SlideShare a Scribd company logo

Delivering-Off-The-Shelf Software with Kubernetes- November 12, 2020

VMware Tanzu
VMware Tanzu

Slides from the Northeast Fall Webinar Series on November 12, 2020. Presented by Bon Sethi & Dodd Pfeffer, VMware

Related slideshows

vSphere with Kubernetes Virtual Event- June 16, 2020
vSphere with Kubernetes Virtual Event- June 16, 2020vSphere with Kubernetes Virtual Event- June 16, 2020
vSphere with Kubernetes Virtual Event- June 16, 2020
 
Make Your Kubernetes Clusters Production-Ready with VMware Tanzu
Make Your Kubernetes Clusters Production-Ready with VMware TanzuMake Your Kubernetes Clusters Production-Ready with VMware Tanzu
Make Your Kubernetes Clusters Production-Ready with VMware Tanzu
 
OPS Executive insights Webinar - Tanzu Slides
OPS Executive insights Webinar - Tanzu SlidesOPS Executive insights Webinar - Tanzu Slides
OPS Executive insights Webinar - Tanzu Slides
 
1 of 23
Download to read offline
Confidential │ ©2020 VMware, Inc. Modern “off-the-shelf” software supply chain Dodd Pfeffer Solutions Engineer Bon Sethi Solutions Engineer
Confidential │ ©2020 VMware, Inc. 2 ● Containerized Applications ● The Shelf in Off-the-shelf ● Application Provisioning Primer ● Enterprise Container Registry ● Populating your Registry ● Cluster LCM for Purpose built Kubernetes Runtimes ● Mananaging all these clusters ● Application and cluster Observability ● Wrap-up Agenda
Confidential │ ©2020 VMware, Inc. 3 Containers are the Future Container use is skyrocketing and is projected to grow at 64% CAGR through 2022. By 2022, organizations will deploy containers primarily in the data center. Source: Worldwide Container Infrastructure Software Forecast, 2018–2022, IDC, Dec 2018 77%64%
ISV Ecosystem ETL DATABASE CACHE COMMERCIAL BPM SEARCH IAM SECURITY TEST ANALYTICS BATCH APM SIEM / LOG / AUDITNETWORKING CI/CD ITIL BPM IDE/CODE (Buildpacks) API / SOA / uS / IOT MESSAGING/ CONNECTOR IaaS CRM
Confidential │ ©2019 VMware, Inc. 5 Open Source Popularity 313K+ OSS components 100M+ repositories downloaded on average last year by enterprises* hosted on GitHub, with over 40M contributors** *Sonatype Software Supply Chain 2019 Report **https://github.com/about
Confidential │ ©2019 VMware, Inc. 6 Production-ready containers for popular open source software Tanzu Application Catalog Golden Image Support Proof of Provenance Proof of Testing Use Tanzu Application Catalog and deploy open source with confidence: Align Developers and IT around velocity, stability, and security
Confidential │ ©2020 VMware, Inc. 7 Ubiquitous runtime built on open source technologies and deployed across clouds Tanzu Kubernetes Grid Tanzu Kubernetes Grid Simplified installation Automated multi-cluster ops Integrated platform services
8Confidential │ ©2019 VMware, Inc. Helm
9 Overview Helm is the first application package manager running on top of Kubernetes. It allows describing the application structure through convenient helm-charts and managing it with simple commands.
10 Why Helm Deployment using kubectl Deployment using Helm
11 Why use Helm ● Quick app portability ● Better testing ● Easy dev onboarding ● Rollbacks are easy Deploy crazy microservices architectures
12 Helm Charts What is a Chart? A chart is a set of information necessary to create a Kubernetes application, given a Kubernetes cluster: ● A chart is a collection of files organized in a specific directory structure ● The configuration information related to a chart is managed in the configuration ● Finally, a running instance of a chart with a specific config is called a release Helm manages Kubernetes resource packages through Charts.
13Confidential │ ©2019 VMware, Inc. Carvel
Confidential │ ©2020 VMware, Inc. 14 Packaging and Deployment on Kubernetes Carvel Tools Author Configuration Package and Distribute Customize Configuration Deploy to Cluster ytt kbld + imgpkg ytt kapp
15Confidential │ ©2019 VMware, Inc. Operators
What Is A Kubernetes Operator? Custom Resource Definition (CRD) Custom Controller Kubernetes Operator Custom Resource Definition = Definition of New Object Managed Thru Kubernetes API Custom Controller = Manages the Lifecycle of Custom Resource defined by the CRD Operator Pattern
Custom Resource Detail • Resource is an endpoint in the Kubernetes API that stores a collection of API Objects of a certain kind • Example: /api/v1/namespaces/{namespace}/pods • Custom Resource is an extension of the Kubernetes API that is not necessarily available in a default Kubernetes installation. • Example: /apis/custom.vmware.com/v1/namespaces/*/myobjects/ • Custom Controller inspects state declared through Custom Resource and tries to keep Current State in Sync • Provides Top Level Support through kubectl. Kubectl get my-custom-object object-name Extend Set of Objects Kubernetes can manage kubectl apply –f myobject.yaml Supervisor Cluster Master myobject1 API Master myobject Custom Resource Definition myobject Operator Namespace Object Controller User NamespaceObject Custom Resources myobject2 myobject3 • Watches etcd through API Master • Detects change in Desired State • Handles CRUD operations on custom objects • Provides API endpoint for Custom Object • Defines things like Roles, Rolebindings, Service Account, Config Maps, Secrets kubectl apply –f customresourcedefinition.yaml kubectl apply –f service-account.yaml Kubectl apply –f config-map.yaml Kubectl apply –f rolebindings.yaml Kubectl apply –f Object-controller.yaml Define the Custom Object Create Instance of Object • Instances of the object deployed here Custom Resource Definition
18 Tanzu Kubernetes Cluster Tanzu Cluster Controller Cluster API Controllers Pod Pod Tanzu Kubernetes Grid Cluster API Provider VM Operator Pod Pod Tanzu Kubernetes Cluster Resource Cluster Resource Machine Resources VirtualMachine ResourcesNode VM Node VM Node VM AuthCNICSI vCenter UI Integration UI Integration UI Integration Supervisor Cluster ESXi ESXi ESXi ESXi …… Custom Resources Developer Self Service Tanzu Kubernetes Grid Give me a cluster: 3 Nodes Kubernetes 1.16 Machine Class: Guarantee-Small Networking: Calico Ctrl VM Ctrl VM Ctrl VM
19Confidential │ ©2019 VMware, Inc. Where to images? Enterprise Container Registry - Harbor
Project Harbor An open source enterprise-class registry server. Initiated by VMware China, adopted by users worldwide. Integrated into Tanzu Kubernetes Grid. Apache 2 license. https://github.com/vmware/harbor/ #CNA1632GU CONFIDENTIAL 20
Key Features User management & access control • RBAC: admin, developer, guest • AD/LDAP integration Policy based image replication Notary Vulnerability Scanning Web UI Audit and logs Restful API for integration Lightweight and easy deployment #CNA1632GU CONFIDENTIAL 21
Shipping Images in Binary Format for Consistency #CNA1632GU CONFIDENTIAL 22 Dev Registry CI Git Test Registry images images images Staging Registry images images Production Registry images Images are synchronized between environments by using Harbor registry.
23Confidential │ ©2019 VMware, Inc. Thank You

More Related Content

Delivering-Off-The-Shelf Software with Kubernetes- November 12, 2020

  • 1. Confidential │ ©2020 VMware, Inc. Modern “off-the-shelf” software supply chain Dodd Pfeffer Solutions Engineer Bon Sethi Solutions Engineer
  • 2. Confidential │ ©2020 VMware, Inc. 2 ● Containerized Applications ● The Shelf in Off-the-shelf ● Application Provisioning Primer ● Enterprise Container Registry ● Populating your Registry ● Cluster LCM for Purpose built Kubernetes Runtimes ● Mananaging all these clusters ● Application and cluster Observability ● Wrap-up Agenda
  • 3. Confidential │ ©2020 VMware, Inc. 3 Containers are the Future Container use is skyrocketing and is projected to grow at 64% CAGR through 2022. By 2022, organizations will deploy containers primarily in the data center. Source: Worldwide Container Infrastructure Software Forecast, 2018–2022, IDC, Dec 2018 77%64%
  • 4. ISV Ecosystem ETL DATABASE CACHE COMMERCIAL BPM SEARCH IAM SECURITY TEST ANALYTICS BATCH APM SIEM / LOG / AUDITNETWORKING CI/CD ITIL BPM IDE/CODE (Buildpacks) API / SOA / uS / IOT MESSAGING/ CONNECTOR IaaS CRM
  • 5. Confidential │ ©2019 VMware, Inc. 5 Open Source Popularity 313K+ OSS components 100M+ repositories downloaded on average last year by enterprises* hosted on GitHub, with over 40M contributors** *Sonatype Software Supply Chain 2019 Report **https://github.com/about
  • 6. Confidential │ ©2019 VMware, Inc. 6 Production-ready containers for popular open source software Tanzu Application Catalog Golden Image Support Proof of Provenance Proof of Testing Use Tanzu Application Catalog and deploy open source with confidence: Align Developers and IT around velocity, stability, and security
  • 7. Confidential │ ©2020 VMware, Inc. 7 Ubiquitous runtime built on open source technologies and deployed across clouds Tanzu Kubernetes Grid Tanzu Kubernetes Grid Simplified installation Automated multi-cluster ops Integrated platform services
  • 8. 8Confidential │ ©2019 VMware, Inc. Helm
  • 9. 9 Overview Helm is the first application package manager running on top of Kubernetes. It allows describing the application structure through convenient helm-charts and managing it with simple commands.
  • 10. 10 Why Helm Deployment using kubectl Deployment using Helm
  • 11. 11 Why use Helm ● Quick app portability ● Better testing ● Easy dev onboarding ● Rollbacks are easy Deploy crazy microservices architectures
  • 12. 12 Helm Charts What is a Chart? A chart is a set of information necessary to create a Kubernetes application, given a Kubernetes cluster: ● A chart is a collection of files organized in a specific directory structure ● The configuration information related to a chart is managed in the configuration ● Finally, a running instance of a chart with a specific config is called a release Helm manages Kubernetes resource packages through Charts.
  • 13. 13Confidential │ ©2019 VMware, Inc. Carvel
  • 14. Confidential │ ©2020 VMware, Inc. 14 Packaging and Deployment on Kubernetes Carvel Tools Author Configuration Package and Distribute Customize Configuration Deploy to Cluster ytt kbld + imgpkg ytt kapp
  • 15. 15Confidential │ ©2019 VMware, Inc. Operators
  • 16. What Is A Kubernetes Operator? Custom Resource Definition (CRD) Custom Controller Kubernetes Operator Custom Resource Definition = Definition of New Object Managed Thru Kubernetes API Custom Controller = Manages the Lifecycle of Custom Resource defined by the CRD Operator Pattern
  • 17. Custom Resource Detail • Resource is an endpoint in the Kubernetes API that stores a collection of API Objects of a certain kind • Example: /api/v1/namespaces/{namespace}/pods • Custom Resource is an extension of the Kubernetes API that is not necessarily available in a default Kubernetes installation. • Example: /apis/custom.vmware.com/v1/namespaces/*/myobjects/ • Custom Controller inspects state declared through Custom Resource and tries to keep Current State in Sync • Provides Top Level Support through kubectl. Kubectl get my-custom-object object-name Extend Set of Objects Kubernetes can manage kubectl apply –f myobject.yaml Supervisor Cluster Master myobject1 API Master myobject Custom Resource Definition myobject Operator Namespace Object Controller User NamespaceObject Custom Resources myobject2 myobject3 • Watches etcd through API Master • Detects change in Desired State • Handles CRUD operations on custom objects • Provides API endpoint for Custom Object • Defines things like Roles, Rolebindings, Service Account, Config Maps, Secrets kubectl apply –f customresourcedefinition.yaml kubectl apply –f service-account.yaml Kubectl apply –f config-map.yaml Kubectl apply –f rolebindings.yaml Kubectl apply –f Object-controller.yaml Define the Custom Object Create Instance of Object • Instances of the object deployed here Custom Resource Definition
  • 18. 18 Tanzu Kubernetes Cluster Tanzu Cluster Controller Cluster API Controllers Pod Pod Tanzu Kubernetes Grid Cluster API Provider VM Operator Pod Pod Tanzu Kubernetes Cluster Resource Cluster Resource Machine Resources VirtualMachine ResourcesNode VM Node VM Node VM AuthCNICSI vCenter UI Integration UI Integration UI Integration Supervisor Cluster ESXi ESXi ESXi ESXi …… Custom Resources Developer Self Service Tanzu Kubernetes Grid Give me a cluster: 3 Nodes Kubernetes 1.16 Machine Class: Guarantee-Small Networking: Calico Ctrl VM Ctrl VM Ctrl VM
  • 19. 19Confidential │ ©2019 VMware, Inc. Where to images? Enterprise Container Registry - Harbor
  • 20. Project Harbor An open source enterprise-class registry server. Initiated by VMware China, adopted by users worldwide. Integrated into Tanzu Kubernetes Grid. Apache 2 license. https://github.com/vmware/harbor/ #CNA1632GU CONFIDENTIAL 20
  • 21. Key Features User management & access control • RBAC: admin, developer, guest • AD/LDAP integration Policy based image replication Notary Vulnerability Scanning Web UI Audit and logs Restful API for integration Lightweight and easy deployment #CNA1632GU CONFIDENTIAL 21
  • 22. Shipping Images in Binary Format for Consistency #CNA1632GU CONFIDENTIAL 22 Dev Registry CI Git Test Registry images images images Staging Registry images images Production Registry images Images are synchronized between environments by using Harbor registry.
  • 23. 23Confidential │ ©2019 VMware, Inc. Thank You