Kubernetes for DevOps… and Java Devs

Montpellier - 2020-12-18 Kubernetes for DevOps… and Devs Horacio Gonzalez @LostInBrittany Montpellier Tech Hub

Who are we? Introducing myself and introducing OVH OVHcloud Montpellier Tech Hub

Horacio Gonzalez @LostInBrittany Spaniard lost in Brittany, developer, dreamer and all-around geek Flutter Montpellier Tech Hub

OVHcloud: A Global Leader 250k Private cloud VMs running 1 Dedicated IaaS Europe 30 Datacenters Own 20Tbps Hosting capacity : 1.3M Physical Servers 360k Servers already deployed Montpellier Tech Hub Netwok with 35 PoPs

1.3M Customers in 138 Countries

OVHcloud: Our solutions Cloud Web Hosting Mobile Hosting Telecom VPS Containers ▪ Dedicated Server Domain names VoIP Public Cloud Compute ▪ Data Storage Email SMS/Fax Private Cloud ▪ Network and Database CDN Virtual desktop Serveur dédié Security Object Storage Web hosting Cloud HubiC Over theBox ▪ Licences Cloud Desktop Securities MS Oﬃce Hybrid Cloud Messaging MS solutions Montpellier Tech Hub

Orchestrating containers Like herding cats… but in hard mode! Montpellier Tech Hub

From bare metal to containers Another paradigm shift Montpellier Tech Hub

Containers are easy… For developers Montpellier Tech Hub

Less simple if you must operate them Like in a production context Montpellier Tech Hub

And what about microservices? Are you sure you want to operate them by hand? Montpellier Tech Hub

Taming microservices with Kubernetes Montpellier Tech Hub

Kubernetes Way more than a buzzword! Montpellier Tech Hub

Masters and nodes Montpellier Tech Hub

Some more details Montpellier Tech Hub

Desired State Management Montpellier Tech Hub

Extending Kubernetes Montpellier Tech Hub

Multi-environment made easy Dev, staging, prod, multi-cloud… Montpellier Tech Hub

Declarative infrastructure Multi-environment made easy Montpellier Tech Hub

Having identical, software defined envs Montpellier Tech Hub

I have deployed on Minikube, woah! A great fastlane into Kubernetes Montpellier Tech Hub

Running a full K8s in your laptop A great learning tool Montpellier Tech Hub

Your laptop isn’t a true cluster Don’t expect real performances Montpellier Tech Hub

Beyond the first deployment So I have deployed my distributed architecture on K8s, everything is good now, isn’t it? Montpellier Tech Hub

Minikube is only the beginning Montpellier Tech Hub

From Minikube to prod A journey not for the faint of heart Montpellier Tech Hub

Kubernetes can be wonderful For both developers and devops Montpellier Tech Hub

But it comes with a price… Montpellier Tech Hub

Describing some of those traps To ease and empower your path to production Montpellier Tech Hub

The truth is somewhere inside… Montpellier Tech Hub

The network is going to feel it… Montpellier Tech Hub

The storage dilemma Montpellier Tech Hub

The ETCD vulnerability Montpellier Tech Hub

Security Hardening your Kubernetes Montpellier Tech Hub

The security journey Montpellier Tech Hub

Kubernetes is insecure by design It’s a feature, not a bug. Up to K8s admin to secure it according to needs Montpellier Tech Hub

Not everybody has the same security needs Montpellier Tech Hub

Kubernetes allows to enforce security practices as needed Montpellier Tech Hub

Listing some good practices Montpellier Tech Hub

Close open access Close all by default, open only the needed ports Follow the least privileged principle Montpellier Tech Hub

Define and implement RBAC According to your needs Montpellier Tech Hub

Define and implement network policies Montpellier Tech Hub

Use RBAC and Network Policies to isolate your sensitive workload Montpellier Tech Hub

Always keep up to date Both Kubernetes and plugins Montpellier Tech Hub

And remember, even the best can get hacked Remain attentive, don’t get too confident Montpellier Tech Hub

Extensibility Enhance your Kubernetes Montpellier Tech Hub

Kubernetes is modular Let’s see how some of those plugins can help you Montpellier Tech Hub

Helm A package management for K8s Montpellier Tech Hub

Complex deployments Montpellier Tech Hub

Using static YAML files Montpellier Tech Hub

Complex deployments Montpellier Tech Hub

Istio A service mesh for Kubernetes… and much more! Montpellier Tech Hub

Istio: A service mesh but not only Montpellier Tech Hub

Service discovery Montpellier Tech Hub

Traffic control Montpellier Tech Hub

Encrypting internal communications Montpellier Tech Hub

Routing and load balancing Montpellier Tech Hub

Rolling upgrades Montpellier Tech Hub

A/B testing Montpellier Tech Hub

Monitoring your cluster Montpellier Tech Hub

Velero Backing up your Kubernetes Montpellier Tech Hub

Kubernetes: Desired State Management Montpellier Tech Hub

YAML files allows to clone a cluster Montpellier Tech Hub

But what about the data? Montpellier Tech Hub

Velero Backup and migrate Kubernetes applications and their persistent volumes Montpellier Tech Hub

S3 based backup On any S3 protocol compatible store Montpellier Tech Hub

Backup all or part of a cluster Montpellier Tech Hub

Schedule backups Montpellier Tech Hub

Backups hooks Montpellier Tech Hub

Conclusion And one more thing… Montpellier Tech Hub

Kubernetes is powerful It can make Developers’ and DevOps’ lives easier Montpellier Tech Hub

But there is a price: operating it Lot of things to think about Montpellier Tech Hub

We have seen some of them Montpellier Tech Hub

One more thing… Who should do what? Montpellier Tech Hub

Different roles Each role asks for very different knowledge and skill sets Montpellier Tech Hub

Most companies don’t need to operate the clusters As they don’t build and rack their own servers! Montpellier Tech Hub

If you don’t need to build it, choose a certified managed solution You get the cluster, the operator get the problems Montpellier Tech Hub

Like our OVH Managed Kubernetes Made with 💗 by the Platform team Montpellier Tech Hub

Do you want to try? Send me an email to get some vouchers… horacio.gonzalez@corp.ovh.com Montpellier Tech Hub

Thank you for listening Montpellier Tech Hub

Montpellier - 2020-12-18 GraalVM & Quarkus Horacio Gonzalez @LostInBrittany Montpellier Tech Hub

GraalVM An alternative JVM with a twist Montpellier Tech Hub

What’s GraalVM? A standalone Java Development Kit to execute: ● JVM-based languages ● Dynamic languages ● LLVM-based languages Montpellier Tech Hub

What’s GraalVM? Montpellier Tech Hub

GraalVM Features GraalVM lets you: ● Run your code faster and more efficiently ● Interoperate directly with most modern programming languages ● Embed languages with the GraalVM SDK ● Create compiled native images ● Use a single set of tools to monitor, debug, and profile all your code Montpellier Tech Hub

GraalVM base package The base installation includes: ● The JVM ● The GraalVM compiler ● The LLVM bitcode interpreter ● The JavaScript runtime Montpellier Tech Hub

Why GraalVM? For Java programs: ● Run Java faster ● Make Your Application Extensible ● Create a Native Image Montpellier Tech Hub

Why GraalVM? For JavaScript programs: ● Reuse Libraries from Java, R, or Python ● Run with Large Heaps ● Define Data Structures in C/C++ Montpellier Tech Hub

Why GraalVM? GraalVM native images reduce: ● Runtime memory footprint ● Startup time Montpellier Tech Hub

And how does it compile ? Dead code elimination Closed world assumption Montpellier Tech Hub

Adding some limitations… Montpellier Tech Hub

Quarkus Supersonic Subatomic Java Montpellier Tech Hub

What’s Quarkus? ● A Kubernetes Native Java stack ● Tailored for OpenJDK HotSpot and GraalVM ● Crafted from the best of breed Java libraries and standards Montpellier Tech Hub

Container first Montpellier Tech Hub

Unifies imperative and reactive Combine imperative code and the non-blocking reactive style Montpellier Tech Hub

By developers, for developers ● Unified configuration ● Zero config, live reload in the blink of an eye ● Streamlined code for the 80% common usages, flexible for the 20% ● No hassle native executable generation Montpellier Tech Hub

Leveraging the ecosystem Over fifty best-of-breed libraries wired on a standard backbone Montpellier Tech Hub

Thank you for listening Montpellier Tech Hub