20+ Years in Business Disrupting since 1999 Network & Security
Why do we need Kubernetes? Taming the complexity of operating containers
From bare metal to containers
From bare metal to containers
From bare metal to containers
Dockerfiles, images and containers
Containers are easy… For developers
Less simple if you must operate them Like in a production context
And what about microservices? Are you sure you want to operate them by hand?
And what about microservices? Are you sure you want to operate them by hand?
Helping to tame de complexity
Kubernetes: a full orchestrator
Kubernetes cluster: masters and nodes
Kubernetes cluster: more details
Desired State Management Declarative infrastructure
Desired State Management
Let’s deploy an application
Demo: Hello Kubernetes World https://docs.ovh.com/gb/en/kubernetes/deploying-hello-world/
Needed tools: kubectl https://kubernetes.io/docs/tasks/tools/
Putting Kubernetes in production A journey not for the faint of heart
Kubernetes can be wonderful For both developers and devops
The journey from dev to production
It’s a complex technology Lots of abstraction layers
Kubernetes networking is complex…
The storage dilemma
The ETCD vulnerability
Kubernetes is insecure by design* It’s a feature, not a bug. Up to K8s admin to secure it according to needs
Not everybody has the same security needs
Kubernetes allows to enforce security practices as needed
Always keep up to date Both Kubernetes and plugins
And remember, even the best can get hacked Remain attentive, don’t get too confident
A managed Kubernetes Because your company job is to use Kubernetes, not to operate it!
Kubernetes is powerful It can make Developers’ and DevOps’ lives easier
But there is a price: operating it Lot of things to think about
We have seen some of them
Different roles Each role asks for very different knowledge and skill sets
Operating a Kubernetes cluster is hard But we have a good news…
Most companies don’t need to do it! As they don’t build and rack their own servers!
If you don’t need to build it, choose a certified managed solution You get the cluster, the operator get the problems
Demo: A complete app - Wordpress https://docs.ovh.com/gb/en/kubernetes/installing-wordpress/
Needed tools: helm https://helm.sh/
Helm: a package manager for K8s
Wordpress is easy… Two pods and a persistent volume
Yet is a complete app Specially when deployed in production context
Persistent storage in Kubernetes
OVHcloud Managed Kubernetes Why would you choose ours?
Certified Kubernetes platform
OVHcloud Managed Private Registry
Node Pools Users can define node pools controlled from inside Kubernetes
Autoscaling Based on node pools New instances are spawned or released based on load
Kubernetes in a private network
Other features ● ● ● ● ● ● Healthcare HDS 1 conformity ISO 27001/27701/27017/27018 conformity Terraform provider Control plane audit logs API server IP restrictions … https://github.com/ovh/public-cloud-roadmap/projects/1
Demo: cluster auto-scaling https://docs.ovh.com/gb/en/kubernetes/cluster-autoscaler-example/
Demo: Working with OVHcloud API https://docs.ovh.com/gb/en/kubernetes/deploying-hello-world-ovh-api/
Infrastructure as Code The perfect companion to a cloud
Infrastructure as Code (IaC)
IaC tools
HashiCorp Terraform
Modular architecture: providers
Configuration packages: modules
Terraform registry
OVHcloud Terraform Provider https://registry.terraform.io/providers/ovh/ovh/latest/docs
OVHcloud Terraform Provider https://github.com/ovh/terraform-provider-ovh
Demo: Using Terraform https://docs.ovh.com/gb/en/kubernetes/creating-a-cluster-through-terraform/
Needed tools: terraform https://www.terraform.io/
Kubernetes Operators Helping to tame the complexity of K8s Ops
Taming microservices with Kubernetes
What about complex deployments
Specially at scale Lots of clusters with lots and lots of deployments
That’s just our case We both use Kubernetes and operate a Managed Kubernetes platform
Built over our Openstack based Public Cloud
We need to tame the complexity
Taming the complexity
Helm Charts are configuration Operating is more than installs & upgrades
Kubernetes is about automation How about automating human operators?
Kubernetes Operators A Kubernetes version of the human operator
Building operators Basic K8s elements: Controllers and Custom Resources
Kubernetes Controllers Keeping an eye on the resources
A control loop They watch the state of the cluster, and make or request changes where needed
A reconcile loop Strives to reconcile current state and desired state
Custom Resource Definitions Extending Kubernetes API
Extending Kubernetes API By defining new types of resources
Kubernetes Operator Automating operations
What’s a Kubernetes Operator?
Example: databases Things like adding an instance to a pool, doing a backup, sharding…
Knowledge encoded in CRDs and Controllers
Custom Controllers for Custom Resources Operators implement and manage Custom Resources using custom reconciliation logic
Operator Capability Model Gauging the operator maturity
That’s all, folks! Thank you all!
Cómo aprovechar al máximo Kubernetes
1- Conceptos claves y ventajas de Kubernetes
2- Cómo configurar tu primer proyecto Kubernetes desde el Manager de OVHcloud (creación de clusters, acceso remoto con kubectl, dar de alta una 1a app, servicios básicos de red y volúmenes persistentes)
3- Aplicaciones prácticas (Casos de uso y configuraciones avanzadas - cómo redimensionar volúmenes, configuración de loadbalancer,…)
