SlideShare a Scribd company logo

Centralizing Kubernetes Management in Restrictive Environments

Kublr
Kublr

Centralizing Kubernetes Management in Highly Restrictive Environments discusses managing Kubernetes in enterprise environments with multiple complex environments and constraints. It introduces Kublr, an enterprise Kubernetes management platform that provides centralized management, automation, security, and governance to address these challenges. Kublr abstracts away infrastructure details and enables operations, security, and application teams to work together through the platform.

Technology
1 of 21
Download to read offline
Centralizing Kubernetes Management in Highly Restrictive Environments Oleg Chunikhin | CTO, Kublr
Introductions Oleg Chunikhin CTO, Kublr  20+ years in software architecture & development  Working w/ Kubernetes since its release in 2015  CTO at Kublr—an enterprise ready container management platform  Twitter @olgch; @kublr Like what you hear? Tweet at us!
Kubernetes & Cloud Native in Enterprise Environment @olgch; @kublr
Cloud Native Attributes Lightweight containers Language agnostic Microservices API Stateless/stateful separation Self-service infrastructure Isolated from OS/server deps Agile DevOps processes Highly automated Declarative resource management @olgch; @kublr
Cloud Native Cloud Native Precursors SRE, DevOps, 12factor app SOA / Microservices, API (management) Containers, Cloud, Virtualization Empower IT teams to respond to business requirements quickly, reliably, and predictably Larger Enterprises can benefit most, but adoption is lagging behind @olgch; @kublr
Applications and Architecture Digital – Web/Mobile Data Science & Machine Learning Video Streaming Digital Transformation and App Modernization Hybrid Cloud Multi-Cloud Edge Computing Private Cloud Internet of Things @olgch; @kublr
Enterprise Requirements Multiple/complex environments (On-prem, Clouds, Hybrid) Centralized/unified management and governance Provisioning, Monitoring, Log Collection, IdM/AAA, Cost Integration with existing, often legacy, components Security (Infrastructure, OS, IdM/AAA) Software management (Patches, Packages, Images) @olgch; @kublr
Enterprise Challenges and Constraints Separation of Responsibilities Infrastructure, Operations, Security, Legal Network Access (white/black-listing, air gap) Security Tools and Processes (infra, OS, platform, apps) OS, Platform, and Software Practices and Standards Vendor and version certification; configuration practices; custom package repositories; etc Regulations Complexity @olgch; @kublr
Automation Ingress Custom Cfg Self-service Infrastructure Logging Monitoring Observability API Usage Reporting RBAC IAM Air Gap TLS Secret Management Audit Storage Networking Repos & Registries CI / CD App Mgmt Infrastructure Container Runtime Kubernetes OPERATIONS SECURITY & GOVERNANCE Enterprise Cloud Native @olgch; @kublr MANAGED SERVICES APPLICATION LIFECYCLE Scanning Service MeshDataAPI Mgmt Services Backup & DR Network Policies
Automation Ingress Custom Cfg Self-service Infrastructure Logging Monitoring Observability API Usage Reporting RBAC IAM Air Gap TLS Secret Management Audit Storage Networking Repos & Registries CI / CD App Mgmt Infrastructure Container Runtime Kubernetes OPERATIONS SECURITY & GOVERNANCE K8S Infrastructure Abstraction @olgch; @kublr MANAGED SERVICES APPLICATION LIFECYCLE Scanning Service MeshDataAPI Mgmt Services Backup & DR Network Policies
Kubernetes Management Platform @olgch; @kublr
Kubernetes Management K8S Clusters Cloud(s) Data center API UI Log collection Operations Monitoring IAM, RBAC, SSO, Federation DR Binary Repos Infrastructure management Cluster Registry Dev K8S API Cloud/Infra API Prod PoC Dev @olgch; @kublr
Infrastructure Automation Cluster Architecture Control Center MASTER OPS AGENT overlay network, discovery, connectivity K8s Master Components: etcd, scheduler, API, controller Docker KUBELET OPS AGENTKUBELET NODE Docker overlay network, discovery, connectivity Infrastructure and Application containers Orchestration Store Discovery & orchestration @olgch; @kublr Orchestration and configuration agent
K8S Monitoring with Prometheus • Discover nodes, services, pods via K8S API • Query metrics from discovered endpoints • Endpoint are accessed directly via internal cluster addresses Kubernetes Cluster Prometheus Nodes K8S API Grafana Pods Discovery Srv Metrics @olgch; @kublr
Centralized Monitoring Cluster registry PROMETHEUSGrafana K8S Proxy API nodes, pods, service endpoints Ship externally Ship externally Prometheus config Prometheus data Configurator Control plane KUBERNETES CLUSTER Prometheus (collector) Prometheus (collector) @olgch; @kublr@olgch; @kublr
K8S Logging with Elasticsearch • Fluentd runs on nodes • OS, K8S, and container logs collected and shipped to Elasticsearch • Kibana for visualization Kubernetes Cluster Elasticsearch Kibana Pods Logs @olgch; @kublr
Prometheus (collector) RabbitMQ Centralized Log Collection Cluster registry K8S Proxy API Port forwarding MQTT Ship externally Messaging config Configurator Control Plane RabbitMQ Shovel ElasticsearchLogstash Fluentd KUBERNETES CLUSTER filter filter analyze Ship externally MQTT Forwarder filter @olgch; @kublr
Automation Ingress Custom Cfg Self-service Infrastructure Logging Monitoring Observability API Usage Reporting RBAC IAM Air Gap TLS Secret Management Audit Storage Networking Repos & Registries CI / CD App Mgmt Infrastructure Container Runtime Kubernetes OPERATIONS SECURITY & GOVERNANCE Enterprise Kubernetes @olgch; @kublr MANAGED SERVICES APPLICATION LIFECYCLE Scanning Service MeshDataAPI Mgmt Services Backup & DR Network Policies
Q&A Take Kublr for a test drive! kublr.com/deploy Free non-production license @olgch; @kublr
Stay in touch! Signup for our newsletter at kublr.com Oleg Chunikhin CTO, Kublr oleg@kublr.com @olgch Kublr | kublr.com @kublr

Recommended

Kubernetes as Infrastructure Abstraction
Kubernetes as Infrastructure AbstractionKubernetes as Infrastructure Abstraction
Kubernetes as Infrastructure Abstraction
Kublr
 
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)
Kublr
 
How to Run Kubernetes in Restrictive Environments
How to Run Kubernetes in Restrictive EnvironmentsHow to Run Kubernetes in Restrictive Environments
How to Run Kubernetes in Restrictive Environments
Kublr
 
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusCanary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Kublr
 
Application Portability with Kubernetes (k8)
Application Portability with Kubernetes (k8)Application Portability with Kubernetes (k8)
Application Portability with Kubernetes (k8)
Kublr
 
Centralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container OperationsCentralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container Operations
Kublr
 
Introduction to Kubernetes RBAC
Introduction to Kubernetes RBACIntroduction to Kubernetes RBAC
Introduction to Kubernetes RBAC
Kublr
 
Zero-downtime deployment of Micro-services with Kubernetes
Zero-downtime deployment of Micro-services with KubernetesZero-downtime deployment of Micro-services with Kubernetes
Zero-downtime deployment of Micro-services with Kubernetes
Wojciech Barczyński
 

Recommended

Kubernetes as Infrastructure Abstraction
Kubernetes as Infrastructure AbstractionKubernetes as Infrastructure Abstraction
Kubernetes as Infrastructure Abstraction
Kublr
 
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)
Kublr
 
How to Run Kubernetes in Restrictive Environments
How to Run Kubernetes in Restrictive EnvironmentsHow to Run Kubernetes in Restrictive Environments
How to Run Kubernetes in Restrictive Environments
Kublr
 
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusCanary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Kublr
 
Application Portability with Kubernetes (k8)
Application Portability with Kubernetes (k8)Application Portability with Kubernetes (k8)
Application Portability with Kubernetes (k8)
Kublr
 
Centralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container OperationsCentralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container Operations
Kublr
 
Introduction to Kubernetes RBAC
Introduction to Kubernetes RBACIntroduction to Kubernetes RBAC
Introduction to Kubernetes RBAC
Kublr
 
Zero-downtime deployment of Micro-services with Kubernetes
Zero-downtime deployment of Micro-services with KubernetesZero-downtime deployment of Micro-services with Kubernetes
Zero-downtime deployment of Micro-services with Kubernetes
Wojciech Barczyński
 
Kubernetes in Highly Restrictive Environments
Kubernetes in Highly Restrictive EnvironmentsKubernetes in Highly Restrictive Environments
Kubernetes in Highly Restrictive Environments
Kublr
 
Openstack days sv building highly available services using kubernetes (preso)
Openstack days sv building highly available services using kubernetes (preso)Openstack days sv building highly available services using kubernetes (preso)
Openstack days sv building highly available services using kubernetes (preso)
Allan Naim
 
The Evolution of your Kubernetes Cluster
The Evolution of your Kubernetes ClusterThe Evolution of your Kubernetes Cluster
The Evolution of your Kubernetes Cluster
Kublr
 
Kubernetes data science and machine learning
Kubernetes data science and machine learningKubernetes data science and machine learning
Kubernetes data science and machine learning
Kublr
 
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati ShalomRunning I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Cloud Native Day Tel Aviv
 
Effective Kubernetes - Is Kubernetes the new Linux? Is the new Application Se...
Effective Kubernetes - Is Kubernetes the new Linux? Is the new Application Se...Effective Kubernetes - Is Kubernetes the new Linux? Is the new Application Se...
Effective Kubernetes - Is Kubernetes the new Linux? Is the new Application Se...
Wojciech Barczyński
 
WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh? WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh?
Anton Weiss
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101
Kublr
 
Managing kubernetes deployment with operators
Managing kubernetes deployment with operatorsManaging kubernetes deployment with operators
Managing kubernetes deployment with operators
Cloud Technology Experts
 
Kubernetes and the 12 factor cloud apps
Kubernetes and the 12 factor cloud appsKubernetes and the 12 factor cloud apps
Kubernetes and the 12 factor cloud apps
Ana-Maria Mihalceanu
 
12 Factor App
12 Factor App12 Factor App
12 Factor App
Erkan Erol
 
Zero downtime deployment of micro-services with Kubernetes
Zero downtime deployment of micro-services with KubernetesZero downtime deployment of micro-services with Kubernetes
Zero downtime deployment of micro-services with Kubernetes
Wojciech Barczyński
 
Container Runtime Security with Falco, by Néstor Salceda
Container Runtime Security with Falco, by Néstor SalcedaContainer Runtime Security with Falco, by Néstor Salceda
Container Runtime Security with Falco, by Néstor Salceda
Cloud Native Day Tel Aviv
 
Securing and Automating Kubernetes with Kyverno
Securing and Automating Kubernetes with KyvernoSecuring and Automating Kubernetes with Kyverno
Securing and Automating Kubernetes with Kyverno
Saim Safder
 
KubeCon EU 2016: ITNW (If This Now What): Orchestrating an Enterprise
KubeCon EU 2016: ITNW (If This Now What): Orchestrating an EnterpriseKubeCon EU 2016: ITNW (If This Now What): Orchestrating an Enterprise
KubeCon EU 2016: ITNW (If This Now What): Orchestrating an Enterprise
KubeAcademy
 
Clocker, Calico and Docker
Clocker, Calico and DockerClocker, Calico and Docker
Clocker, Calico and Docker
Andrew Kennedy
 
Knative goes
 beyond serverless | Alexandre Roman
Knative goes
 beyond serverless | Alexandre RomanKnative goes
 beyond serverless | Alexandre Roman
Knative goes
 beyond serverless | Alexandre Roman
KCDItaly
 
Five Lessons Learned from Large-scale Implementation of Kubernetes in the Ent...
Five Lessons Learned from Large-scale Implementation of Kubernetes in the Ent...Five Lessons Learned from Large-scale Implementation of Kubernetes in the Ent...
Five Lessons Learned from Large-scale Implementation of Kubernetes in the Ent...
DevOps.com
 
DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA
Docker, Inc.
 
Tectonic Summit 2016: Multi-Cluster Kubernetes: Planning for Unknowns
Tectonic Summit 2016: Multi-Cluster Kubernetes: Planning for UnknownsTectonic Summit 2016: Multi-Cluster Kubernetes: Planning for Unknowns
Tectonic Summit 2016: Multi-Cluster Kubernetes: Planning for Unknowns
CoreOS
 
Introduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenIntroduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang Nguyen
Trang Nguyen
 
Multi-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with VeleroMulti-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with Velero
Kublr
 

More Related Content

What's hot

Kubernetes in Highly Restrictive Environments
Kubernetes in Highly Restrictive EnvironmentsKubernetes in Highly Restrictive Environments
Kubernetes in Highly Restrictive Environments
Kublr
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101
Kublr
 
KubeCon EU 2016: ITNW (If This Now What): Orchestrating an Enterprise
KubeCon EU 2016: ITNW (If This Now What): Orchestrating an EnterpriseKubeCon EU 2016: ITNW (If This Now What): Orchestrating an Enterprise
KubeCon EU 2016: ITNW (If This Now What): Orchestrating an Enterprise
KubeAcademy
 
Five Lessons Learned from Large-scale Implementation of Kubernetes in the Ent...
Five Lessons Learned from Large-scale Implementation of Kubernetes in the Ent...Five Lessons Learned from Large-scale Implementation of Kubernetes in the Ent...
Five Lessons Learned from Large-scale Implementation of Kubernetes in the Ent...
DevOps.com
 

What's hot (20)

Kubernetes in Highly Restrictive Environments
Kubernetes in Highly Restrictive EnvironmentsKubernetes in Highly Restrictive Environments
Kubernetes in Highly Restrictive Environments
 
Openstack days sv building highly available services using kubernetes (preso)
Openstack days sv building highly available services using kubernetes (preso)Openstack days sv building highly available services using kubernetes (preso)
Openstack days sv building highly available services using kubernetes (preso)
 
The Evolution of your Kubernetes Cluster
The Evolution of your Kubernetes ClusterThe Evolution of your Kubernetes Cluster
The Evolution of your Kubernetes Cluster
 
Kubernetes data science and machine learning
Kubernetes data science and machine learningKubernetes data science and machine learning
Kubernetes data science and machine learning
 
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati ShalomRunning I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati Shalom
 
Effective Kubernetes - Is Kubernetes the new Linux? Is the new Application Se...
Effective Kubernetes - Is Kubernetes the new Linux? Is the new Application Se...Effective Kubernetes - Is Kubernetes the new Linux? Is the new Application Se...
Effective Kubernetes - Is Kubernetes the new Linux? Is the new Application Se...
 
WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh? WTF Do We Need a Service Mesh?
WTF Do We Need a Service Mesh?
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101
 
Managing kubernetes deployment with operators
Managing kubernetes deployment with operatorsManaging kubernetes deployment with operators
Managing kubernetes deployment with operators
 
Kubernetes and the 12 factor cloud apps
Kubernetes and the 12 factor cloud appsKubernetes and the 12 factor cloud apps
Kubernetes and the 12 factor cloud apps
 
12 Factor App
12 Factor App12 Factor App
12 Factor App
 
Zero downtime deployment of micro-services with Kubernetes
Zero downtime deployment of micro-services with KubernetesZero downtime deployment of micro-services with Kubernetes
Zero downtime deployment of micro-services with Kubernetes
 
Container Runtime Security with Falco, by Néstor Salceda
Container Runtime Security with Falco, by Néstor SalcedaContainer Runtime Security with Falco, by Néstor Salceda
Container Runtime Security with Falco, by Néstor Salceda
 
Securing and Automating Kubernetes with Kyverno
Securing and Automating Kubernetes with KyvernoSecuring and Automating Kubernetes with Kyverno
Securing and Automating Kubernetes with Kyverno
 
KubeCon EU 2016: ITNW (If This Now What): Orchestrating an Enterprise
KubeCon EU 2016: ITNW (If This Now What): Orchestrating an EnterpriseKubeCon EU 2016: ITNW (If This Now What): Orchestrating an Enterprise
KubeCon EU 2016: ITNW (If This Now What): Orchestrating an Enterprise
 
Clocker, Calico and Docker
Clocker, Calico and DockerClocker, Calico and Docker
Clocker, Calico and Docker
 
Knative goes
 beyond serverless | Alexandre Roman
Knative goes
 beyond serverless | Alexandre RomanKnative goes
 beyond serverless | Alexandre Roman
Knative goes
 beyond serverless | Alexandre Roman
 
Five Lessons Learned from Large-scale Implementation of Kubernetes in the Ent...
Five Lessons Learned from Large-scale Implementation of Kubernetes in the Ent...Five Lessons Learned from Large-scale Implementation of Kubernetes in the Ent...
Five Lessons Learned from Large-scale Implementation of Kubernetes in the Ent...
 
DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA
 
Tectonic Summit 2016: Multi-Cluster Kubernetes: Planning for Unknowns
Tectonic Summit 2016: Multi-Cluster Kubernetes: Planning for UnknownsTectonic Summit 2016: Multi-Cluster Kubernetes: Planning for Unknowns
Tectonic Summit 2016: Multi-Cluster Kubernetes: Planning for Unknowns
 

Similar to Centralizing Kubernetes Management in Restrictive Environments

Introduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenIntroduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang Nguyen
Trang Nguyen
 
Multi-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with VeleroMulti-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with Velero
Kublr
 

Similar to Centralizing Kubernetes Management in Restrictive Environments (20)

Introduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang NguyenIntroduction of Kubernetes - Trang Nguyen
Introduction of Kubernetes - Trang Nguyen
 
Multi-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with VeleroMulti-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with Velero
 
Red Hat OpenShift & CoreOS by Ludovic Aelbrecht, Senior Solution Architect at...
Red Hat OpenShift & CoreOS by Ludovic Aelbrecht, Senior Solution Architect at...Red Hat OpenShift & CoreOS by Ludovic Aelbrecht, Senior Solution Architect at...
Red Hat OpenShift & CoreOS by Ludovic Aelbrecht, Senior Solution Architect at...
 
OpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platformOpenShift 4, the smarter Kubernetes platform
OpenShift 4, the smarter Kubernetes platform
 
Kubernetes: Dive into the Future of Infrastructure
Kubernetes: Dive into the Future of InfrastructureKubernetes: Dive into the Future of Infrastructure
Kubernetes: Dive into the Future of Infrastructure
 
[WSO2 Summit EMEA 2020] Automating an Integrated API Supply Chain Using a Clo...
[WSO2 Summit EMEA 2020] Automating an Integrated API Supply Chain Using a Clo...[WSO2 Summit EMEA 2020] Automating an Integrated API Supply Chain Using a Clo...
[WSO2 Summit EMEA 2020] Automating an Integrated API Supply Chain Using a Clo...
 
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with KubernetesSumo Logic Cert Jam - Advanced Metrics with Kubernetes
Sumo Logic Cert Jam - Advanced Metrics with Kubernetes
 
Oracle Cloud Native
Oracle Cloud NativeOracle Cloud Native
Oracle Cloud Native
 
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google CloudPSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud
PSOCLD 1007 Cisco Hybrid Cloud Platform for Google Cloud
 
Kubernetes from the Ground Up
Kubernetes from the Ground UpKubernetes from the Ground Up
Kubernetes from the Ground Up
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootSpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
 
apidays LIVE Hong Kong 2021 - Building a solid interoperable foundation for y...
apidays LIVE Hong Kong 2021 - Building a solid interoperable foundation for y...apidays LIVE Hong Kong 2021 - Building a solid interoperable foundation for y...
apidays LIVE Hong Kong 2021 - Building a solid interoperable foundation for y...
 
Case Study Telefonica
Case Study TelefonicaCase Study Telefonica
Case Study Telefonica
 
Building Cloud Native Applications with Oracle Autonomous Database.
Building Cloud Native Applications with Oracle Autonomous Database.Building Cloud Native Applications with Oracle Autonomous Database.
Building Cloud Native Applications with Oracle Autonomous Database.
 
Dev ops
Dev opsDev ops
Dev ops
 
DevOps and BigData Analytics
DevOps and BigData Analytics DevOps and BigData Analytics
DevOps and BigData Analytics
 
DDDP 2019 - Brown to Green
DDDP 2019 - Brown to GreenDDDP 2019 - Brown to Green
DDDP 2019 - Brown to Green
 
Building and Deploying Cloud Native Applications
Building and Deploying Cloud Native ApplicationsBuilding and Deploying Cloud Native Applications
Building and Deploying Cloud Native Applications
 
Cloud Native Meetup Santa Clara 07-11-2019 by Manish Kapur
Cloud Native Meetup Santa Clara 07-11-2019 by Manish KapurCloud Native Meetup Santa Clara 07-11-2019 by Manish Kapur
Cloud Native Meetup Santa Clara 07-11-2019 by Manish Kapur
 
Create Secure Test and Dev Environments in the Cloud
Create Secure Test and Dev Environments in the CloudCreate Secure Test and Dev Environments in the Cloud
Create Secure Test and Dev Environments in the Cloud
 

More from Kublr

Kubernetes in Hybrid Environments with Submariner
Kubernetes in Hybrid Environments with SubmarinerKubernetes in Hybrid Environments with Submariner
Kubernetes in Hybrid Environments with Submariner
Kublr
 
Kubernetes persistence 101
Kubernetes persistence 101Kubernetes persistence 101
Kubernetes persistence 101
Kublr
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Kublr
 
Implement Advanced Scheduling Techniques in Kubernetes
Implement Advanced Scheduling Techniques in Kubernetes Implement Advanced Scheduling Techniques in Kubernetes
Implement Advanced Scheduling Techniques in Kubernetes
Kublr
 

More from Kublr (14)

Container Runtimes and Tooling, v2
Container Runtimes and Tooling, v2Container Runtimes and Tooling, v2
Container Runtimes and Tooling, v2
 
Container Runtimes and Tooling
Container Runtimes and ToolingContainer Runtimes and Tooling
Container Runtimes and Tooling
 
Kubernetes in Hybrid Environments with Submariner
Kubernetes in Hybrid Environments with SubmarinerKubernetes in Hybrid Environments with Submariner
Kubernetes in Hybrid Environments with Submariner
 
Intro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on KubernetesIntro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on Kubernetes
 
Hybrid architecture solutions with kubernetes and the cloud native stack
Hybrid architecture solutions with kubernetes and the cloud native stackHybrid architecture solutions with kubernetes and the cloud native stack
Hybrid architecture solutions with kubernetes and the cloud native stack
 
Kubernetes Ingress 101
Kubernetes Ingress 101Kubernetes Ingress 101
Kubernetes Ingress 101
 
Kubernetes persistence 101
Kubernetes persistence 101Kubernetes persistence 101
Kubernetes persistence 101
 
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Portable CI/CD Environment as Code with Kubernetes, Kublr and JenkinsPortable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
Advanced Scheduling in Kubernetes
Advanced Scheduling in KubernetesAdvanced Scheduling in Kubernetes
Advanced Scheduling in Kubernetes
 
Setting up CI/CD Pipeline with Kubernetes and Kublr step by-step
Setting up CI/CD Pipeline with Kubernetes and Kublr step by-stepSetting up CI/CD Pipeline with Kubernetes and Kublr step by-step
Setting up CI/CD Pipeline with Kubernetes and Kublr step by-step
 
Building Portable Applications with Kubernetes
Building Portable Applications with KubernetesBuilding Portable Applications with Kubernetes
Building Portable Applications with Kubernetes
 
How Self-Healing Nodes and Infrastructure Management Impact Reliability
How Self-Healing Nodes and Infrastructure Management Impact ReliabilityHow Self-Healing Nodes and Infrastructure Management Impact Reliability
How Self-Healing Nodes and Infrastructure Management Impact Reliability
 
Implement Advanced Scheduling Techniques in Kubernetes
Implement Advanced Scheduling Techniques in Kubernetes Implement Advanced Scheduling Techniques in Kubernetes
Implement Advanced Scheduling Techniques in Kubernetes
 

Recently uploaded

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Recently uploaded (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 

Centralizing Kubernetes Management in Restrictive Environments

  • 1. Centralizing Kubernetes Management in Highly Restrictive Environments Oleg Chunikhin | CTO, Kublr
  • 2. Introductions Oleg Chunikhin CTO, Kublr  20+ years in software architecture & development  Working w/ Kubernetes since its release in 2015  CTO at Kublr—an enterprise ready container management platform  Twitter @olgch; @kublr Like what you hear? Tweet at us!
  • 3. Kubernetes & Cloud Native in Enterprise Environment @olgch; @kublr
  • 4. Cloud Native Attributes Lightweight containers Language agnostic Microservices API Stateless/stateful separation Self-service infrastructure Isolated from OS/server deps Agile DevOps processes Highly automated Declarative resource management @olgch; @kublr
  • 5. Cloud Native Cloud Native Precursors SRE, DevOps, 12factor app SOA / Microservices, API (management) Containers, Cloud, Virtualization Empower IT teams to respond to business requirements quickly, reliably, and predictably Larger Enterprises can benefit most, but adoption is lagging behind @olgch; @kublr
  • 6. Applications and Architecture Digital – Web/Mobile Data Science & Machine Learning Video Streaming Digital Transformation and App Modernization Hybrid Cloud Multi-Cloud Edge Computing Private Cloud Internet of Things @olgch; @kublr
  • 7. Enterprise Requirements Multiple/complex environments (On-prem, Clouds, Hybrid) Centralized/unified management and governance Provisioning, Monitoring, Log Collection, IdM/AAA, Cost Integration with existing, often legacy, components Security (Infrastructure, OS, IdM/AAA) Software management (Patches, Packages, Images) @olgch; @kublr
  • 8. Enterprise Challenges and Constraints Separation of Responsibilities Infrastructure, Operations, Security, Legal Network Access (white/black-listing, air gap) Security Tools and Processes (infra, OS, platform, apps) OS, Platform, and Software Practices and Standards Vendor and version certification; configuration practices; custom package repositories; etc Regulations Complexity @olgch; @kublr
  • 9.
  • 10. Automation Ingress Custom Cfg Self-service Infrastructure Logging Monitoring Observability API Usage Reporting RBAC IAM Air Gap TLS Secret Management Audit Storage Networking Repos & Registries CI / CD App Mgmt Infrastructure Container Runtime Kubernetes OPERATIONS SECURITY & GOVERNANCE Enterprise Cloud Native @olgch; @kublr MANAGED SERVICES APPLICATION LIFECYCLE Scanning Service MeshDataAPI Mgmt Services Backup & DR Network Policies
  • 11. Automation Ingress Custom Cfg Self-service Infrastructure Logging Monitoring Observability API Usage Reporting RBAC IAM Air Gap TLS Secret Management Audit Storage Networking Repos & Registries CI / CD App Mgmt Infrastructure Container Runtime Kubernetes OPERATIONS SECURITY & GOVERNANCE K8S Infrastructure Abstraction @olgch; @kublr MANAGED SERVICES APPLICATION LIFECYCLE Scanning Service MeshDataAPI Mgmt Services Backup & DR Network Policies
  • 13. Kubernetes Management K8S Clusters Cloud(s) Data center API UI Log collection Operations Monitoring IAM, RBAC, SSO, Federation DR Binary Repos Infrastructure management Cluster Registry Dev K8S API Cloud/Infra API Prod PoC Dev @olgch; @kublr
  • 14. Infrastructure Automation Cluster Architecture Control Center MASTER OPS AGENT overlay network, discovery, connectivity K8s Master Components: etcd, scheduler, API, controller Docker KUBELET OPS AGENTKUBELET NODE Docker overlay network, discovery, connectivity Infrastructure and Application containers Orchestration Store Discovery & orchestration @olgch; @kublr Orchestration and configuration agent
  • 15. K8S Monitoring with Prometheus • Discover nodes, services, pods via K8S API • Query metrics from discovered endpoints • Endpoint are accessed directly via internal cluster addresses Kubernetes Cluster Prometheus Nodes K8S API Grafana Pods Discovery Srv Metrics @olgch; @kublr
  • 16. Centralized Monitoring Cluster registry PROMETHEUSGrafana K8S Proxy API nodes, pods, service endpoints Ship externally Ship externally Prometheus config Prometheus data Configurator Control plane KUBERNETES CLUSTER Prometheus (collector) Prometheus (collector) @olgch; @kublr@olgch; @kublr
  • 17. K8S Logging with Elasticsearch • Fluentd runs on nodes • OS, K8S, and container logs collected and shipped to Elasticsearch • Kibana for visualization Kubernetes Cluster Elasticsearch Kibana Pods Logs @olgch; @kublr
  • 18. Prometheus (collector) RabbitMQ Centralized Log Collection Cluster registry K8S Proxy API Port forwarding MQTT Ship externally Messaging config Configurator Control Plane RabbitMQ Shovel ElasticsearchLogstash Fluentd KUBERNETES CLUSTER filter filter analyze Ship externally MQTT Forwarder filter @olgch; @kublr
  • 19. Automation Ingress Custom Cfg Self-service Infrastructure Logging Monitoring Observability API Usage Reporting RBAC IAM Air Gap TLS Secret Management Audit Storage Networking Repos & Registries CI / CD App Mgmt Infrastructure Container Runtime Kubernetes OPERATIONS SECURITY & GOVERNANCE Enterprise Kubernetes @olgch; @kublr MANAGED SERVICES APPLICATION LIFECYCLE Scanning Service MeshDataAPI Mgmt Services Backup & DR Network Policies
  • 20. Q&A Take Kublr for a test drive! kublr.com/deploy Free non-production license @olgch; @kublr
  • 21. Stay in touch! Signup for our newsletter at kublr.com Oleg Chunikhin CTO, Kublr oleg@kublr.com @olgch Kublr | kublr.com @kublr