The last two years Booking.com solves the problem of accelerating the release of new products on the market. Part of the new approach is to build an internal cloud. It is based on 15 Kubernetes clusters. When creating them, Booking.com departed from generally accepted methods: here the setup includes shared clusters, a flat network, SLO / SLI calculated for each cluster in a sly way, a set of tests that check the functionality of the cluster and its integrations in real time.
Booking.com not only exploits Kubernetes, but also actively develops system applications designed to improve the ecosystem. For example, it was created and laid out in open source Shipper - a set of controllers that provide Kubernetes-native orchestration of Canary and Blue-Green deployments into several clusters at the same time.
About this all and much more - more on February 14th.
Kubernetes is as powerful as a complex tool at the same time. The issue of security is no exception: everything is not so trivial as in the case of the “classic” security of applications running in virtual environments or even based on Docker.
By providing Kubernetes as a service in the Mail.ru public cloud, over the past year, the Mail.Ru Cloud Solutions team faced many requests on how to implement the maximum (sometimes paranoid) application security at Kubernetes at all levels, which is suitable even for a harsh Enterprise, and how to build the right Security Development Lifecycle / DevSecOps in Kubernetes.
The speaker will share the experience of implementing typical security patterns in Kubernetes, which can be applied both in the public and in the private cloud.
Andrei Kvapil will share his experience in cloud solutions architecture and DevOps in the largest Czech hosting WEDOS, where Kubernetes is actively used to deploy services and servers - now for more than 500 nodes and with the planned expansion to several thousand.
Special attention will be paid to the organization of the server farm with network boot and the choice of storage. The speaker tested a large number of free SDS solutions before opting for Linstor, a fairly young project that, nevertheless, showed itself well in operation.
Along with this, other pressing issues will be addressed. In a programme:
- What is Bare Metal and what it is eaten with. What problems will you face when building a Bare-Metal cluster?
- Diskless nodes and server deployment automation using LTSP.
- The choice of storage. Consider the types of storage and when what should be used. How the Local Volumes Provisioner Works
- A few words about the organization of the network, the peculiarities of IPVS and the configuration of MetalLB. Getting rid of overlays as much as possible.
- Configure cluster access, LDAP connectivity, and seamless management of multiple clusters.
The development of Kubernetes does not stand still: every quarter we receive new releases, often with significant improvements. The Cloud Native Computing Foundation ecosystem is also actively moving forward, stimulating the rapid growth of Kubernetes and expanding the capabilities of the technology.
Although most cloud providers provide Kubernetes as a service based on vanilla distribution, the market now also offers a lot of Kubernetes assemblies and even individual products based on them. Some of them just slightly improve non-optimal behavior, and some - for example, OpenShift - change Kubernetes almost beyond recognition. This is very similar to the situation with the fragmentation of Android devices a couple of years ago.
In order to understand the pros and cons of each option and understand which approach will survive, in the course of our discussion, we gathered both vendors of such distributions and representatives of companies that exploit Kubernetes vanilla along with vendor solutions.
Source: https://habr.com/ru/post/438270/