Everything you want to know about Kubernetes
(preferably before using it)
Guillaume Gelin
ramnes.eu 🇪🇺 🇫🇷
Chapter 1
The origins
Where we are coming from
Kubernetes overview
apiVersion: apps/v1
kind: Deployment
metadata:
name: hello
spec:
selector:
matchLabels:
app: hello
replicas: 1
template:
metadata:
labels:
app: hello
spec:
containers:
- name: hello
image: numberly/hellodeployment.yaml
$ kubectl apply -f deployment.yaml
$ kubectl scale --replicas=4 deployment helloapiVersion: v1
kind: Service
metadata:
name: hello
spec:
ports:
- protocol: TCP
port: 80
targetPort: 8000
selector:
app: hello
type: ClusterIP
service.yaml
$ kubectl apply -f service.yaml
$ kubectl get all
NAME READY STATUS RESTARTS AGE
pod/hello-5688899d46-9nmzb 1/1 Running 0 23s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/hello ClusterIP 10.16.0.122 <none> 80/TCP 19s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/hello 1/1 1 1 24s
NAME DESIRED CURRENT READY AGE
replicaset.apps/hello-5688899d46 1 1 1 24s
Why Kubernetes?
-
Developers autonomy
-
Same tooling for everyone
-
Same vocabulary for everyone
-
Write once, apply everywhere (e.g. observability)
-
Transparent self-healing
-
Resources isolation
Software engineers
Infrastructure engineers
Chapter 2
Minimum viable cluster
Requirements we settled on
-
On-premise
-
Simple networking component
-
Highly available
Choices we made
-
On-premise
-
Simple networking component
-
Highly available
What you get or miss
at this point
Kubernetes is a platform for building platforms. It's a better place to start; not the endgame.
Kelsey Hightower
Chapter 3
Going further
A few more choices
Security
-
Encrypted etcd
-
Google sign-in + RBAC
-
Each team in its own namespace
-
"mustRunAsNonRoot" Pod Security Policy
-
"readOnlyRootFilesystem" Pod Security Policy
-
Default Network Policy ("deny *" by default)
-
Default Limit Ranges and Quotas
Developer-first experience
-
Automating as much as possible
-
Tutorials, templates, documentation
-
Certification
Tools we decided to use
Tools we developed ourselves
👀
Chapter 4
Nowadays
Current platform status
-
14 teams
-
100 users
-
400 pods
Live demo?
Next steps
-
Development workflows (Continuous Delivery?)
-
A “real” storage system
-
Vertical and horizontal auto-scaling
-
Distributed tracing (with a “service mesh”)
-
Chaos monkeys
-
More nodes
Chapter 5
Step back
Our opinion on Kubernetes
-
Becoming an industry standard
-
Really solved most of our problems
-
Operating Kubernetes is complex, using it is not
-
Still has a few missing pieces
Recommendations
-
Try the “user-side” with a free cluster (e.g. KubeSail)
-
For production, use Google Kubernetes Engine
-
Operate Kubernetes only if you can dedicate people
Thank you!
Everything you want to know about Kubernetes, preferably before using it
By Guillaume Gelin
Everything you want to know about Kubernetes, preferably before using it
There is a lot of hype about Kubernetes those days, but do you know what Kubernetes really gives you, out of the box? Not as much as you might expect. « Kubernetes is a platform for building platforms. It's a better place to start; not the endgame. » Kelsey Hightower (Developer Advocate at Google) In this talk, I will present my experience as a software engineer who started building a bare-metal Kubernetes cluster without much knowledge in networking or other low-level infrastructure concepts, but with a developer background and mindset that ended up being quite useful.
