Kubernetes Mega: From Kubernetes Appliance to Service Mesh Basics

On May 27-29, the Kubernetes Mega online intensive will take place . What will we teach?







We will not make you an advanced specialist in three days, and participation in the intensive itself will not raise your salary. But you will gain practical infrastructure management skills that you can confidently use with Kubernetes in production.



Pavel Selivanov, Senior DevOps Engineer at Mail.ru Cloud Solutions, Sergey Bondarev, Architect at Southbridge, and Marsel Ibraev, CTO at Slurm will analyze the intricacies of installation, configuration of a production-ready cluster ("the-not-so-easy-way") and answer your questions.



fault tolerance



Let's get acquainted with the architecture of a failover cluster, talk about the utility with which the cluster is deployed, and additional components.



And in order to protect the cluster from a meteorite fall on the data center, we will show a tool that allows you to organize a backup in a Kubernetes cluster.



Topic 1: Process of creating a failover cluster from the inside



  • Working with Kubeadm,
  • Cluster testing and troubleshooting.


Topic 9: Backup and Disaster Recovery



  • Backup methods,
  • Cluster backup and recovery using Heptio Velero (ex. Ark) and etcd.


Speaking about a cluster, we are thinking of a kind of distributed fault-tolerant system in which almost everything is duplicated: disks, processors, memory, network links, data storage systems.



This level of redundancy helps reduce the risk of downtime due to hardware failures.



Safety



All cluster components between each other are authenticated using certificates. We will tell you what to do if certificates expired and how to prevent such situations.



But for "live" users, this option is not very good, as it is difficult to use, we will definitely tell you about the best options: Authentication proxy and OIDC.



There is also a secure option with passwords or tokens, but this is already in the topic of storing secrets, for users it is not very convenient to implement, especially in the case of several master nodes.



Topic 2: Authorization in the cluster using an external provider



  • LDAP (Nginx + Python),
  • OIDC (Dex + Gangway).


Topic 4: Secure and Highly Available Applications in the Cluster



  • PodSecurityPolicy,
  • PodDisruptionBudget,
  • PriorityClass,
  • LimitRange / ResourceQuota.


Topic 7: Keeping Secrets



  • Management of secrets in Kubernetes,
  • Vault.


Topic 10: Annual rotation of certificates in the cluster



  • Cluster component certificates,
  • Renewing control-plane certificates with kubeadm.


In general, it is important to understand how to use tools to ensure not only the security of users, but also of your applications, as well as confidential data.



Kubernetes device



The informed choice of the most effective tools comes with an understanding of the Kubernetes device, its components, the network structure and the process of its creation.



Topic 3: Network policy



  • Introduction to CNI,
  • Network Security Policy.


Topic 5: Kubernetes. We look under the hood



  • Controller structure,
  • Operators and CRDs.


A deeper understanding of how Kubernetes works, networking in a cluster will allow you to solve advanced-level tasks, such as, for example, writing your own controller, optimal networking in a Kubernetes cluster.



Databases in Kubernetes



Is it possible to run a database in Kubernetes - you can, but there are nuances. You need to think about: is it worth launching Stateful applications, what are the benefits of this, and what problems you have to face. Let's look at a real example of how you can start a database in Kubernetes.



Topic 6: Stateful Applications in a Cluster



  • Nuances of running a database in Kubernetes,
  • Starting a database cluster using the example of RabbitMQ and CockroachDB.


The only positive point is the simplicity and speed of launching a stateful application, so production bases that work under load must be run on separate, dedicated servers.



But it is not all that bad. For development and testing, it is perfectly possible to run databases in kubernetes.



Scaling



One of the most common requests in Kubernetes is to automatically scale the number of application instances based on load and other metrics.



Speakers will talk about the Kubernetes tool that will allow you to dynamically manage the number of application replicas.



Topic 8: Horizontal Pod Autoscaler



  • Scaling based on built-in metrics,
  • Custom metrics.


Deploy the application



There are six of the most popular deployment strategies, some are implemented natively in Kubernetes, for others you need to use special tools and dance with a tambourine .



Topic 11: Deploy the application



  • Templating and deployment tools,
  • Deployment strategies.


Knowing and using a variety of deployment strategies will allow you to more flexibly approach the deployment of your application. Use the advantages of some strategies and not get around the disadvantages of others, where necessary. You can choose.



Service mesh



An overview of the service mesh technology and its specific implementation of Istio is needed to understand what problems the service mesh can solve, with what tools and when it can be used.



Topic 12: Service mesh



  • Installing Istio,
  • Overview of basic abstractions.


Certification



Final practical work



Certification from the Slurm training center confirms that you really own the material. To get a certificate, you need to pass an internal exam: we will give you an assignment and provide a stand to complete.



After completing the task, you send the configured cluster for review. We evaluate the quality of the settings, give points on the topic. If you have scored enough points, we will issue you a numbered personal certificate.



Format



Practical tasks and certification will be performed from a personal account, the broadcast with speakers will be zoom, and for communication, there will be an additional telegram chat.



There are 2 weeks left before the intensive, register by the link: slurm.club/megamay21

Questions about the intensive - in the comments.



All Articles