OVHcloud Kubernetes Tech Lab Spain

A presentation at OVHcloud Kubernetes Tech Lab Spain in February 2023 in Spain by Horacio Gonzalez

Slide 1

Slide 1

OVHcloud Kubernetes Tech Lab Spain Horacio Gonzalez 2023-02-07 - Bilbao 2023-02-08 - Madrid 2023-02-09 - Valencia

Slide 2

Slide 2

¡WiFi! Network: WAYCO Password: VLC-5unc1t4

Slide 3

Slide 3

Who are we? Introducing myself and introducing OVHcloud

Slide 4

Slide 4

Horacio Gonzalez @LostInBrittany Spaniard Lost in Brittany Flutter

Slide 5

Slide 5

OVHcloud Web Cloud & Telcom 30 Data Centers in 12 locations 1 Million+ Servers produced since 1999 Private Cloud 34 Points of Presence on a 20 TBPS Bandwidth Network 1.5 Million Customers across 132 countries Public Cloud 2200 Employees worldwide 3.8 Million Websites hosting Storage 115K Private Cloud VMS running 1.5 Billion Euros Invested since 2016 300K Public Cloud instances running P.U.E. 1.09 Energy efficiency indicator 380K Physical Servers running in our data centers 20+ Years in Business Disrupting since 1999 Network & Security

Slide 6

Slide 6

Why do we need Kubernetes? Taming the complexity of operating containers

Slide 7

Slide 7

From bare metal to containers

Slide 8

Slide 8

From bare metal to containers

Slide 9

Slide 9

From bare metal to containers

Slide 10

Slide 10

Dockerfiles, images and containers

Slide 11

Slide 11

Containers are easy… For developers

Slide 12

Slide 12

Less simple if you must operate them Like in a production context

Slide 13

Slide 13

And what about microservices? Are you sure you want to operate them by hand?

Slide 14

Slide 14

And what about microservices? Are you sure you want to operate them by hand?

Slide 15

Slide 15

Helping to tame de complexity

Slide 16

Slide 16

Kubernetes: a full orchestrator

Slide 17

Slide 17

Kubernetes cluster: masters and nodes

Slide 18

Slide 18

Kubernetes cluster: more details

Slide 19

Slide 19

Desired State Management Declarative infrastructure

Slide 20

Slide 20

Desired State Management

Slide 21

Slide 21

Let’s deploy an application

Slide 22

Slide 22

Demo: Hello Kubernetes World https://docs.ovh.com/gb/en/kubernetes/deploying-hello-world/

Slide 23

Slide 23

Needed tools: kubectl https://kubernetes.io/docs/tasks/tools/

Slide 24

Slide 24

Putting Kubernetes in production A journey not for the faint of heart

Slide 25

Slide 25

Kubernetes can be wonderful For both developers and devops

Slide 26

Slide 26

The journey from dev to production

Slide 27

Slide 27

It’s a complex technology Lots of abstraction layers

Slide 28

Slide 28

Kubernetes networking is complex…

Slide 29

Slide 29

The storage dilemma

Slide 30

Slide 30

The ETCD vulnerability

Slide 31

Slide 31

Kubernetes is insecure by design* It’s a feature, not a bug. Up to K8s admin to secure it according to needs

Slide 32

Slide 32

Not everybody has the same security needs

Slide 33

Slide 33

Kubernetes allows to enforce security practices as needed

Slide 34

Slide 34

Always keep up to date Both Kubernetes and plugins

Slide 35

Slide 35

And remember, even the best can get hacked Remain attentive, don’t get too confident

Slide 36

Slide 36

A managed Kubernetes Because your company job is to use Kubernetes, not to operate it!

Slide 37

Slide 37

Kubernetes is powerful It can make Developers’ and DevOps’ lives easier

Slide 38

Slide 38

But there is a price: operating it Lot of things to think about

Slide 39

Slide 39

We have seen some of them

Slide 40

Slide 40

Different roles Each role asks for very different knowledge and skill sets

Slide 41

Slide 41

Operating a Kubernetes cluster is hard But we have a good news…

Slide 42

Slide 42

Most companies don’t need to do it! As they don’t build and rack their own servers!

Slide 43

Slide 43

If you don’t need to build it, choose a certified managed solution You get the cluster, the operator get the problems

Slide 44

Slide 44

Demo: A complete app - Wordpress https://docs.ovh.com/gb/en/kubernetes/installing-wordpress/

Slide 45

Slide 45

Needed tools: helm https://helm.sh/

Slide 46

Slide 46

Helm: a package manager for K8s

Slide 47

Slide 47

Wordpress is easy… Two pods and a persistent volume

Slide 48

Slide 48

Yet is a complete app Specially when deployed in production context

Slide 49

Slide 49

Persistent storage in Kubernetes

Slide 50

Slide 50

OVHcloud Managed Kubernetes Why would you choose ours?

Slide 51

Slide 51

Certified Kubernetes platform

Slide 52

Slide 52

OVHcloud Managed Private Registry

Slide 53

Slide 53

Node Pools Users can define node pools controlled from inside Kubernetes

Slide 54

Slide 54

Autoscaling Based on node pools New instances are spawned or released based on load

Slide 55

Slide 55

Kubernetes in a private network

Slide 56

Slide 56

Other features ● ● ● ● ● ● Healthcare HDS 1 conformity ISO 27001/27701/27017/27018 conformity Terraform provider Control plane audit logs API server IP restrictions … https://github.com/ovh/public-cloud-roadmap/projects/1

Slide 57

Slide 57

Demo: cluster auto-scaling https://docs.ovh.com/gb/en/kubernetes/cluster-autoscaler-example/

Slide 58

Slide 58

Demo: Working with OVHcloud API https://docs.ovh.com/gb/en/kubernetes/deploying-hello-world-ovh-api/

Slide 59

Slide 59

Infrastructure as Code The perfect companion to a cloud

Slide 60

Slide 60

Infrastructure as Code (IaC)

Slide 61

Slide 61

IaC tools

Slide 62

Slide 62

HashiCorp Terraform

Slide 63

Slide 63

Modular architecture: providers

Slide 64

Slide 64

Configuration packages: modules

Slide 65

Slide 65

Terraform registry

Slide 66

Slide 66

OVHcloud Terraform Provider https://registry.terraform.io/providers/ovh/ovh/latest/docs

Slide 67

Slide 67

OVHcloud Terraform Provider https://github.com/ovh/terraform-provider-ovh

Slide 68

Slide 68

Demo: Using Terraform https://docs.ovh.com/gb/en/kubernetes/creating-a-cluster-through-terraform/

Slide 69

Slide 69

Needed tools: terraform https://www.terraform.io/

Slide 70

Slide 70

Kubernetes Operators Helping to tame the complexity of K8s Ops

Slide 71

Slide 71

Taming microservices with Kubernetes

Slide 72

Slide 72

What about complex deployments

Slide 73

Slide 73

Specially at scale Lots of clusters with lots and lots of deployments

Slide 74

Slide 74

That’s just our case We both use Kubernetes and operate a Managed Kubernetes platform

Slide 75

Slide 75

Built over our Openstack based Public Cloud

Slide 76

Slide 76

We need to tame the complexity

Slide 77

Slide 77

Taming the complexity

Slide 78

Slide 78

Helm Charts are configuration Operating is more than installs & upgrades

Slide 79

Slide 79

Kubernetes is about automation How about automating human operators?

Slide 80

Slide 80

Kubernetes Operators A Kubernetes version of the human operator

Slide 81

Slide 81

Building operators Basic K8s elements: Controllers and Custom Resources

Slide 82

Slide 82

Kubernetes Controllers Keeping an eye on the resources

Slide 83

Slide 83

A control loop They watch the state of the cluster, and make or request changes where needed

Slide 84

Slide 84

A reconcile loop Strives to reconcile current state and desired state

Slide 85

Slide 85

Custom Resource Definitions Extending Kubernetes API

Slide 86

Slide 86

Extending Kubernetes API By defining new types of resources

Slide 87

Slide 87

Kubernetes Operator Automating operations

Slide 88

Slide 88

What’s a Kubernetes Operator?

Slide 89

Slide 89

Example: databases Things like adding an instance to a pool, doing a backup, sharding…

Slide 90

Slide 90

Knowledge encoded in CRDs and Controllers

Slide 91

Slide 91

Custom Controllers for Custom Resources Operators implement and manage Custom Resources using custom reconciliation logic

Slide 92

Slide 92

Operator Capability Model Gauging the operator maturity

Slide 93

Slide 93

That’s all, folks! Thank you all!