SlideShare una empresa de Scribd logo

Kubernetes @ gcp next -- WePay

Descargar como PPTX, PDF
R
Rich Steenburg

WePay's case study during Kubernetes discussion at GCP Next 2016

Tecnología
1 de 5
11 Case Study: WePay
2 WePay has been using Kubernetes via Google Container Engine since 1.0 (July 2015) Payments company with PCI data Just embarking on the Monolith -> Microservices path Three iterations of deployment 1. Manual docker 2. Ansible + docker: 1 container per VM 3. Kubernetes WePay: About Us
3 Need for intra-cluster TLS Separation of responsibility: keep SSL out of the app Solution: Use an NGINX “sidecar” in each pod to terminate TLS In-house root CA for kubernetes DNS domain NGINX “sidecar” acts as the load balancer’s backend for the service WePay: Our Experiences
4 Reduce PCI scope Keep the number of machines the auditors inspect as small as possible Solution: Dedicated K8s PCI cluster(s) Need cluster-to-cluster configuration discovery Hard-coding inter-service endpoints in configuration WePay: Our Experiences
5 Manage Secrets Securely GKE is not covered by Google’s PCI umbrella (yet) Solution: Hashicorp Vault Encryption as a service through authenticated API calls Secrets are vended as needed WePay: Our Experiences

Recomendados

5 lessons learned for Successful Migration to Confluent Cloud
5 lessons learned for Successful Migration to Confluent Cloud5 lessons learned for Successful Migration to Confluent Cloud
5 lessons learned for Successful Migration to Confluent CloudNatan Silnitsky
 
Cloud Solution Day 2016: Service Mesh for Kubernetes
Cloud Solution Day 2016: Service Mesh for KubernetesCloud Solution Day 2016: Service Mesh for Kubernetes
Cloud Solution Day 2016: Service Mesh for KubernetesAWS Vietnam Community
 
Everything you want to know about Ingress
Everything you want to know about IngressEverything you want to know about Ingress
Everything you want to know about IngressJanakiram MSV
 
OpenStack
OpenStackOpenStack
OpenStackxqueralt
 
Polyglot, fault-tolerant event-driven programming with kafka, kubernetes and ...
Polyglot, fault-tolerant event-driven programming with kafka, kubernetes and ...Polyglot, fault-tolerant event-driven programming with kafka, kubernetes and ...
Polyglot, fault-tolerant event-driven programming with kafka, kubernetes and ...Natan Silnitsky
 
Kubernetes Meetup: CNI, Flex Volume, and Scheduler
Kubernetes Meetup: CNI, Flex Volume, and SchedulerKubernetes Meetup: CNI, Flex Volume, and Scheduler
Kubernetes Meetup: CNI, Flex Volume, and SchedulerKatie Crimi
 
LB for type2
LB for type2LB for type2
LB for type2Mohit Saxena
 
Kubernetes Policy As Code usando WebAssembly | Flavio Castelli
Kubernetes Policy As Code usando WebAssembly | Flavio CastelliKubernetes Policy As Code usando WebAssembly | Flavio Castelli
Kubernetes Policy As Code usando WebAssembly | Flavio CastelliKCDItaly
 

Recomendados

5 lessons learned for Successful Migration to Confluent Cloud
5 lessons learned for Successful Migration to Confluent Cloud5 lessons learned for Successful Migration to Confluent Cloud
5 lessons learned for Successful Migration to Confluent CloudNatan Silnitsky
 
Cloud Solution Day 2016: Service Mesh for Kubernetes
Cloud Solution Day 2016: Service Mesh for KubernetesCloud Solution Day 2016: Service Mesh for Kubernetes
Cloud Solution Day 2016: Service Mesh for KubernetesAWS Vietnam Community
 
Everything you want to know about Ingress
Everything you want to know about IngressEverything you want to know about Ingress
Everything you want to know about IngressJanakiram MSV
 
OpenStack
OpenStackOpenStack
OpenStackxqueralt
 
Polyglot, fault-tolerant event-driven programming with kafka, kubernetes and ...
Polyglot, fault-tolerant event-driven programming with kafka, kubernetes and ...Polyglot, fault-tolerant event-driven programming with kafka, kubernetes and ...
Polyglot, fault-tolerant event-driven programming with kafka, kubernetes and ...Natan Silnitsky
 
Kubernetes Meetup: CNI, Flex Volume, and Scheduler
Kubernetes Meetup: CNI, Flex Volume, and SchedulerKubernetes Meetup: CNI, Flex Volume, and Scheduler
Kubernetes Meetup: CNI, Flex Volume, and SchedulerKatie Crimi
 
LB for type2
LB for type2LB for type2
LB for type2Mohit Saxena
 
Kubernetes Policy As Code usando WebAssembly | Flavio Castelli
Kubernetes Policy As Code usando WebAssembly | Flavio CastelliKubernetes Policy As Code usando WebAssembly | Flavio Castelli
Kubernetes Policy As Code usando WebAssembly | Flavio CastelliKCDItaly
 
How I build a Hyperledger Fabric blockchain network using Amazon Managed Bloc...
How I build a Hyperledger Fabric blockchain network using Amazon Managed Bloc...How I build a Hyperledger Fabric blockchain network using Amazon Managed Bloc...
How I build a Hyperledger Fabric blockchain network using Amazon Managed Bloc...Chinar Goel
 
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINXDockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINXDocker, Inc.
 
Empower Your Docker Containers with Watson - DockerCon 2017 Austin
Empower Your Docker Containers with Watson - DockerCon 2017 AustinEmpower Your Docker Containers with Watson - DockerCon 2017 Austin
Empower Your Docker Containers with Watson - DockerCon 2017 AustinPhil Estes
 
Metal³ – Metal Kubed, Bare Metal Provisioning for Kubernetes | Kim Bảo Long
Metal³ – Metal Kubed, Bare Metal Provisioning for Kubernetes | Kim Bảo LongMetal³ – Metal Kubed, Bare Metal Provisioning for Kubernetes | Kim Bảo Long
Metal³ – Metal Kubed, Bare Metal Provisioning for Kubernetes | Kim Bảo LongVietnam Open Infrastructure User Group
 
Replacing vCloud with OpenNebula
Replacing vCloud with OpenNebulaReplacing vCloud with OpenNebula
Replacing vCloud with OpenNebulaOpenNebula Project
 
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...VMware Tanzu
 
Akri cncf-jobs-webinar-final
Akri cncf-jobs-webinar-finalAkri cncf-jobs-webinar-final
Akri cncf-jobs-webinar-finalLibbySchulze1
 
M.Montalbano/M.Colombo Speroni/S.Sala - Combining React and Websocket to buil...
M.Montalbano/M.Colombo Speroni/S.Sala - Combining React and Websocket to buil...M.Montalbano/M.Colombo Speroni/S.Sala - Combining React and Websocket to buil...
M.Montalbano/M.Colombo Speroni/S.Sala - Combining React and Websocket to buil...Codemotion
 
Introduction to istio
Introduction to istioIntroduction to istio
Introduction to istioAndrea Monacchi
 
Istio
Istio Istio
Istio Arun prasath
 
Deploying calico on kubernetes
Deploying calico on kubernetesDeploying calico on kubernetes
Deploying calico on kubernetesAnirban Sen Chowdhary
 
Get Off My Cloud - Launching your Startup on The Cloud
Get Off My Cloud - Launching your Startup on The CloudGet Off My Cloud - Launching your Startup on The Cloud
Get Off My Cloud - Launching your Startup on The CloudJoe Drumgoole
 
Istio Cloud Native Online Series - Intro to Istio Security
Istio Cloud Native Online Series - Intro to Istio SecurityIstio Cloud Native Online Series - Intro to Istio Security
Istio Cloud Native Online Series - Intro to Istio SecurityMatt Baldwin
 
Istio - A Service Mesh for Microservices as Scale
Istio - A Service Mesh for Microservices as ScaleIstio - A Service Mesh for Microservices as Scale
Istio - A Service Mesh for Microservices as ScaleRam Vennam
 
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...Docker, Inc.
 
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...KCDItaly
 
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...wallyqs
 
NGINX Microservices Reference Architecture: Ask Me Anything
NGINX Microservices Reference Architecture: Ask Me AnythingNGINX Microservices Reference Architecture: Ask Me Anything
NGINX Microservices Reference Architecture: Ask Me AnythingNGINX, Inc.
 
All roads lead to the cloud
All roads lead to the cloudAll roads lead to the cloud
All roads lead to the cloudDocker, Inc.
 
DockerCon SF 2015: Resilient Routing and Discovery
DockerCon SF 2015: Resilient Routing and DiscoveryDockerCon SF 2015: Resilient Routing and Discovery
DockerCon SF 2015: Resilient Routing and DiscoveryDocker, Inc.
 
Alipay and wepay
Alipay and wepayAlipay and wepay
Alipay and wepayashrafulmis
 
PayPal coverage report_odn_23may2013
PayPal coverage report_odn_23may2013PayPal coverage report_odn_23may2013
PayPal coverage report_odn_23may2013PayPalHK
 

Más contenido relacionado

La actualidad más candente

How I build a Hyperledger Fabric blockchain network using Amazon Managed Bloc...
How I build a Hyperledger Fabric blockchain network using Amazon Managed Bloc...How I build a Hyperledger Fabric blockchain network using Amazon Managed Bloc...
How I build a Hyperledger Fabric blockchain network using Amazon Managed Bloc...Chinar Goel
 
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINXDockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINXDocker, Inc.
 
Empower Your Docker Containers with Watson - DockerCon 2017 Austin
Empower Your Docker Containers with Watson - DockerCon 2017 AustinEmpower Your Docker Containers with Watson - DockerCon 2017 Austin
Empower Your Docker Containers with Watson - DockerCon 2017 AustinPhil Estes
 
Metal³ – Metal Kubed, Bare Metal Provisioning for Kubernetes | Kim Bảo Long
Metal³ – Metal Kubed, Bare Metal Provisioning for Kubernetes | Kim Bảo LongMetal³ – Metal Kubed, Bare Metal Provisioning for Kubernetes | Kim Bảo Long
Metal³ – Metal Kubed, Bare Metal Provisioning for Kubernetes | Kim Bảo LongVietnam Open Infrastructure User Group
 
Replacing vCloud with OpenNebula
Replacing vCloud with OpenNebulaReplacing vCloud with OpenNebula
Replacing vCloud with OpenNebulaOpenNebula Project
 
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...VMware Tanzu
 
Akri cncf-jobs-webinar-final
Akri cncf-jobs-webinar-finalAkri cncf-jobs-webinar-final
Akri cncf-jobs-webinar-finalLibbySchulze1
 
M.Montalbano/M.Colombo Speroni/S.Sala - Combining React and Websocket to buil...
M.Montalbano/M.Colombo Speroni/S.Sala - Combining React and Websocket to buil...M.Montalbano/M.Colombo Speroni/S.Sala - Combining React and Websocket to buil...
M.Montalbano/M.Colombo Speroni/S.Sala - Combining React and Websocket to buil...Codemotion
 
Get Off My Cloud - Launching your Startup on The Cloud
Get Off My Cloud - Launching your Startup on The CloudGet Off My Cloud - Launching your Startup on The Cloud
Get Off My Cloud - Launching your Startup on The CloudJoe Drumgoole
 
Istio Cloud Native Online Series - Intro to Istio Security
Istio Cloud Native Online Series - Intro to Istio SecurityIstio Cloud Native Online Series - Intro to Istio Security
Istio Cloud Native Online Series - Intro to Istio SecurityMatt Baldwin
 
Istio - A Service Mesh for Microservices as Scale
Istio - A Service Mesh for Microservices as ScaleIstio - A Service Mesh for Microservices as Scale
Istio - A Service Mesh for Microservices as ScaleRam Vennam
 
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...Docker, Inc.
 
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...KCDItaly
 
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...wallyqs
 
NGINX Microservices Reference Architecture: Ask Me Anything
NGINX Microservices Reference Architecture: Ask Me AnythingNGINX Microservices Reference Architecture: Ask Me Anything
NGINX Microservices Reference Architecture: Ask Me AnythingNGINX, Inc.
 
All roads lead to the cloud
All roads lead to the cloudAll roads lead to the cloud
All roads lead to the cloudDocker, Inc.
 
DockerCon SF 2015: Resilient Routing and Discovery
DockerCon SF 2015: Resilient Routing and DiscoveryDockerCon SF 2015: Resilient Routing and Discovery
DockerCon SF 2015: Resilient Routing and DiscoveryDocker, Inc.
 

La actualidad más candente (20)

How I build a Hyperledger Fabric blockchain network using Amazon Managed Bloc...
How I build a Hyperledger Fabric blockchain network using Amazon Managed Bloc...How I build a Hyperledger Fabric blockchain network using Amazon Managed Bloc...
How I build a Hyperledger Fabric blockchain network using Amazon Managed Bloc...
 
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINXDockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
DockerCon SF 2015: Interconnecting Containers at Scale w/ NGINX
 
Empower Your Docker Containers with Watson - DockerCon 2017 Austin
Empower Your Docker Containers with Watson - DockerCon 2017 AustinEmpower Your Docker Containers with Watson - DockerCon 2017 Austin
Empower Your Docker Containers with Watson - DockerCon 2017 Austin
 
Metal³ – Metal Kubed, Bare Metal Provisioning for Kubernetes | Kim Bảo Long
Metal³ – Metal Kubed, Bare Metal Provisioning for Kubernetes | Kim Bảo LongMetal³ – Metal Kubed, Bare Metal Provisioning for Kubernetes | Kim Bảo Long
Metal³ – Metal Kubed, Bare Metal Provisioning for Kubernetes | Kim Bảo Long
 
Replacing vCloud with OpenNebula
Replacing vCloud with OpenNebulaReplacing vCloud with OpenNebula
Replacing vCloud with OpenNebula
 
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
Communication Amongst Microservices: Kubernetes, Istio, and Spring Cloud - An...
 
Akri cncf-jobs-webinar-final
Akri cncf-jobs-webinar-finalAkri cncf-jobs-webinar-final
Akri cncf-jobs-webinar-final
 
M.Montalbano/M.Colombo Speroni/S.Sala - Combining React and Websocket to buil...
M.Montalbano/M.Colombo Speroni/S.Sala - Combining React and Websocket to buil...M.Montalbano/M.Colombo Speroni/S.Sala - Combining React and Websocket to buil...
M.Montalbano/M.Colombo Speroni/S.Sala - Combining React and Websocket to buil...
 
Introduction to istio
Introduction to istioIntroduction to istio
Introduction to istio
 
Istio
Istio Istio
Istio
 
Deploying calico on kubernetes
Deploying calico on kubernetesDeploying calico on kubernetes
Deploying calico on kubernetes
 
Get Off My Cloud - Launching your Startup on The Cloud
Get Off My Cloud - Launching your Startup on The CloudGet Off My Cloud - Launching your Startup on The Cloud
Get Off My Cloud - Launching your Startup on The Cloud
 
Istio Cloud Native Online Series - Intro to Istio Security
Istio Cloud Native Online Series - Intro to Istio SecurityIstio Cloud Native Online Series - Intro to Istio Security
Istio Cloud Native Online Series - Intro to Istio Security
 
Istio - A Service Mesh for Microservices as Scale
Istio - A Service Mesh for Microservices as ScaleIstio - A Service Mesh for Microservices as Scale
Istio - A Service Mesh for Microservices as Scale
 
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
DockerCon SF 2015 : Reliably shipping containers in a resource rich world usi...
 
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...
Multi-Clusters Made Easy with Liqo:
Getting Rid of Your Clusters Keeping Them...
 
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...
GopherCon 2017 - Writing Networking Clients in Go: The Design & Implementati...
 
NGINX Microservices Reference Architecture: Ask Me Anything
NGINX Microservices Reference Architecture: Ask Me AnythingNGINX Microservices Reference Architecture: Ask Me Anything
NGINX Microservices Reference Architecture: Ask Me Anything
 
All roads lead to the cloud
All roads lead to the cloudAll roads lead to the cloud
All roads lead to the cloud
 
DockerCon SF 2015: Resilient Routing and Discovery
DockerCon SF 2015: Resilient Routing and DiscoveryDockerCon SF 2015: Resilient Routing and Discovery
DockerCon SF 2015: Resilient Routing and Discovery
 

Destacado

Alipay and wepay
Alipay and wepayAlipay and wepay
Alipay and wepayashrafulmis
 
PayPal coverage report_odn_23may2013
PayPal coverage report_odn_23may2013PayPal coverage report_odn_23may2013
PayPal coverage report_odn_23may2013PayPalHK
 
Présentation d'Alipay, la monnaie digitale
Présentation d'Alipay, la monnaie digitalePrésentation d'Alipay, la monnaie digitale
Présentation d'Alipay, la monnaie digitaleAmélie Perrin
 
ZenithOptimedia - Mobile Wallets in China
ZenithOptimedia - Mobile Wallets in ChinaZenithOptimedia - Mobile Wallets in China
ZenithOptimedia - Mobile Wallets in ChinaZenithOptimediaChina
 
The Analysis of Alipay
The Analysis of AlipayThe Analysis of Alipay
The Analysis of Alipayabby0531
 
Alipay business analysis
Alipay business analysisAlipay business analysis
Alipay business analysisZhuo Dai
 
Alipay brings mobile wallet to china's stores
Alipay brings mobile wallet to china's storesAlipay brings mobile wallet to china's stores
Alipay brings mobile wallet to china's storesL'Atelier BNP Paribas
 
How Chinese Consumers Make Payment Online
How Chinese Consumers Make Payment OnlineHow Chinese Consumers Make Payment Online
How Chinese Consumers Make Payment OnlineRocky Fu
 
手机支付大战:支付宝和财付通
手机支付大战:支付宝和财付通手机支付大战:支付宝和财付通
手机支付大战:支付宝和财付通chencheng0614
 

Destacado (10)

Alipay and wepay
Alipay and wepayAlipay and wepay
Alipay and wepay
 
PayPal coverage report_odn_23may2013
PayPal coverage report_odn_23may2013PayPal coverage report_odn_23may2013
PayPal coverage report_odn_23may2013
 
Abby
AbbyAbby
Abby
 
Présentation d'Alipay, la monnaie digitale
Présentation d'Alipay, la monnaie digitalePrésentation d'Alipay, la monnaie digitale
Présentation d'Alipay, la monnaie digitale
 
ZenithOptimedia - Mobile Wallets in China
ZenithOptimedia - Mobile Wallets in ChinaZenithOptimedia - Mobile Wallets in China
ZenithOptimedia - Mobile Wallets in China
 
The Analysis of Alipay
The Analysis of AlipayThe Analysis of Alipay
The Analysis of Alipay
 
Alipay business analysis
Alipay business analysisAlipay business analysis
Alipay business analysis
 
Alipay brings mobile wallet to china's stores
Alipay brings mobile wallet to china's storesAlipay brings mobile wallet to china's stores
Alipay brings mobile wallet to china's stores
 
How Chinese Consumers Make Payment Online
How Chinese Consumers Make Payment OnlineHow Chinese Consumers Make Payment Online
How Chinese Consumers Make Payment Online
 
手机支付大战:支付宝和财付通
手机支付大战:支付宝和财付通手机支付大战:支付宝和财付通
手机支付大战:支付宝和财付通
 

Similar a Kubernetes @ gcp next -- WePay

Kubernetes: від знайомства до використання у CI/CD
Kubernetes: від знайомства до використання у CI/CDKubernetes: від знайомства до використання у CI/CD
Kubernetes: від знайомства до використання у CI/CDStfalcon Meetups
 
Building Cloud-Native Applications with Kubernetes, Helm and Kubeless
Building Cloud-Native Applications with Kubernetes, Helm and KubelessBuilding Cloud-Native Applications with Kubernetes, Helm and Kubeless
Building Cloud-Native Applications with Kubernetes, Helm and KubelessBitnami
 
Container orchestration and microservices world
Container orchestration and microservices worldContainer orchestration and microservices world
Container orchestration and microservices worldKarol Chrapek
 
在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed Kubernetes在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed KubernetesLINE Corporation
 
Container world hybridnetworking_rev2
Container world hybridnetworking_rev2Container world hybridnetworking_rev2
Container world hybridnetworking_rev2Prem Sankar Gopannan
 
Running Kubernetes in Kubernetes
Running Kubernetes in KubernetesRunning Kubernetes in Kubernetes
Running Kubernetes in KubernetesQAware GmbH
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesHelder Klemp
 
Kubernetes: https://youtu.be/KnjnQj-FvfQ
Kubernetes: https://youtu.be/KnjnQj-FvfQKubernetes: https://youtu.be/KnjnQj-FvfQ
Kubernetes: https://youtu.be/KnjnQj-FvfQRahul Malhotra
 
Netflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger ThingNetflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger Thingaspyker
 
Netflix and Containers: Not Stranger Things
Netflix and Containers: Not Stranger ThingsNetflix and Containers: Not Stranger Things
Netflix and Containers: Not Stranger ThingsAll Things Open
 
Building a Cloud Native Service - Docker Meetup Santa Clara (July 20, 2017)
Building a Cloud Native Service - Docker Meetup Santa Clara (July 20, 2017)Building a Cloud Native Service - Docker Meetup Santa Clara (July 20, 2017)
Building a Cloud Native Service - Docker Meetup Santa Clara (July 20, 2017)Yong Tang
 
Consolidating Infrastructure with Azure Kubernetes Service
Consolidating Infrastructure with Azure Kubernetes ServiceConsolidating Infrastructure with Azure Kubernetes Service
Consolidating Infrastructure with Azure Kubernetes ServiceEng Teong Cheah
 
OSDC 2017: Automating Kubernetes Cluster Operations with Operators by Timo De...
OSDC 2017: Automating Kubernetes Cluster Operations with Operators by Timo De...OSDC 2017: Automating Kubernetes Cluster Operations with Operators by Timo De...
OSDC 2017: Automating Kubernetes Cluster Operations with Operators by Timo De...NETWAYS
 
OSDC 2017 - Timo Derstappen - Automating kubernetes cluster operations with o...
OSDC 2017 - Timo Derstappen - Automating kubernetes cluster operations with o...OSDC 2017 - Timo Derstappen - Automating kubernetes cluster operations with o...
OSDC 2017 - Timo Derstappen - Automating kubernetes cluster operations with o...NETWAYS
 
Kubernetes for the VI Admin
Kubernetes for the VI AdminKubernetes for the VI Admin
Kubernetes for the VI AdminKendrick Coleman
 
Production ready tooling for microservices on kubernetes
Production ready tooling for microservices on kubernetesProduction ready tooling for microservices on kubernetes
Production ready tooling for microservices on kubernetesChandresh Pancholi
 
Kubernetes and bluemix
Kubernetes and bluemixKubernetes and bluemix
Kubernetes and bluemixDuckDuckGo
 
Mattia Gandolfi - Improving utilization and portability with Containers and C...
Mattia Gandolfi - Improving utilization and portability with Containers and C...Mattia Gandolfi - Improving utilization and portability with Containers and C...
Mattia Gandolfi - Improving utilization and portability with Containers and C...Codemotion
 

Similar a Kubernetes @ gcp next -- WePay (20)

Kubernetes: від знайомства до використання у CI/CD
Kubernetes: від знайомства до використання у CI/CDKubernetes: від знайомства до використання у CI/CD
Kubernetes: від знайомства до використання у CI/CD
 
Building Cloud-Native Applications with Kubernetes, Helm and Kubeless
Building Cloud-Native Applications with Kubernetes, Helm and KubelessBuilding Cloud-Native Applications with Kubernetes, Helm and Kubeless
Building Cloud-Native Applications with Kubernetes, Helm and Kubeless
 
Container orchestration and microservices world
Container orchestration and microservices worldContainer orchestration and microservices world
Container orchestration and microservices world
 
在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed Kubernetes在 LINE 私有雲中使用 Managed Kubernetes
在 LINE 私有雲中使用 Managed Kubernetes
 
Container world hybridnetworking_rev2
Container world hybridnetworking_rev2Container world hybridnetworking_rev2
Container world hybridnetworking_rev2
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
Running Kubernetes in Kubernetes
Running Kubernetes in KubernetesRunning Kubernetes in Kubernetes
Running Kubernetes in Kubernetes
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
Kubernetes: https://youtu.be/KnjnQj-FvfQ
Kubernetes: https://youtu.be/KnjnQj-FvfQKubernetes: https://youtu.be/KnjnQj-FvfQ
Kubernetes: https://youtu.be/KnjnQj-FvfQ
 
Netflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger ThingNetflix and Containers: Not A Stranger Thing
Netflix and Containers: Not A Stranger Thing
 
Netflix and Containers: Not Stranger Things
Netflix and Containers: Not Stranger ThingsNetflix and Containers: Not Stranger Things
Netflix and Containers: Not Stranger Things
 
Building a Cloud Native Service - Docker Meetup Santa Clara (July 20, 2017)
Building a Cloud Native Service - Docker Meetup Santa Clara (July 20, 2017)Building a Cloud Native Service - Docker Meetup Santa Clara (July 20, 2017)
Building a Cloud Native Service - Docker Meetup Santa Clara (July 20, 2017)
 
Consolidating Infrastructure with Azure Kubernetes Service
Consolidating Infrastructure with Azure Kubernetes ServiceConsolidating Infrastructure with Azure Kubernetes Service
Consolidating Infrastructure with Azure Kubernetes Service
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
OSDC 2017: Automating Kubernetes Cluster Operations with Operators by Timo De...
OSDC 2017: Automating Kubernetes Cluster Operations with Operators by Timo De...OSDC 2017: Automating Kubernetes Cluster Operations with Operators by Timo De...
OSDC 2017: Automating Kubernetes Cluster Operations with Operators by Timo De...
 
OSDC 2017 - Timo Derstappen - Automating kubernetes cluster operations with o...
OSDC 2017 - Timo Derstappen - Automating kubernetes cluster operations with o...OSDC 2017 - Timo Derstappen - Automating kubernetes cluster operations with o...
OSDC 2017 - Timo Derstappen - Automating kubernetes cluster operations with o...
 
Kubernetes for the VI Admin
Kubernetes for the VI AdminKubernetes for the VI Admin
Kubernetes for the VI Admin
 
Production ready tooling for microservices on kubernetes
Production ready tooling for microservices on kubernetesProduction ready tooling for microservices on kubernetes
Production ready tooling for microservices on kubernetes
 
Kubernetes and bluemix
Kubernetes and bluemixKubernetes and bluemix
Kubernetes and bluemix
 
Mattia Gandolfi - Improving utilization and portability with Containers and C...
Mattia Gandolfi - Improving utilization and portability with Containers and C...Mattia Gandolfi - Improving utilization and portability with Containers and C...
Mattia Gandolfi - Improving utilization and portability with Containers and C...
 

Último

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Último (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

Kubernetes @ gcp next -- WePay

  • 2. 2 WePay has been using Kubernetes via Google Container Engine since 1.0 (July 2015) Payments company with PCI data Just embarking on the Monolith -> Microservices path Three iterations of deployment 1. Manual docker 2. Ansible + docker: 1 container per VM 3. Kubernetes WePay: About Us
  • 3. 3 Need for intra-cluster TLS Separation of responsibility: keep SSL out of the app Solution: Use an NGINX “sidecar” in each pod to terminate TLS In-house root CA for kubernetes DNS domain NGINX “sidecar” acts as the load balancer’s backend for the service WePay: Our Experiences
  • 4. 4 Reduce PCI scope Keep the number of machines the auditors inspect as small as possible Solution: Dedicated K8s PCI cluster(s) Need cluster-to-cluster configuration discovery Hard-coding inter-service endpoints in configuration WePay: Our Experiences
  • 5. 5 Manage Secrets Securely GKE is not covered by Google’s PCI umbrella (yet) Solution: Hashicorp Vault Encryption as a service through authenticated API calls Secrets are vended as needed WePay: Our Experiences