GKE vs OpenStack Magnum

Jun 21, 2016Download as PPTX, PDF1 like2,595 views

This document compares Google Container Engine (GKE) and OpenStack Magnum. It summarizes that while Magnum provides container orchestration using Kubernetes similar to GKE, it has some usability disadvantages compared to GKE due to being integrated with OpenStack. The document demonstrates using Magnum and GKE to deploy similar Kubernetes clusters and discusses some areas Magnum could improve like integrating additional OpenStack services and improving node management capabilities.

GOOGLE
CONTAINER
ENGINE
VS
OPENSTACKOTSUKA, YUANYING/MOTOHIRO

自己紹介
OTSUKA, YUANYING
▸ Twitter @yuanying
▸ OpenStack
▸ Magnum Core Reviewer
▸ Zun(Higgins) Core Reviewer
▸ NEC Solution Innovators
▸ OpenStack Community Team

$ gcloud container clusters -h
Usage: gcloud container clusters [optional flags] <command>
command may be create | delete | describe | get-credentials | list |
resize | update | upgrade
Deploy and teardown Google Container Engine clusters.
commands:
create Create a cluster for running containers.
delete Delete an existing cluster for running containers.
describe Describe an existing cluster for running containers.
get-credentials Fetch credentials for a running cluster.
list List existing clusters for running containers.
resize Resizes an existing cluster for running containers.
update Update cluster settings for an existing container
cluster.
upgrade Upgrade the Kubernetes version of an existing container
cluster.

$ gcloud container clusters create help
Creating cluster help...-

$ gcloud container clusters create help
Creating cluster help…-
Created [https://container.googleapis.co
kubeconfig entry generated for help.
NAME ZONE MASTER_VERSION
help asia-east1-a 1.2.4

# Google Container Engine
$ gcloud container clusters create -h
MAGNUM と GKE がどれだけ似ているのか？

HOW
TO USE
1.CREATE
BAYMODEL
2.CREATE BAY
3.CONFIGURE
KUBECTL
Hynek Moravec; modified by Generalpoteito - Wikimedia Commons, image under Creative Commons Attribution 2.5

BAY == CLUSTER
Adrian Otto
WHAT IS MAGNUM?

WHAT IS MAGNUM?
MAGNUM RESOURCES
BAYMODEL
BAY
NODE
BAY のテンプレート
KUBERNETES クラスター
クラスターを構成する(仮想)マシ
ン

$
$ gcloud container clusters create k8s-cluster

$ magnum baymodel-create —name k8smodel
—image-id fedora-atomic-latest
—keypair-id default —external-network-id public
—coe kubernetes
$ magnum bay-create —name k8s-cluster —baymodel k8smodel
$ gcloud container clusters create k8s-cluster

$ … (前略) …
$ magnum bay-create —name k8s-cluster —baymodel k8smodel
$ gcloud container clusters create k8s-cluster
$ kubectl create -f nginx.yml

$ openssl genrsa -out client.key 4096
$ gcloud container clusters create k8s-cluster
$ kubectl create -f nginx.yml

$ cat > client.conf << END
[req]
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
[req_distinguished_name]
CN = Your Name
[req_ext]
extendedKeyUsage = clientAuth
END
$ gcloud container clusters create k8s-cluster
$ kubectl create -f nginx.yml

$ openssl req -new -days 365
-config client.conf
-key client.key
-out client.csr
$ magnum ca-sign --bay k8s-cluster --csr client.csr > client.crt
$ magnum ca-show --bay k8s-cluster > ca.crt
$ gcloud container clusters create k8s-cluster
$ kubectl create -f nginx.yml

$$ kubectl config set-cluster k8sbay —server=${KUBERNETES_URL} --certificate-authority=$(pwd)/ca.crt $ kubectl config set-credentials client —certificate-authority=$(pwd)/ca.crt --client-key=$(pwd)/client.key —client-certificate=$(pwd)/client.crt $ kubectl config set-context k8sbay —cluster=k8sbay --user=client $ kubectl config use-context k8sbay $ gcloud container clusters create k8s-cluster $ kubectl create -f nginx.yml$

$ … (前略) …
$ magnum bay-create —name k8s-cluster —baymodel k8smodel
$ … (中略) …
$ kubectl create -f nginx.yml
$ gcloud container clusters create k8s-cluster
$ kubectl create -f nginx.yml

Magnum GKE
Container
Orchestration
Kubernetes
Docker Swarm
Mesos
Kubernetes
Platform OpenStack GCP
Usability チョット悪い Magnum より良い
OSS Yes!
Kubernetes
ありがとう

WHAT IS MAGNUM?
MAGNUM の今後
▸OpenStack 統合
▸Keystone 連携
▸Kubernetesの認証
▸Keystone Trust
▸Cinder 連携
▸Container Volume
▸Neutron 連携
▸Container Network
▸LBaaS

WHAT IS MAGNUM?
MAGNUM の今後
▸ノードマネジメント
▸gcloud container node-pools 相当機能
▸プロダクションでの利用
▸Rackspace Carina / Docker Swarm
▸CERN / Kubernetes
▸NASA? / Mesos

The document discusses Yusuke Kuoka's recommendations and experience for deploying Kubernetes on AWS from development to production, including tools for bootstrapping Kubernetes clusters on AWS, running local development environments, automating the deployment process, and implementing logging and monitoring across environments using DaemonSets and Concourse CI for continuous integration. It also notes challenges around achieving high availability with Kubernetes and etcd in the Tokyo region and ideas for further improvements.

Kube-AWSCoreOS

This document discusses Kube-AWS, which is a tool for deploying Kubernetes clusters on AWS. It outlines the design goals of creating artifacts that are secure, reproducible, and auditable. It then demonstrates "under the hood" how Kube-AWS works by initializing a cluster configuration, rendering assets, deploying the cluster, exporting the deployment details, and making changes to reproduce the cluster. Recent work is noted along with future plans.

Tectonic Summit 2016: The Origins of KubernetesCoreOS

Tectonic Summit 2016: Kubernetes 1.5 and BeyondCoreOS

Kubernetes 1.5 introduces several new features to simplify cluster setup and improve scheduling. It provides an easy way to initialize a Kubernetes cluster with a single command using kubeadm. Multiple clusters can also be easily federated together using kubefed. Additionally, Kubernetes 1.5 enhances scheduling capabilities with taints and tolerations, which allow pods to be selectively scheduled to nodes based on hardware requirements like GPUs. This helps optimize workload placement on large, heterogeneous clusters.

Kubernetes Basis: Pods, Deployments, and ServicesJian-Kai Wang

Kubernetes is a container management platform and empowers the scalability to the container. In this repository, we address the issues of how to use Kubernetes with real cases. We start from the basic objects in Kubernetes, Pods, deployments, and Services. This repository is also a tutorial for those with advanced containerization skills trying to step into the Kubernetes. We also provide several YAML examples for those looking for quickly deploying services. Please enjoy it and let's start the journey to Kubernetes.

Rex gke-clustreeRomain Vrignaud

Clustree runs about 30 microservices on Google Kubernetes Engine (GKE) with ~280 pods across 15 nodes. They use Kubernetes for all stateless applications across environments and some stateful ones. Key aspects of their infrastructure include Docker, Elasticsearch, RabbitMQ, Prometheus for metrics, Fluentd and Logstash for logging to Elasticsearch, and Influxdb with Grafana. They have experienced some issues but find Kubernetes provides great benefits like easy rolling upgrades and declarative infrastructure.

Scaling Docker Containers using Kubernetes and Azure Container ServiceBen Hall

This document discusses scaling Docker containers using Kubernetes and Azure Container Service. It begins with an introduction to containers and Docker, including how containers improve dependency and configuration management. It then demonstrates building and deploying containerized applications using Docker and discusses how to optimize Docker images. Finally, it introduces Kubernetes as a tool for orchestrating containers at scale and provides an example of deploying a containerized application on Kubernetes in Azure.

Cantainer CI/ CD with Kubernetesinwin stack

This document discusses continuous integration and continuous delivery (CI/CD) workflows using Kubernetes. It begins with an introduction of CI/CD and an explanation of continuous integration, continuous delivery, and continuous deployment. It then demonstrates how to set up Jenkins with Kubernetes by installing Minikube and configuring Jenkins to use the Kubernetes plugin to create pods for CI/CD tasks. The document walks through creating a sample pipeline job that runs a script on the Kubernetes cluster to test the CI/CD integration. It concludes with references for further reading on CI/CD and related tools.

DevOps in AWS with KubernetesOleg Chunikhin

Kubernetes Hands-On GuideStratoscale

This document provides steps to deploy a WordPress application with a MySQL database on Kubernetes. It demonstrates creating secrets for database credentials, persistent volumes for database storage, services for external access, and deploying the WordPress and MySQL containers. Various Kubernetes objects like deployments, services, secrets and persistent volumes are defined in YAML files and applied to set up the WordPress application on Kubernetes.

Orchestrating Docker with OpenStackErica Windisch

The Nova driver for Docker has been maturing rapidly since its mainline removal in Icehouse. During the Juno cycle, substantial improvements have been made to the driver, and greater parity has been reached with other  virtualization drivers. We will explore these improvements and what they mean to deployers. Eric will additionally showcase deployment scenarios for the deployment of OpenStack itself inside and underneath of Docker for powering traditional VM-based computing, storage, and other cloud services. Finally, users should expect a preview of the planned integration with the new OpenStack Containers Service effort to provide automation of advanced containers functionality and Docker-API semantics inside of an OpenStack cloud. Note that the included Heat templates are NOT usable. See the linked Heat resources for viable templates and examples.

Openstack Magnum: Container-as-a-ServiceChhavi Agarwal

Immutable kubernetes architecture by linuxkit어형 이

The document discusses LinuxKit, an open-source toolkit for building secure, portable and immutable Linux distributions using containers. It provides an overview of LinuxKit's key features such as building Linux distributions from code, immutable infrastructure approach, and running on various platforms using the same binaries. The document also compares different infrastructure management methods like using scripts, configuration management and immutable infrastructure using LinuxKit.

Cluster Networking with DockerStefan Schimanski

This document discusses using Docker to create a cluster networking setup with Weave. It begins by explaining the goals of automatically assigning unique IPs to containers without DHCP or an overlay network. It then describes setting up Weave to serve as the network bridge for Docker containers, so they are assigned IPs on the Weave overlay network and can communicate across hosts. The document outlines starting Weave, configuring Docker to use the Weave bridge, and ensuring containers on different hosts can connect. It concludes that this approach allows using native ports and container IPs without port management.

[OpenInfra Days Korea 2018] Day 2 - E4 - 딥다이브: immutable Kubernetes architectureOpenStack Korea Community

Linuxkit is a toolkit for building custom minimal and immutable Linux distributions. It allows building Linux distributions from code in a declarative YAML file. The distributions are built as Docker images for security and portability. Linuxkit uses containerization to build the OS, making it modular and customizable. It aims to provide secure defaults without compromising usability through immutable infrastructure principles.

Integration kubernetes with docker private registryHungWei Chiu

Kubernetes for Java developersRobert Barr

Robert Barr presents on Kubernetes for Java developers. He discusses Quarkus, Micronaut and Spring Boot frameworks for building cloud-native Java applications. He provides an overview of Docker and how it can package applications. Barr then explains why Kubernetes is useful for orchestrating containers at scale, describing its architecture and key concepts like pods, deployments and services. He demonstrates running a sample application on Kubernetes and integrating with its Java client.

Docker and Kubernetes 101 workshopSathish VJ

This document provides an overview of Docker and Kubernetes concepts and demonstrates how to create and run Docker containers and Kubernetes pods and deployments. It begins with an introduction to virtual machines and containers before demonstrating how to build a Docker image and container. It then introduces Kubernetes concepts like masters, nodes, pods and deployments. The document walks through running example containers and pods using commands like docker run, kubectl run, kubectl get and kubectl delete. It also shows how to create pods and deployments from configuration files and set resource limits.

Monitoring, Logging and Tracing on KubernetesMartin Etmajer

The document discusses monitoring, logging and tracing tools for Kubernetes including Heapster, Grafana, Fluentd, Elastic Stack, Jolokia and OpenTracing. It provides examples of deploying Heapster with InfluxDB and Grafana for metrics collection, Fluentd to ingest container logs into Elasticsearch, and using Jolokia and OpenTracing for remote access to JMX metrics and distributed tracing functionality.

Docker 進階實務班Philip Zheng

1. The document summarizes the topics covered in an advanced Docker workshop, including Docker Machine, Docker Swarm, networking, services, GitLab integration, IoT applications, Moby/LinuxKit, and a call to action to learn more about Docker on their own. 2. Specific topics included how to create Docker Machines on Azure, build a Swarm cluster, configure networking and services, integrate with GitLab for continuous integration/delivery, develop IoT applications using Docker on Raspberry Pi, and introduce Moby and LinuxKit for building customized container-based operating systems. 3. The workshop concluded by emphasizing business models, microservices, infrastructure as code, container design, DevOps, and

Kubernetes architectureJanakiram MSV

Kubernetes is an open-source system for managing containerized applications and services. It includes a master node that runs control plane components like the API server, scheduler, and controller manager. Worker nodes run the kubelet service and pods. Pods are the basic building blocks that can contain one or more containers. Labels are used to identify and select pods. Replication controllers ensure a specified number of pod replicas are running. Services define a logical set of pods and associated policy for access. They are exposed via cluster IP addresses or externally using load balancers.

Kubernetes Basic OperationSimon Su

Kubernetes Basics provides an overview of Kubernetes concepts and components. It discusses pods vs deployments, scaling deployments, rolling updates, stateful vs stateless applications, daemon sets, secrets, configmaps, services, ingress, storage classes, network policies, and Kubernetes CLI commands. Hands-on examples are given for running commands, exposing services, deleting resources, executing commands in pods, viewing logs, and getting resource information. YAML files are shown for defining deployments, services, and ingress. Skills discussed include using configmaps as environment variables, sidecar deployments, init containers, labels and node selectors, private registries, taints and tolerations, resource management, and readiness and liveness probes.

OpenStack MagnumAdrian Otto

Magnum is an OpenStack service that simplifies the deployment and management of container orchestration systems, such as Kubernetes and Docker Swarm, as first-class objects on OpenStack. It allows users to easily deploy and manage multiple container clusters on OpenStack that are isolated by tenant and project. Magnum uses Heat orchestration templates to deploy container clusters and integrates with other OpenStack services like Nova, Neutron, Keystone, and Cinder.

Microservices , Docker , CI/CD , Kubernetes Seminar - Sri Lanka Mario Ishara Fernando

This document discusses microservices and containers. It provides an overview of microservices architecture compared to monolithic architecture, highlighting that microservices are composed of many small, independent services with separate deployments and databases. It then discusses containers and how Docker is used to package and run applications in isolated containers. Finally, it introduces Kubernetes as a container orchestration system to manage and scale multiple containerized applications across a cluster of machines.

Kubelet with no Kubernetes Masters | DevNation Tech TalkRed Hat Developers

Learn kubernetes in 90 minutesLarry Cai

This document provides an agenda and instructions for learning Kubernetes in 90 minutes. The agenda includes exercises on running a first web service in Kubernetes, revisiting pods, deployments and services, deploying with YAML files, and installing a microservices application called Guestbook. Key Kubernetes concepts covered include pods, deployments, services, YAML descriptors, and using deployments to scale applications. The document also provides background on containers, Docker, and the Kubernetes architecture.

Kubernetes Architecture and Introduction – Paris Kubernetes MeetupStefan Schimanski

The document provides an overview of Kubernetes architecture and introduces how to deploy Kubernetes clusters on different platforms like Mesosphere's DCOS, Google Container Engine, and Mesos/Docker. It discusses the core components of Kubernetes including the API server, scheduler, controller manager and kubelet. It also demonstrates how to interact with Kubernetes using kubectl and view cluster state.

Kubernetes in 30 minutes (2017/03/10)lestrrat

This document provides a high-level overview of Kubernetes in under 30 minutes. It begins with basic concepts like nodes, pods, replica sets, deployments, and services. It then covers additional concepts like secrets, config maps, ingress, daemon sets, pet sets/stateful sets and services. The document aims to explain the main components of Kubernetes and how they work together at a high level to deploy and manage container-based applications.

DevOpsにおける組織に固有の事情をどのように整理するべきかEtsuji Nakai

Exploring the Philosophy behind Docker/Kubernetes/OpenShiftEtsuji Nakai

More Related Content

What's hot (20)

DevOps in AWS with KubernetesOleg Chunikhin

Kubernetes Hands-On GuideStratoscale

Orchestrating Docker with OpenStackErica Windisch

Openstack Magnum: Container-as-a-ServiceChhavi Agarwal

Immutable kubernetes architecture by linuxkit어형 이

Cluster Networking with DockerStefan Schimanski

[OpenInfra Days Korea 2018] Day 2 - E4 - 딥다이브: immutable Kubernetes architectureOpenStack Korea Community

Integration kubernetes with docker private registryHungWei Chiu

Kubernetes for Java developersRobert Barr

Docker and Kubernetes 101 workshopSathish VJ

Monitoring, Logging and Tracing on KubernetesMartin Etmajer

Docker 進階實務班Philip Zheng

Kubernetes architectureJanakiram MSV

Kubernetes Basic OperationSimon Su

OpenStack MagnumAdrian Otto

Microservices , Docker , CI/CD , Kubernetes Seminar - Sri Lanka Mario Ishara Fernando

Kubelet with no Kubernetes Masters | DevNation Tech TalkRed Hat Developers

Learn kubernetes in 90 minutesLarry Cai

Kubernetes Architecture and Introduction – Paris Kubernetes MeetupStefan Schimanski

Kubernetes in 30 minutes (2017/03/10)lestrrat

DevOps in AWS with KubernetesOleg Chunikhin

Kubernetes Hands-On GuideStratoscale

Orchestrating Docker with OpenStackErica Windisch

Openstack Magnum: Container-as-a-ServiceChhavi Agarwal

Immutable kubernetes architecture by linuxkit어형 이

Cluster Networking with DockerStefan Schimanski

[OpenInfra Days Korea 2018] Day 2 - E4 - 딥다이브: immutable Kubernetes architectureOpenStack Korea Community

Integration kubernetes with docker private registryHungWei Chiu

Kubernetes for Java developersRobert Barr

Docker and Kubernetes 101 workshopSathish VJ

Monitoring, Logging and Tracing on KubernetesMartin Etmajer

Docker 進階實務班Philip Zheng

Kubernetes architectureJanakiram MSV

Kubernetes Basic OperationSimon Su

OpenStack MagnumAdrian Otto

Microservices , Docker , CI/CD , Kubernetes Seminar - Sri Lanka Mario Ishara Fernando

Kubelet with no Kubernetes Masters | DevNation Tech TalkRed Hat Developers

Learn kubernetes in 90 minutesLarry Cai

Kubernetes Architecture and Introduction – Paris Kubernetes MeetupStefan Schimanski

Kubernetes in 30 minutes (2017/03/10)lestrrat

Viewers also liked (6)

DevOpsにおける組織に固有の事情をどのように整理するべきかEtsuji Nakai

Exploring the Philosophy behind Docker/Kubernetes/OpenShiftEtsuji Nakai

kubernetes(GKE)環境におけるdatadog利用Koichi HARUNA

ZabbixでDockerも監視 Atsushi Tanaka

アプリケーションエンジニアがMackerelで楽しく監視構成している事例景子西岡

Mackerel Day #mackerelio 「アプリケーションエンジニアがMackerelで楽しく監視構成している事例」 - Speaker DMM.comラボ西岡景子（id:heleeen）太田浩一（id:koudenpa） - Description 先日、DMMのサービスの一角である.makeをオンプレミス環境からクラウド環境に移行しました。その際、サービス担当のアプリケーションエンジニアの責務範囲は大きく拡大しました。 Webサービスの健全な運用にはその状態の監視は欠かせない要素です。アプリケーションエンジニアがクラウド環境下での監視にどのように取り組んだのか？ Mackerel導入に至るまでの経緯、実際の監視構成、そして得られた価値を紹介します。 - connpass https://mackerelio.connpass.com/event/67292/

Kubernetesにまつわるエトセトラ（主に苦労話）Works Applications

Dockerをちゃんと使おうと考えていたらKubernetesに出会いました。ERPのシステム開発でkubernetesを使おうとして苦労した、あるいは現在進行形で苦労していることを、そもそもKubernetesが解決しようとしている課題やそのアーキテクチャそのものにも言及しながらお話します。Dockerをベースにシステム設計を行おうとしている方にノウハウ（主に苦労話）を共有します。 July 24th, 2016　July Tech Festa 2016

DevOpsにおける組織に固有の事情をどのように整理するべきかEtsuji Nakai

Exploring the Philosophy behind Docker/Kubernetes/OpenShiftEtsuji Nakai

kubernetes(GKE)環境におけるdatadog利用Koichi HARUNA

ZabbixでDockerも監視 Atsushi Tanaka

アプリケーションエンジニアがMackerelで楽しく監視構成している事例景子西岡

Kubernetesにまつわるエトセトラ（主に苦労話）Works Applications

Similar to GKE vs OpenStack Magnum (20)

Bdc from bare metal to k8sChris Adkin

This document provides an overview of how to deploy a SQL Server 2019 Big Data Cluster on Kubernetes. It discusses setting up infrastructure with Ubuntu templates, installing Kubespray to manage the Kubernetes cluster lifecycle, and using azdata to deploy the Big Data Cluster. Key steps include creating an Ansible inventory, configuring storage with labels and profiles, and deploying the cluster. The document also offers tips on sizing, upgrades, and next steps like load balancing and monitoring.

$ kubectl hacking @DevOpsCon Berlin 2019Tobias Schneck

If you just stated with Kubernetes, one of the first thing you have to learn is the `kubectl` CLI. Join me at a live hacking journey trough the world of kubectl and how you can improve your daily work to be more productive. Find out the handy day-by-day time savers for your working routine by a pure hands-on talk without slides. In Detail we will look together into: * kubectl basics * kubectl for scripting * kubectl extensions * the fuzzy side of kubectl * KubeOps - use kubectl to manage k8s clusters, workers and static virtual machines.

Get started with Kubernetes on GKEZachary Russell

Kubernetes meetup 102Jakir Patel

Artem Zhurbila - docker clusters (solit 2015)Artem Zhurbila

Ci/CD - Stop wasting time, Automate your deploymentsJerry Jalava

- Using CI/CD (continuous integration and continuous delivery) automates deployments and saves time and money while improving reliability. - There are multiple CI/CD tool options with different capabilities for source code management, target systems like Kubernetes, and deployment approaches. Consider your specific code, infrastructure, and deployment needs. - Google Cloud Build is demonstrated for automating builds, tests, and deployments to Cloud Run and Kubernetes Engine from source code in a Git repository with triggers on code changes.

Pro2516 10 things about oracle and k8s.pptx-finalMichel Schildmeijer

Oracle has joined Kubernetes to allow applications and infrastructure to be deployed as containers across virtual machines and servers. Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. Oracle supports Kubernetes in various ways including certifying WebLogic and Docker, providing an Oracle Kubernetes Engine (OKE) service on Oracle Cloud Infrastructure (OCI), and developing tools like the WebLogic Kubernetes Operator.

Things I've learned working with Docker SupportSujay Pillai

This document provides instructions for backing up and restoring a Docker Enterprise installation including Docker Swarm, UCP, and DTR. It outlines the components included in each backup, prerequisites, and procedures for backing up each component while services are running. Containers are proposed for automating regular backups of UCP to a mounted volume. Exclusions from backups are also noted such as application data and image files stored externally.

Multinode kubernetes-clusterRam Nath

CKA_1st.pptxYIJHEHUANG

The document provides an overview of Kubernetes concepts including pods, replica sets, deployments, services, and cluster architecture. It discusses Kubernetes' role in automatically maintaining services by deploying multiple containers across worker nodes. Key components like the master node, etcd cluster, scheduler, and kubelet are described at a high level. Examples are provided of imperative Kubernetes commands for creating pods, replica sets, deployments, and services.

Kubeflow on google kubernetes engineBear Su

Introduction to KalaboxGerald Villorente

AWS Summit Singapore 2019 | Autoscaling Your Kubernetes WorkloadsAWS Summits

This document discusses autoscaling Kubernetes workloads using the Horizontal Pod Autoscaler (HPA). It provides a history of the HPA's development, how to choose an autoscaling metric, and implement autoscaling using a custom metric from Datadog. The document demonstrates setting up a Datadog cluster agent, registering it as an external metrics provider, and creating an HPA that scales a deployment based on a Datadog metric.

Micro-datacenter chaos monkeys! stevesloka

This document provides an overview and introduction to Kubernetes, an open-source platform for automating deployment, scaling, and operations of application containers. It discusses key Kubernetes concepts like pods, nodes, services, deployments and namespaces. It also demonstrates Kubernetes architecture and shows how it schedules and manages containers across a cluster of machines to maintain applications in a desired state.

How to grant permission to your Kubernetes cluster for another users. - Stan...Kuberton

Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...Alexandre Sieira

This document discusses how cloud service provider marketplaces can help with white hat and black hat vulnerability research. It provides examples of analyzing images from AWS Marketplace, Azure Marketplace, and Google Cloud Marketplace. The key findings are that AWS Marketplace most strongly protects seller intellectual property, while Azure and GCP Marketplaces have advantages for security researchers by allowing low-cost access and analysis of listed products with few restrictions. The document cautions that legal risks must be considered before conducting any security research activities.

Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...Tenchi Security

Slides of the talk presented at DEF CON Cloud Village on August 12th, 2022 by Alexandre Sieira. Contains research content from Glaysson Tomaz and Marcelo Lima as well. Recently the Conti ransomware group internal chat leaks was fascinating reading. Among other things, it reminded us that both well-intentioned and malicious actors are constantly trying to find ways to find vulnerabilities and develop exploits to widely used IT products. This is particularly true those that are externally exposed firewalls, VPNs and load balancers, or security products that might thwart their techniques and tools. The timeline from the chats seems to show a gap of several months between Conti members trying to procure either appliances or commercial software that they were trying to get for these purposes. This got us thinking about how the major cloud service providers these days have marketplaces where you can easily buy virtual appliances or SaaS licenses for lots of widely used IT and security products with little more than a valid credit card, in minutes. And we decided to check how feasible it is to use this to conduct vulnerability research. In this presentation we will show what kind of access one can get to the internals of IT and security products using these marketplaces, particularly in the case of products only typically offered in hardware appliances. Which cloud providers try to prevent this sort of activity, how they do it, which ones simply don't care, and what techniques we were able to use to access these appliance's internals. The objective here is threefold: 1) help well intentioned vulnerability researchers find an easier avenue to do their work; 2) allow cloud providers to get a better understanding of how their marketplaces can be abused and which controls they could implement to mitigate that risk, and 3) let IT and security vendors realize the added exposure of publishing their products on these marketplaces.

kubeadm Cluster Creation Internals_ From Self-Hosting to Upgradability and HA...ssuser92b4be

This document summarizes a talk given at KubeCon Austin about kubeadm cluster creation internals. It discusses what kubeadm is and how it fits into the Kubernetes ecosystem. It then details the technical aspects of what kubeadm does during initialization, including generating certificates, config files, static pod manifests, and deploying addons. It also covers how kubeadm handles upgrades and discusses approaches to achieving high availability.

Kubernetes - Using Persistent Disks with WordPress and MySQLpratik rathod

From Kubernetes to OpenStack in SydneySK Telecom

Bdc from bare metal to k8sChris Adkin

$ kubectl hacking @DevOpsCon Berlin 2019Tobias Schneck

Get started with Kubernetes on GKEZachary Russell

Kubernetes meetup 102Jakir Patel

Artem Zhurbila - docker clusters (solit 2015)Artem Zhurbila

Ci/CD - Stop wasting time, Automate your deploymentsJerry Jalava

Pro2516 10 things about oracle and k8s.pptx-finalMichel Schildmeijer

Things I've learned working with Docker SupportSujay Pillai

Multinode kubernetes-clusterRam Nath

CKA_1st.pptxYIJHEHUANG

Kubeflow on google kubernetes engineBear Su

Introduction to KalaboxGerald Villorente

AWS Summit Singapore 2019 | Autoscaling Your Kubernetes WorkloadsAWS Summits

Micro-datacenter chaos monkeys! stevesloka

How to grant permission to your Kubernetes cluster for another users. - Stan...Kuberton

Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...Alexandre Sieira

Shopping for Vulnerabilities - How Cloud Service Provider Marketplaces can He...Tenchi Security

kubeadm Cluster Creation Internals_ From Self-Hosting to Upgradability and HA...ssuser92b4be

Kubernetes - Using Persistent Disks with WordPress and MySQLpratik rathod

From Kubernetes to OpenStack in SydneySK Telecom

Recently uploaded (20)

Cybersecurity Identity and Access Solutions using Azure ADVICTOR MAESTRE RAMIREZ

Manifest Pre-Seed Update | A Humanoid OEM Deeptech In Francechb3

TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc

Most consumers believe they’re making informed decisions about their personal data—adjusting privacy settings, blocking trackers, and opting out where they can. However, our new research reveals that while awareness is high, taking meaningful action is still lacking. On the corporate side, many organizations report strong policies for managing third-party data and consumer consent yet fall short when it comes to consistency, accountability and transparency. This session will explore the research findings from TrustArc’s Privacy Pulse Survey, examining consumer attitudes toward personal data collection and practical suggestions for corporate practices around purchasing third-party data. Attendees will learn: - Consumer awareness around data brokers and what consumers are doing to limit data collection - How businesses assess third-party vendors and their consent management operations - Where business preparedness needs improvement - What these trends mean for the future of privacy governance and public trust This discussion is essential for privacy, risk, and compliance professionals who want to ground their strategies in current data and prepare for what’s next in the privacy landscape.

Cyber Awareness overview for 2025 month of securityriccardosl1

Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul

Artificial intelligence is changing how businesses operate. Companies are using AI agents to automate tasks, reduce time spent on repetitive work, and focus more on high-value activities. Noah Loul, an AI strategist and entrepreneur, has helped dozens of companies streamline their operations using smart automation. He believes AI agents aren't just tools—they're workers that take on repeatable tasks so your human team can focus on what matters. If you want to reduce time waste and increase output, AI agents are the next move.

Heap, Types of Heap, Insertion and DeletionJaydeep Kale

Special Meetup Edition - TDX Bengaluru Meetup #52.pptxshyamraj55

Complete Guide to Advanced Logistics Management Software in Riyadh.pdfSoftware Company

Explore the benefits and features of advanced logistics management software for businesses in Riyadh. This guide delves into the latest technologies, from real-time tracking and route optimization to warehouse management and inventory control, helping businesses streamline their logistics operations and reduce costs. Learn how implementing the right software solution can enhance efficiency, improve customer satisfaction, and provide a competitive edge in the growing logistics sector of Riyadh.

#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025BookNet Canada

Book industry standards are evolving rapidly. In the first part of this session, we’ll share an overview of key developments from 2024 and the early months of 2025. Then, BookNet’s resident standards expert, Tom Richardson, and CEO, Lauren Stewart, have a forward-looking conversation about what’s next. Link to recording, transcript, and accompanying resource: https://bnctechforum.ca/sessions/standardsgoals-for-2025-standards-certification-roundup/ Presented by BookNet Canada on May 6, 2025 with support from the Department of Canadian Heritage.

Procurement Insights Cost To Value Guide.pptxJon Hansen

AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...SOFTTECHHUB

I started my online journey with several hosting services before stumbling upon Ai EngineHost. At first, the idea of paying one fee and getting lifetime access seemed too good to pass up. The platform is built on reliable US-based servers, ensuring your projects run at high speeds and remain safe. Let me take you step by step through its benefits and features as I explain why this hosting solution is a perfect fit for digital entrepreneurs.

Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Aqusag Technologies

Greenhouse_Monitoring_Presentation.pptx.hpbmnnxrvb

The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfAbi john

IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...organizerofv

Semantic Cultivators : The Critical Future Role to Enable AIartmondano

TrsLabs - Fintech Product & Business ConsultingTrs Labs

Hybrid Growth Mandate Model with TrsLabs Strategic Investments, Inorganic Growth, Business Model Pivoting are critical activities that business don't do/change everyday. In cases like this, it may benefit your business to choose a temporary external consultant. An unbiased plan driven by clearcut deliverables, market dynamics and without the influence of your internal office equations empower business leaders to make right choices. Getting things done within a budget within a timeframe is key to Growing Business - No matter whether you are a start-up or a big company Talk to us & Unlock the competitive advantage

Mobile App Development Company in Saudi ArabiaSteve Jonas

EmizenTech is a globally recognized software development company, proudly serving businesses since 2013. With over 11+ years of industry experience and a team of 200+ skilled professionals, we have successfully delivered 1200+ projects across various sectors. As a leading Mobile App Development Company In Saudi Arabia we offer end-to-end solutions for iOS, Android, and cross-platform applications. Our apps are known for their user-friendly interfaces, scalability, high performance, and strong security features. We tailor each mobile application to meet the unique needs of different industries, ensuring a seamless user experience. EmizenTech is committed to turning your vision into a powerful digital product that drives growth, innovation, and long-term success in the competitive mobile landscape of Saudi Arabia.

Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Impelsys Inc.

Splunk Security Update | Public Sector Summit Germany 2025Splunk

Cybersecurity Identity and Access Solutions using Azure ADVICTOR MAESTRE RAMIREZ

Manifest Pre-Seed Update | A Humanoid OEM Deeptech In Francechb3

TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc

Cyber Awareness overview for 2025 month of securityriccardosl1

Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul

Heap, Types of Heap, Insertion and DeletionJaydeep Kale

Special Meetup Edition - TDX Bengaluru Meetup #52.pptxshyamraj55

Complete Guide to Advanced Logistics Management Software in Riyadh.pdfSoftware Company

#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025BookNet Canada

Procurement Insights Cost To Value Guide.pptxJon Hansen

AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...SOFTTECHHUB

Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Aqusag Technologies

Greenhouse_Monitoring_Presentation.pptx.hpbmnnxrvb

The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfAbi john

IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...organizerofv

Semantic Cultivators : The Critical Future Role to Enable AIartmondano

TrsLabs - Fintech Product & Business ConsultingTrs Labs

Mobile App Development Company in Saudi ArabiaSteve Jonas

Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Impelsys Inc.

Splunk Security Update | Public Sector Summit Germany 2025Splunk

GKE vs OpenStack Magnum

1. GOOGLE CONTAINER ENGINE VS OPENSTACKOTSUKA, YUANYING/MOTOHIRO

2. 自己紹介 OTSUKA, YUANYING ▸ Twitter @yuanying ▸ OpenStack ▸ Magnum Core Reviewer ▸ Zun(Higgins) Core Reviewer ▸ NEC Solution Innovators ▸ OpenStack Community Team

3. WHAT IS

4. WHAT IS MAGNUM

5. $ gcloud container clusters -h Usage: gcloud container clusters [optional flags] <command> command may be create | delete | describe | get-credentials | list | resize | update | upgrade Deploy and teardown Google Container Engine clusters. commands: create Create a cluster for running containers. delete Delete an existing cluster for running containers. describe Describe an existing cluster for running containers. get-credentials Fetch credentials for a running cluster. list List existing clusters for running containers. resize Resizes an existing cluster for running containers. update Update cluster settings for an existing container cluster. upgrade Upgrade the Kubernetes version of an existing container cluster.

6. 閑話休題

7. $ gcloud container clusters create help

8. $ gcloud container clusters create help Creating cluster help...-

9. $ gcloud container clusters create help Creating cluster help…- Created [https://container.googleapis.co kubeconfig entry generated for help. NAME ZONE MASTER_VERSION help asia-east1-a 1.2.4

10. # Google Container Engine $ gcloud container clusters create -h MAGNUM と GKE がどれだけ似ているのか？

11. HOW TO USE 1.CREATE BAYMODEL 2.CREATE BAY 3.CONFIGURE KUBECTL Hynek Moravec; modified by Generalpoteito - Wikimedia Commons, image under Creative Commons Attribution 2.5

12. BAY == CLUSTER Adrian Otto WHAT IS MAGNUM?

13. WHAT IS MAGNUM? MAGNUM RESOURCES BAYMODEL BAY NODE BAY のテンプレート KUBERNETES クラスタークラスターを構成する(仮想)マシン

14. $ $ gcloud container clusters create k8s-cluster

15. $ magnum baymodel-create —name k8smodel —image-id fedora-atomic-latest —keypair-id default —external-network-id public —coe kubernetes $ magnum bay-create —name k8s-cluster —baymodel k8smodel $ gcloud container clusters create k8s-cluster

16. $ magnum baymodel-create —name k8smodel —image-id fedora-atomic-latest —keypair-id default —external-network-id public —coe kubernetes $ magnum bay-create —name k8s-cluster —baymodel k8smodel $ gcloud container clusters create k8s-cluster Win!!

17. $ … (前略) … $ magnum bay-create —name k8s-cluster —baymodel k8smodel $ gcloud container clusters create k8s-cluster $ kubectl create -f nginx.yml

18. $ openssl genrsa -out client.key 4096 $ gcloud container clusters create k8s-cluster $ kubectl create -f nginx.yml

19. $ cat > client.conf << END [req] distinguished_name = req_distinguished_name req_extensions = req_ext prompt = no [req_distinguished_name] CN = Your Name [req_ext] extendedKeyUsage = clientAuth END $ gcloud container clusters create k8s-cluster $ kubectl create -f nginx.yml

20. $ openssl req -new -days 365 -config client.conf -key client.key -out client.csr $ magnum ca-sign --bay k8s-cluster --csr client.csr > client.crt $ magnum ca-show --bay k8s-cluster > ca.crt $ gcloud container clusters create k8s-cluster $ kubectl create -f nginx.yml

21. $ kubectl config set-cluster k8sbay —server=${KUBERNETES_URL} --certificate-authority=$(pwd)/ca.crt $ kubectl config set-credentials client —certificate-authority=$(pwd)/ca.crt --client-key=$(pwd)/client.key —client-certificate=$(pwd)/client.crt $ kubectl config set-context k8sbay —cluster=k8sbay --user=client $ kubectl config use-context k8sbay $ gcloud container clusters create k8s-cluster $ kubectl create -f nginx.yml

22. $ … (前略) … $ magnum bay-create —name k8s-cluster —baymodel k8smodel $ … (中略) … $ kubectl create -f nginx.yml $ gcloud container clusters create k8s-cluster $ kubectl create -f nginx.yml

23. $ … (前略) … $ magnum bay-create —name k8s-cluster —baymodel k8smodel $ … (中略) … $ kubectl create -f nginx.yml $ gcloud container clusters create k8s-cluster $ kubectl create -f nginx.yml チョット面倒な手順があるけど、余計な部分を省けばトッテモ似てる！

24. $ … (前略) … $ magnum bay-create —name k8s-cluster —baymodel k8smodel $ … (中略) … $ kubectl create -f nginx.yml $ gcloud container clusters create k8s-cluster $ kubectl create -f nginx.yml

25. Magnum GKE Container Orchestration Kubernetes Docker Swarm Mesos Kubernetes Platform OpenStack GCP Usability チョット悪い Magnum より良い OSS Yes! Kubernetes ありがとう

26. WHAT IS MAGNUM? MAGNUM の今後 ▸OpenStack 統合 ▸Keystone 連携 ▸Kubernetesの認証 ▸Keystone Trust ▸Cinder 連携 ▸Container Volume ▸Neutron 連携 ▸Container Network ▸LBaaS

27. WHAT IS MAGNUM? MAGNUM の今後 ▸ノードマネジメント ▸gcloud container node-pools 相当機能 ▸プロダクションでの利用 ▸Rackspace Carina / Docker Swarm ▸CERN / Kubernetes ▸NASA? / Mesos

28. THANKS! Yuanying OPENSTACK MAGNUM

Editor's Notes

#2: なんとなく、と云うタイトルにしてみましたが煽ってるつもりはない。戦ったら負けそうだし。というか、どっちサイドで物をしゃべっているかというと、
#3: OpenStack の Magnum と云うコンポーネントと、Zun と云うコンポーネントで、コアレビューアと云う肩書きで活動しています。この Magnum と云うコンポーネントに残っているコアレビューアの中では 3番目に古いコントリビュータです。で、こういう活動をどうして行っているかというと、NEC の OpenStack コミュニティチームというところで、NEC からの OpenStack への貢献を目的として行っています。
#4: そもそも自分は OpenStack の知名度をよくわかってなくて、、、エンタープライズ色が強そうなので、興味ない人は知らない気がしてならないのですが、 OpenStack は IaaS を構築するためのミドルウェアで、オープンソースソフトウェアです。一言で言うと、Amazon の AWS や Google Cloud Platform の OSS 版です。
#5: それじゃあ、Magnum は何か？っていうと、OpenStack は Computing や Networking, Storage などの幾つかのコンポーネントから成り立っているソフトウェアなのですが、その OpenStack 上で Kubernetes や Docker Swarm などのクラスターを構築、管理するためのコンポーネントです。
#6: 早い話が、OpenStack における gcloud コマンドの container clusters サブコマンド相当を担当するコンポーネントです。
#10: cluster 作るとお金かかるんで、なんかのネタにしてやろうとこのLTに入れました。
#11: まあ、それはそれとして、「gcloud コマンドの container clusters サブコマンド相当を担当するコンポーネントです」と言いましたが、Magnum がそれじゃあどれだけ Google Container Engine と似ているのか？というのを比較して、GKE と Magnum を勝負させてみようかと思います。あ、念のため先に言っておきますが、クラスターを作る速度とか、なんちゃらのスループットとかを見るつもりはないです。
#12: で、そもそも Magnum をどう使うか、の軽い説明をすると、 1、2、3。という流れになります。いや、けどそもそも Bay ってなんだ？
#13: Magnum の Founder の Adrian Otto っていう人が多分命名した言葉で、ぶっちゃけ Kubernetes や Docker Swarm のクラスターのことです。多分 Pod を格納することから来たのかと。
#14: Magnum は Kubernetes のクラスターを管理するために三つのリソースを定義してます。一つ目が Baymodel、これは Bay のテンプレートで、同じ設定の Bay をいくつも作るときに便利。主に開発時にしか使わないですが…。そして、Bay これは Kubernetes のクラスターとほぼ同一。そして Node、これはクラスターを構成する仮想マシンです。
#15: そうすると、gcloud container clusters create コマンド相当のことを Magnum でやろうとすると、、、
#16: Baymodel を定義して、Bay を作成、という流れになります。gcloud の場合はほぼ設定がデフォルトで動くのに対して、Magnum の方は幾つか必須のパラメータがありますね…。しかもコマンドを2回も叩かなければならない。
#18: では、クラスターが作成されたので実際に kubectl を使って Pod を作成してみましょう。GKE の場合は、すでに自動的に認証情報や、どのクラスターを操作するのかなどの情報が設定されているので、そのまま、使うだけですね。じゃあ、Magnum ではどうかというと…。
#19: クライアント認証に使う x509 のキーペアを自分で作成しなくちゃいけません…。まず、秘密鍵を作って、、、
#20: CSR を作成するためのコンフィグを作って…、
#21: CSR を作成、Magnum に証明書を要求します。
#22: キーペアを作成したらどの認証情報を使ってどのクラスターに接続するのかを設定します…。
#23: 要約すると、、、
#25: まあ、勝敗は、、どっちが勝ったとか、どうでもいいですよね、実際！

GKE vs OpenStack Magnum

Recommended

More Related Content

What's hot (20)

Viewers also liked (6)

Similar to GKE vs OpenStack Magnum (20)

Recently uploaded (20)

GKE vs OpenStack Magnum

Editor's Notes