Presentation is loading. Please wait.

Presentation is loading. Please wait.

Matthias Sohn Adel Zaalouk SAP.

Published byBirgit Rønningen Modified over 6 years ago

Similar presentations

Presentation on theme: "Matthias Sohn Adel Zaalouk SAP."— Presentation transcript:

1 Matthias Sohn Adel Zaalouk SAP

2 From Containers to Kubernetes
Container Scheduler Benefits Isolation Immutable infrastructure Portability Faster deployments Versioning Ease of sharing Container Kubernetes Orchestration of cluster of containers across multiple hosts Automatic placements, networking, deployments, scaling, roll-out/-back, A/B testing VM Host OS Container Runtime Challenges Networking Deployments Service Discovery Auto Scaling Persisting Data Logging, Monitoring Access Control Declarative – not procedural Declare target state, reconcile to desired state Self-healing Workload Portability Abstract from cloud provider specifics Multiple container runtimes Docker

3 What does Kubernetes not cover ?
Install and manage many clusters Across Multi-Cloud Public Cloud Providers Private Cloud Zero Ops Minimal TCO Manage Nodes Manage Control Planes Day 2 Operations Gardener Assessment – Kargo: Ansible-based with no real day-2 capabilities (e.g. no useful dry-run), see also AWS S3 disaster thanks to Ansible based setup Assessment – Kops: No clear strategy and poor coordination Accidental Architecture as a result Not robust enough, even buggy No maintenance processes (e.g. old images) No easy way to be consumed programmatically

4 WHAT do we want to achieve with the Gardener?
Provide and establish solution for Kubernetes Clusters as a Service Central Provisioning Engage with Open Source community, foster adoption, become CNCF project Assessment – Kargo: Ansible-based with no real day-2 capabilities (e.g. no useful dry-run), see also AWS S3 disaster thanks to Ansible based setup Assessment – Kops: No clear strategy and poor coordination Accidental Architecture as a result Not robust enough, even buggy No maintenance processes (e.g. old images) No easy way to be consumed programmatically Large scale organisations need hundreds or thousands of clusters

5 WHAT do we want to achieve with the Gardener?
Homogenously on Hyper-Scale Providers and for the Private Cloud Full Control of Kubernetes, Homogeneous Across All Installations AWS, Azure, GCP, Alibaba and Others Assessment – Kargo: Ansible-based with no real day-2 capabilities (e.g. no useful dry-run), see also AWS S3 disaster thanks to Ansible based setup Assessment – Kops: No clear strategy and poor coordination Accidental Architecture as a result Not robust enough, even buggy No maintenance processes (e.g. old images) No easy way to be consumed programmatically Private DCs for Data Privacy: OpenStack and eventually Bare Metal

6 WHAT do we want to achieve with the Gardener?
with Minimal TCO and Full Day-2 Operations Support Full Automation, Backup & Recovery, High Resilience and Robustness, Self-Healing, Auto-Scaling, … Assessment – Kargo: Ansible-based with no real day-2 capabilities (e.g. no useful dry-run), see also AWS S3 disaster thanks to Ansible based setup Assessment – Kops: No clear strategy and poor coordination Accidental Architecture as a result Not robust enough, even buggy No maintenance processes (e.g. old images) No easy way to be consumed programmatically Rollout Bug Fixes, Security Patches, Updates of Kubernetes, OS, Infrastructure, Certificate Management,

7 Gardener Mission Provide and establish solution for Kubernetes Clusters as a Service Homogenously on Hyper-Scale Providers and for the Private Cloud with Minimal TCO and Full Day-2 Operations Support Assessment – Kargo: Ansible-based with no real day-2 capabilities (e.g. no useful dry-run), see also AWS S3 disaster thanks to Ansible based setup Assessment – Kops: No clear strategy and poor coordination Accidental Architecture as a result Not robust enough, even buggy No maintenance processes (e.g. old images) No easy way to be consumed programmatically

8 Primary Gardener Architecture Principle
Following the definition of Kubernetes… Kubernetes is a system for automating deployment, scaling, and management of containerized software …we do the following: We use Kubernetes to deploy, host and operate Kubernetes Control planes are “seeded” into already existing clusters

9 Common Kubernetes Cluster Setup
Master Worker Master Worker Master Worker Master Worker Master Worker Master Worker Master Worker Master Worker Master HA HA HA Worker Master Worker Master Worker Master Master Worker Worker Worker Master Worker Master Worker HA Master Worker Worker Master HA Worker Worker The host the control plane, often in HA and on separated hardware (usually underutilized or, worse, overutilized) green machines The host the actual workload and are managed by Kubernetes (usually pretty well utilized) blue machines

10 Gardener Kubernetes Cluster Setup
Worker Master HA Gardener Cluster Seed Cluster Master Worker HA Shoot Clusters Worker Worker Inside a Seed Cluster Worker Worker manages Worker Worker Zooming into the Seed Cluster reveals… API Server Scheduler Controller Mgr ETCD Multiple Shoot Cluster Control Planes API Server ETCD Scheduler Controller Mgr ETCD API Server Gardener Machine Controller Manager Machine Provisioning Self-Healing Auto-Update Auto-Scaling

11 Primary Gardener Design Principle
Do not reinvent the wheel … “Let Kubernetes drive the design of the Gardener.”

12 Lingua Franca – Gardener Cluster Resource
apiVersion: garden.sapcloud.io/v1 kind: Shoot metadata: name: my-cluster namespace: garden-project spec: dns: provider: aws-route53 domain: cluster.ondemand.com cloud: aws: networks: vpc: cidr: /16 workers: - name: cpu-worker machineType: m4.xlarge autoScalerMin: 5 autoScalerMax: 20 kubernetes: version: kubeAPIServer: featureGates: ... runtimeConfig: ... admissionPlugins: ... kubeControllerManager: kubeScheduler: kubelet: maintenance: timeWindow: begin: end: autoUpdate: kubernetesVersion: true status: ... Native Kubernetes Resource Gardener or Self-Managed DNS Define Your Infrastructure Needs Specify Worker Pools Set Kubernetes Version Tweak Kubernetes Control Plane Avoid Vendor Lock-In Define When and What to Update Gardener Reported Status

13 Garden Cluster Seed Cluster Shoot Cluster ... ... ... ... ... ...
Administrator End-User R R R R R R R Kubify kubectl Kubernetes Dashboard gardenctl Gardener Dashboard kubectl Kubernetes Dashboard R R R R R R R HTTPS Garden Cluster Seed Cluster Shoot Cluster Garden Cluster API LB Ingress LB Seed Cluster API LB Shoot Cluster API LB Shoot Cluster VPN LB R R R R Garden Cluster Control Plane Storage [K8s] DS, RS, SS, J, ... [CRD] Shoot, Seed, ... Seed Cluster Control Plane Storage [K8s] DS, RS, SS, J, ... [CRD] Machine Deployment R R R R R Worker W Worker Worker R Kubelet + Container Runtime Kubelet + Container Runtime Kubelet + Container Runtime etcd Main Backup SS Main PV Gardener Dashboard D VPN D Events PV etcd Events SS R Gardener API Server D Calico DS API Server VPN D R Kube Proxy DS R ... Gardener Controller Manager D R Scheduler D Core DNS D R New Shoot Clusters can be created via the Gardener dashboard or by uploading a new Shoot resource to the Garden Cluster. The Gardener picks it up and starts a Terraform job to create the necessary IaaS components. Then it deploys the Shoot Cluster Control Plane into the Seed Cluster and required add-ons into the Shoot Cluster. Update or delete operations are handled by the Gardener fully automatically as well. Controller Manager D Optional Addons Addon Manager D Machine Controller D R Actual Workload Terraformer J ... R Shoot Cluster Control Plane R R ... Monitoring VPN R R Logging R ... ... SCP ... R R IaaS IaaS R R

14 Following the Design Principle Gardener uses…
Workload Additional Tooling Add-On Manager Network policies Cert Manager Cluster Autoscaler Prometheus Helm Calico Cert Broker EFK Stack K8S building blocks Kubernetes as deployment underlay Stateful Sets Reconciliation Deployments Jobs Secrets Admission Control PVs PVCs CRDs Controllers Replicasets Load- Balancer Config Maps Driver RBAC API Server Extension Pods

15 Where are all these clusters coming from?
Garden clusters are installed on a bootstrap cluster in GKE, EKS, AKS set up using Gardener’s Kubify DR setup with the Gardener Ring (planned) Seed clusters are created as shoot clusters by the Gardener Shoot clusters are created by their seed cluster which is managed by the Gardener

16 Gardener Demo

17

18 Gardener Community Installer
Setting up a Gardener landscape is not trivial, so we have a community installer: Many shortcuts to make it simple (Gardener and Seed in a single cluster) Do not use productively! You can use it as a starter for a productive setup Different cluster and different cloud provider accounts recommended

19 Gardener is Open Source
Long-Term Goal Become CNCF Project Gardener Blog CNCF Presentation Kubernetes Podcast Hacker News Reddit

20 Thank You! GitHub https://github.com/gardener
Home Page Wiki Mailing List Slack Channel Community Installer

21

22

23 Kubernetes Machine Controller Manager
Problem Node provisioning and de-provisioning is out of scope of current Kubernetes In the beginning we used terraform scripts ➦ unmanageable No mechanism to smoothly scale clusters upgrade cluster nodes for all providers Machine Controller Manager Node custom resources to manage nodes via k8s API Plugins enable support for different cloud providers Enables cluster auto-scaling and upgrade of cluster nodes

24 MCM Model Model for Kubernetes deployments works great So why not use it for machines? Pod Machine ReplicaSet MachineSet Deployment MachineDeployment

25 AWS-Machine-Class (Template)
MCM Custom Resources AWS-Machine-Class (Template) Name: v1 Machine Type: t2.large Disk Size: 50GB Secret: test-secret …… Secret Name: test-secret Cloudconfig: abc….xzy AccessKeyId: abc123 SecretAccessKey: xyz789 Machine Name: test-machine MachineClass: v1 Machine-Set Name: test-ms Replicas: 3 MachineClass: v1 Machine-Deployment Name: test-md Replicas: 3 UpdateStrategy: Rolling MachineClass: v1

26 Kubernetes Controller Manager Machine Controller Manager
Working of MCM Kubernetes Controller Manager Cloud Provider API 3 VMs Node objects help in monitoring the machine status – Health Machine Controller Manager Machine Deployment Class: V1 Replicas: 3 Node Machine Machine Controller Machine Class + Secret V1 Node Machine Machine Class + Secret Node Machine Machine Set Controller Kubernetes API Server Machine Set Replicas: 3 kubectl Machine Deployment Controller Machine Class + Secret V1 ETCD (Key-value store) Machine Deployment Class: V1 Replicas: 3

27 Autoscaling Machine Controller Machine Set Controller kubectl
Kubernetes Controller Manager Forked Cluster Autoscaler Cloud Provider API Now assume that all the nodes resources are nearly consumed and a new pod is created Node 4 Machine Machine Controller Manager Node 3 Machine Machine Controller Pod Image: Nginx Node: - Node 2 Machine Node 1 Machine Machine Set Controller Kubernetes API Server kubectl Machine Deployment Controller ETCD (Key-value store) Pod Image: Nginx Node: Unschedulable Pod Image: Nginx Node: Node4 Machine Deployment Class: V1 Replicas: 3 Machine Deployment Class: V1 Replicas: 4

28 Machine-Set Controller Machine Controller Manager
Machine Controller Manager - Components Machine Controller Machine-Set Controller Machine- Deployment Controller Cluster Auto-scaler Responsible for Managing Machines Maintaining set of healthy Machine replicas Managing Machine-sets (used for updates) Scales the number of replicas based on load in the cluster Create/delete Machines to maintain required replicas Create/update Machine-sets to perform updates Update no. of replicas based on load Controllers cooperate, rather than racing with each other ! Parent-child relationship: Adoption of orphaned children Machine Controller Manager

Download ppt "Matthias Sohn Adel Zaalouk SAP."

Similar presentations

System Center 2012 R2 Overview

System Center 2012 R2 Overview
FI-WARE – Future Internet Core Platform FI-WARE Cloud Hosting July 2011 High-level description.

FI-WARE – Future Internet Core Platform FI-WARE Cloud Hosting July 2011 High-level description.
Cost Effort Complexity Benefit Cloud Hosted Low Cost Agile Integrated Fully Supported.

Cost Effort Complexity Benefit Cloud Hosted Low Cost Agile Integrated Fully Supported.
ATIF MEHMOOD MALIK KASHIF SIDDIQUE Improving dependability of Cloud Computing with Fault Tolerance and High Availability.

ATIF MEHMOOD MALIK KASHIF SIDDIQUE Improving dependability of Cloud Computing with Fault Tolerance and High Availability.
Opensource for Cloud Deployments – Risk – Reward – Reality

Opensource for Cloud Deployments – Risk – Reward – Reality
R2 Automation IT service management Windows Azure Pack App Controller Self-service Service Manager Service model Orchestrator Service Manager.

R2 Automation IT service management Windows Azure Pack App Controller Self-service Service Manager Service model Orchestrator Service Manager.
MDC417 Follow me on Working as Practice Manager for Insight, he is a subject matter expert in cloud, virtualization and management.

MDC417 Follow me on Working as Practice Manager for Insight, he is a subject matter expert in cloud, virtualization and management.
Automating Operational and Management Tasks in Microsoft Operations Management Suite and Azure

Automating Operational and Management Tasks in Microsoft Operations Management Suite and Azure
Microsoft Management Seminar Series SMS 2003 Change Management.

Microsoft Management Seminar Series SMS 2003 Change Management.
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.

20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
Structured Container Delivery Oscar Renalias Accenture Container Lead (NOTE: PASTE IN PORTRAIT AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP)

Structured Container Delivery Oscar Renalias Accenture Container Lead (NOTE: PASTE IN PORTRAIT AND SEND BEHIND FOREGROUND GRAPHIC FOR CROP)
Docker for Ops: Operationalize Your Apps in Production Vivek Saraswat Sr. Product Evan Hazlett Sr. Software

Docker for Ops: Operationalize Your Apps in Production Vivek Saraswat Sr. Product Evan Hazlett Sr. Software
Project Cumulus Overview March 15, 2011. 2 End Goal Unified Public & Private PaaS for GlassFish/Java EE Simplify deployment of Java EE Apps on top of.

Project Cumulus Overview March 15, End Goal Unified Public & Private PaaS for GlassFish/Java EE Simplify deployment of Java EE Apps on top of.
Microsoft Dynamics NAV Microsoft Dynamics NAV managed service for partners, under the hood Dmitry Chadayev Corporate Vice President, Microsoft.

Microsoft Dynamics NAV Microsoft Dynamics NAV managed service for partners, under the hood Dmitry Chadayev Corporate Vice President, Microsoft.
Calgary Oracle User Group

Calgary Oracle User Group
Federated Cluster Selector

Federated Cluster Selector
Prof. Jong-Moon Chung’s Lecture Notes at Yonsei University

Prof. Jong-Moon Chung’s Lecture Notes at Yonsei University
Windows 2012R2 Hyper-V and System Center 2012

Windows 2012R2 Hyper-V and System Center 2012
What has Docker Done for Us?

What has Docker Done for Us?
Running LHC jobs using Kubernetes

Running LHC jobs using Kubernetes

Similar presentations

Ads by Google