Se ha denunciado esta presentación.
Se está descargando tu SlideShare. ×

Containers Were Never Your End State

Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Anuncio
Cargando en…3
×

Eche un vistazo a continuación

1 de 58 Anuncio

Más Contenido Relacionado

Presentaciones para usted (17)

Similares a Containers Were Never Your End State (20)

Anuncio

Más de VMware Tanzu (20)

Más reciente (20)

Anuncio

Containers Were Never Your End State

  1. 1. Containers were never your end state! Duncan Winn Will Arroyo @duncwinn @WillAArroyo
  2. 2. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Why This Talk? 2 Embedded OS (Windows & Linux) NSX-T CPI v1 v2 v3 ... CVEs Product Updates Java | .NET | NodeJS Pivotal Application Service (PAS) Application Code & Frameworks Buildpacks | Spring Boot | Spring Cloud | Steeltoe Elastic | Packaged Software | Spark Pivotal Container Service (PKS) >cf push >kubectl run YOU build the container vSphere Azure & Azure StackGoogle CloudAWSOpenstack Pivotal Network “3Rs” Github Concourse Concourse Pivotal Services Marketplace Pivotal and Partner Products Continuous delivery Public Cloud Services Customer Managed Services OpenServiceBrokerAPI Repair — CVEs Repave Rotate — Credhub The PLATFORM builds the container
  3. 3. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Where Are We?
  4. 4. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ This is not your end state… 4
  5. 5. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 5 …more like… Hype Cycle
  6. 6. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Container Hype Cycle 6
  7. 7. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Container Hype Cycle
  8. 8. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Container Hype Cycle •Mature Deployment Approach •Systematic Process for Day 2 Ops •Ecosystem Integration •Understand Failure / Security Boundaries •Appropriate Workloads 1. Container Principles 2.Building Container Images 3.Running Container Images 4.Deploying Kubernetes
  9. 9. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Container Principles
  10. 10. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ image Container Image kubelet CRI Container Runtime Interface Container Runtime Container Principles
  11. 11. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Container Runtime Interface kubelet Container gRPC Client CRI ShimgRPC Server Container Runtime Container image
  12. 12. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Running As A Non-Privileged User 12
  13. 13. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Running As A Non-Privileged User 13
  14. 14. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Getting Root Access 14
  15. 15. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Building Container Images
  16. 16. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Image Layers Build Base OS Middleware/Runtime App+Dependencies
  17. 17. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Image Layers Build App+Dependencies Middleware/Runtime Base OS
  18. 18. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 18 Use Layers Wisely 1. add 2. copy 3. run
  19. 19. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 19 Use Layers Wisely 1. add 2. copy 3. run
  20. 20. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 20 Use Layers Wisely 1. add 2. copy 3. run
  21. 21. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 21 Use Layers Wisely 1. add 2. copy 3. run
  22. 22. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 22 Use Layers Wisely 1. add 2. copy 3. run
  23. 23. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Building Images App+Dependencies Middleware/Runtime Base 1 to Many 1 to Many
  24. 24. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Building Images App+Dependencies Middleware/Runtime Base 1 to Many 1 to Many Build args
  25. 25. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Build Args Are Not Secure 25
  26. 26. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Build Args Are Not Secure 26
  27. 27. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Tagging Is Important 27 ubuntu:14.04 ubuntu:latestFROM ubuntu ubuntu:16.10
  28. 28. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Tagging Is Important 28 ubuntu:14.04 ubuntu:latestFROM ubuntu ubuntu:16.10 ubuntu:18.04
  29. 29. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Tagging Is Important 29 ubuntu:14.04 ubuntu:latestFROM ubuntu ubuntu:16.10 ubuntu:18.04 ubuntu:14.04 ubuntu:latestFROM ubuntu:latest ubuntu:16.10 ubuntu:18.04 ubuntu:14.04 ubuntu:latest FROM ubuntu:14.04 ubuntu:16.10 ubuntu:18.04
  30. 30. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Image Layers Build App+Dependencies Middleware/Runtime Base V3.8 1 to Many V8u181 1 to Many V1.1
  31. 31. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Running Container Images
  32. 32. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Image Layers (Run) App+Dependencies Middleware/Runtime Base Deploy Time Configuration 1 to Many 1 to Many V3.8 V8u181 V1.1 Code Repo
  33. 33. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Deploy Apps Package Manager kubectl helm install ./my-cart Kubectl create -f ./mycart/frontend-service.yml Kubectl create -f ./mycart/frontend-deployment.yml Kubectl create -f ./mycart/api-service.yml Kubectl create -f ./mycart/api-deployment.yml Kubectl create -f ./mycart/redis-service.yml Kubectl create -f ./mycart/db-service.yml Kubectl create -f ./mycart/redis-deployment.yml Kubectl create -f ./mycart/db-deployment.yml
  34. 34. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Big “A”pp Deploy Apps Small “a”pp Small “a”pp Small “a”pp Small “a”pp Small “a”pp Small
  35. 35. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Deploy Apps Package Manager kubectl helm install ./my-cart Kubectl create -f ./mycart/frontend-service.yml Kubectl create -f ./mycart/frontend-deployment.yml Kubectl create -f ./mycart/api-service.yml Kubectl create -f ./mycart/api-deployment.yml Kubectl create -f ./mycart/redis-service.yml Kubectl create -f ./mycart/db-service.yml Kubectl create -f ./mycart/redis-deployment.yml Kubectl create -f ./mycart/db-deployment.yml
  36. 36. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Trusted Registry
  37. 37. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Trusted Registry • OpenJDK Docker Image • Pulled Directly from Docker hub • Image created 9 hrs Prior • Scanned by Harbor • Signed by Harbor
  38. 38. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Trusted Registry
  39. 39. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Apps Pipelines Code Repo env var args build args Configuration
  40. 40. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Git Ops Config Repo Code Repo Kube Cluster build args env var args
  41. 41. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Deploying Kubernetes
  42. 42. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Deploying K8s Kubeadm RKE
  43. 43. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Deploying a k8s cluster with PKS
  44. 44. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Deploying K8s
  45. 45. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Deploying K8s
  46. 46. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Securing K8s
  47. 47. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ K8s Day 2 Ops (Patching and Updating) ISO IaaS
  48. 48. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ K8s Day 2 Ops (Patching and Updating) MasterMaster Node 1 Node 2 Node 3 Node 4 Node 1
  49. 49. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Take Aways
  50. 50. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 1. Choose a deployment method (close to upstream k8s) 2. Understand k8s components 3. Careful building docker images (governance + security) 4. Automate everything (platform, images, apps) Takeaways Repeat
  51. 51. Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 51 > kubectl Multi-Cloud PKS Kubernetes Dashboard vRealize Ops PKS Control Plane GCP Service Broker > pks Operations Manager vRealize Operations Dev / Apps App User IT / Platform Ops …in support of an end state…
  52. 52. > Stay Connected. @duncwinn @willaarroyo #springon@s1
  53. 53. Container Principles 1. Quick To Create 2. Resource Consolidation 3. App Portability Control Resources Isolate and Secure Processes
  54. 54. Container Principles Docker Images Droplets+Stack File System
  55. 55. Container Misconceptions Walls Resource Limits Namespaces There Is No Container
  56. 56. Container Misconceptions Docker Images Droplets+Stack File System Docker-Engine Guardian Docker-CLI Garden Management RunC Implementation API-CLI RuntimeIT DOES NOT MATTER
  57. 57. Containers are not enough Container Misconceptions

×