I have deployed my app on Minikube… and now what? Horacio Gonzalez #Devoxx #BeyondMinikube @LostInBrittany
A presentation at Devoxx Belgium in November 2019 in Antwerp, Belgium by Horacio Gonzalez
I have deployed my app on Minikube… and now what? Horacio Gonzalez #Devoxx #BeyondMinikube @LostInBrittany
Who are we? Introducing myself and introducing OVHcloud #Devoxx #BeyondMinikube @LostInBrittany
Horacio Gonzalez @LostInBrittany Spaniard lost in Brittany. Developer, speaker, dreamer, geek Flutter #Devoxx #BeyondMinikube @LostInBrittany
OVHcloud: A Global Leader 200k Private cloud VMs running 1 Dedicated IaaS Europe 30 Datacenters Own 20Tbps Hosting capacity : 1.3M Physical Servers 360k Servers already deployed #Devoxx #BeyondMinikube Netwok with 35 PoPs
1.3M Customers in 138 Countries @LostInBrittany
OVHcloud: Our solutions Cloud Web Hosting Mobile Hosting Telecom VPS Containers ▪ Dedicated Server Domain names VoIP Public Cloud Compute ▪ Data Storage Email SMS/Fax Private Cloud ▪ Network and Database CDN Virtual desktop Serveur dédié Security Object Storage Web hosting Cloud Storage Over the Box ▪ Licences Cloud Desktop Securities MS Office Hybrid Cloud Messaging MS solutions #Devoxx #BeyondMinikube @LostInBrittany
Minikube: K8s on my laptop A great fastlane into Kubernetes #Devoxx #BeyondMinikube @LostInBrittany
Running a full K8s in your laptop A great learning tool #Devoxx #BeyondMinikube @LostInBrittany
Your laptop isn’t a true cluster Don’t expect real performances #Devoxx #BeyondMinikube @LostInBrittany
Beyond the first deployment So I have deployed my distributed architecture on K8s, everything is good now, isn’t it? #Devoxx #BeyondMinikube @LostInBrittany
The long path to production #Devoxx #BeyondMinikube @LostInBrittany
From Minikube to prod A journey not for the faint of heart #Devoxx #BeyondMinikube @LostInBrittany
Technical Difficulties Because music has a price #Devoxx #BeyondMinikube @LostInBrittany
Kubernetes can be wonderful For both developers and devops #Devoxx #BeyondMinikube @LostInBrittany
But it comes with a price… #Devoxx #BeyondMinikube @LostInBrittany
The truth is somewhere inside… #Devoxx #BeyondMinikube @LostInBrittany
The network is going to feel it… #Devoxx #BeyondMinikube @LostInBrittany
The security journey #Devoxx #BeyondMinikube @LostInBrittany
The storage dilemma #Devoxx #BeyondMinikube @LostInBrittany
The ETCD vulnerability #Devoxx #BeyondMinikube @LostInBrittany
Describing some of those traps To ease and empower your path to production #Devoxx #BeyondMinikube @LostInBrittany
Security Hardening your Kubernetes #Devoxx #BeyondMinikube @LostInBrittany
Kubernetes is insecure by design It’s a feature, not a bug It’s up to the K8s admin to secure it according to their needs #Devoxx #BeyondMinikube @LostInBrittany
Not everybody has the same security needs #Devoxx #BeyondMinikube @LostInBrittany
Kubernetes allows to enforce security practices as needed #Devoxx #BeyondMinikube @LostInBrittany
Listing some good practices #Devoxx #BeyondMinikube @LostInBrittany
Close open access Close all by default, open only the needed ports Follow the least privileged principle #Devoxx #BeyondMinikube @LostInBrittany
Define and implement RBAC According to your needs #Devoxx #BeyondMinikube @LostInBrittany
Define and implement network policies #Devoxx #BeyondMinikube @LostInBrittany
Use RBAC and Network Policies to isolate your sensitive workload #Devoxx #BeyondMinikube @LostInBrittany
Always keep up to date Both Kubernetes and plugins #Devoxx #BeyondMinikube @LostInBrittany
And remember, even the best can get hacked Remain attentive, don’t get too confident #Devoxx #BeyondMinikube @LostInBrittany
Extensibility Enhance your Kubernetes #Devoxx #BeyondMinikube @LostInBrittany
Kubernetes is modular Let’s see how some of those plugins can help you #Devoxx #BeyondMinikube @LostInBrittany
Helm A package management for K8s #Devoxx #BeyondMinikube @LostInBrittany
Complex deployments #Devoxx #BeyondMinikube @LostInBrittany
Using static YAML files #Devoxx #BeyondMinikube @LostInBrittany
Complex deployments #Devoxx #BeyondMinikube @LostInBrittany
Istio A service mesh for Kubernetes… and much more! #Devoxx #BeyondMinikube @LostInBrittany
Istio: A service mesh but not only #Devoxx #BeyondMinikube @LostInBrittany
Service discovery #Devoxx #BeyondMinikube @LostInBrittany
Traffic control #Devoxx #BeyondMinikube @LostInBrittany
Encrypting internal communications #Devoxx #BeyondMinikube @LostInBrittany
Routing and load balancing #Devoxx #BeyondMinikube @LostInBrittany
Rolling upgrades #Devoxx #BeyondMinikube @LostInBrittany
Rolling upgrades #Devoxx #BeyondMinikube @LostInBrittany
Rolling upgrades #Devoxx #BeyondMinikube @LostInBrittany
Rolling upgrades #Devoxx #BeyondMinikube @LostInBrittany
Rolling upgrades #Devoxx #BeyondMinikube @LostInBrittany
Rolling upgrades #Devoxx #BeyondMinikube @LostInBrittany
Rolling upgrades #Devoxx #BeyondMinikube @LostInBrittany
Rolling upgrades #Devoxx #BeyondMinikube @LostInBrittany
Rolling upgrades #Devoxx #BeyondMinikube @LostInBrittany
A/B testing #Devoxx #BeyondMinikube @LostInBrittany
Monitoring your cluster #Devoxx #BeyondMinikube @LostInBrittany
Velero Backing up your Kubernetes #Devoxx #BeyondMinikube @LostInBrittany
Kubernetes: Desired State Management #Devoxx #BeyondMinikube @LostInBrittany
YAML files allows to clone a cluster #Devoxx #BeyondMinikube @LostInBrittany
But what about the data? #Devoxx #BeyondMinikube @LostInBrittany
Velero Backup and migrate Kubernetes applications and their persistent volumes #Devoxx #BeyondMinikube @LostInBrittany
S3 based backup On any S3 protocol compatible store #Devoxx #BeyondMinikube @LostInBrittany
Backup all or part of a cluster #Devoxx #BeyondMinikube @LostInBrittany
Schedule backups #Devoxx #BeyondMinikube @LostInBrittany
Backups hooks #Devoxx #BeyondMinikube @LostInBrittany
Conclusion And one more thing… #Devoxx #BeyondMinikube @LostInBrittany
Kubernetes is powerful It can make Developers’ and DevOps’ lives easier #Devoxx #BeyondMinikube @LostInBrittany
But there is a price: operating it Lot of things to think about #Devoxx #BeyondMinikube @LostInBrittany
We have seen some of them #Devoxx #BeyondMinikube @LostInBrittany
One more thing… Who should do what? #Devoxx #BeyondMinikube @LostInBrittany
Different roles Each role asks for very different knowledge and skill sets #Devoxx #BeyondMinikube @LostInBrittany
Most companies don’t need to operate the clusters As they don’t build and rack their own servers! #Devoxx #BeyondMinikube @LostInBrittany
If you don’t need to build it, choose a certified managed solution You get the cluster, the operator get the problems #Devoxx #BeyondMinikube @LostInBrittany
Like our OVH Managed Kubernetes Made with 💗 by the Platform team #Devoxx #BeyondMinikube @LostInBrittany
Do you want to try? Send me an email to get some vouchers… horacio.gonzalez@corp.ovh.com #Devoxx #BeyondMinikube @LostInBrittany
Thank you for listening That’s all, folks! #Devoxx #BeyondMinikube @LostInBrittany
