SlideShare a Scribd company logo

K8s best practices from the field!

Download as PPTX, PDF
DoiT International
DoiT International

Learn from the dozens of large-scale deployments how to get the most out of your Kubernetes environment: - Container images optimization - Organizing namespaces - Readiness and Liveness probes - Resource requests and limits - Failing with grace - Mapping external services - Upgrading clusters with zero downtime

1 of 43
Downloaded 41 times
Kubernetes Best Practices Aggregated experience of working on large scale deployments vadim@doit-intl.com, CTO at DoiT International
DoiT International Vadim Solovey
Vadim Solovey // vadim@doit-intl.com Tel-Aviv San Francisco New York Athens, GR Warsaw, PL
“Cloud Consultancy helping startups around the globe with cloud engineering & cost optimization” Tremendous Investment in OSS:
Agenda ➔ Container images optimization ➔ Organizing namespaces ➔ Readiness and Liveness probes ➔ Resource requests and limits ➔ Failing with grace ➔ Mapping external services ➔ Upgrading clusters with zero downtime
DoIT International confidential │ Do not distribute Part I after all, the size matters! Building small containers
build small container images Node.js App Your app: 5 MB Your app dependencies: 95 MB Total app size: 100 MB Docker Base Images node:onbuild → 699 MB node:8 → 667 MB node:8-wheezy → 521 MB node:8-slim → 225 MB node:alpine → 63 MB scratch → 50 MB Pros Faster builds Need less storage Image pulls are faster Smaller attach surface Cons Less tooling inside containers “Non-Standard” environment
containerizing interpreted languages Dockerfile 1 FROM node:onbuild EXPOSE 8080 Dockerfile 2 FROM node:alpine WORKDIR /app COPY package.json /app/package.json RUN npm install --production COPY server.js /app/server.js EXPOSE 8080 CMD npm start
practice “builder pattern” for compiled languages compiler dev tools unit tests etc Build Container binaries static files bundles compiled code Build Artifact/s runtime env debug/monitoring tools Runtime Container Code →
practice builder pattern for compiled languages Dockerfile 1 FROM golang:onbuild EXPOSE 8080 Dockerfile 2 FROM golang:alpine WORKDIR /app ADD . /app RUN cd /app && go build -o goapp EXPOSE 8080 ENTRYPOINT ./goapp
practice builder pattern for compiled languages FROM golang:alpine AS build-env WORKDIR /app ADD . /app RUN cd /app && go build -o goapp FROM alpine RUN apk update && apk add ca-certificates && update-ca-certificates && rm -rf /var/cache/apk/* WORKDIR /app COPY --from=build-env /app/goapp /app EXPOSE 8080 ENTRYPOINT ./goapp
performance on smaller images golang onbuild: 35 Seconds golang multistage: 23 Seconds Build: golang onbuild: 15 Seconds golang multistage: 14 Seconds Push: golang onbuild: 26 Seconds golang multistage: 6 Seconds Pull: 4-core machine golang onbuild: 54 seconds golang multistage: 28 seconds Build: golang onbuild: 48 Seconds golang multistage: 16 seconds Push: golang onbuild: 52 seconds golang multistage: 6 seconds Pull: Macbook Pro
security and vulnerabilities
tooling & container internals Use non-root user inside container: FROM node:alpine RUN apk update && apk add imagmagic RUN groupadd -r nodejs RUN useradd -m -r -g nodejs nodejs USER nodejs Then, enforce it: apiVersion:v1 kind:Pod SecurityContext: RunAsNonRoot: true Make the filesystem read-only SecurityContext: RunAsNonRoot: true ReadOnlyRootFilesystem: true More tips one process per container dont’ restart on failure - better to crash cleanly log to stdout and stderr add “dumb-init” to prevent zombie processes (no need in k8s 1.7+) forget :latest (or no tags) use the “--record” option
DoIT International confidential │ Do not distribute Part II say my name(space)! Kubernetes with Namespaces
use namespaces! out-of-the box namespaces ➔ Default (active namespace) ➔ kube-system (k8s components) ➔ kube-public (public resources). cross namespace communication hidden one from another not isolated can reuse service names ↓ <service>.<namespace>.svc.cluster.local explicit & active namespaces kubectl apply -f pod.yaml -- namespace=test kubectl get pods --namespace=test use kubens to switch between active namespaces best practices small team → use “default” namespace growing team → namespace/s per team large company → namespaces per team with rbac and resourcequotas
DoIT International confidential │ Do not distribute Part III are you feeling well, honey? Kubernetes Health Checks
types of health checks readiness probes ➔ by default, k8s is starting to send traffic as soon as the process starts ➔ send or stop sending traffic ➔ let k8s know when your app has fully started & ready to serve traffic liveness probes ➔ by default, when process is running, k8s will keep sending traffic to pod ➔ let live or kill and restart ➔ is an app dead or alive?
readiness probes
liveness probes
probes types spec: containers: -name: liveness livenessProbe: httpGet: path: /healthz port: 8080 http command tcp spec: containers: -name: liveness livenessProbe: exec: command: - myprogram spec: containers: -name: liveness livenessProbe: tcpSocker: Port: 8080
configuring probes ➔ initialDelaySeconds → very important to set with Liveness probes to prevent your pods from crashing on start. Use the p99 startup time. ➔ periodSeconds ➔ timeoutSeconds ➔ successThreshold ➔ failureThreshold
DoIT International confidential │ Do not distribute Part IV oh, but I want more! Resource Requests & Limits
requests and limits 150MB memory 1.0 cpu 100MB memory 0.5 cpu request limit containers: -name: container1 image: busybox resources: requests: memory: “32Mi” cpu: “200m” limits: memory: “64Mi” cpu: “250m” cpu - measured in milicores (i.e. 2000 is 2 cpu) & is “compressible” resource memory - measured in bytes & is “not compressible” resource
namespace settings | ResourceQuotas apiVersion: v1 kind: ResourceQuota metadata: name: compute-resources spec: hard: pods: "4" requests.cpu: "500m" requests.memory: 1Gi limits.cpu: "700m" limits.memory: 2Gi requests.nvidia.com/gpu: 4 production (no quotas) development (strict quotas) aggregative limits on namespace level best practice
namespace settings | LimitRange apiVersion: v1 kind: LimitRange metadata: name: mem-limit-range spec: limits: - default: memory: 512Mi cpu: 100m defaultRequest: memory: 256Mi - max: memory: 512Mi cpu: 100m - min: memory: 512Mi cpu: 100m type: Container imposes limits on individual pods within ns Cation! if “max” or “min” is set but “default” is not set, the max/min becomes the default
pod lifecycle Node 1 Node 2 POD POD POD POD POD POD
pod lifecycle | cluster autoscaling (gke only) Node 1 Node 2 POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD Node 3 POD POD
overcommitment 150MB memory 1.0 cpu 100MB memory 0.5 cpu request limit Memory Overcommitment If pods are using more than requested are prime candidates for termination Pod 1 priority: 1 Pod 2 priority: 1 Pod 3 priority: 1 Pod 4 priority: 2 Termination by priority ranking: If all pods have the same priority, the pod going most over the request will get terminated
DoIT International confidential │ Do not distribute Part V killing me softly... Terminating with grace
terminating with grace limitthe pre-container world kubernetes:
kubernetes termination lifecycle perfectly healthy pods might get terminated for many reasons: ➔ rolling updates ➔ node drains ➔ node runs out of resources it’s important to handle termination with grace ➔ write out data ➔ close connections ➔ etc..
handling termination with grace in practice what happens when pod is getting terminated? ➔ it stops getting new traffic ➔ process is still running ➔ SIGTERM is sent TERMINATIN G
handling termination with grace in practice if your app doesn’t handle SIGTERM signal well, use preStop Hook ➔ exec - i.e. “nginx -s quit” ➔ http - executes request to a specific endpoint in your app terminationGracePeriodSeconds controls how long K8s will wait until pod terminates with grace
DoIT International confidential │ Do not distribute Part VI it’s a beautiful world out there... Mapping External Resources
connecting to external services (w/ known ip addresses) use built-in K8s service discovery for external services: databases running outside of K8s are common examples kind: Service metadata: name: mongo spec: Type: ClusterIP ports: - port: 5000 targetport: 5000 kind: Endpoints metadata: name: mongo subsets: - addresses - ip: 10.240.0.4 ports: - port: 5000mongodb://mongo connection string:
connecting to external services (wo/ known ip addresses) use built-in service discovery for external services without known ip addresses: databases running outside of K8s are common examples kind: Service metadata: name: mongo spec: Type: ExternalName externalName: ds776261.mlab.com mongodb://<dbuser>:<dbpassword>@mongo:<port>/dev connection string:
DoIT International confidential │ Do not distribute Part VII it’s time to refresh yourself... Upgrading Cluster with Zero Downtime
upgrading the master minor versions are being upgraded automatically however, point releases (1.7 to 1.8) won’t be and you need to initiate them manually. Note the warning: Use Regional Clusters:
upgrading the nodes w/ rolling updates
upgrading the nodes w/ rolling updates each node is drained, cordoned and then deleted & new node is created IMPORTANT: make sure your pods are managed by ReplicaSet, Deployment, StatefulSet or similar as standalone pods won’t be rescheduled Cons: ➔ Less capacity during upgrade ➔ Less control over the process ➔ Longer rollback
upgrading the nodes w/ node pools create new node pool w/ new version and migrate the pods to the new pool $ kubectl get nodes gke-cluster-1-default-pool-7d6b79ce-0s6z Ready 3h gke-cluster-1-default-pool-7d6b79ce-9kkm Ready 3h gke-cluster-1-default-pool-7d6b79ce-j6ch Ready 3h $ gcloud container node-pools create pool-two $ kubectl get nodes gke-cluster-1-pool-two-9ca78aa9–5gmk Ready 1m gke-cluster-1-pool-two-9ca78aa9–5w6w Ready 1m gke-cluster-1-pool-two-9ca78aa9-v88c Ready 1m gke-cluster-1-default-pool-7d6b79ce-0s6z Ready 3h gke-cluster-1-default-pool-7d6b79ce-9kkm Ready 3h gke-cluster-1-default-pool-7d6b79ce-j6ch Ready 3h $ kubectl cordon <node_name> $ kubectl drain <node_name> --force
DoIT International confidential │ Do not distribute Thank you and checkout our careers.doit-intl.com page! vadim@doit-intl.com
Ad

Recommended

Kubernetes Ingress 101
Kubernetes Ingress 101Kubernetes Ingress 101
Kubernetes Ingress 101
Kublr
 
Kubernetes basics and hands on exercise
Kubernetes basics and hands on exerciseKubernetes basics and hands on exercise
Kubernetes basics and hands on exercise
Cloud Technology Experts
 
From Code to Kubernetes
From Code to KubernetesFrom Code to Kubernetes
From Code to Kubernetes
Daniel Oliveira Filho
 
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Orchestration tool roundup kubernetes vs. docker vs. heat vs. terra form vs...
Nati Shalom
 
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
Cloud Native Day Tel Aviv
 
Kubernetes Node Deep Dive
Kubernetes Node Deep DiveKubernetes Node Deep Dive
Kubernetes Node Deep Dive
Lei (Harry) Zhang
 
Kubernetes debug like a pro
Kubernetes debug like a proKubernetes debug like a pro
Kubernetes debug like a pro
Gianluca Arbezzano
 
Kubernetes - Starting with 1.2
Kubernetes - Starting with 1.2Kubernetes - Starting with 1.2
Kubernetes - Starting with 1.2
William Stewart
 
Kubernetes persistence 101
Kubernetes persistence 101Kubernetes persistence 101
Kubernetes persistence 101
Kublr
 
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1
Etsuji Nakai
 
Kubernetes Architecture - beyond a black box - Part 2
Kubernetes Architecture - beyond a black box - Part 2Kubernetes Architecture - beyond a black box - Part 2
Kubernetes Architecture - beyond a black box - Part 2
Hao H. Zhang
 
Kubernetes intro public - kubernetes meetup 4-21-2015
Kubernetes intro public - kubernetes meetup 4-21-2015Kubernetes intro public - kubernetes meetup 4-21-2015
Kubernetes intro public - kubernetes meetup 4-21-2015
Rohit Jnagal
 
Managing kubernetes deployment with operators
Managing kubernetes deployment with operatorsManaging kubernetes deployment with operators
Managing kubernetes deployment with operators
Cloud Technology Experts
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetes
Dongwon Kim
 
Kubernetes - State of the Union (Q1-2016)
Kubernetes - State of the Union (Q1-2016)Kubernetes - State of the Union (Q1-2016)
Kubernetes - State of the Union (Q1-2016)
DoiT International
 
Remote secured storage
Remote secured storageRemote secured storage
Remote secured storage
Salo Shp
 
Enabling ceph-mgr to control Ceph services via Kubernetes
Enabling ceph-mgr to control Ceph services via KubernetesEnabling ceph-mgr to control Ceph services via Kubernetes
Enabling ceph-mgr to control Ceph services via Kubernetes
mountpoint.io
 
Scaling Microservices with Kubernetes
Scaling Microservices with KubernetesScaling Microservices with Kubernetes
Scaling Microservices with Kubernetes
Deivid Hahn Fração
 
KubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant KubernetesKubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant Kubernetes
KubeAcademy
 
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
NETWAYS
 
Microservices , Docker , CI/CD , Kubernetes Seminar - Sri Lanka
Microservices , Docker , CI/CD , Kubernetes Seminar - Sri Lanka Microservices , Docker , CI/CD , Kubernetes Seminar - Sri Lanka
Microservices , Docker , CI/CD , Kubernetes Seminar - Sri Lanka
Mario Ishara Fernando
 
(Draft) Kubernetes - A Comprehensive Overview
(Draft) Kubernetes - A Comprehensive Overview(Draft) Kubernetes - A Comprehensive Overview
(Draft) Kubernetes - A Comprehensive Overview
Bob Killen
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
Krishna-Kumar
 
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
Brian Grant
 
Handling Redis failover with ZooKeeper
Handling Redis failover with ZooKeeperHandling Redis failover with ZooKeeper
Handling Redis failover with ZooKeeper
ryanlecompte
 
Intro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on KubernetesIntro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on Kubernetes
Kublr
 
Proactive ops for container orchestration environments
Proactive ops for container orchestration environmentsProactive ops for container orchestration environments
Proactive ops for container orchestration environments
Docker, Inc.
 
DevOps with Kubernetes
DevOps with KubernetesDevOps with Kubernetes
DevOps with Kubernetes
EastBanc Tachnologies
 
Kubernetes - training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burntKubernetes - training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burnt
Amir Moghimi
 
Scaling Docker Containers using Kubernetes and Azure Container Service
Scaling Docker Containers using Kubernetes and Azure Container ServiceScaling Docker Containers using Kubernetes and Azure Container Service
Scaling Docker Containers using Kubernetes and Azure Container Service
Ben Hall
 
Ad

More Related Content

What's hot (20)

Kubernetes persistence 101
Kubernetes persistence 101Kubernetes persistence 101
Kubernetes persistence 101
Kublr
 
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1
Etsuji Nakai
 
Kubernetes Architecture - beyond a black box - Part 2
Kubernetes Architecture - beyond a black box - Part 2Kubernetes Architecture - beyond a black box - Part 2
Kubernetes Architecture - beyond a black box - Part 2
Hao H. Zhang
 
Kubernetes intro public - kubernetes meetup 4-21-2015
Kubernetes intro public - kubernetes meetup 4-21-2015Kubernetes intro public - kubernetes meetup 4-21-2015
Kubernetes intro public - kubernetes meetup 4-21-2015
Rohit Jnagal
 
Managing kubernetes deployment with operators
Managing kubernetes deployment with operatorsManaging kubernetes deployment with operators
Managing kubernetes deployment with operators
Cloud Technology Experts
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetes
Dongwon Kim
 
Kubernetes - State of the Union (Q1-2016)
Kubernetes - State of the Union (Q1-2016)Kubernetes - State of the Union (Q1-2016)
Kubernetes - State of the Union (Q1-2016)
DoiT International
 
Remote secured storage
Remote secured storageRemote secured storage
Remote secured storage
Salo Shp
 
Enabling ceph-mgr to control Ceph services via Kubernetes
Enabling ceph-mgr to control Ceph services via KubernetesEnabling ceph-mgr to control Ceph services via Kubernetes
Enabling ceph-mgr to control Ceph services via Kubernetes
mountpoint.io
 
Scaling Microservices with Kubernetes
Scaling Microservices with KubernetesScaling Microservices with Kubernetes
Scaling Microservices with Kubernetes
Deivid Hahn Fração
 
KubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant KubernetesKubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant Kubernetes
KubeAcademy
 
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
NETWAYS
 
Microservices , Docker , CI/CD , Kubernetes Seminar - Sri Lanka
Microservices , Docker , CI/CD , Kubernetes Seminar - Sri Lanka Microservices , Docker , CI/CD , Kubernetes Seminar - Sri Lanka
Microservices , Docker , CI/CD , Kubernetes Seminar - Sri Lanka
Mario Ishara Fernando
 
(Draft) Kubernetes - A Comprehensive Overview
(Draft) Kubernetes - A Comprehensive Overview(Draft) Kubernetes - A Comprehensive Overview
(Draft) Kubernetes - A Comprehensive Overview
Bob Killen
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
Krishna-Kumar
 
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
Brian Grant
 
Handling Redis failover with ZooKeeper
Handling Redis failover with ZooKeeperHandling Redis failover with ZooKeeper
Handling Redis failover with ZooKeeper
ryanlecompte
 
Intro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on KubernetesIntro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on Kubernetes
Kublr
 
Proactive ops for container orchestration environments
Proactive ops for container orchestration environmentsProactive ops for container orchestration environments
Proactive ops for container orchestration environments
Docker, Inc.
 
DevOps with Kubernetes
DevOps with KubernetesDevOps with Kubernetes
DevOps with Kubernetes
EastBanc Tachnologies
 
Kubernetes persistence 101
Kubernetes persistence 101Kubernetes persistence 101
Kubernetes persistence 101
Kublr
 
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1
Architecture Overview: Kubernetes with Red Hat Enterprise Linux 7.1
Etsuji Nakai
 
Kubernetes Architecture - beyond a black box - Part 2
Kubernetes Architecture - beyond a black box - Part 2Kubernetes Architecture - beyond a black box - Part 2
Kubernetes Architecture - beyond a black box - Part 2
Hao H. Zhang
 
Kubernetes intro public - kubernetes meetup 4-21-2015
Kubernetes intro public - kubernetes meetup 4-21-2015Kubernetes intro public - kubernetes meetup 4-21-2015
Kubernetes intro public - kubernetes meetup 4-21-2015
Rohit Jnagal
 
Managing kubernetes deployment with operators
Managing kubernetes deployment with operatorsManaging kubernetes deployment with operators
Managing kubernetes deployment with operators
Cloud Technology Experts
 
Docker and kubernetes
Docker and kubernetesDocker and kubernetes
Docker and kubernetes
Dongwon Kim
 
Kubernetes - State of the Union (Q1-2016)
Kubernetes - State of the Union (Q1-2016)Kubernetes - State of the Union (Q1-2016)
Kubernetes - State of the Union (Q1-2016)
DoiT International
 
Remote secured storage
Remote secured storageRemote secured storage
Remote secured storage
Salo Shp
 
Enabling ceph-mgr to control Ceph services via Kubernetes
Enabling ceph-mgr to control Ceph services via KubernetesEnabling ceph-mgr to control Ceph services via Kubernetes
Enabling ceph-mgr to control Ceph services via Kubernetes
mountpoint.io
 
Scaling Microservices with Kubernetes
Scaling Microservices with KubernetesScaling Microservices with Kubernetes
Scaling Microservices with Kubernetes
Deivid Hahn Fração
 
KubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant KubernetesKubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant Kubernetes
KubeAcademy
 
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
NETWAYS
 
Microservices , Docker , CI/CD , Kubernetes Seminar - Sri Lanka
Microservices , Docker , CI/CD , Kubernetes Seminar - Sri Lanka Microservices , Docker , CI/CD , Kubernetes Seminar - Sri Lanka
Microservices , Docker , CI/CD , Kubernetes Seminar - Sri Lanka
Mario Ishara Fernando
 
(Draft) Kubernetes - A Comprehensive Overview
(Draft) Kubernetes - A Comprehensive Overview(Draft) Kubernetes - A Comprehensive Overview
(Draft) Kubernetes - A Comprehensive Overview
Bob Killen
 
Evolution of containers to kubernetes
Evolution of containers to kubernetesEvolution of containers to kubernetes
Evolution of containers to kubernetes
Krishna-Kumar
 
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
WSO2Con US 2015 Kubernetes: a platform for automating deployment, scaling, an...
Brian Grant
 
Handling Redis failover with ZooKeeper
Handling Redis failover with ZooKeeperHandling Redis failover with ZooKeeper
Handling Redis failover with ZooKeeper
ryanlecompte
 
Intro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on KubernetesIntro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on Kubernetes
Kublr
 
Proactive ops for container orchestration environments
Proactive ops for container orchestration environmentsProactive ops for container orchestration environments
Proactive ops for container orchestration environments
Docker, Inc.
 
DevOps with Kubernetes
DevOps with KubernetesDevOps with Kubernetes
DevOps with Kubernetes
EastBanc Tachnologies
 

Similar to K8s best practices from the field! (20)

Kubernetes - training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burntKubernetes - training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burnt
Amir Moghimi
 
Scaling Docker Containers using Kubernetes and Azure Container Service
Scaling Docker Containers using Kubernetes and Azure Container ServiceScaling Docker Containers using Kubernetes and Azure Container Service
Scaling Docker Containers using Kubernetes and Azure Container Service
Ben Hall
 
Dockers zero to hero
Dockers zero to heroDockers zero to hero
Dockers zero to hero
Nicolas De Loof
 
Deploying windows containers with kubernetes
Deploying windows containers with kubernetesDeploying windows containers with kubernetes
Deploying windows containers with kubernetes
Ben Hall
 
Meetup 12-12-2017 - Application Isolation on Kubernetes
Meetup 12-12-2017 - Application Isolation on KubernetesMeetup 12-12-2017 - Application Isolation on Kubernetes
Meetup 12-12-2017 - Application Isolation on Kubernetes
dtoledo67
 
Cluster management with Kubernetes
Cluster management with KubernetesCluster management with Kubernetes
Cluster management with Kubernetes
Satnam Singh
 
Scaleable PHP Applications in Kubernetes
Scaleable PHP Applications in KubernetesScaleable PHP Applications in Kubernetes
Scaleable PHP Applications in Kubernetes
Robert Lemke
 
Kubernetes
KubernetesKubernetes
Kubernetes
Linjith Kunnon
 
Scaling docker with kubernetes
Scaling docker with kubernetesScaling docker with kubernetes
Scaling docker with kubernetes
Liran Cohen
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container Networking
Docker, Inc.
 
I Just Want to Run My Code: Waypoint, Nomad, and Other Things
I Just Want to Run My Code: Waypoint, Nomad, and Other ThingsI Just Want to Run My Code: Waypoint, Nomad, and Other Things
I Just Want to Run My Code: Waypoint, Nomad, and Other Things
Michael Lange
 
Web scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannelWeb scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannel
purpleocean
 
Kubernetes best practices
Kubernetes best practicesKubernetes best practices
Kubernetes best practices
Bill Liu
 
A hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackA hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stack
QAware GmbH
 
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
Mario-Leander Reimer
 
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
QAware GmbH
 
Demystfying container-networking
Demystfying container-networkingDemystfying container-networking
Demystfying container-networking
Balasundaram Natarajan
 
betterCode Workshop: Effizientes DevOps-Tooling mit Go
betterCode Workshop: Effizientes DevOps-Tooling mit GobetterCode Workshop: Effizientes DevOps-Tooling mit Go
betterCode Workshop: Effizientes DevOps-Tooling mit Go
QAware GmbH
 
The Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeThe Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud Native
Ben Hall
 
Dayta AI Seminar - Kubernetes, Docker and AI on Cloud
Dayta AI Seminar - Kubernetes, Docker and AI on CloudDayta AI Seminar - Kubernetes, Docker and AI on Cloud
Dayta AI Seminar - Kubernetes, Docker and AI on Cloud
Jung-Hong Kim
 
Kubernetes - training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burntKubernetes - training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burnt
Amir Moghimi
 
Scaling Docker Containers using Kubernetes and Azure Container Service
Scaling Docker Containers using Kubernetes and Azure Container ServiceScaling Docker Containers using Kubernetes and Azure Container Service
Scaling Docker Containers using Kubernetes and Azure Container Service
Ben Hall
 
Dockers zero to hero
Dockers zero to heroDockers zero to hero
Dockers zero to hero
Nicolas De Loof
 
Deploying windows containers with kubernetes
Deploying windows containers with kubernetesDeploying windows containers with kubernetes
Deploying windows containers with kubernetes
Ben Hall
 
Meetup 12-12-2017 - Application Isolation on Kubernetes
Meetup 12-12-2017 - Application Isolation on KubernetesMeetup 12-12-2017 - Application Isolation on Kubernetes
Meetup 12-12-2017 - Application Isolation on Kubernetes
dtoledo67
 
Cluster management with Kubernetes
Cluster management with KubernetesCluster management with Kubernetes
Cluster management with Kubernetes
Satnam Singh
 
Scaleable PHP Applications in Kubernetes
Scaleable PHP Applications in KubernetesScaleable PHP Applications in Kubernetes
Scaleable PHP Applications in Kubernetes
Robert Lemke
 
Kubernetes
KubernetesKubernetes
Kubernetes
Linjith Kunnon
 
Scaling docker with kubernetes
Scaling docker with kubernetesScaling docker with kubernetes
Scaling docker with kubernetes
Liran Cohen
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container Networking
Docker, Inc.
 
I Just Want to Run My Code: Waypoint, Nomad, and Other Things
I Just Want to Run My Code: Waypoint, Nomad, and Other ThingsI Just Want to Run My Code: Waypoint, Nomad, and Other Things
I Just Want to Run My Code: Waypoint, Nomad, and Other Things
Michael Lange
 
Web scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannelWeb scale infrastructures with kubernetes and flannel
Web scale infrastructures with kubernetes and flannel
purpleocean
 
Kubernetes best practices
Kubernetes best practicesKubernetes best practices
Kubernetes best practices
Bill Liu
 
A hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackA hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stack
QAware GmbH
 
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
Mario-Leander Reimer
 
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
QAware GmbH
 
Demystfying container-networking
Demystfying container-networkingDemystfying container-networking
Demystfying container-networking
Balasundaram Natarajan
 
betterCode Workshop: Effizientes DevOps-Tooling mit Go
betterCode Workshop: Effizientes DevOps-Tooling mit GobetterCode Workshop: Effizientes DevOps-Tooling mit Go
betterCode Workshop: Effizientes DevOps-Tooling mit Go
QAware GmbH
 
The Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeThe Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud Native
Ben Hall
 
Dayta AI Seminar - Kubernetes, Docker and AI on Cloud
Dayta AI Seminar - Kubernetes, Docker and AI on CloudDayta AI Seminar - Kubernetes, Docker and AI on Cloud
Dayta AI Seminar - Kubernetes, Docker and AI on Cloud
Jung-Hong Kim
 
Ad

More from DoiT International (18)

Terraform Modules Restructured
Terraform Modules RestructuredTerraform Modules Restructured
Terraform Modules Restructured
DoiT International
 
GAN training with Tensorflow and Tensor Cores
GAN training with Tensorflow and Tensor CoresGAN training with Tensorflow and Tensor Cores
GAN training with Tensorflow and Tensor Cores
DoiT International
 
Orchestrating Redis & K8s Operators
Orchestrating Redis & K8s OperatorsOrchestrating Redis & K8s Operators
Orchestrating Redis & K8s Operators
DoiT International
 
An Open-Source Platform to Connect, Manage, and Secure Microservices
An Open-Source Platform to Connect, Manage, and Secure MicroservicesAn Open-Source Platform to Connect, Manage, and Secure Microservices
An Open-Source Platform to Connect, Manage, and Secure Microservices
DoiT International
 
Is your Elastic Cluster Stable and Production Ready?
Is your Elastic Cluster Stable and Production Ready?Is your Elastic Cluster Stable and Production Ready?
Is your Elastic Cluster Stable and Production Ready?
DoiT International
 
Applying ML for Log Analysis
Applying ML for Log AnalysisApplying ML for Log Analysis
Applying ML for Log Analysis
DoiT International
 
GCP for AWS Professionals
GCP for AWS ProfessionalsGCP for AWS Professionals
GCP for AWS Professionals
DoiT International
 
Cloud Dataflow - A Unified Model for Batch and Streaming Data Processing
Cloud Dataflow - A Unified Model for Batch and Streaming Data ProcessingCloud Dataflow - A Unified Model for Batch and Streaming Data Processing
Cloud Dataflow - A Unified Model for Batch and Streaming Data Processing
DoiT International
 
AWS Cyber Security Best Practices
AWS Cyber Security Best PracticesAWS Cyber Security Best Practices
AWS Cyber Security Best Practices
DoiT International
 
Google Cloud Spanner Preview
Google Cloud Spanner PreviewGoogle Cloud Spanner Preview
Google Cloud Spanner Preview
DoiT International
 
Amazon Athena Hands-On Workshop
Amazon Athena Hands-On WorkshopAmazon Athena Hands-On Workshop
Amazon Athena Hands-On Workshop
DoiT International
 
AWS Athena vs. Google BigQuery for interactive SQL Queries
AWS Athena vs. Google BigQuery for interactive SQL QueriesAWS Athena vs. Google BigQuery for interactive SQL Queries
AWS Athena vs. Google BigQuery for interactive SQL Queries
DoiT International
 
Google BigQuery 101 & What’s New
Google BigQuery 101 & What’s NewGoogle BigQuery 101 & What’s New
Google BigQuery 101 & What’s New
DoiT International
 
Running Production-Grade Kubernetes on AWS
Running Production-Grade Kubernetes on AWSRunning Production-Grade Kubernetes on AWS
Running Production-Grade Kubernetes on AWS
DoiT International
 
Scaling Jenkins with Kubernetes by Ami Mahloof
Scaling Jenkins with Kubernetes by Ami MahloofScaling Jenkins with Kubernetes by Ami Mahloof
Scaling Jenkins with Kubernetes by Ami Mahloof
DoiT International
 
CI Implementation with Kubernetes at LivePerson by Saar Demri
CI Implementation with Kubernetes at LivePerson by Saar DemriCI Implementation with Kubernetes at LivePerson by Saar Demri
CI Implementation with Kubernetes at LivePerson by Saar Demri
DoiT International
 
Kubernetes @ Nanit by Chen Fisher
Kubernetes @ Nanit by Chen FisherKubernetes @ Nanit by Chen Fisher
Kubernetes @ Nanit by Chen Fisher
DoiT International
 
Dataflow - A Unified Model for Batch and Streaming Data Processing
Dataflow - A Unified Model for Batch and Streaming Data ProcessingDataflow - A Unified Model for Batch and Streaming Data Processing
Dataflow - A Unified Model for Batch and Streaming Data Processing
DoiT International
 
Terraform Modules Restructured
Terraform Modules RestructuredTerraform Modules Restructured
Terraform Modules Restructured
DoiT International
 
GAN training with Tensorflow and Tensor Cores
GAN training with Tensorflow and Tensor CoresGAN training with Tensorflow and Tensor Cores
GAN training with Tensorflow and Tensor Cores
DoiT International
 
Orchestrating Redis & K8s Operators
Orchestrating Redis & K8s OperatorsOrchestrating Redis & K8s Operators
Orchestrating Redis & K8s Operators
DoiT International
 
An Open-Source Platform to Connect, Manage, and Secure Microservices
An Open-Source Platform to Connect, Manage, and Secure MicroservicesAn Open-Source Platform to Connect, Manage, and Secure Microservices
An Open-Source Platform to Connect, Manage, and Secure Microservices
DoiT International
 
Is your Elastic Cluster Stable and Production Ready?
Is your Elastic Cluster Stable and Production Ready?Is your Elastic Cluster Stable and Production Ready?
Is your Elastic Cluster Stable and Production Ready?
DoiT International
 
Applying ML for Log Analysis
Applying ML for Log AnalysisApplying ML for Log Analysis
Applying ML for Log Analysis
DoiT International
 
GCP for AWS Professionals
GCP for AWS ProfessionalsGCP for AWS Professionals
GCP for AWS Professionals
DoiT International
 
Cloud Dataflow - A Unified Model for Batch and Streaming Data Processing
Cloud Dataflow - A Unified Model for Batch and Streaming Data ProcessingCloud Dataflow - A Unified Model for Batch and Streaming Data Processing
Cloud Dataflow - A Unified Model for Batch and Streaming Data Processing
DoiT International
 
AWS Cyber Security Best Practices
AWS Cyber Security Best PracticesAWS Cyber Security Best Practices
AWS Cyber Security Best Practices
DoiT International
 
Google Cloud Spanner Preview
Google Cloud Spanner PreviewGoogle Cloud Spanner Preview
Google Cloud Spanner Preview
DoiT International
 
Amazon Athena Hands-On Workshop
Amazon Athena Hands-On WorkshopAmazon Athena Hands-On Workshop
Amazon Athena Hands-On Workshop
DoiT International
 
AWS Athena vs. Google BigQuery for interactive SQL Queries
AWS Athena vs. Google BigQuery for interactive SQL QueriesAWS Athena vs. Google BigQuery for interactive SQL Queries
AWS Athena vs. Google BigQuery for interactive SQL Queries
DoiT International
 
Google BigQuery 101 & What’s New
Google BigQuery 101 & What’s NewGoogle BigQuery 101 & What’s New
Google BigQuery 101 & What’s New
DoiT International
 
Running Production-Grade Kubernetes on AWS
Running Production-Grade Kubernetes on AWSRunning Production-Grade Kubernetes on AWS
Running Production-Grade Kubernetes on AWS
DoiT International
 
Scaling Jenkins with Kubernetes by Ami Mahloof
Scaling Jenkins with Kubernetes by Ami MahloofScaling Jenkins with Kubernetes by Ami Mahloof
Scaling Jenkins with Kubernetes by Ami Mahloof
DoiT International
 
CI Implementation with Kubernetes at LivePerson by Saar Demri
CI Implementation with Kubernetes at LivePerson by Saar DemriCI Implementation with Kubernetes at LivePerson by Saar Demri
CI Implementation with Kubernetes at LivePerson by Saar Demri
DoiT International
 
Kubernetes @ Nanit by Chen Fisher
Kubernetes @ Nanit by Chen FisherKubernetes @ Nanit by Chen Fisher
Kubernetes @ Nanit by Chen Fisher
DoiT International
 
Dataflow - A Unified Model for Batch and Streaming Data Processing
Dataflow - A Unified Model for Batch and Streaming Data ProcessingDataflow - A Unified Model for Batch and Streaming Data Processing
Dataflow - A Unified Model for Batch and Streaming Data Processing
DoiT International
 
Ad

Recently uploaded (19)

Perguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolhaPerguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolha
socaslev
 
DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)
APNIC
 
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation TemplateSmart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
yojeari421237
 
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry SweetserAPNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC
 
OSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description fOSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description f
cbr49917
 
project_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptxproject_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptx
redzuriel13
 
highend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptxhighend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptx
elhadjcheikhdiop
 
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
DataProvider1
 
Understanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep WebUnderstanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep Web
nabilajabin35
 
Best web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you businessBest web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you business
steve198109
 
White and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptxWhite and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptx
canumatown
 
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 SupportReliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
steve198109
 
IT Services Workflow From Request to Resolution
IT Services Workflow From Request to ResolutionIT Services Workflow From Request to Resolution
IT Services Workflow From Request to Resolution
mzmziiskd
 
(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security
aluacharya169
 
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC
 
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHostingTop Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
steve198109
 
Determining Glass is mechanical textile
Determining Glass is mechanical textileDetermining Glass is mechanical textile
Determining Glass is mechanical textile
Azizul Hakim
 
5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx
andani26
 
Computers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers NetworksComputers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers Networks
Tito208863
 
Perguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolhaPerguntas dos animais - Slides ilustrados de múltipla escolha
Perguntas dos animais - Slides ilustrados de múltipla escolha
socaslev
 
DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)DNS Resolvers and Nameservers (in New Zealand)
DNS Resolvers and Nameservers (in New Zealand)
APNIC
 
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation TemplateSmart Mobile App Pitch Deck丨AI Travel App Presentation Template
Smart Mobile App Pitch Deck丨AI Travel App Presentation Template
yojeari421237
 
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry SweetserAPNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC Update, presented at NZNOG 2025 by Terry Sweetser
APNIC
 
OSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description fOSI TCP IP Protocol Layers description f
OSI TCP IP Protocol Layers description f
cbr49917
 
project_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptxproject_based_laaaaaaaaaaearning,kelompok 10.pptx
project_based_laaaaaaaaaaearning,kelompok 10.pptx
redzuriel13
 
highend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptxhighend-srxseries-services-gateways-customer-presentation.pptx
highend-srxseries-services-gateways-customer-presentation.pptx
elhadjcheikhdiop
 
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...Mobile database for your company telemarketing or sms marketing campaigns. Fr...
Mobile database for your company telemarketing or sms marketing campaigns. Fr...
DataProvider1
 
Understanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep WebUnderstanding the Tor Network and Exploring the Deep Web
Understanding the Tor Network and Exploring the Deep Web
nabilajabin35
 
Best web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you businessBest web hosting Vancouver 2025 for you business
Best web hosting Vancouver 2025 for you business
steve198109
 
White and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptxWhite and Red Clean Car Business Pitch Presentation.pptx
White and Red Clean Car Business Pitch Presentation.pptx
canumatown
 
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 SupportReliable Vancouver Web Hosting with Local Servers & 24/7 Support
Reliable Vancouver Web Hosting with Local Servers & 24/7 Support
steve198109
 
IT Services Workflow From Request to Resolution
IT Services Workflow From Request to ResolutionIT Services Workflow From Request to Resolution
IT Services Workflow From Request to Resolution
mzmziiskd
 
(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security(Hosting PHising Sites) for Cryptography and network security
(Hosting PHising Sites) for Cryptography and network security
aluacharya169
 
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC -Policy Development Process, presented at Local APIGA Taiwan 2025
APNIC
 
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHostingTop Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
Top Vancouver Green Business Ideas for 2025 Powered by 4GoodHosting
steve198109
 
Determining Glass is mechanical textile
Determining Glass is mechanical textileDetermining Glass is mechanical textile
Determining Glass is mechanical textile
Azizul Hakim
 
5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx5-Proses-proses Akuisisi Citra Digital.pptx
5-Proses-proses Akuisisi Citra Digital.pptx
andani26
 
Computers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers NetworksComputers Networks Computers Networks Computers Networks
Computers Networks Computers Networks Computers Networks
Tito208863
 

K8s best practices from the field!

  • 1. Kubernetes Best Practices Aggregated experience of working on large scale deployments [email protected], CTO at DoiT International
  • 3. Vadim Solovey // [email protected] Tel-Aviv San Francisco New York Athens, GR Warsaw, PL
  • 4. “Cloud Consultancy helping startups around the globe with cloud engineering & cost optimization” Tremendous Investment in OSS:
  • 5. Agenda ➔ Container images optimization ➔ Organizing namespaces ➔ Readiness and Liveness probes ➔ Resource requests and limits ➔ Failing with grace ➔ Mapping external services ➔ Upgrading clusters with zero downtime
  • 6. DoIT International confidential │ Do not distribute Part I after all, the size matters! Building small containers
  • 7. build small container images Node.js App Your app: 5 MB Your app dependencies: 95 MB Total app size: 100 MB Docker Base Images node:onbuild → 699 MB node:8 → 667 MB node:8-wheezy → 521 MB node:8-slim → 225 MB node:alpine → 63 MB scratch → 50 MB Pros Faster builds Need less storage Image pulls are faster Smaller attach surface Cons Less tooling inside containers “Non-Standard” environment
  • 8. containerizing interpreted languages Dockerfile 1 FROM node:onbuild EXPOSE 8080 Dockerfile 2 FROM node:alpine WORKDIR /app COPY package.json /app/package.json RUN npm install --production COPY server.js /app/server.js EXPOSE 8080 CMD npm start
  • 9. practice “builder pattern” for compiled languages compiler dev tools unit tests etc Build Container binaries static files bundles compiled code Build Artifact/s runtime env debug/monitoring tools Runtime Container Code →
  • 10. practice builder pattern for compiled languages Dockerfile 1 FROM golang:onbuild EXPOSE 8080 Dockerfile 2 FROM golang:alpine WORKDIR /app ADD . /app RUN cd /app && go build -o goapp EXPOSE 8080 ENTRYPOINT ./goapp
  • 11. practice builder pattern for compiled languages FROM golang:alpine AS build-env WORKDIR /app ADD . /app RUN cd /app && go build -o goapp FROM alpine RUN apk update && apk add ca-certificates && update-ca-certificates && rm -rf /var/cache/apk/* WORKDIR /app COPY --from=build-env /app/goapp /app EXPOSE 8080 ENTRYPOINT ./goapp
  • 12. performance on smaller images golang onbuild: 35 Seconds golang multistage: 23 Seconds Build: golang onbuild: 15 Seconds golang multistage: 14 Seconds Push: golang onbuild: 26 Seconds golang multistage: 6 Seconds Pull: 4-core machine golang onbuild: 54 seconds golang multistage: 28 seconds Build: golang onbuild: 48 Seconds golang multistage: 16 seconds Push: golang onbuild: 52 seconds golang multistage: 6 seconds Pull: Macbook Pro
  • 14. tooling & container internals Use non-root user inside container: FROM node:alpine RUN apk update && apk add imagmagic RUN groupadd -r nodejs RUN useradd -m -r -g nodejs nodejs USER nodejs Then, enforce it: apiVersion:v1 kind:Pod SecurityContext: RunAsNonRoot: true Make the filesystem read-only SecurityContext: RunAsNonRoot: true ReadOnlyRootFilesystem: true More tips one process per container dont’ restart on failure - better to crash cleanly log to stdout and stderr add “dumb-init” to prevent zombie processes (no need in k8s 1.7+) forget :latest (or no tags) use the “--record” option
  • 15. DoIT International confidential │ Do not distribute Part II say my name(space)! Kubernetes with Namespaces
  • 16. use namespaces! out-of-the box namespaces ➔ Default (active namespace) ➔ kube-system (k8s components) ➔ kube-public (public resources). cross namespace communication hidden one from another not isolated can reuse service names ↓ <service>.<namespace>.svc.cluster.local explicit & active namespaces kubectl apply -f pod.yaml -- namespace=test kubectl get pods --namespace=test use kubens to switch between active namespaces best practices small team → use “default” namespace growing team → namespace/s per team large company → namespaces per team with rbac and resourcequotas
  • 17. DoIT International confidential │ Do not distribute Part III are you feeling well, honey? Kubernetes Health Checks
  • 18. types of health checks readiness probes ➔ by default, k8s is starting to send traffic as soon as the process starts ➔ send or stop sending traffic ➔ let k8s know when your app has fully started & ready to serve traffic liveness probes ➔ by default, when process is running, k8s will keep sending traffic to pod ➔ let live or kill and restart ➔ is an app dead or alive?
  • 21. probes types spec: containers: -name: liveness livenessProbe: httpGet: path: /healthz port: 8080 http command tcp spec: containers: -name: liveness livenessProbe: exec: command: - myprogram spec: containers: -name: liveness livenessProbe: tcpSocker: Port: 8080
  • 22. configuring probes ➔ initialDelaySeconds → very important to set with Liveness probes to prevent your pods from crashing on start. Use the p99 startup time. ➔ periodSeconds ➔ timeoutSeconds ➔ successThreshold ➔ failureThreshold
  • 23. DoIT International confidential │ Do not distribute Part IV oh, but I want more! Resource Requests & Limits
  • 24. requests and limits 150MB memory 1.0 cpu 100MB memory 0.5 cpu request limit containers: -name: container1 image: busybox resources: requests: memory: “32Mi” cpu: “200m” limits: memory: “64Mi” cpu: “250m” cpu - measured in milicores (i.e. 2000 is 2 cpu) & is “compressible” resource memory - measured in bytes & is “not compressible” resource
  • 25. namespace settings | ResourceQuotas apiVersion: v1 kind: ResourceQuota metadata: name: compute-resources spec: hard: pods: "4" requests.cpu: "500m" requests.memory: 1Gi limits.cpu: "700m" limits.memory: 2Gi requests.nvidia.com/gpu: 4 production (no quotas) development (strict quotas) aggregative limits on namespace level best practice
  • 26. namespace settings | LimitRange apiVersion: v1 kind: LimitRange metadata: name: mem-limit-range spec: limits: - default: memory: 512Mi cpu: 100m defaultRequest: memory: 256Mi - max: memory: 512Mi cpu: 100m - min: memory: 512Mi cpu: 100m type: Container imposes limits on individual pods within ns Cation! if “max” or “min” is set but “default” is not set, the max/min becomes the default
  • 27. pod lifecycle Node 1 Node 2 POD POD POD POD POD POD
  • 28. pod lifecycle | cluster autoscaling (gke only) Node 1 Node 2 POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD POD Node 3 POD POD
  • 29. overcommitment 150MB memory 1.0 cpu 100MB memory 0.5 cpu request limit Memory Overcommitment If pods are using more than requested are prime candidates for termination Pod 1 priority: 1 Pod 2 priority: 1 Pod 3 priority: 1 Pod 4 priority: 2 Termination by priority ranking: If all pods have the same priority, the pod going most over the request will get terminated
  • 30. DoIT International confidential │ Do not distribute Part V killing me softly... Terminating with grace
  • 31. terminating with grace limitthe pre-container world kubernetes:
  • 32. kubernetes termination lifecycle perfectly healthy pods might get terminated for many reasons: ➔ rolling updates ➔ node drains ➔ node runs out of resources it’s important to handle termination with grace ➔ write out data ➔ close connections ➔ etc..
  • 33. handling termination with grace in practice what happens when pod is getting terminated? ➔ it stops getting new traffic ➔ process is still running ➔ SIGTERM is sent TERMINATIN G
  • 34. handling termination with grace in practice if your app doesn’t handle SIGTERM signal well, use preStop Hook ➔ exec - i.e. “nginx -s quit” ➔ http - executes request to a specific endpoint in your app terminationGracePeriodSeconds controls how long K8s will wait until pod terminates with grace
  • 35. DoIT International confidential │ Do not distribute Part VI it’s a beautiful world out there... Mapping External Resources
  • 36. connecting to external services (w/ known ip addresses) use built-in K8s service discovery for external services: databases running outside of K8s are common examples kind: Service metadata: name: mongo spec: Type: ClusterIP ports: - port: 5000 targetport: 5000 kind: Endpoints metadata: name: mongo subsets: - addresses - ip: 10.240.0.4 ports: - port: 5000mongodb://mongo connection string:
  • 37. connecting to external services (wo/ known ip addresses) use built-in service discovery for external services without known ip addresses: databases running outside of K8s are common examples kind: Service metadata: name: mongo spec: Type: ExternalName externalName: ds776261.mlab.com mongodb://<dbuser>:<dbpassword>@mongo:<port>/dev connection string:
  • 38. DoIT International confidential │ Do not distribute Part VII it’s time to refresh yourself... Upgrading Cluster with Zero Downtime
  • 39. upgrading the master minor versions are being upgraded automatically however, point releases (1.7 to 1.8) won’t be and you need to initiate them manually. Note the warning: Use Regional Clusters:
  • 40. upgrading the nodes w/ rolling updates
  • 41. upgrading the nodes w/ rolling updates each node is drained, cordoned and then deleted & new node is created IMPORTANT: make sure your pods are managed by ReplicaSet, Deployment, StatefulSet or similar as standalone pods won’t be rescheduled Cons: ➔ Less capacity during upgrade ➔ Less control over the process ➔ Longer rollback
  • 42. upgrading the nodes w/ node pools create new node pool w/ new version and migrate the pods to the new pool $ kubectl get nodes gke-cluster-1-default-pool-7d6b79ce-0s6z Ready 3h gke-cluster-1-default-pool-7d6b79ce-9kkm Ready 3h gke-cluster-1-default-pool-7d6b79ce-j6ch Ready 3h $ gcloud container node-pools create pool-two $ kubectl get nodes gke-cluster-1-pool-two-9ca78aa9–5gmk Ready 1m gke-cluster-1-pool-two-9ca78aa9–5w6w Ready 1m gke-cluster-1-pool-two-9ca78aa9-v88c Ready 1m gke-cluster-1-default-pool-7d6b79ce-0s6z Ready 3h gke-cluster-1-default-pool-7d6b79ce-9kkm Ready 3h gke-cluster-1-default-pool-7d6b79ce-j6ch Ready 3h $ kubectl cordon <node_name> $ kubectl drain <node_name> --force
  • 43. DoIT International confidential │ Do not distribute Thank you and checkout our careers.doit-intl.com page! [email protected]