Rootconf Delhi edition

On network engineering, infrastructure automation and DevOps

The good, the bad and the ugly of Kubernetes - A Practitioners View!

Submitted by Vijay Dharap (@dharapvj) on Oct 20, 2019

Section: Full talk (40 mins) Category: Systems engineering Status: Rejected

Abstract

Kubernetes continues to take the world by the storm every passing day. But at the same time, it continues to be fairly complex beast to tame, manage and be beneficial to the businesses.

In this talk, I would like to quickly look at:

  • why I like Kubernetes and what benefits does a k8s based infrastructure can offer (the good),
  • what challanges did I face when I implemented my k8s cluster and how did I overcome them. What are the typical gotchas to look out for when you implement Kubernetes (the bad)
  • And last but not the least – What part of kubernetes perplexes me and what am I doing about it (the ugly)

I hope that I can take the crowd on the journey filled with practical experiences – accompanied by small code snippets – and give them an insight on how they can watch for some pitfalls and have a successful kubernetes implementation.

Outline

  • Small overview kubernetes exposure
  • The Ugly Some of the decision which backfired upon me
    • Choices of EKS as Kubernetes service (replaced it with KOPS later)
    • Grafana based Alerting (Replaced with Prometheus Alerting)
    • kubeadm install - etcd failure in master nodes
  • The Bad – Some issues faced which became apparent little later but were resolved:
    • certificate length and cloudfront
    • Access log monitoring and analysis – ELK / EG
    • EFS starvation issues - separate your monitoring infrastructure from your application infrastructure
  • The Good – What I loved during my journey
    • helm charts - why is it awesome, how can it be even more easier with below tips
      • hub.helm.sh why to use
      • Install vs upgrade –install
      • configmap gotcha
      • locking down the version
    • Resource limit and health of your worker nodes
    • IaC and terraform – a lifesaver… (oh… and also a pain to deal with)
    • KOPS – a lifesaver
    • Prometheus – a highly extensible monitoring tool – ephemeral storage, etcd health, certificates, and other OOTB tools like jmx_exporter, blackbox, etc
    • Nginx-Ingress and automatic ELB vs ALB-nginx-ingress
  • Tips and Tricks
    • K8s specific Productivity enahancements: kube-ps1, kubens, aliases, etc
    • General linux productivity enahancements: git ps1, byobu, putty default values for timeout resolution, dealing with corporate CA issued certificates
    • Secrets are namespace specific. How to copy secret from one namespace to another
    • Ensuring you don’t lose your home directories in IaC
  • There is no silver bullet
    • IaC where to draw the line between terraform vs scripted application
    • Reflection on what should NOT be in kubernetes

Speaker bio

I am a Principal Technology Architect at Infosys in India with broad ranging experience from architecting large enterprise web applications to cloud infrastructure design and deployment in DevOps mode.

I am very passionate about Open Source and am a Developer Advocate within Infosys. I have spoken at conferences in India like GIDS, JSFoo, ReactFoo, etc. I organize technical conferences within Infosys. I enjoy keeping up-to-date with trends in UI and UX world and love discussing technical topics on twitter at my handle @dharapvj

Slides

https://drive.google.com/open?id=1f2hlmVLhyc_ML0HLIeYDqOji_2xj9ik7

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('You need to be a participant to comment.') }}

{{ formTitle }}
{{ gettext('Post a comment...') }}
{{ gettext('New comment') }}

{{ errorMsg }}