SlideShare una empresa de Scribd logo

Kubernetes in Production @ Blendle (GDG Meetup)

Niels Stevens
Niels Stevens

Slides for Google Developer Groups Meetup @ Brussels, presenting some lessons learned by using Kubernetes on Google Cloud in production for 3 years at Blendle.

Tecnología
1 de 19
@stvnsn niels-s Kubernetes in Production Niels Stevens
@stvnsn niels-s Hello! Niels Stevens Software Engineer at Blendle • What is Blendle? • Our journey towards Kubernetes • Lessons learned • What's next?
@stvnsn niels-s What is Blendle? Mission: "Help you discover and support the worlds best journalism"
@stvnsn niels-s Our infrastructure history • Started out from bare metal • Moved over to AWS • Lift/shift to GCP • Move “everything” to GKE (k8s)
@stvnsn niels-s When we started with k8s • We launched a separate product • New API & Client • Kubernetes version 0.9 This button!
@stvnsn niels-s Our Current Setup • 3 clusters, hosted by GKE • “old” production cluster, 1.6.4, 16 nodes • “new” production cluster, 1.7.5, 5 nodes • ci cluster, 1.6.9, 5 nodes
@stvnsn niels-s $ kubectl get namespaces | wc -l 109 $ kubectl get ingress --all-namespaces | wc -l 69 $ kubectl get services --all-namespaces | wc -l 174 $ kubectl get deployments --all-namespaces | wc -l 316 $ kubectl get pods --all-namespaces | wc -l 843 * combined numbers of our 2 production clusters Some numbers
@stvnsn niels-s Preemptible Nodes But needed to solve some issues • improve resiliency of kube-dns • increase replicas of pods >= 3 • use podAntiAffinity • and nodeAffinity • more smaller nodes They… • ... are cheap » saves around 75% in $$$ • ... help us (force us) to make robust and versatile software
@stvnsn niels-s Liveness / Readiness Probes • Don’t use “empty” health checks • If you project has dependencies, check them! • Don’t limit the probes to api /web facing services
@stvnsn niels-s Deployments • CI? 
 » Our own Jenkins setup
 » “previously” on Travis / Wercker • github/scripts-to-rule-them-all
 » script/test script/deploy • Secrets fetched from password store on every deploy • K8s Resources stored on Github » every change via a pull-request
@stvnsn niels-s Namespaces $ kubectl get namespaces | wc -l 109 • Split between production, staging, approval, …. ex: core-api-production, experiment-api-staging • A namespace per project or service • experimenting with RBAC github.com/blendle/kns #protip: Get a tool to switch between namespaces!
@stvnsn niels-s Templating language • First used simple Environment Variable substitution • https://github.com/blendle/epp
@stvnsn niels-s Some small stuff • Configure you resource request and limits! • LimitRange • Resource Quotas • Configure a RevisionHistoryLimit • Structured logging with StackDriver • Please don’t ever use latest tag for your images!
@stvnsn niels-s Cattle Shepherd
@stvnsn niels-s Kubecrt
@stvnsn niels-s Blendle Stream Process configuration
@stvnsn niels-s What’s next? • External Admission Webhooks / CustomResourceDefinitions • Istio • Prometheus • Cron Jobs (beta 1.8 ) • Network policies • HorizontalPodAutoscaling with new Metrics API • Chatops/ GH Bot to setup PR to test namespace
@stvnsn niels-s Thanks! niels@blendle.com namespace switcher: github.com/blendle/kns epp: github.com/blendle/epp kubecrt: github.com/blendle/kubecrt
@stvnsn niels-s

Recomendados

Composing services with Kubernetes
Composing services with KubernetesComposing services with Kubernetes
Composing services with KubernetesBart Spaans
 
Managing Docker Containers In A Cluster - Introducing Kubernetes
Managing Docker Containers In A Cluster - Introducing KubernetesManaging Docker Containers In A Cluster - Introducing Kubernetes
Managing Docker Containers In A Cluster - Introducing KubernetesMarc Sluiter
 
Marc Sluiter - 15 Kubernetes Features in 15 Minutes
Marc Sluiter - 15 Kubernetes Features in 15 MinutesMarc Sluiter - 15 Kubernetes Features in 15 Minutes
Marc Sluiter - 15 Kubernetes Features in 15 MinutesMarc Sluiter
 
Kubernetes 101 for Developers
Kubernetes 101 for DevelopersKubernetes 101 for Developers
Kubernetes 101 for DevelopersRoss Kukulinski
 
Architecting a Cloud Native Internet Archive
Architecting a Cloud Native Internet ArchiveArchitecting a Cloud Native Internet Archive
Architecting a Cloud Native Internet ArchiveRoss Kukulinski
 
Building Clustered Applications with Kubernetes and Docker
Building Clustered Applications with Kubernetes and DockerBuilding Clustered Applications with Kubernetes and Docker
Building Clustered Applications with Kubernetes and DockerSteve Watt
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101Jacopo Nardiello
 
RancherOS July 2017
RancherOS July 2017RancherOS July 2017
RancherOS July 2017Sebastiaan van Steenis
 

Recomendados

Composing services with Kubernetes
Composing services with KubernetesComposing services with Kubernetes
Composing services with KubernetesBart Spaans
 
Managing Docker Containers In A Cluster - Introducing Kubernetes
Managing Docker Containers In A Cluster - Introducing KubernetesManaging Docker Containers In A Cluster - Introducing Kubernetes
Managing Docker Containers In A Cluster - Introducing KubernetesMarc Sluiter
 
Marc Sluiter - 15 Kubernetes Features in 15 Minutes
Marc Sluiter - 15 Kubernetes Features in 15 MinutesMarc Sluiter - 15 Kubernetes Features in 15 Minutes
Marc Sluiter - 15 Kubernetes Features in 15 MinutesMarc Sluiter
 
Kubernetes 101 for Developers
Kubernetes 101 for DevelopersKubernetes 101 for Developers
Kubernetes 101 for DevelopersRoss Kukulinski
 
Architecting a Cloud Native Internet Archive
Architecting a Cloud Native Internet ArchiveArchitecting a Cloud Native Internet Archive
Architecting a Cloud Native Internet ArchiveRoss Kukulinski
 
Building Clustered Applications with Kubernetes and Docker
Building Clustered Applications with Kubernetes and DockerBuilding Clustered Applications with Kubernetes and Docker
Building Clustered Applications with Kubernetes and DockerSteve Watt
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101Jacopo Nardiello
 
RancherOS July 2017
RancherOS July 2017RancherOS July 2017
RancherOS July 2017Sebastiaan van Steenis
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to KubernetesRoss Kukulinski
 
Orchestrating VM & Container Deployments
Orchestrating VM & Container DeploymentsOrchestrating VM & Container Deployments
Orchestrating VM & Container DeploymentsLars Wander
 
How to integrate Kubernetes in OpenStack: You need to know these project
How to integrate Kubernetes in OpenStack: You need to know these projectHow to integrate Kubernetes in OpenStack: You need to know these project
How to integrate Kubernetes in OpenStack: You need to know these projectinwin stack
 
Kubernetes stack reliability
Kubernetes stack reliabilityKubernetes stack reliability
Kubernetes stack reliabilityOleg Chunikhin
 
Kubernetes in Highly Restrictive Environments
Kubernetes in Highly Restrictive EnvironmentsKubernetes in Highly Restrictive Environments
Kubernetes in Highly Restrictive EnvironmentsKublr
 
Stateful set in kubernetes implementation & usecases
Stateful set in kubernetes implementation & usecases Stateful set in kubernetes implementation & usecases
Stateful set in kubernetes implementation & usecases Krishna-Kumar
 
Kubernetes 101 and Fun
Kubernetes 101 and FunKubernetes 101 and Fun
Kubernetes 101 and FunMario-Leander Reimer
 
Kubernetes and the hybrid cloud with Skupper | DevNation tech talk
Kubernetes and the hybrid cloud with Skupper | DevNation tech talkKubernetes and the hybrid cloud with Skupper | DevNation tech talk
Kubernetes and the hybrid cloud with Skupper | DevNation tech talkRed Hat Developers
 
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Portable CI/CD Environment as Code with Kubernetes, Kublr and JenkinsPortable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Portable CI/CD Environment as Code with Kubernetes, Kublr and JenkinsKublr
 
Tupperware: Containerized Deployment at FB
Tupperware: Containerized Deployment at FBTupperware: Containerized Deployment at FB
Tupperware: Containerized Deployment at FBDocker, Inc.
 
How to Achieve Canary Deployment on Kubernetes
How to Achieve Canary Deployment on KubernetesHow to Achieve Canary Deployment on Kubernetes
How to Achieve Canary Deployment on KubernetesHanLing Shen
 
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...Brian Grant
 
Kubernetes 101 Workshop
Kubernetes 101 WorkshopKubernetes 101 Workshop
Kubernetes 101 WorkshopVishal Biyani
 
Giving Back to Upstream | DockerCon 2019
Giving Back to Upstream | DockerCon 2019Giving Back to Upstream | DockerCon 2019
Giving Back to Upstream | DockerCon 2019Phil Estes
 
Kubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionKubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionStefan Schimanski
 
Building Portable Applications with Kubernetes
Building Portable Applications with KubernetesBuilding Portable Applications with Kubernetes
Building Portable Applications with KubernetesKublr
 
Kubernetes persistence 101
Kubernetes persistence 101Kubernetes persistence 101
Kubernetes persistence 101Kublr
 
The top 5 Kubernetes metrics to monitor
The top 5 Kubernetes metrics to monitorThe top 5 Kubernetes metrics to monitor
The top 5 Kubernetes metrics to monitorSysdig
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101Crevise Technologies
 
KubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeAcademy
 
Webinar kubernetes and-spark
Webinar kubernetes and-sparkWebinar kubernetes and-spark
Webinar kubernetes and-sparkcnvrg.io AI OS - Hands-on ML Workshops
 
How to set up Kubernetes for all your machine learning workflows
How to set up Kubernetes for all your machine learning workflowsHow to set up Kubernetes for all your machine learning workflows
How to set up Kubernetes for all your machine learning workflowscnvrg.io AI OS - Hands-on ML Workshops
 

Más contenido relacionado

La actualidad más candente

Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to KubernetesRoss Kukulinski
 
Orchestrating VM & Container Deployments
Orchestrating VM & Container DeploymentsOrchestrating VM & Container Deployments
Orchestrating VM & Container DeploymentsLars Wander
 
How to integrate Kubernetes in OpenStack: You need to know these project
How to integrate Kubernetes in OpenStack: You need to know these projectHow to integrate Kubernetes in OpenStack: You need to know these project
How to integrate Kubernetes in OpenStack: You need to know these projectinwin stack
 
Kubernetes stack reliability
Kubernetes stack reliabilityKubernetes stack reliability
Kubernetes stack reliabilityOleg Chunikhin
 
Kubernetes in Highly Restrictive Environments
Kubernetes in Highly Restrictive EnvironmentsKubernetes in Highly Restrictive Environments
Kubernetes in Highly Restrictive EnvironmentsKublr
 
Stateful set in kubernetes implementation & usecases
Stateful set in kubernetes implementation & usecases Stateful set in kubernetes implementation & usecases
Stateful set in kubernetes implementation & usecases Krishna-Kumar
 
Kubernetes and the hybrid cloud with Skupper | DevNation tech talk
Kubernetes and the hybrid cloud with Skupper | DevNation tech talkKubernetes and the hybrid cloud with Skupper | DevNation tech talk
Kubernetes and the hybrid cloud with Skupper | DevNation tech talkRed Hat Developers
 
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Portable CI/CD Environment as Code with Kubernetes, Kublr and JenkinsPortable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Portable CI/CD Environment as Code with Kubernetes, Kublr and JenkinsKublr
 
Tupperware: Containerized Deployment at FB
Tupperware: Containerized Deployment at FBTupperware: Containerized Deployment at FB
Tupperware: Containerized Deployment at FBDocker, Inc.
 
How to Achieve Canary Deployment on Kubernetes
How to Achieve Canary Deployment on KubernetesHow to Achieve Canary Deployment on Kubernetes
How to Achieve Canary Deployment on KubernetesHanLing Shen
 
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...Brian Grant
 
Kubernetes 101 Workshop
Kubernetes 101 WorkshopKubernetes 101 Workshop
Kubernetes 101 WorkshopVishal Biyani
 
Giving Back to Upstream | DockerCon 2019
Giving Back to Upstream | DockerCon 2019Giving Back to Upstream | DockerCon 2019
Giving Back to Upstream | DockerCon 2019Phil Estes
 
Kubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionKubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionStefan Schimanski
 
Building Portable Applications with Kubernetes
Building Portable Applications with KubernetesBuilding Portable Applications with Kubernetes
Building Portable Applications with KubernetesKublr
 
Kubernetes persistence 101
Kubernetes persistence 101Kubernetes persistence 101
Kubernetes persistence 101Kublr
 
The top 5 Kubernetes metrics to monitor
The top 5 Kubernetes metrics to monitorThe top 5 Kubernetes metrics to monitor
The top 5 Kubernetes metrics to monitorSysdig
 
KubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeAcademy
 

La actualidad más candente (20)

Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
 
Orchestrating VM & Container Deployments
Orchestrating VM & Container DeploymentsOrchestrating VM & Container Deployments
Orchestrating VM & Container Deployments
 
How to integrate Kubernetes in OpenStack: You need to know these project
How to integrate Kubernetes in OpenStack: You need to know these projectHow to integrate Kubernetes in OpenStack: You need to know these project
How to integrate Kubernetes in OpenStack: You need to know these project
 
Kubernetes stack reliability
Kubernetes stack reliabilityKubernetes stack reliability
Kubernetes stack reliability
 
Kubernetes in Highly Restrictive Environments
Kubernetes in Highly Restrictive EnvironmentsKubernetes in Highly Restrictive Environments
Kubernetes in Highly Restrictive Environments
 
Stateful set in kubernetes implementation & usecases
Stateful set in kubernetes implementation & usecases Stateful set in kubernetes implementation & usecases
Stateful set in kubernetes implementation & usecases
 
Kubernetes 101 and Fun
Kubernetes 101 and FunKubernetes 101 and Fun
Kubernetes 101 and Fun
 
Kubernetes and the hybrid cloud with Skupper | DevNation tech talk
Kubernetes and the hybrid cloud with Skupper | DevNation tech talkKubernetes and the hybrid cloud with Skupper | DevNation tech talk
Kubernetes and the hybrid cloud with Skupper | DevNation tech talk
 
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Portable CI/CD Environment as Code with Kubernetes, Kublr and JenkinsPortable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
 
Tupperware: Containerized Deployment at FB
Tupperware: Containerized Deployment at FBTupperware: Containerized Deployment at FB
Tupperware: Containerized Deployment at FB
 
How to Achieve Canary Deployment on Kubernetes
How to Achieve Canary Deployment on KubernetesHow to Achieve Canary Deployment on Kubernetes
How to Achieve Canary Deployment on Kubernetes
 
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
 
Kubernetes 101 Workshop
Kubernetes 101 WorkshopKubernetes 101 Workshop
Kubernetes 101 Workshop
 
Giving Back to Upstream | DockerCon 2019
Giving Back to Upstream | DockerCon 2019Giving Back to Upstream | DockerCon 2019
Giving Back to Upstream | DockerCon 2019
 
Kubernetes Architecture and Introduction
Kubernetes Architecture and IntroductionKubernetes Architecture and Introduction
Kubernetes Architecture and Introduction
 
Building Portable Applications with Kubernetes
Building Portable Applications with KubernetesBuilding Portable Applications with Kubernetes
Building Portable Applications with Kubernetes
 
Kubernetes persistence 101
Kubernetes persistence 101Kubernetes persistence 101
Kubernetes persistence 101
 
The top 5 Kubernetes metrics to monitor
The top 5 Kubernetes metrics to monitorThe top 5 Kubernetes metrics to monitor
The top 5 Kubernetes metrics to monitor
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
KubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to KubernetesKubeCon EU 2016: Heroku to Kubernetes
KubeCon EU 2016: Heroku to Kubernetes
 

Similar a Kubernetes in Production @ Blendle (GDG Meetup)

Innovating faster with SBT, Continuous Delivery, and LXC
Innovating faster with SBT, Continuous Delivery, and LXCInnovating faster with SBT, Continuous Delivery, and LXC
Innovating faster with SBT, Continuous Delivery, and LXCkscaldef
 
The Butler is still young – applying modern Jenkins features to the Embedded ...
The Butler is still young – applying modern Jenkins features to the Embedded ...The Butler is still young – applying modern Jenkins features to the Embedded ...
The Butler is still young – applying modern Jenkins features to the Embedded ...Oleg Nenashev
 
Kube Overview and Kube Conformance Certification OpenSource101 Raleigh
Kube Overview and Kube Conformance Certification OpenSource101 RaleighKube Overview and Kube Conformance Certification OpenSource101 Raleigh
Kube Overview and Kube Conformance Certification OpenSource101 RaleighBrad Topol
 
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵 [AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵Amazon Web Services Korea
 
Introduction kubernetes 2017_12_24
Introduction kubernetes 2017_12_24Introduction kubernetes 2017_12_24
Introduction kubernetes 2017_12_24Sam Zheng
 
CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?
CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?
CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?Phil Estes
 
10 tips for Cloud Native Security
10 tips for Cloud Native Security10 tips for Cloud Native Security
10 tips for Cloud Native SecurityKarthik Gaekwad
 
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMwareVMUG IT
 
Aws user group #01 lets talk serverless
Aws user group #01 lets talk serverlessAws user group #01 lets talk serverless
Aws user group #01 lets talk serverlessPolarSeven Pty Ltd
 
DevJam 2019 - Introduction to Kubernetes
DevJam 2019 - Introduction to KubernetesDevJam 2019 - Introduction to Kubernetes
DevJam 2019 - Introduction to KubernetesRonny Trommer
 
Docker kubernetes fundamental(pod_service)_190307
Docker kubernetes fundamental(pod_service)_190307Docker kubernetes fundamental(pod_service)_190307
Docker kubernetes fundamental(pod_service)_190307Inhye Park
 
Next generation pipelines
Next generation pipelinesNext generation pipelines
Next generation pipelinesAlex Landa
 
OpenStack and Containers
OpenStack and ContainersOpenStack and Containers
OpenStack and ContainersLachlan Evenson
 
K8s in 2hours
K8s in 2hoursK8s in 2hours
K8s in 2hoursDEV Cafe
 
Aws container webinar day 1
Aws container webinar day 1Aws container webinar day 1
Aws container webinar day 1HoseokSeo7
 
Kubernetes and devops
Kubernetes and devopsKubernetes and devops
Kubernetes and devopsmacchiang
 

Similar a Kubernetes in Production @ Blendle (GDG Meetup) (20)

Webinar kubernetes and-spark
Webinar kubernetes and-sparkWebinar kubernetes and-spark
Webinar kubernetes and-spark
 
How to set up Kubernetes for all your machine learning workflows
How to set up Kubernetes for all your machine learning workflowsHow to set up Kubernetes for all your machine learning workflows
How to set up Kubernetes for all your machine learning workflows
 
Innovating faster with SBT, Continuous Delivery, and LXC
Innovating faster with SBT, Continuous Delivery, and LXCInnovating faster with SBT, Continuous Delivery, and LXC
Innovating faster with SBT, Continuous Delivery, and LXC
 
CD with spinnaker
CD with spinnakerCD with spinnaker
CD with spinnaker
 
The Butler is still young – applying modern Jenkins features to the Embedded ...
The Butler is still young – applying modern Jenkins features to the Embedded ...The Butler is still young – applying modern Jenkins features to the Embedded ...
The Butler is still young – applying modern Jenkins features to the Embedded ...
 
Kube Overview and Kube Conformance Certification OpenSource101 Raleigh
Kube Overview and Kube Conformance Certification OpenSource101 RaleighKube Overview and Kube Conformance Certification OpenSource101 Raleigh
Kube Overview and Kube Conformance Certification OpenSource101 Raleigh
 
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵 [AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
[AWS Dev Day] 실습워크샵 | Amazon EKS 핸즈온 워크샵
 
Kubernetes Security
Kubernetes SecurityKubernetes Security
Kubernetes Security
 
Introduction kubernetes 2017_12_24
Introduction kubernetes 2017_12_24Introduction kubernetes 2017_12_24
Introduction kubernetes 2017_12_24
 
CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?
CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?
CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?
 
10 tips for Cloud Native Security
10 tips for Cloud Native Security10 tips for Cloud Native Security
10 tips for Cloud Native Security
 
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
 
Aws user group #01 lets talk serverless
Aws user group #01 lets talk serverlessAws user group #01 lets talk serverless
Aws user group #01 lets talk serverless
 
DevJam 2019 - Introduction to Kubernetes
DevJam 2019 - Introduction to KubernetesDevJam 2019 - Introduction to Kubernetes
DevJam 2019 - Introduction to Kubernetes
 
Docker kubernetes fundamental(pod_service)_190307
Docker kubernetes fundamental(pod_service)_190307Docker kubernetes fundamental(pod_service)_190307
Docker kubernetes fundamental(pod_service)_190307
 
Next generation pipelines
Next generation pipelinesNext generation pipelines
Next generation pipelines
 
OpenStack and Containers
OpenStack and ContainersOpenStack and Containers
OpenStack and Containers
 
K8s in 2hours
K8s in 2hoursK8s in 2hours
K8s in 2hours
 
Aws container webinar day 1
Aws container webinar day 1Aws container webinar day 1
Aws container webinar day 1
 
Kubernetes and devops
Kubernetes and devopsKubernetes and devops
Kubernetes and devops
 

Último

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 

Último (20)

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 

Kubernetes in Production @ Blendle (GDG Meetup)

  • 2. @stvnsn niels-s Hello! Niels Stevens Software Engineer at Blendle • What is Blendle? • Our journey towards Kubernetes • Lessons learned • What's next?
  • 3. @stvnsn niels-s What is Blendle? Mission: "Help you discover and support the worlds best journalism"
  • 4. @stvnsn niels-s Our infrastructure history • Started out from bare metal • Moved over to AWS • Lift/shift to GCP • Move “everything” to GKE (k8s)
  • 5. @stvnsn niels-s When we started with k8s • We launched a separate product • New API & Client • Kubernetes version 0.9 This button!
  • 6. @stvnsn niels-s Our Current Setup • 3 clusters, hosted by GKE • “old” production cluster, 1.6.4, 16 nodes • “new” production cluster, 1.7.5, 5 nodes • ci cluster, 1.6.9, 5 nodes
  • 7. @stvnsn niels-s $ kubectl get namespaces | wc -l 109 $ kubectl get ingress --all-namespaces | wc -l 69 $ kubectl get services --all-namespaces | wc -l 174 $ kubectl get deployments --all-namespaces | wc -l 316 $ kubectl get pods --all-namespaces | wc -l 843 * combined numbers of our 2 production clusters Some numbers
  • 8. @stvnsn niels-s Preemptible Nodes But needed to solve some issues • improve resiliency of kube-dns • increase replicas of pods >= 3 • use podAntiAffinity • and nodeAffinity • more smaller nodes They… • ... are cheap » saves around 75% in $$$ • ... help us (force us) to make robust and versatile software
  • 9. @stvnsn niels-s Liveness / Readiness Probes • Don’t use “empty” health checks • If you project has dependencies, check them! • Don’t limit the probes to api /web facing services
  • 10. @stvnsn niels-s Deployments • CI? 
 » Our own Jenkins setup
 » “previously” on Travis / Wercker • github/scripts-to-rule-them-all
 » script/test script/deploy • Secrets fetched from password store on every deploy • K8s Resources stored on Github » every change via a pull-request
  • 11. @stvnsn niels-s Namespaces $ kubectl get namespaces | wc -l 109 • Split between production, staging, approval, …. ex: core-api-production, experiment-api-staging • A namespace per project or service • experimenting with RBAC github.com/blendle/kns #protip: Get a tool to switch between namespaces!
  • 12. @stvnsn niels-s Templating language • First used simple Environment Variable substitution • https://github.com/blendle/epp
  • 13. @stvnsn niels-s Some small stuff • Configure you resource request and limits! • LimitRange • Resource Quotas • Configure a RevisionHistoryLimit • Structured logging with StackDriver • Please don’t ever use latest tag for your images!
  • 16. @stvnsn niels-s Blendle Stream Process configuration
  • 17. @stvnsn niels-s What’s next? • External Admission Webhooks / CustomResourceDefinitions • Istio • Prometheus • Cron Jobs (beta 1.8 ) • Network policies • HorizontalPodAutoscaling with new Metrics API • Chatops/ GH Bot to setup PR to test namespace
  • 18. @stvnsn niels-s Thanks! niels@blendle.com namespace switcher: github.com/blendle/kns epp: github.com/blendle/epp kubecrt: github.com/blendle/kubecrt