SlideShare a Scribd company logo

Kubernetes in Highly Restrictive Environments

Download as PPTX, PDF
Kublr
Kublr

The document presents a discussion by Oleg Atamanenko on implementing Kubernetes in highly restrictive environments, detailing the complexity of creating production-grade clusters and the essential requirements such as security, logging, and monitoring. It highlights the limitations of managed solutions, home-grown alternatives, and the intricacies of cross-team responsibilities and on-premises struggles. Best practices for security and future directions, including infrastructure as code and GitOps, are also covered.

Technology
1 of 25
Downloaded 15 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Kubernetes in Highly Restrictive Environments Oleg Atamanenko | Team Lead, Architect
Introductions Oleg Atamanenko Team Lead, Architect  Working w/ Kubernetes since its release in 2015  Part of the team who built Kublr—an enterprise ready container management platform  Twitter @real_atamanenko; @kublr Like what you hear? Tweet at us!
Automation Ingress Custom Clusters Infrastructure Logging Monitoring Observability API Usage Reporting RBAC IAM Air Gap TLS Certificate Rotation Audit Storage Networking Container Registry CI / CD App Mgmt Infrastructure Container Runtime Kubernetes OPERATIONS SECURITY & GOVERNANCE What’s Kublr? @real_atamanenko; @kublr
Creating a Production-Grade Kubernetes Cluster 1. Install with kops/kubeadm/… 2. … 3. Done? @real_atamanenko; @kublr
Creating a Production-Grade Kubernetes Cluster Unfortunately, it’s not that easy! @real_atamanenko; @kublr
What We’ll Discuss Today 1. Requirements 2. Managed solutions and their limitations 3. Cross-team responsibilities 4. On-premises struggles 5. What to do next? @real_atamanenko; @kublr
Requirements @real_atamanenko; @kublr
Requirements Security Audit Logging Collections Observability / monitoring Isolated environment support Integration with existing tooling @real_atamanenko; @kublr
Requirements | Security Integration with Identity Broker Fine-grained role-based access control (RBAC) Authentication Authorization Storing secrets Internal CA @real_atamanenko; @kublr
Requirements | Audit Kubernetes API server audit Audit support for the logging and monitoring dashboards Audit support for the cluster provisioning tool (cluster install, update, upgrade, delete) @real_atamanenko; @kublr
Requirements | Logging Integration with existing logging solution RBAC for application logs across teams • per project • per team • per environment @real_atamanenko; @kublr
Requirements | Monitoring Integration with existing solution RBAC for application metrics across teams • per project • per team • per environment @real_atamanenko; @kublr
Requirements | Isolated Environment Where to get the required OS packages? How to provide the required Docker containers? Binary repository? @real_atamanenko; @kublr
Requirements | Support Existing Tooling Integration with existing processes and tools for deployment, logging and monitoring @real_atamanenko; @kublr
Now that the functional requirements are met, what’s next? @real_atamanenko; @kublr
What are Your Options? Managed Kubernetes from public cloud providers Home grown solution 3rd party vendor @real_atamanenko; @kublr
Managed Solutions and Their Limitations May not meet your requirements and/or regulations No access to master nodes No or limited capability to customize K8S configuration No access to the logs from the master May not support on-prem installations @real_atamanenko; @kublr
Home Grown Solutions Will cover your needs Requires extra time and efforts that could be spent on innovation With 4 major releases per year, it’s REALLY hard to keep up with upstream Kubernetes! @real_atamanenko; @kublr
3rd Party Vendor Will cover most of your needs Custom development still may be required Choose wisely! @real_atamanenko; @kublr
Cross-Team Responsibilities Large organizations often separate teams by: • Compute • Network • Storage • Security Paradigm shift towards Kubernetes deployments @real_atamanenko; @kublr
On Premises Struggles Pure bare metal limitations vSphere API interactions Realizing HA for Kubernetes Disaster recovery OS upgrades Security updates Kubernetes upgrades Air-gap/offline mode @real_atamanenko; @kublr
Best Practices for Security Utilize RBAC SELinux/seccomp PodSecurityPolicies NetworkPolicy Admission Web Hooks @real_atamanenko; @kublr
What’s Next? Infrastructure as a code Immutable Infrastructure CI/CD for infrastructure GitOps @real_atamanenko; @kublr
Q&A Take Kublr for a test drive! kublr.com/deploy Free non-production license. @real_atamanenko; @kublr
Stay in touch! Signup for our newsletter at kublr.com Oleg Atamanenko Team Lead, Architect oatamanenko@kublr.com @real_atamanenko Kublr | kublr.com @kublr

More Related Content

What's hot (20)

PPTX
Advanced Scheduling in Kubernetes
Kublr
 
PDF
Centralizing Kubernetes Management in Restrictive Environments
Kublr
 
PDF
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
Cloud Native Day Tel Aviv
 
PPTX
Kubernetes data science and machine learning
Kublr
 
PPTX
Centralizing Kubernetes and Container Operations
Kublr
 
PDF
Managing kubernetes deployment with operators
Cloud Technology Experts
 
PPTX
The Evolution of your Kubernetes Cluster
Kublr
 
PDF
Kubernetes persistence 101
Kublr
 
PDF
How to Run Kubernetes in Restrictive Environments
Kublr
 
PPTX
Implement Advanced Scheduling Techniques in Kubernetes
Kublr
 
PDF
GlueCon kubernetes & container engine
brendandburns
 
PDF
AWS Summit Singapore 2019 | Autoscaling Your Kubernetes Workloads
AWS Summits
 
PDF
Effective Kubernetes - Is Kubernetes the new Linux? Is the new Application Se...
Wojciech Barczyński
 
PDF
Openstack days sv building highly available services using kubernetes (preso)
Allan Naim
 
PDF
Orchestrating Microservices with Kubernetes
Weaveworks
 
PDF
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Cloud Native Day Tel Aviv
 
PDF
Kubernetes debug like a pro
Gianluca Arbezzano
 
PDF
How to integrate Kubernetes in OpenStack: You need to know these project
inwin stack
 
PDF
Kubernetes Networking 101
Kublr
 
PDF
Kubernetes basics and hands on exercise
Cloud Technology Experts
 
Advanced Scheduling in Kubernetes
Kublr
 
Centralizing Kubernetes Management in Restrictive Environments
Kublr
 
K8s Pod Scheduling - Deep Dive. By Tsahi Duek.
Cloud Native Day Tel Aviv
 
Kubernetes data science and machine learning
Kublr
 
Centralizing Kubernetes and Container Operations
Kublr
 
Managing kubernetes deployment with operators
Cloud Technology Experts
 
The Evolution of your Kubernetes Cluster
Kublr
 
Kubernetes persistence 101
Kublr
 
How to Run Kubernetes in Restrictive Environments
Kublr
 
Implement Advanced Scheduling Techniques in Kubernetes
Kublr
 
GlueCon kubernetes & container engine
brendandburns
 
AWS Summit Singapore 2019 | Autoscaling Your Kubernetes Workloads
AWS Summits
 
Effective Kubernetes - Is Kubernetes the new Linux? Is the new Application Se...
Wojciech Barczyński
 
Openstack days sv building highly available services using kubernetes (preso)
Allan Naim
 
Orchestrating Microservices with Kubernetes
Weaveworks
 
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Cloud Native Day Tel Aviv
 
Kubernetes debug like a pro
Gianluca Arbezzano
 
How to integrate Kubernetes in OpenStack: You need to know these project
inwin stack
 
Kubernetes Networking 101
Kublr
 
Kubernetes basics and hands on exercise
Cloud Technology Experts
 

Similar to Kubernetes in Highly Restrictive Environments (20)

PPTX
Simplify Your Way To Expert Kubernetes Management
DevOps.com
 
PPTX
Kubernetes Security
Karthik Gaekwad
 
PDF
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Enterprise Management Associates
 
PPTX
DevelOP Your Kubernetes Cluster wGitOps, Helm, Docker, Flux, Charts, Git!
PatrickBadley
 
PDF
Download full Managing Kubernetes operating Kubernetes clusters in the real w...
duduhasikul
 
PPTX
10 tips for Cloud Native Security
Karthik Gaekwad
 
PDF
Kubernetes and CoreOS @ Athens Docker meetup
Mist.io
 
PDF
Kubernetes and Nested Containers: Enhanced 3 Ps (Performance, Price and Provi...
Jelastic Multi-Cloud PaaS
 
PDF
JDO 2019: What you should be aware of before setting up kubernetes on premise...
PROIDEA
 
PDF
Managing Kubernetes operating Kubernetes clusters in the real world First Edi...
jayedmonotbp
 
PPTX
Kubernetes
Anastasios Gogos
 
PDF
Immediate download Kubernetes Best Practices 1st Edition Brendan Burns ebooks...
seinersofhia
 
PPTX
KubeSecOps
Karthik Gaekwad
 
PDF
Deploying PostgreSQL on Kubernetes
Jimmy Angelakos
 
PPTX
DevSecOps in a cloudnative world
Karthik Gaekwad
 
PDF
2018 03-14-adam devops-developing-on-kubernetes
Gabriel Carro
 
PDF
Xpdays: Kubernetes CI-CD Frameworks Case Study
Denys Vasyliev
 
PDF
Kubernetes on bare metal after a year in production - Michal Ambroziewicz
PROIDEA
 
PDF
Joint OpenStack Kubernetes Environment (March 17 update)
rhirschfeld
 
PDF
One Kubernetes to rule them all (ZEUS 2019 Keynote)
Simon Harrer
 
Simplify Your Way To Expert Kubernetes Management
DevOps.com
 
Kubernetes Security
Karthik Gaekwad
 
Addressing the 8 Key Pain Points of Kubernetes Cluster Management
Enterprise Management Associates
 
DevelOP Your Kubernetes Cluster wGitOps, Helm, Docker, Flux, Charts, Git!
PatrickBadley
 
Download full Managing Kubernetes operating Kubernetes clusters in the real w...
duduhasikul
 
10 tips for Cloud Native Security
Karthik Gaekwad
 
Kubernetes and CoreOS @ Athens Docker meetup
Mist.io
 
Kubernetes and Nested Containers: Enhanced 3 Ps (Performance, Price and Provi...
Jelastic Multi-Cloud PaaS
 
JDO 2019: What you should be aware of before setting up kubernetes on premise...
PROIDEA
 
Managing Kubernetes operating Kubernetes clusters in the real world First Edi...
jayedmonotbp
 
Kubernetes
Anastasios Gogos
 
Immediate download Kubernetes Best Practices 1st Edition Brendan Burns ebooks...
seinersofhia
 
KubeSecOps
Karthik Gaekwad
 
Deploying PostgreSQL on Kubernetes
Jimmy Angelakos
 
DevSecOps in a cloudnative world
Karthik Gaekwad
 
2018 03-14-adam devops-developing-on-kubernetes
Gabriel Carro
 
Xpdays: Kubernetes CI-CD Frameworks Case Study
Denys Vasyliev
 
Kubernetes on bare metal after a year in production - Michal Ambroziewicz
PROIDEA
 
Joint OpenStack Kubernetes Environment (March 17 update)
rhirschfeld
 
One Kubernetes to rule them all (ZEUS 2019 Keynote)
Simon Harrer
 
Ad

More from Kublr (11)

PDF
Container Runtimes and Tooling, v2
Kublr
 
PDF
Container Runtimes and Tooling
Kublr
 
PDF
Kubernetes in Hybrid Environments with Submariner
Kublr
 
PDF
Intro into Rook and Ceph on Kubernetes
Kublr
 
PDF
Hybrid architecture solutions with kubernetes and the cloud native stack
Kublr
 
PDF
Multi-cloud Kubernetes BCDR with Velero
Kublr
 
PDF
Kubernetes Ingress 101
Kublr
 
PDF
Kubernetes 101
Kublr
 
PDF
Setting up CI/CD Pipeline with Kubernetes and Kublr step by-step
Kublr
 
PDF
How Self-Healing Nodes and Infrastructure Management Impact Reliability
Kublr
 
PPTX
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Kublr
 
Container Runtimes and Tooling, v2
Kublr
 
Container Runtimes and Tooling
Kublr
 
Kubernetes in Hybrid Environments with Submariner
Kublr
 
Intro into Rook and Ceph on Kubernetes
Kublr
 
Hybrid architecture solutions with kubernetes and the cloud native stack
Kublr
 
Multi-cloud Kubernetes BCDR with Velero
Kublr
 
Kubernetes Ingress 101
Kublr
 
Kubernetes 101
Kublr
 
Setting up CI/CD Pipeline with Kubernetes and Kublr step by-step
Kublr
 
How Self-Healing Nodes and Infrastructure Management Impact Reliability
Kublr
 
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Kublr
 
Ad

Recently uploaded (20)

PDF
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
PDF
July Patch Tuesday
Ivanti
 
PPTX
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 
PPTX
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
PDF
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 
PDF
What Makes Contify’s News API Stand Out: Key Features at a Glance
Contify
 
PPTX
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
PDF
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
PDF
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
PPTX
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
PDF
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
PDF
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
PPTX
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
PDF
Blockchain Transactions Explained For Everyone
CIFDAQ
 
PDF
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
PPTX
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
PDF
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
PDF
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
PDF
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PDF
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
July Patch Tuesday
Ivanti
 
AI Penetration Testing Essentials: A Cybersecurity Guide for 2025
defencerabbit Team
 
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
CIFDAQ Market Wrap for the week of 4th July 2025
CIFDAQ
 
What Makes Contify’s News API Stand Out: Key Features at a Glance
Contify
 
"Autonomy of LLM Agents: Current State and Future Prospects", Oles` Petriv
Fwdays
 
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
Q2 FY26 Tableau User Group Leader Quarterly Call
lward7
 
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
Blockchain Transactions Explained For Everyone
CIFDAQ
 
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
WooCommerce Workshop: Bring Your Laptop
Laura Hartwig
 
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
The Rise of AI and IoT in Mobile App Tech.pdf
IMG Global Infotech
 

Kubernetes in Highly Restrictive Environments

  • 1. Kubernetes in Highly Restrictive Environments Oleg Atamanenko | Team Lead, Architect
  • 2. Introductions Oleg Atamanenko Team Lead, Architect  Working w/ Kubernetes since its release in 2015  Part of the team who built Kublr—an enterprise ready container management platform  Twitter @real_atamanenko; @kublr Like what you hear? Tweet at us!
  • 3. Automation Ingress Custom Clusters Infrastructure Logging Monitoring Observability API Usage Reporting RBAC IAM Air Gap TLS Certificate Rotation Audit Storage Networking Container Registry CI / CD App Mgmt Infrastructure Container Runtime Kubernetes OPERATIONS SECURITY & GOVERNANCE What’s Kublr? @real_atamanenko; @kublr
  • 4. Creating a Production-Grade Kubernetes Cluster 1. Install with kops/kubeadm/… 2. … 3. Done? @real_atamanenko; @kublr
  • 5. Creating a Production-Grade Kubernetes Cluster Unfortunately, it’s not that easy! @real_atamanenko; @kublr
  • 6. What We’ll Discuss Today 1. Requirements 2. Managed solutions and their limitations 3. Cross-team responsibilities 4. On-premises struggles 5. What to do next? @real_atamanenko; @kublr
  • 8. Requirements Security Audit Logging Collections Observability / monitoring Isolated environment support Integration with existing tooling @real_atamanenko; @kublr
  • 9. Requirements | Security Integration with Identity Broker Fine-grained role-based access control (RBAC) Authentication Authorization Storing secrets Internal CA @real_atamanenko; @kublr
  • 10. Requirements | Audit Kubernetes API server audit Audit support for the logging and monitoring dashboards Audit support for the cluster provisioning tool (cluster install, update, upgrade, delete) @real_atamanenko; @kublr
  • 11. Requirements | Logging Integration with existing logging solution RBAC for application logs across teams • per project • per team • per environment @real_atamanenko; @kublr
  • 12. Requirements | Monitoring Integration with existing solution RBAC for application metrics across teams • per project • per team • per environment @real_atamanenko; @kublr
  • 13. Requirements | Isolated Environment Where to get the required OS packages? How to provide the required Docker containers? Binary repository? @real_atamanenko; @kublr
  • 14. Requirements | Support Existing Tooling Integration with existing processes and tools for deployment, logging and monitoring @real_atamanenko; @kublr
  • 15. Now that the functional requirements are met, what’s next? @real_atamanenko; @kublr
  • 16. What are Your Options? Managed Kubernetes from public cloud providers Home grown solution 3rd party vendor @real_atamanenko; @kublr
  • 17. Managed Solutions and Their Limitations May not meet your requirements and/or regulations No access to master nodes No or limited capability to customize K8S configuration No access to the logs from the master May not support on-prem installations @real_atamanenko; @kublr
  • 18. Home Grown Solutions Will cover your needs Requires extra time and efforts that could be spent on innovation With 4 major releases per year, it’s REALLY hard to keep up with upstream Kubernetes! @real_atamanenko; @kublr
  • 19. 3rd Party Vendor Will cover most of your needs Custom development still may be required Choose wisely! @real_atamanenko; @kublr
  • 20. Cross-Team Responsibilities Large organizations often separate teams by: • Compute • Network • Storage • Security Paradigm shift towards Kubernetes deployments @real_atamanenko; @kublr
  • 21. On Premises Struggles Pure bare metal limitations vSphere API interactions Realizing HA for Kubernetes Disaster recovery OS upgrades Security updates Kubernetes upgrades Air-gap/offline mode @real_atamanenko; @kublr
  • 22. Best Practices for Security Utilize RBAC SELinux/seccomp PodSecurityPolicies NetworkPolicy Admission Web Hooks @real_atamanenko; @kublr
  • 23. What’s Next? Infrastructure as a code Immutable Infrastructure CI/CD for infrastructure GitOps @real_atamanenko; @kublr
  • 24. Q&A Take Kublr for a test drive! kublr.com/deploy Free non-production license. @real_atamanenko; @kublr
  • 25. Stay in touch! Signup for our newsletter at kublr.com Oleg Atamanenko Team Lead, Architect [email protected] @real_atamanenko Kublr | kublr.com @kublr

Editor's Notes

  • #5: There are a lot of options available, some common open source tools are kops, kubeadm. Let’s use one of those and run our production workload for it. Probably. Some times. Maybe.