OVHcloud Kubernetes Tech Lab Spain

A presentation at OVHcloud Kubernetes Tech Lab Spain in March 2023 in Madrid, Spain by Horacio Gonzalez

Slide 1

Slide 1

OVHcloud Kubernetes Tech Lab Spain Horacio Gonzalez 2023-03-14 / 2023-03-15 - Madrid

Slide 2

Slide 2

Who are we? Introducing myself and introducing OVHcloud

Slide 3

Slide 3

Horacio Gonzalez @LostInBrittany Spaniard Lost in Brittany Flutter

Slide 4

Slide 4

OVHcloud Web Cloud & Telcom 30 Data Centers in 12 locations 1 Million+ Servers produced since 1999 Private Cloud 34 Points of Presence on a 20 TBPS Bandwidth Network 1.5 Million Customers across 132 countries Public Cloud 2200 Employees worldwide 3.8 Million Websites hosting Storage 115K Private Cloud VMS running 1.5 Billion Euros Invested since 2016 300K Public Cloud instances running P.U.E. 1.09 Energy efficiency indicator 380K Physical Servers running in our data centers 20+ Years in Business Disrupting since 1999 Network & Security

Slide 5

Slide 5

Why do we need Kubernetes? Taming the complexity of operating containers

Slide 6

Slide 6

From bare metal to containers

Slide 7

Slide 7

From bare metal to containers

Slide 8

Slide 8

From bare metal to containers

Slide 9

Slide 9

Dockerfiles, images and containers

Slide 10

Slide 10

Containers are easy… For developers

Slide 11

Slide 11

Less simple if you must operate them Like in a production context

Slide 12

Slide 12

And what about microservices? Are you sure you want to operate them by hand?

Slide 13

Slide 13

And what about microservices? Are you sure you want to operate them by hand?

Slide 14

Slide 14

Helping to tame de complexity

Slide 15

Slide 15

Kubernetes: a full orchestrator

Slide 16

Slide 16

Kubernetes cluster: masters and nodes

Slide 17

Slide 17

Kubernetes cluster: more details

Slide 18

Slide 18

Desired State Management Declarative infrastructure

Slide 19

Slide 19

Desired State Management

Slide 20

Slide 20

Let’s deploy an application

Slide 21

Slide 21

Demo: Hello Kubernetes World https://docs.ovh.com/gb/en/kubernetes/deploying-hello-world/

Slide 22

Slide 22

Needed tools: kubectl https://kubernetes.io/docs/tasks/tools/

Slide 23

Slide 23

Putting Kubernetes in production A journey not for the faint of heart

Slide 24

Slide 24

Kubernetes can be wonderful For both developers and devops

Slide 25

Slide 25

The journey from dev to production

Slide 26

Slide 26

It’s a complex technology Lots of abstraction layers

Slide 27

Slide 27

Kubernetes networking is complex…

Slide 28

Slide 28

The storage dilemma

Slide 29

Slide 29

The ETCD vulnerability

Slide 30

Slide 30

Kubernetes is insecure by design* It’s a feature, not a bug. Up to K8s admin to secure it according to needs

Slide 31

Slide 31

Not everybody has the same security needs

Slide 32

Slide 32

Kubernetes allows to enforce security practices as needed

Slide 33

Slide 33

Always keep up to date Both Kubernetes and plugins

Slide 34

Slide 34

And remember, even the best can get hacked Remain attentive, don’t get too confident

Slide 35

Slide 35

A managed Kubernetes Because your company job is to use Kubernetes, not to operate it!

Slide 36

Slide 36

Kubernetes is powerful It can make Developers’ and DevOps’ lives easier

Slide 37

Slide 37

But there is a price: operating it Lot of things to think about

Slide 38

Slide 38

We have seen some of them

Slide 39

Slide 39

Different roles Each role asks for very different knowledge and skill sets

Slide 40

Slide 40

Operating a Kubernetes cluster is hard But we have a good news…

Slide 41

Slide 41

Most companies don’t need to do it! As they don’t build and rack their own servers!

Slide 42

Slide 42

If you don’t need to build it, choose a certified managed solution You get the cluster, the operator get the problems

Slide 43

Slide 43

Demo: A complete app - Wordpress https://docs.ovh.com/gb/en/kubernetes/installing-wordpress/

Slide 44

Slide 44

Needed tools: helm https://helm.sh/

Slide 45

Slide 45

Helm: a package manager for K8s

Slide 46

Slide 46

Wordpress is easy… Two pods and a persistent volume

Slide 47

Slide 47

Yet is a complete app Specially when deployed in production context

Slide 48

Slide 48

Persistent storage in Kubernetes

Slide 49

Slide 49

OVHcloud Managed Kubernetes Why would you choose ours?

Slide 50

Slide 50

Certified Kubernetes platform

Slide 51

Slide 51

OVHcloud Managed Private Registry

Slide 52

Slide 52

Node Pools Users can define node pools controlled from inside Kubernetes

Slide 53

Slide 53

Autoscaling Based on node pools New instances are spawned or released based on load

Slide 54

Slide 54

Kubernetes in a private network

Slide 55

Slide 55

Other features ● ● ● ● ● ● Healthcare HDS 1 conformity ISO 27001/27701/27017/27018 conformity Terraform provider Control plane audit logs API server IP restrictions … https://github.com/ovh/public-cloud-roadmap/projects/1

Slide 56

Slide 56

Demo: cluster auto-scaling https://docs.ovh.com/gb/en/kubernetes/cluster-autoscaler-example/

Slide 57

Slide 57

Demo: Working with OVHcloud API https://docs.ovh.com/gb/en/kubernetes/deploying-hello-world-ovh-api/

Slide 58

Slide 58

Infrastructure as Code The perfect companion to a cloud

Slide 59

Slide 59

Infrastructure as Code (IaC)

Slide 60

Slide 60

IaC tools

Slide 61

Slide 61

HashiCorp Terraform

Slide 62

Slide 62

Modular architecture: providers

Slide 63

Slide 63

Configuration packages: modules

Slide 64

Slide 64

Terraform registry

Slide 65

Slide 65

OVHcloud Terraform Provider https://registry.terraform.io/providers/ovh/ovh/latest/docs

Slide 66

Slide 66

OVHcloud Terraform Provider https://github.com/ovh/terraform-provider-ovh

Slide 67

Slide 67

Demo: Using Terraform https://docs.ovh.com/gb/en/kubernetes/creating-a-cluster-through-terraform/

Slide 68

Slide 68

Needed tools: terraform https://www.terraform.io/

Slide 69

Slide 69

Kubernetes Operators Helping to tame the complexity of K8s Ops

Slide 70

Slide 70

Taming microservices with Kubernetes

Slide 71

Slide 71

What about complex deployments

Slide 72

Slide 72

Specially at scale Lots of clusters with lots and lots of deployments

Slide 73

Slide 73

That’s just our case We both use Kubernetes and operate a Managed Kubernetes platform

Slide 74

Slide 74

Built over our Openstack based Public Cloud

Slide 75

Slide 75

We need to tame the complexity

Slide 76

Slide 76

Taming the complexity

Slide 77

Slide 77

Helm Charts are configuration Operating is more than installs & upgrades

Slide 78

Slide 78

Kubernetes is about automation How about automating human operators?

Slide 79

Slide 79

Kubernetes Operators A Kubernetes version of the human operator

Slide 80

Slide 80

Building operators Basic K8s elements: Controllers and Custom Resources

Slide 81

Slide 81

Kubernetes Controllers Keeping an eye on the resources

Slide 82

Slide 82

A control loop They watch the state of the cluster, and make or request changes where needed

Slide 83

Slide 83

A reconcile loop Strives to reconcile current state and desired state

Slide 84

Slide 84

Custom Resource Definitions Extending Kubernetes API

Slide 85

Slide 85

Extending Kubernetes API By defining new types of resources

Slide 86

Slide 86

Kubernetes Operator Automating operations

Slide 87

Slide 87

What’s a Kubernetes Operator?

Slide 88

Slide 88

Example: databases Things like adding an instance to a pool, doing a backup, sharding…

Slide 89

Slide 89

Knowledge encoded in CRDs and Controllers

Slide 90

Slide 90

Custom Controllers for Custom Resources Operators implement and manage Custom Resources using custom reconciliation logic

Slide 91

Slide 91

Operator Capability Model Gauging the operator maturity

Slide 92

Slide 92

That’s all, folks! Thank you all!