DevOpsDays Houston 2019 - Dan Kirkpatrick - My Kubernetes Tool Chain: Open-Source and Free
0 likes223 views
The document discusses cost-effective alternatives and strategies for managing Kubernetes environments, emphasizing the use of open-source tools over expensive commercial solutions. It covers various aspects such as service mesh, command-line tools, monitoring, logging, backups, security, and CI/CD practices aimed at improving both operations and development. Additionally, it highlights the importance of observability, automation, and advanced deployment strategies in enhancing efficiency.
DevOpsDays Houston 2019 - Dan Kirkpatrick - My Kubernetes Tool Chain: Open-Source and Free
- 1. My Kubernetes Tool Chain Open-Source and Free Presenter: Dan Kirkpatrick Organization: Frisson Computing, LLC
- 2. “Kubernetes is expensive!” ⚫ SaaS costs more than self-hosted − Kubernetes and managed clouds makes self- hosting easier ⚫ Enterprise tools are expensive − Open-source tools often replicate features − Many enterprise tools have free and open-source versions with rich feature sets ⚫ Consider shifting from PKS/OpenShift to Kubernetes ⚫ Consider shifting from managed to self-
- 3. Topics - My Toolchain ⚫ Service Mesh ⚫ Command-line tools ⚫ For operators − Provisioning − Monitoring and logging − Backups and security ⚫ For developers − CI/CD − Software development
- 4. Service Mesh ⚫ What is it? − A mesh of proxies wrapping each service − All communications to the service go throught the proxy first ⚫ Why? − Observability − mTLS security − Advanced L4 and L7 routing ⚫ Who is it for? − Operators – observability, security
- 5. Service Meshes ⚫ Istio - backed by Google and IBM − Full-featured − Heavyweight control plane ⚫ Linkerd – backed by Buoyant − V1.0 – very full featured, written in Java ⚫ Heavyweight sidecar proxies − V2.0 – some features still in alpha, but works well ⚫ Lightweight proxies and control plane ⚫ SuperGloo – backed by solo.io − Control plane for multiple service meshes
- 6. Command-line Tools ⚫ kubectl extensions − krew – extension manager − change-ns, mtail, prompt, rbac-view, and more ⚫ fubectl - bash functions and aliases ⚫ kail – tail logs from multiple pods ⚫ telepresence – network bridge and service proxy for debugging cluster services locally
- 7. Ops: Provisioning ⚫ On AWS, I prefer kops over EKS ⚫ With AKS and GKE, bash scripts are enough ⚫ Infrastructure components − All components installed using kustomize ⚫ Base manifests created using helm charts ⚫ Overlays for each environment/cluster ⚫ Apps are easily composed into environments ⚫ Look at k3s for edge computing
- 8. Ops: Logging and Monitoring ⚫ Monitoring − prometheus – metrics − grafana – dashboards − weave scope – cluster monitoring − jaeger – APM ⚫ Logging − loki - lightweight solution − elastic + kibana - more features, heavyweight ⚫ Service mesh − linkerd – v2 – lightweight but not full-featured
- 9. Ops: Backups and Security ⚫ velero – backups—hourly, daily, and weekly ⚫ clair – docker image vulnerability scanning ⚫ notary – digitally sign docker images ⚫ cert-manager – automate HTTPS and TLS certificate management using LetsEncrypt certs ⚫ falco – runtime security monitoring and alerts ⚫ vault – secret management ⚫ Istio Citadel – zero-trust networking
- 10. Ops: Commercial Alternatives ⚫ Grafana + prometheus + (loki or kibana) + jaeger − DataDog, NewRelic, Hosted ELK − Splunk, Loggly, LogDNA ⚫ Weave Scope − Weave Cloud ⚫ Clair − Aqua, JFrog ⚫ Istio Citadel − Tigera
- 11. Ops: Tips ⚫ Improve S/N ratio in loggging – it’s a process − Avoid logging during requests to liveness/readiness probes − Learn to use log collector to control logging (fluent- bit, fluentd, logstash, etc) − Create alerts for all problems/issues – it’s also a process! ⚫ Learn to use cluster autoscaling! ⚫ Use an ingress controller or API gateway for external access
- 12. Dev: CI/CD ⚫ GitLab − gitops − Docker registry − CI/CD system − Unleash feature flag server ⚫ Spinnaker – enterprise-class CD system − Sophisticated CD workflows ⚫ Manage canary, blue/green, and feature flag deployments ⚫ Include human input/sign-off in CD workflows
- 13. Dev: Software Development ⚫ jaeger or zipkin – APM − Trace requests across microservices − Runtime performance monitoring ⚫ telepresence − Reverse-proxy into the cluster ⚫ Call cluster services directly, without port forwards − Proxy cluster services to your local machine ⚫ Debug cluster services locally
- 14. Dev: Data Science ⚫ Kubeflow − Jupyter Notebooks − TenserFlow training − Model serving − Pipelines ⚫ Kafka – streaming − KTable − KSQL
- 15. Dev: Feature Flags ⚫ unleash – “feature toggle” server − Built in to GitLab − Allows operators to enable and disable features at runtime − Language bindings available for most languages
- 16. Dev: Deployment Strategies ⚫ Blue/green deployments ⚫ Canary deployments ⚫ A/B deployments ⚫ All enabled through service mesh routing − L7 routing—route based upon HTTP headers − Route on userID, IP address, or URL paramaters ⚫ Consider Spinnaker to manage deployments
- 17. Dev: Commercial Alternatives ⚫ GitLab − Hosted GitLab, CircleCI, TravisCI ⚫ Spinnaker − Jenkins X ⚫ Jaeger − DataDog, ELK, NewRelic, DynaTrace ⚫ Unleash − Optimizely, split.io, Launch Darkly ⚫ Kubeflow
- 18. Dev: Tips ⚫ Use kustomize ⚫ Do not log to files; log to stdout/stderr ⚫ Do not log requests to liveness/readiness probes ⚫ Add branch name to resource names and endpoints for easy branch deployments ⚫ Add resource requests & limits to all deployments ⚫ Add liveness and readiness probes to all deployments
- 19. Summary ⚫ Running a Kubernetes cluster does not have to be expensive ⚫ Many open-source and free alternatives to commercial Kubernetes infrastructure apps ⚫ Improve operations – observabilty, automation, security ⚫ Improve development – CI/CD, advanced deployments, APM, feature flags