I have deployed my app on Minikube… and now what? Horacio Gonzalez #Devoxx #BeyondMinikube @LostInBrittany

Who are we? Introducing myself and introducing OVHcloud #Devoxx #BeyondMinikube @LostInBrittany

Horacio Gonzalez @LostInBrittany Spaniard lost in Brittany. Developer, speaker, dreamer, geek Flutter #Devoxx #BeyondMinikube @LostInBrittany

OVHcloud: A Global Leader 200k Private cloud VMs running 1 Dedicated IaaS Europe 30 Datacenters Own 20Tbps Hosting capacity : 1.3M Physical Servers 360k Servers already deployed #Devoxx #BeyondMinikube Netwok with 35 PoPs

1.3M Customers in 138 Countries @LostInBrittany

OVHcloud: Our solutions Cloud Web Hosting Mobile Hosting Telecom VPS Containers ▪ Dedicated Server Domain names VoIP Public Cloud Compute ▪ Data Storage Email SMS/Fax Private Cloud ▪ Network and Database CDN Virtual desktop Serveur dédié Security Object Storage Web hosting Cloud Storage Over the Box ▪ Licences Cloud Desktop Securities MS Office Hybrid Cloud Messaging MS solutions #Devoxx #BeyondMinikube @LostInBrittany

Minikube: K8s on my laptop A great fastlane into Kubernetes #Devoxx #BeyondMinikube @LostInBrittany

Running a full K8s in your laptop A great learning tool #Devoxx #BeyondMinikube @LostInBrittany

Your laptop isn’t a true cluster Don’t expect real performances #Devoxx #BeyondMinikube @LostInBrittany

Beyond the first deployment So I have deployed my distributed architecture on K8s, everything is good now, isn’t it? #Devoxx #BeyondMinikube @LostInBrittany

The long path to production #Devoxx #BeyondMinikube @LostInBrittany

From Minikube to prod A journey not for the faint of heart #Devoxx #BeyondMinikube @LostInBrittany

Technical Difficulties Because music has a price #Devoxx #BeyondMinikube @LostInBrittany

Kubernetes can be wonderful For both developers and devops #Devoxx #BeyondMinikube @LostInBrittany

But it comes with a price… #Devoxx #BeyondMinikube @LostInBrittany

The truth is somewhere inside… #Devoxx #BeyondMinikube @LostInBrittany

The network is going to feel it… #Devoxx #BeyondMinikube @LostInBrittany

The security journey #Devoxx #BeyondMinikube @LostInBrittany

The storage dilemma #Devoxx #BeyondMinikube @LostInBrittany

The ETCD vulnerability #Devoxx #BeyondMinikube @LostInBrittany

Describing some of those traps To ease and empower your path to production #Devoxx #BeyondMinikube @LostInBrittany

Security Hardening your Kubernetes #Devoxx #BeyondMinikube @LostInBrittany

Kubernetes is insecure by design It’s a feature, not a bug It’s up to the K8s admin to secure it according to their needs #Devoxx #BeyondMinikube @LostInBrittany

Not everybody has the same security needs #Devoxx #BeyondMinikube @LostInBrittany

Kubernetes allows to enforce security practices as needed #Devoxx #BeyondMinikube @LostInBrittany

Listing some good practices #Devoxx #BeyondMinikube @LostInBrittany

Close open access Close all by default, open only the needed ports Follow the least privileged principle #Devoxx #BeyondMinikube @LostInBrittany

Define and implement RBAC According to your needs #Devoxx #BeyondMinikube @LostInBrittany

Define and implement network policies #Devoxx #BeyondMinikube @LostInBrittany

Use RBAC and Network Policies to isolate your sensitive workload #Devoxx #BeyondMinikube @LostInBrittany

Always keep up to date Both Kubernetes and plugins #Devoxx #BeyondMinikube @LostInBrittany

And remember, even the best can get hacked Remain attentive, don’t get too confident #Devoxx #BeyondMinikube @LostInBrittany

Extensibility Enhance your Kubernetes #Devoxx #BeyondMinikube @LostInBrittany

Kubernetes is modular Let’s see how some of those plugins can help you #Devoxx #BeyondMinikube @LostInBrittany

Helm A package management for K8s #Devoxx #BeyondMinikube @LostInBrittany

Complex deployments #Devoxx #BeyondMinikube @LostInBrittany

Using static YAML files #Devoxx #BeyondMinikube @LostInBrittany

Complex deployments #Devoxx #BeyondMinikube @LostInBrittany

Istio A service mesh for Kubernetes… and much more! #Devoxx #BeyondMinikube @LostInBrittany

Istio: A service mesh but not only #Devoxx #BeyondMinikube @LostInBrittany

Service discovery #Devoxx #BeyondMinikube @LostInBrittany

Traffic control #Devoxx #BeyondMinikube @LostInBrittany

Encrypting internal communications #Devoxx #BeyondMinikube @LostInBrittany

Routing and load balancing #Devoxx #BeyondMinikube @LostInBrittany

Rolling upgrades #Devoxx #BeyondMinikube @LostInBrittany

Rolling upgrades #Devoxx #BeyondMinikube @LostInBrittany

Rolling upgrades #Devoxx #BeyondMinikube @LostInBrittany

Rolling upgrades #Devoxx #BeyondMinikube @LostInBrittany

Rolling upgrades #Devoxx #BeyondMinikube @LostInBrittany

Rolling upgrades #Devoxx #BeyondMinikube @LostInBrittany

Rolling upgrades #Devoxx #BeyondMinikube @LostInBrittany

Rolling upgrades #Devoxx #BeyondMinikube @LostInBrittany

Rolling upgrades #Devoxx #BeyondMinikube @LostInBrittany

A/B testing #Devoxx #BeyondMinikube @LostInBrittany

Monitoring your cluster #Devoxx #BeyondMinikube @LostInBrittany

Velero Backing up your Kubernetes #Devoxx #BeyondMinikube @LostInBrittany

Kubernetes: Desired State Management #Devoxx #BeyondMinikube @LostInBrittany

YAML files allows to clone a cluster #Devoxx #BeyondMinikube @LostInBrittany

But what about the data? #Devoxx #BeyondMinikube @LostInBrittany

Velero Backup and migrate Kubernetes applications and their persistent volumes #Devoxx #BeyondMinikube @LostInBrittany

S3 based backup On any S3 protocol compatible store #Devoxx #BeyondMinikube @LostInBrittany

Backup all or part of a cluster #Devoxx #BeyondMinikube @LostInBrittany

Schedule backups #Devoxx #BeyondMinikube @LostInBrittany

Backups hooks #Devoxx #BeyondMinikube @LostInBrittany

Conclusion And one more thing… #Devoxx #BeyondMinikube @LostInBrittany

Kubernetes is powerful It can make Developers’ and DevOps’ lives easier #Devoxx #BeyondMinikube @LostInBrittany

But there is a price: operating it Lot of things to think about #Devoxx #BeyondMinikube @LostInBrittany

We have seen some of them #Devoxx #BeyondMinikube @LostInBrittany

One more thing… Who should do what? #Devoxx #BeyondMinikube @LostInBrittany

Different roles Each role asks for very different knowledge and skill sets #Devoxx #BeyondMinikube @LostInBrittany

Most companies don’t need to operate the clusters As they don’t build and rack their own servers! #Devoxx #BeyondMinikube @LostInBrittany

If you don’t need to build it, choose a certified managed solution You get the cluster, the operator get the problems #Devoxx #BeyondMinikube @LostInBrittany

Like our OVH Managed Kubernetes Made with 💗 by the Platform team #Devoxx #BeyondMinikube @LostInBrittany

Do you want to try? Send me an email to get some vouchers… horacio.gonzalez@corp.ovh.com #Devoxx #BeyondMinikube @LostInBrittany

Thank you for listening That’s all, folks! #Devoxx #BeyondMinikube @LostInBrittany