Successful K8S Platforms in Airgapped Environments
1 like20 views
The document addresses the challenges of managing Kubernetes (k8s) platforms in airgapped environments, particularly for U.S. government users, who face complexities in deployment and operational management. It emphasizes the importance of the Cluster API for bootstrapping new environments, managing permissions, and troubleshooting. Key recommendations include creating node images externally, utilizing cloud API endpoints for access, and establishing a robust Day 2 operational strategy with immutable infrastructure and GitOps practices.
1 of 29
Download to read offline
![14
If you absolutely must build the image inside the
firewall, you can do that. But you need:
- an OS repo (apt, yum)
- k8s bits (either packaged, or zip)
- a place to host said bits
- to configure Packer
- to trust your private cloud
- [possibly] to disable the use of GP3 disk
Step 3 -Build the Node Image - Addendum](https://image.slidesharecdn.com/k8scommunitydaysdc2022-airgappedk8s-220920160405-423f39c2/85/Successful-K8S-Platforms-in-Airgapped-Environments-14-320.jpg)
Recommended
Kubernetes: Learning from Zero to Production
Kubernetes: Learning from Zero to ProductionRosemary Wang The document discusses building a Kubernetes platform from scratch, focusing on production capabilities, cloud hosting, and avoiding vendor lock-in. It outlines steps for setting up a local cluster, deploying applications, managing logging and metrics, and handling scaling and security. Key concepts include using Minikube for local development, Kops for cloud deployment, and various Kubernetes features for managing containerized applications.
Xpdays: Kubernetes CI-CD Frameworks Case Study
Xpdays: Kubernetes CI-CD Frameworks Case StudyDenys Vasyliev The document outlines the professional background of Denys Vasyliev, highlighting over ten years of experience in the telecom industry and expertise in software engineering, with roles in startups and major telecom companies. It details technical requirements for cloud solutions, Kubernetes metrics, and various tools related to DevOps, infrastructure automation, and service management. The document also mentions specific technologies and platforms like Helm, Istio, and Knative, emphasizing their relevance in modern cloud-native application development.
Production grade edge computing on Kubernetes OSS EU 2018
Production grade edge computing on Kubernetes OSS EU 2018Steve Wong This document discusses the implementation of production-grade edge computing using Kubernetes, highlighting its benefits in reducing latency and addressing challenges compared to centralized cloud resources. It emphasizes the critical components of Kubernetes architecture, security considerations, and disaster recovery strategies necessary for successful edge deployments. The author provides practical recommendations for managing resources effectively while ensuring secure and high-performing edge operations.
Kubernetes Presentation
Kubernetes PresentationCrevise Technologies Kubernetes is an open-source platform for automating the deployment, scaling, and management of containerized applications, enabling efficient organization and discovery of containers. It features capabilities such as automatic bin packing, self-healing, service discovery, and simplified scaling, ensuring high availability and resource optimization. The architecture includes a master node for maintaining cluster state and worker nodes that run applications, utilizing pods as the basic building blocks to manage containerized processes.
Why kubernetes matters
Why kubernetes mattersPlatform9 The document discusses the significance of Kubernetes and containers in transforming DevOps practices by emphasizing a 'write once, run anywhere' strategy to eliminate infrastructure lock-in. It highlights the benefits of modular application design, fault tolerance, and enhanced deployment control that Kubernetes provides. Additionally, it outlines Platform9's managed Kubernetes service, positioning it as a comprehensive solution for deploying and managing cloud infrastructure.
Kubernetes extensibility: crd & operators
Kubernetes extensibility: crd & operators Giacomo Tirabassi The document discusses building Kubernetes operators and custom resource definitions (CRDs) to manage application lifecycles, emphasizing the operator pattern to automate complex tasks in distributed systems. It highlights Kubernetes' extensibility, controllers' roles in reconciling desired and real states, and practical examples of custom controllers. The talk addresses challenges in automation and the need for efficient operations, ultimately advocating for operators as a solution to simplify infrastructure management.
Kubernetes extensibility: CRDs & Operators
Kubernetes extensibility: CRDs & OperatorsSIGHUP The document discusses the use of Kubernetes Custom Resource Definitions (CRDs) and operators to automate application lifecycle management in a cloud-native environment. It highlights Kubernetes extensibility features, operator patterns, and the properties and capabilities of controllers for managing resources efficiently. The presentation aims to address the challenges of repetitive manual operations and proposes the use of operators as a solution for scaling, management, and stateful applications.
A GitOps model for High Availability and Disaster Recovery on EKS
A GitOps model for High Availability and Disaster Recovery on EKSWeaveworks The document presents a GitOps model for high availability and disaster recovery on EKS, emphasizing the simplification Kubernetes offers while integrating with cloud technologies. Paul Curtis, a principal solutions architect at Weaveworks, discusses the key principles of GitOps, which include making system states declarative and version-controlled, ensuring automated compliance and visibility. Upcoming webinars are scheduled to cover GitOps management for multi-cluster Kubernetes and governance for Kubernetes platforms.
Simplify Your Way To Expert Kubernetes Management
Simplify Your Way To Expert Kubernetes ManagementDevOps.com The document outlines the complexities of managing Kubernetes as part of a cloud-native strategy, emphasizing key challenges such as upgrades, persistent storage, and application management. It provides guidance on simplifying these challenges through dedicated management solutions, automation, and best practices. Additionally, it highlights the importance of training and certification programs for Kubernetes admins and introduces Nutanix Karbon as a solution for Kubernetes management.
LISA2017 Kubernetes: Hit the Ground Running
LISA2017 Kubernetes: Hit the Ground RunningChris McEniry The document provides an overview of a presentation on getting started with Kubernetes. It discusses containers and Kubernetes basics like pods, services, labels and selectors. It outlines exercises that will be covered, including starting Minikube, running a simple BusyBox pod, deploying an official intro application, and using the Kubernetes dashboard add-on. The goal is to familiarize attendees with fundamental Kubernetes concepts and tools.
DNUG46 - Build your own private Cloud environment
DNUG46 - Build your own private Cloud environmentpanagenda The document discusses building a private cloud environment, emphasizing the use of Kubernetes for automating deployment, scaling, and management of containers. It outlines key topics such as provisioning, backup strategies, log management, and security, while also recommending tools and best practices for creating a flexible and scalable infrastructure. The author, Nico Meisenzahl, also touches on the importance of managing workloads, persistent storage, and continuous integration/deployment pipelines.
Build your own private Cloud environment
Build your own private Cloud environmentNico Meisenzahl The document discusses building a private cloud environment, emphasizing the benefits of utilizing platforms like Kubernetes for managing containers, deploying applications, and automating processes. It covers key topics such as environment provisioning, update strategies, security measures, and log management, while providing insights into the necessary tools and methods for effectively managing Kubernetes clusters. Additionally, it highlights the importance of ensuring high availability, scalability, and security in a cloud architecture tailored to specific business needs.
KubeCon 2019 Recap (Parts 1-3)
KubeCon 2019 Recap (Parts 1-3)Ford Prior The document recounts the author's experience at KubeCon 2019, detailing a structured learning path around Kubernetes, which involved engaging in workshops, keynotes, and discussions on various topics. It emphasizes the significant paradigm shift Kubernetes represents in cloud computing while highlighting strategies for effective learning and contribution within the Kubernetes community. The author reflects on the broader implications of Kubernetes for both individual developers and organizations, advocating for collaboration and continuous personal growth within the tech landscape.
Meetup 2023 - Gateway API.pdf
Meetup 2023 - Gateway API.pdfRed Hat The document provides an overview of the Kubernetes Gateway API, which enables robust traffic management in Kubernetes clusters. It describes key concepts like GatewayClasses, Gateways, and Routes that make up the Gateway API model. The API allows infrastructure providers to implement ingress controllers, cluster operators to manage traffic, and application developers to define routing rules in a standardized way. It aims to improve on the Ingress resource and support multiple protocols like HTTP, TLS, and TCP in an integrated manner. There are now over a dozen implementations of the Gateway API by popular API gateways and service meshes.
Running and Managing Kubernetes on OpenStack
Running and Managing Kubernetes on OpenStackVictor Palma The document explores the integration of Kubernetes with OpenStack, detailing the history and components of both technologies. It discusses the advantages of using containers and Kubernetes for application deployment, including scalability and management challenges. Additionally, it highlights Rackspace's managed Kubernetes solution, focusing on its features such as security, ease of use, and support options.
Presentation ING for ISC2 Secure Summits EMEA
Presentation ING for ISC2 Secure Summits EMEAThijs Ebbers The document outlines ING's cloud-native journey, focusing on infrastructure innovations like container hosting with Kubernetes and data services, as well as the associated security and risk considerations. It emphasizes the need for an immutable and automated approach to container management, ensuring security measures are implemented early in the development pipeline. Key lessons include the importance of design for failure, automating processes, and adapting governance frameworks to fit this new cloud-native environment.
Immediate download Kubernetes Best Practices 1st Edition Brendan Burns ebooks...
Immediate download Kubernetes Best Practices 1st Edition Brendan Burns ebooks...seinersofhia The document provides extensive information about the book 'Kubernetes Best Practices' by Brendan Burns and co-authors, which offers guidance on deploying applications using Kubernetes effectively. It covers a wide range of topics including service setup, monitoring, configuration, continuous integration, and managing multiple clusters, with best practices for each area. Additionally, it includes links to other related resources and products for further reading.
Kubernetes security with AWS
Kubernetes security with AWSKasun Madura Rathnayaka This document provides an overview of Kasun Madura Rathnayaka and his experience with Kubernetes and AWS. It then lists 10 best practices for securing Kubernetes clusters deployed on AWS: 1) Update Kubernetes to the latest stable version, 2) Harden node security, 3) Secure cloud metadata access, 4) Enable role-based access control, 5) Secure Tiller or Helm 3, 6) Secure container image and registry usage, 7) Assess container privileges, 8) Implement auditing and alerts, 9) Consider deployment and runtime security, and 10) Properly manage credentials and secrets. Specific techniques are provided for implementing each best practice.
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMwareVMUG IT The document provides an in-depth introduction to Kubernetes and its role in managing cloud-native workloads, emphasizing the shift from traditional application development methods to more agile, automated approaches that enhance deployment and scaling. It outlines the key components of Kubernetes, its architecture, and capabilities, including the use of containers and the importance of continuous integration and delivery (CI/CD). Additionally, it highlights the evolving roles within IT, particularly the rise of platform reliability engineers, as organizations adopt cloud-native applications and DevOps practices.
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOpsSonja Schweigert The document outlines the features and advantages of Weaveworks' Kubernetes platform, focusing on hybrid and multi-cloud strategies, GitOps methodologies, and the role of automation in managing production-ready Kubernetes environments. Key topics include addressing challenges in multi-cloud networking, identity management, and persistent data storage, as well as enhancing operational efficiency through standardized processes. It presents case studies demonstrating the benefits of adopting Weaveworks solutions for organizations like Deutsche Telekom, emphasizing a shift towards more agile, reliable, and scalable cloud-native infrastructures.
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOpsWeaveworks The document discusses hybrid and multi-cloud strategies for Kubernetes, emphasizing the use of GitOps to enhance deployment efficiency and operational reliability across various platforms. It highlights Weaveworks' offerings, including their Kubernetes platform and consulting services, which aim to simplify cloud-native architecture and promote best practices. Key challenges addressed include networking, identity management, and persistent data storage in multi-cloud environments.
K8Guard - An Auditing System For Kubernetes
K8Guard - An Auditing System For KubernetesMedya Ghazizadeh K8Guard is an auditing system for Kubernetes that automatically detects violations of best practices and policies. It discovers issues by monitoring deployments, pods, jobs, daemonsets, ingresses and namespaces. When violations are found, it notifies owners and may take automated actions like scaling resources down if issues are not addressed. Metrics and reports of past violations are also generated to help with auditing and troubleshooting. The system was created with security, stability, efficiency and availability in mind to help keep Kubernetes clusters prepared to handle situations like Black Friday traffic surges.
Cloud-Native Operations with Kubernetes and CI/CD
Cloud-Native Operations with Kubernetes and CI/CDVMware Tanzu The document discusses cloud-native operations using Pivotal Container Service (PKS) and Kubernetes, emphasizing the importance of operations as a competitive advantage. It outlines the features and benefits of PKS, including enhancements to Kubernetes for enterprise customers, such as multi-cloud support, secure ingress, and built-in monitoring tools. The document advocates for adopting smaller clusters for better resource management and microservices architecture in operations.
Kubernetes and Terraform in the Cloud: How RightScale Does DevOps
Kubernetes and Terraform in the Cloud: How RightScale Does DevOpsRightScale This document summarizes a presentation about how RightScale uses Kubernetes, Terraform, and other tools in their cloud management platform. It discusses how RightScale has transitioned from using Docker containers on individual VMs ("Bay of Containers") to using Kubernetes container clusters in the cloud ("Sea of Containers"). RightScale built custom images with Kubernetes components pre-installed to speed up cluster creation. Terraform is used to provision infrastructure including Kubernetes clusters and integrate with the RightScale platform. The goal was to enable developers to have self-managed Kubernetes clusters using infrastructure as code principles. Key aspects included making clusters disposable while maintaining high availability, and distributing Terraform modules to development teams to simplify cluster creation and management
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsWeaveworks The document outlines a free workshop introducing Kubernetes and GitOps, led by experts from Weaveworks, emphasizing the importance of modern operations and cloud-native practices. It provides an agenda that includes hands-on guidance for getting started with Weave GitOps, highlighting its advantages such as improved security, easier deployments, and streamlined developer experience. Weaveworks positions itself as a leader in GitOps, offering modular solutions for transition to cloud-native platforms.
Cloud Native Use Cases / Case Studies - KubeCon 2019 San Diego - RECAP
Cloud Native Use Cases / Case Studies - KubeCon 2019 San Diego - RECAPKrishna-Kumar The document recaps KubeCon 2019 held in San Diego, showcasing its scale with over 12,000 attendees and numerous announcements from major vendors. It highlights various case studies of companies like Slack, Uber, and Airbnb that have successfully transitioned to Kubernetes, implementing diverse use cases such as multi-tenancy, database migrations, and microservices deployment. Top announcements included the launch of Helm 3 and collaborative projects from AWS and Microsoft, among others.
stackconf 2020 | The blinking cursor or kubernetes for people who aren´t supp...
stackconf 2020 | The blinking cursor or kubernetes for people who aren´t supp...NETWAYS Kubernetes is a platform for building and managing distributed applications and services. The document discusses various perspectives on Kubernetes including that it has become mainstream, but also that organizations should focus first on removing waste to improve their products. It then provides an overview of Kubernetes concepts like pods, containers, deployments and the use of configurations. It emphasizes the need for enterprises to implement architecture and governance through a dedicated balanced platform team in order to scale Kubernetes usage.
Future of Kubernetes and its Impact on Technology Industry.pdf
Future of Kubernetes and its Impact on Technology Industry.pdfUrolime Technologies Kubernetes (K8s) is an open-source platform designed for automating the deployment and management of containerized applications, originally developed from Google's internal system. The recent updates in Kubernetes, including versions 1.27 and 1.28, focus on improvements such as enhanced scheduling capabilities and a mixed version proxy for safer cluster upgrades, reflecting its growing adoption among developers worldwide. As organizations modernize their IT infrastructure, Kubernetes is positioned to support emerging technologies like microservices, serverless computing, AI, and cloud-native applications.
OpenACC and Open Hackathons Monthly Highlights June 2025
OpenACC and Open Hackathons Monthly Highlights June 2025OpenACC The OpenACC organization focuses on enhancing parallel computing skills and advancing interoperability in scientific applications through hackathons and training. The upcoming 2025 Open Accelerated Computing Summit (OACS) aims to explore the convergence of AI and HPC in scientific computing and foster knowledge sharing. This year's OACS welcomes talk submissions from a variety of topics, from Using Standard Language Parallelism to Computer Vision Applications. The document also highlights several open hackathons, a call to apply for NVIDIA Academic Grant Program and resources for optimizing scientific applications using OpenACC directives.
Securing Account Lifecycles in the Age of Deepfakes.pptx
Securing Account Lifecycles in the Age of Deepfakes.pptxFIDO Alliance Securing Account Lifecycles in the Age of Deepfakes
More Related Content
Similar to Successful K8S Platforms in Airgapped Environments (20)
Simplify Your Way To Expert Kubernetes Management
Simplify Your Way To Expert Kubernetes ManagementDevOps.com The document outlines the complexities of managing Kubernetes as part of a cloud-native strategy, emphasizing key challenges such as upgrades, persistent storage, and application management. It provides guidance on simplifying these challenges through dedicated management solutions, automation, and best practices. Additionally, it highlights the importance of training and certification programs for Kubernetes admins and introduces Nutanix Karbon as a solution for Kubernetes management.
LISA2017 Kubernetes: Hit the Ground Running
LISA2017 Kubernetes: Hit the Ground RunningChris McEniry The document provides an overview of a presentation on getting started with Kubernetes. It discusses containers and Kubernetes basics like pods, services, labels and selectors. It outlines exercises that will be covered, including starting Minikube, running a simple BusyBox pod, deploying an official intro application, and using the Kubernetes dashboard add-on. The goal is to familiarize attendees with fundamental Kubernetes concepts and tools.
DNUG46 - Build your own private Cloud environment
DNUG46 - Build your own private Cloud environmentpanagenda The document discusses building a private cloud environment, emphasizing the use of Kubernetes for automating deployment, scaling, and management of containers. It outlines key topics such as provisioning, backup strategies, log management, and security, while also recommending tools and best practices for creating a flexible and scalable infrastructure. The author, Nico Meisenzahl, also touches on the importance of managing workloads, persistent storage, and continuous integration/deployment pipelines.
Build your own private Cloud environment
Build your own private Cloud environmentNico Meisenzahl The document discusses building a private cloud environment, emphasizing the benefits of utilizing platforms like Kubernetes for managing containers, deploying applications, and automating processes. It covers key topics such as environment provisioning, update strategies, security measures, and log management, while providing insights into the necessary tools and methods for effectively managing Kubernetes clusters. Additionally, it highlights the importance of ensuring high availability, scalability, and security in a cloud architecture tailored to specific business needs.
KubeCon 2019 Recap (Parts 1-3)
KubeCon 2019 Recap (Parts 1-3)Ford Prior The document recounts the author's experience at KubeCon 2019, detailing a structured learning path around Kubernetes, which involved engaging in workshops, keynotes, and discussions on various topics. It emphasizes the significant paradigm shift Kubernetes represents in cloud computing while highlighting strategies for effective learning and contribution within the Kubernetes community. The author reflects on the broader implications of Kubernetes for both individual developers and organizations, advocating for collaboration and continuous personal growth within the tech landscape.
Meetup 2023 - Gateway API.pdf
Meetup 2023 - Gateway API.pdfRed Hat The document provides an overview of the Kubernetes Gateway API, which enables robust traffic management in Kubernetes clusters. It describes key concepts like GatewayClasses, Gateways, and Routes that make up the Gateway API model. The API allows infrastructure providers to implement ingress controllers, cluster operators to manage traffic, and application developers to define routing rules in a standardized way. It aims to improve on the Ingress resource and support multiple protocols like HTTP, TLS, and TCP in an integrated manner. There are now over a dozen implementations of the Gateway API by popular API gateways and service meshes.
Running and Managing Kubernetes on OpenStack
Running and Managing Kubernetes on OpenStackVictor Palma The document explores the integration of Kubernetes with OpenStack, detailing the history and components of both technologies. It discusses the advantages of using containers and Kubernetes for application deployment, including scalability and management challenges. Additionally, it highlights Rackspace's managed Kubernetes solution, focusing on its features such as security, ease of use, and support options.
Presentation ING for ISC2 Secure Summits EMEA
Presentation ING for ISC2 Secure Summits EMEAThijs Ebbers The document outlines ING's cloud-native journey, focusing on infrastructure innovations like container hosting with Kubernetes and data services, as well as the associated security and risk considerations. It emphasizes the need for an immutable and automated approach to container management, ensuring security measures are implemented early in the development pipeline. Key lessons include the importance of design for failure, automating processes, and adapting governance frameworks to fit this new cloud-native environment.
Immediate download Kubernetes Best Practices 1st Edition Brendan Burns ebooks...
Immediate download Kubernetes Best Practices 1st Edition Brendan Burns ebooks...seinersofhia The document provides extensive information about the book 'Kubernetes Best Practices' by Brendan Burns and co-authors, which offers guidance on deploying applications using Kubernetes effectively. It covers a wide range of topics including service setup, monitoring, configuration, continuous integration, and managing multiple clusters, with best practices for each area. Additionally, it includes links to other related resources and products for further reading.
Kubernetes security with AWS
Kubernetes security with AWSKasun Madura Rathnayaka This document provides an overview of Kasun Madura Rathnayaka and his experience with Kubernetes and AWS. It then lists 10 best practices for securing Kubernetes clusters deployed on AWS: 1) Update Kubernetes to the latest stable version, 2) Harden node security, 3) Secure cloud metadata access, 4) Enable role-based access control, 5) Secure Tiller or Helm 3, 6) Secure container image and registry usage, 7) Assess container privileges, 8) Implement auditing and alerts, 9) Consider deployment and runtime security, and 10) Properly manage credentials and secrets. Specific techniques are provided for implementing each best practice.
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMwareVMUG IT The document provides an in-depth introduction to Kubernetes and its role in managing cloud-native workloads, emphasizing the shift from traditional application development methods to more agile, automated approaches that enhance deployment and scaling. It outlines the key components of Kubernetes, its architecture, and capabilities, including the use of containers and the importance of continuous integration and delivery (CI/CD). Additionally, it highlights the evolving roles within IT, particularly the rise of platform reliability engineers, as organizations adopt cloud-native applications and DevOps practices.
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOpsSonja Schweigert The document outlines the features and advantages of Weaveworks' Kubernetes platform, focusing on hybrid and multi-cloud strategies, GitOps methodologies, and the role of automation in managing production-ready Kubernetes environments. Key topics include addressing challenges in multi-cloud networking, identity management, and persistent data storage, as well as enhancing operational efficiency through standardized processes. It presents case studies demonstrating the benefits of adopting Weaveworks solutions for organizations like Deutsche Telekom, emphasizing a shift towards more agile, reliable, and scalable cloud-native infrastructures.
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOps
Hybrid and Multi-Cloud Strategies for Kubernetes with GitOpsWeaveworks The document discusses hybrid and multi-cloud strategies for Kubernetes, emphasizing the use of GitOps to enhance deployment efficiency and operational reliability across various platforms. It highlights Weaveworks' offerings, including their Kubernetes platform and consulting services, which aim to simplify cloud-native architecture and promote best practices. Key challenges addressed include networking, identity management, and persistent data storage in multi-cloud environments.
K8Guard - An Auditing System For Kubernetes
K8Guard - An Auditing System For KubernetesMedya Ghazizadeh K8Guard is an auditing system for Kubernetes that automatically detects violations of best practices and policies. It discovers issues by monitoring deployments, pods, jobs, daemonsets, ingresses and namespaces. When violations are found, it notifies owners and may take automated actions like scaling resources down if issues are not addressed. Metrics and reports of past violations are also generated to help with auditing and troubleshooting. The system was created with security, stability, efficiency and availability in mind to help keep Kubernetes clusters prepared to handle situations like Black Friday traffic surges.
Cloud-Native Operations with Kubernetes and CI/CD
Cloud-Native Operations with Kubernetes and CI/CDVMware Tanzu The document discusses cloud-native operations using Pivotal Container Service (PKS) and Kubernetes, emphasizing the importance of operations as a competitive advantage. It outlines the features and benefits of PKS, including enhancements to Kubernetes for enterprise customers, such as multi-cloud support, secure ingress, and built-in monitoring tools. The document advocates for adopting smaller clusters for better resource management and microservices architecture in operations.
Kubernetes and Terraform in the Cloud: How RightScale Does DevOps
Kubernetes and Terraform in the Cloud: How RightScale Does DevOpsRightScale This document summarizes a presentation about how RightScale uses Kubernetes, Terraform, and other tools in their cloud management platform. It discusses how RightScale has transitioned from using Docker containers on individual VMs ("Bay of Containers") to using Kubernetes container clusters in the cloud ("Sea of Containers"). RightScale built custom images with Kubernetes components pre-installed to speed up cluster creation. Terraform is used to provision infrastructure including Kubernetes clusters and integrate with the RightScale platform. The goal was to enable developers to have self-managed Kubernetes clusters using infrastructure as code principles. Key aspects included making clusters disposable while maintaining high availability, and distributing Terraform modules to development teams to simplify cluster creation and management
Free GitOps Workshop + Intro to Kubernetes & GitOps
Free GitOps Workshop + Intro to Kubernetes & GitOpsWeaveworks The document outlines a free workshop introducing Kubernetes and GitOps, led by experts from Weaveworks, emphasizing the importance of modern operations and cloud-native practices. It provides an agenda that includes hands-on guidance for getting started with Weave GitOps, highlighting its advantages such as improved security, easier deployments, and streamlined developer experience. Weaveworks positions itself as a leader in GitOps, offering modular solutions for transition to cloud-native platforms.
Cloud Native Use Cases / Case Studies - KubeCon 2019 San Diego - RECAP
Cloud Native Use Cases / Case Studies - KubeCon 2019 San Diego - RECAPKrishna-Kumar The document recaps KubeCon 2019 held in San Diego, showcasing its scale with over 12,000 attendees and numerous announcements from major vendors. It highlights various case studies of companies like Slack, Uber, and Airbnb that have successfully transitioned to Kubernetes, implementing diverse use cases such as multi-tenancy, database migrations, and microservices deployment. Top announcements included the launch of Helm 3 and collaborative projects from AWS and Microsoft, among others.
stackconf 2020 | The blinking cursor or kubernetes for people who aren´t supp...
stackconf 2020 | The blinking cursor or kubernetes for people who aren´t supp...NETWAYS Kubernetes is a platform for building and managing distributed applications and services. The document discusses various perspectives on Kubernetes including that it has become mainstream, but also that organizations should focus first on removing waste to improve their products. It then provides an overview of Kubernetes concepts like pods, containers, deployments and the use of configurations. It emphasizes the need for enterprises to implement architecture and governance through a dedicated balanced platform team in order to scale Kubernetes usage.
Future of Kubernetes and its Impact on Technology Industry.pdf
Future of Kubernetes and its Impact on Technology Industry.pdfUrolime Technologies Kubernetes (K8s) is an open-source platform designed for automating the deployment and management of containerized applications, originally developed from Google's internal system. The recent updates in Kubernetes, including versions 1.27 and 1.28, focus on improvements such as enhanced scheduling capabilities and a mixed version proxy for safer cluster upgrades, reflecting its growing adoption among developers worldwide. As organizations modernize their IT infrastructure, Kubernetes is positioned to support emerging technologies like microservices, serverless computing, AI, and cloud-native applications.
Recently uploaded (20)
OpenACC and Open Hackathons Monthly Highlights June 2025
OpenACC and Open Hackathons Monthly Highlights June 2025OpenACC The OpenACC organization focuses on enhancing parallel computing skills and advancing interoperability in scientific applications through hackathons and training. The upcoming 2025 Open Accelerated Computing Summit (OACS) aims to explore the convergence of AI and HPC in scientific computing and foster knowledge sharing. This year's OACS welcomes talk submissions from a variety of topics, from Using Standard Language Parallelism to Computer Vision Applications. The document also highlights several open hackathons, a call to apply for NVIDIA Academic Grant Program and resources for optimizing scientific applications using OpenACC directives.
Securing Account Lifecycles in the Age of Deepfakes.pptx
Securing Account Lifecycles in the Age of Deepfakes.pptxFIDO Alliance Securing Account Lifecycles in the Age of Deepfakes
"Database isolation: how we deal with hundreds of direct connections to the d...
"Database isolation: how we deal with hundreds of direct connections to the d...Fwdays What can go wrong if you allow each service to access the database directly? In a startup, this seems like a quick and easy solution, but as the system scales, problems appear that no one could have guessed.
In my talk, I'll share Solidgate's experience in transforming its architecture: from the chaos of direct connections to a service-based data access model. I will talk about the transition stages, bottlenecks, and how isolation affected infrastructure support. I will honestly show what worked and what didn't. In short, we will analyze the controversy of this talk.
Salesforce Summer '25 Release Frenchgathering.pptx.pdf
Salesforce Summer '25 Release Frenchgathering.pptx.pdfyosra Saidani Salesforce Summer '25 Release Frenchgathering.pptx.pdf
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdfPriyanka Aash A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdf
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdfPriyanka Aash GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now
Wenn alles versagt - IBM Tape schützt, was zählt! Und besonders mit dem neust...
Wenn alles versagt - IBM Tape schützt, was zählt! Und besonders mit dem neust...Josef Weingand IBM LTO10
“MPU+: A Transformative Solution for Next-Gen AI at the Edge,” a Presentation...
“MPU+: A Transformative Solution for Next-Gen AI at the Edge,” a Presentation...Edge AI and Vision Alliance For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2025/06/mpu-a-transformative-solution-for-next-gen-ai-at-the-edge-a-presentation-from-fotonation/
Petronel Bigioi, CEO of FotoNation, presents the “MPU+: A Transformative Solution for Next-Gen AI at the Edge” tutorial at the May 2025 Embedded Vision Summit.
In this talk, Bigioi introduces MPU+, a novel programmable, customizable low-power platform for real-time, localized intelligence at the edge. The platform includes an AI-augmented image signal processor that enables leading image and video quality.
In addition, it integrates ultra-low-power object and motion detection capabilities to enable always-on computer vision. A programmable neural processor provides flexibility to efficiently implement new neural networks. And additional specialized engines facilitate image stabilization and audio enhancements.
UserCon Belgium: Honey, VMware increased my bill
UserCon Belgium: Honey, VMware increased my billstijn40 VMware’s pricing changes have forced organizations to rethink their datacenter cost management strategies. While FinOps is commonly associated with cloud environments, the FinOps Foundation has recently expanded its framework to include Scopes—and Datacenter is now officially part of the equation. In this session, we’ll map the FinOps Framework to a VMware-based datacenter, focusing on cost visibility, optimization, and automation. You’ll learn how to track costs more effectively, rightsize workloads, optimize licensing, and drive efficiency—all without migrating to the cloud. We’ll also explore how to align IT teams, finance, and leadership around cost-aware decision-making for on-prem environments. If your VMware bill keeps increasing and you need a new approach to cost management, this session is for you!
"How to survive Black Friday: preparing e-commerce for a peak season", Yurii ...
"How to survive Black Friday: preparing e-commerce for a peak season", Yurii ...Fwdays We will explore how e-commerce projects prepare for the busiest time of the year, which key aspects to focus on, and what to expect. We’ll share our experience in setting up auto-scaling, load balancing, and discuss the loads that Silpo handles, as well as the solutions that help us navigate this season without failures.
"Scaling in space and time with Temporal", Andriy Lupa.pdf
"Scaling in space and time with Temporal", Andriy Lupa.pdfFwdays Design patterns like Event Sourcing and Event Streaming have long become standards for building real-time analytics systems. However, when the system load becomes nonlinear with fast and often unpredictable spikes, it's crucial to respond quickly in order not to lose real-time operating itself.
In this talk, I’ll share my experience implementing and using a tool like Temporal.io. We'll explore the evolution of our system for maintaining real-time report generation and discuss how we use Temporal both for short-lived pipelines and long-running background tasks.
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
Coordinated Disclosure for ML - What's Different and What's the Same.pdfPriyanka Aash Coordinated Disclosure for ML - What's Different and What's the Same
PyCon SG 25 - Firecracker Made Easy with Python.pdf
PyCon SG 25 - Firecracker Made Easy with Python.pdfMuhammad Yuga Nugraha Explore the ease of managing Firecracker microVM with the firecracker-python. In this session, I will introduce the basics of Firecracker microVM and demonstrate how this custom SDK facilitates microVM operations easily. We will delve into the design and development process behind the SDK, providing a behind-the-scenes look at its creation and features. While traditional Firecracker SDKs were primarily available in Go, this module brings a simplicity of Python to the table.
AI vs Human Writing: Can You Tell the Difference?
AI vs Human Writing: Can You Tell the Difference?Shashi Sathyanarayana, Ph.D This slide illustrates a side-by-side comparison between human-written, AI-written, and ambiguous content. It highlights subtle cues that help readers assess authenticity, raising essential questions about the future of communication, trust, and thought leadership in the age of generative AI.
From Manual to Auto Searching- FME in the Driver's Seat
From Manual to Auto Searching- FME in the Driver's SeatSafe Software Finding a specific car online can be a time-consuming task, especially when checking multiple dealer websites. A few years ago, I faced this exact problem while searching for a particular vehicle in New Zealand. The local classified platform, Trade Me (similar to eBay), wasn’t yielding any results, so I expanded my search to second-hand dealer sites—only to realise that periodically checking each one was going to be tedious. That’s when I noticed something interesting: many of these websites used the same platform to manage their inventories. Recognising this, I reverse-engineered the platform’s structure and built an FME workspace that automated the search process for me. By integrating API calls and setting up periodic checks, I received real-time email alerts when matching cars were listed. In this presentation, I’ll walk through how I used FME to save hours of manual searching by creating a custom car-finding automation system. While FME can’t buy a car for you—yet—it can certainly help you find the one you’re after!
Quantum AI Discoveries: Fractal Patterns Consciousness and Cyclical Universes
Quantum AI Discoveries: Fractal Patterns Consciousness and Cyclical UniversesSaikat Basu Embark on a cosmic journey exploring the intersection of quantum
computing, consciousness, and ancient wisdom. Together we'll uncover the
recursive patterns that bind our reality.
Tech-ASan: Two-stage check for Address Sanitizer - Yixuan Cao.pdf
Tech-ASan: Two-stage check for Address Sanitizer - Yixuan Cao.pdfcaoyixuan2019 A presentation at Internetware 2025.
You are not excused! How to avoid security blind spots on the way to production
You are not excused! How to avoid security blind spots on the way to productionMichele Leroux Bustamante We live in an ever evolving landscape for cyber threats creating security risk for your production systems. Mitigating these risks requires participation throughout all stages from development through production delivery - and by every role including architects, developers QA and DevOps engineers, product owners and leadership. No one is excused! This session will cover examples of common mistakes or missed opportunities that can lead to vulnerabilities in production - and ways to do better throughout the development lifecycle.
“MPU+: A Transformative Solution for Next-Gen AI at the Edge,” a Presentation...
“MPU+: A Transformative Solution for Next-Gen AI at the Edge,” a Presentation...Edge AI and Vision Alliance
You are not excused! How to avoid security blind spots on the way to production
You are not excused! How to avoid security blind spots on the way to productionMichele Leroux Bustamante
Successful K8S Platforms in Airgapped Environments
- 1. Successful k8s Platforms in Airgapped Environments Drew Malone Staff Solutions Engineer Tanzu Federal VMware [email protected]
- 2. 2 Overview - Problem Statement - ClusterAPI - a Primer - Challenges and Solutions: - Cloud Permissions - Node Image Creation - Cloud API Access - Bootstrapping and Troubleshooting - Now What? Creating a defensible Day 2 story
- 3. 3 What do US Government Users Say About Kubernetes? ● Complex to manage Day Two Operations ● Disconnected Environments from Day One ● Need capability both in the cloud and at the edge (various meanings) ● Developer Experience is Lacking because of the complexity ● Ton of Hype about Kubernetes but Commanders and CIO’s want outcomes ● Everyone talks about installing and securing Kubernetes, but rarely do we see Developers pushing apps to production on kubernetes
- 4. 4 What do US Government Users Say About Kubernetes? Standing up Airgapped Kubernetes is Hard Securing, Operating and Pushing Code to k8s is even Harder
- 5. 5 Where Do I Begin?
- 6. 6 Bring the declarative nature of app lifecycles in k8s…. to lifecycling k8s clusters kind: Cluster metadata: name: a-team-k8s-cluster namespace: a-team spec: distribution: version: v1.20 topology: controlPlane: count: 3 class: m5.xlarge Start at the Beginning - ClusterAPI
- 7. 7 ClusterAPI - Bootstrapping a new Env
- 8. 8 1. Configure IaaS Permissions 2. Configure IaaS API Access 3. Create node image (i.e. base OS image) 4. Bootstrap and Profit! But a lot has to happen first…
- 9. 9 ClusterAPI creates roles in your cloud. This can be done a couple of ways: - directly added to your cloud - create a file to be handed to your PMO Do you have those rights? Is it a request to your PMO? Step 1 - IaaS Permissions ref: https://cluster-api.sigs.k8s.io/user/quick-start.html
- 10. 10 API requests go over the Internet. But if there’s no Internet, how do you reach the API? Step 2 -IaaS API Access - Challenge
- 11. 11 Clouds will provide a “endpoint service” to allow you to reach API sets without needing to create/maintain Internet connectivity. Step 2 -IaaS API Access - Solution
- 12. 12 Image builder needs to download the entire Internet. But you need to bake in <special things> like private cloud CA’s, private registry CA’s, etc. Step 3 -Build the Node Image - Challenge
- 13. 13 Build the image “outside”. Then use pre-kubeadm hooks in ClusterAPI to install certs and run any “last mile” configurations. This has the added benefit of being able to update things like CA’s without needing to cut another image. NB - are you using an Isolated cloud region? You need to ask about their diff doc. Step 3 -Build the Node Image - Solution ref: https://doc.crds.dev/github.com/kubernetes-sigs/cluster-api/bootstrap.cluster.x-k8s.io/KubeadmConfigTemplate/v1alph
- 14. 14 If you absolutely must build the image inside the firewall, you can do that. But you need: - an OS repo (apt, yum) - k8s bits (either packaged, or zip) - a place to host said bits - to configure Packer - to trust your private cloud - [possibly] to disable the use of GP3 disk Step 3 -Build the Node Image - Addendum
- 15. 15 Fire away and see what fails! Step 4 -Bootstrap and Profit! ref: https://cluster-api.sigs.k8s.io/user/quick-start.html
- 16. 16 Hi-level (CLI) failures are exactly that - high level. To get to the source of truth, look in the pod logs in your KIND cluster: - capi-kubeadm-bootstrap-system - capi-kubeadm-control-plane-system - capa-kubeadm….. Step 5 -Troubleshooting
- 17. 17 If there’s no Internet, where does your Load Balancer point? Remember to annotate your k8s services accordingly Step N -Load Balancers ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
- 18. 18 Getting a k8s is only the start. How do you make it useful? You Have a Kubernetes! Now What?
- 19. 19 Committed to chopping wood and carrying water VMware is a Leader in the Open Source Community Kubernetes contributions by release number according to k8s.devstats.cncf.io Cluster API ● 2 of 7 steering committee members ● 10 of 23 special interest groups led by VMware ● 4 working groups led by VMware ● 2nd leading contributor to kubernetes
- 20. 20 Immutable Infrastructure ● K8s that is scaled up ● Destroyed ● Recreated ● Not persisted Cluster API ● Repave ● Rotate ● Repair
- 21. 21 Immutable Infrastructure Continuous Reconciliation Multi Cluster k8’s Provenance In Secure Supply Chain Production Ready k8s ref: https://dodcio.defense.gov/Library/ (search for ‘multi-cluster kubernetes’)
- 22. 22 Production Ready Kubernetes Cluster API Pinniped Management Cluster Cluster Lifecycle Management Container Networking Observability Shared and In-Cluster Services Container registry Ingress Controller API-Driven IaaS Declarative API Log Forwarding Load Balancing Identity & Authentication Backup and Restore Ingress & Services DNS Local Control Plane Platform Operator uses GitOps Workload Clusters Workload Clusters Workload Clusters External-dns
- 23. 23 Characteristics of a “great” k8s platform ● Rapid patching of k8s and applications/services ● Prevention of config drift ● Align with approved baselines (i.e. gov’t regs) ● Build once, Run anywhere
- 24. 24 How to get a “great” k8s platform ● Immutable Infrastructure (aka image-builder) ● Continuous Reconciliation ● Multi-cluster Kubernetes ● Provenance in Secure Supply Chain ● Prod-ready k8s, even in Dev
- 26. 26 Immutable Infrastructure and Continuous Reconciliation Control Plane Manifest Manifest Manifest Reconciliation Loop Kapp-Controller Workload Clusters Git Repo Cluster Creation and Enforcement Day 2 Reconciliation Cluster API Operator Desired State Kapp-Controller Pinniped
- 27. 27 Edge Deployment - Build Once, Run Anywhere Public Cloud Development and Test Environments Disconnected Production(Edge) Edge Local Control Plane Management Cluster Cluster Lifecycle Management Workload Clusters Workload Clusters Workload Clusters Local Control Plane Management Cluster Cluster Lifecycle Management Workload Clusters Workload Clusters Workload Clusters imgpkg
- 28. 28 Summary - k8s is (still) hard airgapped but you can make it easy - ClusterAPI has everything you need - Know who owns Cloud Permissions - Create your Node images “outside” if possible - Use Endpoints for Cloud API Access - CAPI/CAP{x} pod logs for Troubleshooting - Create a defensible Day 2 story with immutable infra + gitops
- 29. Thank You!!! Drew Malone Staff Solutions Engineer Tanzu Federal VMware [email protected]