Kubernetes 201: Taking your Managed Kubernetes service to the next level

ROOM 2 05.00 PM Kubernetes 201 Giovanni Clément Horacio Gonzalez Product Unit Director @gioindahouz DevRel @LostInBrittany

Beyond the first deployment So I have deployed my distributed architecture on K8s, everything is good now, isn’t it?

The long path to production

Describing some of those traps To ease and empower your path to production

Security Hardening your Kubernetes

Kubernetes is insecure by design It’s a feature, not a bug It’s up to the K8s admin to secure it according to their needs

Not everybody has the same security needs

Kubernetes allows to enforce security practices as needed

Listing some good practices

Close open access Close all by default, open only the needed ports Follow the least privileged principle

Define and implement RBAC According to your needs

Define and implement network policies

Use RBAC and Network Policies to isolate your sensitive workload

Always keep up to date Both Kubernetes and plugins

And remember, even the best can get hacked Remain attentive, don’t get too confident

Extensibility Enhance your Kubernetes

Kubernetes is modular Let’s see how some of those plugins can help you

Istio A service mesh for Kubernetes… and much more!

Istio: A service mesh but not only

Service discovery

Traffic control

Encrypting internal communications

Routing and load balancing

Rolling upgrades

A/B testing

Monitoring your cluster

Velero Backing up your Kubernetes

Kubernetes: Desired State Management

YAML files allows to clone a cluster

But what about the data?

Velero Backup and migrate Kubernetes applications and their persistent volumes

S3 based backup On any S3 protocol compatible store

Backup all or part of a cluster

Schedule backups

Backups hooks

Conclusion And one more thing…

Kubernetes is powerful It can make Developers’ and DevOps’ lives easier

But there is a price: operating it Lot of things to think about

We have seen some of them

One more thing… Who should do what?

Different roles Each role asks for very different knowledge and skill sets

Most companies don’t need to operate the clusters As they don’t build and rack their own servers!

If you don’t need to build it, choose a certified managed solution You get the cluster, the operator get the problems

Like our OVH Managed Kubernetes Made with 💗 by the Platform team

Do you want to try? Send me an email to get some vouchers… horacio.gonzalez@corp.ovh.com

Thank you for listening Any Question