OVHcloud Kubernetes Tech Lab Spain

A presentation at OVHcloud Kubernetes Tech Lab Spain in September 2022 in Bilbao, Biscay, Spain by Horacio Gonzalez

Slide 1

Slide 1

OVHcloud Kubernetes Tech Lab Spain Horacio Gonzalez 2022-09-20 - Madrid 2022-09-21 - Bilbao 2022-09-22 - Barcelona

Slide 2

Slide 2

Who are we? Introducing myself and introducing OVHcloud

Slide 3

Slide 3

Horacio Gonzalez @LostInBrittany Spaniard Lost in Brittany Flutter

Slide 4

Slide 4

OVHcloud Web Cloud & Telcom 30 Data Centers in 12 locations 1 Million+ Servers produced since 1999 Private Cloud 34 Points of Presence on a 20 TBPS Bandwidth Network 1.5 Million Customers across 132 countries Public Cloud 2200 Employees worldwide 3.8 Million Websites hosting Storage 115K Private Cloud VMS running 1.5 Billion Euros Invested since 2016 300K Public Cloud instances running P.U.E. 1.09 Energy efficiency indicator 380K Physical Servers running in our data centers 20+ Years in Business Disrupting since 1999 Network & Security

Slide 5

Slide 5

Why do we need Kubernetes? Taming the complexity of operating containers

Slide 6

Slide 6

From bare metal to containers

Slide 7

Slide 7

From bare metal to containers

Slide 8

Slide 8

From bare metal to containers

Slide 9

Slide 9

Dockerfiles, images and containers

Slide 10

Slide 10

Containers are easy… For developers

Slide 11

Slide 11

Less simple if you must operate them Like in a production context

Slide 12

Slide 12

And what about microservices? Are you sure you want to operate them by hand?

Slide 13

Slide 13

And what about microservices? Are you sure you want to operate them by hand?

Slide 14

Slide 14

Helping to tame de complexity

Slide 15

Slide 15

Kubernetes: a full orchestrator

Slide 16

Slide 16

Kubernetes cluster: masters and nodes

Slide 17

Slide 17

Kubernetes cluster: more details

Slide 18

Slide 18

Desired State Management Declarative infrastructure

Slide 19

Slide 19

Desired State Management

Slide 20

Slide 20

Let’s deploy an application

Slide 21

Slide 21

Demo: Hello Kubernetes World https://docs.ovh.com/gb/en/kubernetes/deploying-hello-world/

Slide 22

Slide 22

Needed tools: kubectl https://kubernetes.io/docs/tasks/tools/

Slide 23

Slide 23

Putting Kubernetes in production A journey not for the faint of heart

Slide 24

Slide 24

Kubernetes can be wonderful For both developers and devops

Slide 25

Slide 25

The journey from dev to production

Slide 26

Slide 26

It’s a complex technology Lots of abstraction layers

Slide 27

Slide 27

Kubernetes networking is complex…

Slide 28

Slide 28

The storage dilemma

Slide 29

Slide 29

The ETCD vulnerability

Slide 30

Slide 30

Kubernetes is insecure by design* It’s a feature, not a bug. Up to K8s admin to secure it according to needs

Slide 31

Slide 31

Not everybody has the same security needs

Slide 32

Slide 32

Kubernetes allows to enforce security practices as needed

Slide 33

Slide 33

Always keep up to date Both Kubernetes and plugins

Slide 34

Slide 34

And remember, even the best can get hacked Remain attentive, don’t get too confident

Slide 35

Slide 35

A managed Kubernetes Because your company job is to use Kubernetes, not to operate it!

Slide 36

Slide 36

Kubernetes is powerful It can make Developers’ and DevOps’ lives easier

Slide 37

Slide 37

But there is a price: operating it Lot of things to think about

Slide 38

Slide 38

We have seen some of them

Slide 39

Slide 39

Different roles Each role asks for very different knowledge and skill sets

Slide 40

Slide 40

Operating a Kubernetes cluster is hard But we have a good news…

Slide 41

Slide 41

Most companies don’t need to do it! As they don’t build and rack their own servers!

Slide 42

Slide 42

If you don’t need to build it, choose a certified managed solution You get the cluster, the operator get the problems

Slide 43

Slide 43

Demo: A complete app - Wordpress https://docs.ovh.com/gb/en/kubernetes/installing-wordpress/

Slide 44

Slide 44

Needed tools: helm https://helm.sh/

Slide 45

Slide 45

Helm: a package manager for K8s

Slide 46

Slide 46

Wordpress is easy… Two pods and a persistent volume

Slide 47

Slide 47

Yet is a complete app Specially when deployed in production context

Slide 48

Slide 48

Persistent storage in Kubernetes

Slide 49

Slide 49

OVHcloud Managed Kubernetes Why would you choose ours?

Slide 50

Slide 50

Certified Kubernetes platform

Slide 51

Slide 51

OVHcloud Managed Private Registry

Slide 52

Slide 52

Node Pools Users can define node pools controlled from inside Kubernetes

Slide 53

Slide 53

Autoscaling Based on node pools New instances are spawned or released based on load

Slide 54

Slide 54

Kubernetes in a private network

Slide 55

Slide 55

Other features ● ● ● ● ● ● Healthcare HDS 1 conformity ISO 27001/27701/27017/27018 conformity Terraform provider Control plane audit logs API server IP restrictions … https://github.com/ovh/public-cloud-roadmap/projects/1

Slide 56

Slide 56

Demo: cluster auto-scaling https://docs.ovh.com/gb/en/kubernetes/cluster-autoscaler-example/

Slide 57

Slide 57

Demo: Working with OVHcloud API https://docs.ovh.com/gb/en/kubernetes/deploying-hello-world-ovh-api/

Slide 58

Slide 58

Infrastructure as Code The perfect companion to a cloud

Slide 59

Slide 59

Infrastructure as Code (IaC)

Slide 60

Slide 60

Types of IaC

Slide 61

Slide 61

IaC tools

Slide 62

Slide 62

Demo: Using Terraform https://docs.ovh.com/gb/en/kubernetes/creating-a-cluster-through-terraform/

Slide 63

Slide 63

Needed tools: terraform https://www.terraform.io/

Slide 64

Slide 64

Kubernetes Operators Helping to tame the complexity of K8s Ops

Slide 65

Slide 65

Taming microservices with Kubernetes

Slide 66

Slide 66

What about complex deployments

Slide 67

Slide 67

Specially at scale Lots of clusters with lots and lots of deployments

Slide 68

Slide 68

That’s just our case We both use Kubernetes and operate a Managed Kubernetes platform

Slide 69

Slide 69

Built over our Openstack based Public Cloud

Slide 70

Slide 70

We need to tame the complexity

Slide 71

Slide 71

Taming the complexity

Slide 72

Slide 72

Helm Charts are configuration Operating is more than installs & upgrades

Slide 73

Slide 73

Kubernetes is about automation How about automating human operators?

Slide 74

Slide 74

Kubernetes Operators A Kubernetes version of the human operator

Slide 75

Slide 75

Building operators Basic K8s elements: Controllers and Custom Resources

Slide 76

Slide 76

Kubernetes Controllers Keeping an eye on the resources

Slide 77

Slide 77

A control loop They watch the state of the cluster, and make or request changes where needed

Slide 78

Slide 78

A reconcile loop Strives to reconcile current state and desired state

Slide 79

Slide 79

Custom Resource Definitions Extending Kubernetes API

Slide 80

Slide 80

Extending Kubernetes API By defining new types of resources

Slide 81

Slide 81

Kubernetes Operator Automating operations

Slide 82

Slide 82

What’s a Kubernetes Operator?

Slide 83

Slide 83

Example: databases Things like adding an instance to a pool, doing a backup, sharding…

Slide 84

Slide 84

Knowledge encoded in CRDs and Controllers

Slide 85

Slide 85

Custom Controllers for Custom Resources Operators implement and manage Custom Resources using custom reconciliation logic

Slide 86

Slide 86

Operator Capability Model Gauging the operator maturity

Slide 87

Slide 87

That’s all, folks! Thank you all!