Rancher + Kubernetes; Stories from the trenches

Stories from the trenches

Who am I?

Chief Cloud Officer - Bulletproof

@gergnz

Who else is to blame?

• Qamal Kosim-SatyaputraBCG Digital Ventures

• Stuart GriceGrice Barrett Consulting

• Maciej DrożdżowskiA Grumpy Polish Bloke

What did we build?

• 2 Rancher Clusters• Managing 6 Kubernetes Clusters

• Deployment Tooling• kube-services

• Cluster Management Tooling• combat-wombat, monitoring-

meerkats, rolling-raccoon• Operations Tooling

• PCI-DSS, ISO27001

How did we do it?

• Terraform• Ansible• AWS• Trendmicro Deep Security• Splunk• Vault• Packer• Skeddly• Amazon Linux

• Github• Gitlab• Travis-CI• Bintray• Jenkins• Kafka• Ruby, Python• Docker• Java

Let’s Dig In

AWS Account Separation

Rancher + Kubernetes

Rancher

What could possibly go wrong?

Amazon Linux/Docker• Docker version change after upgrade

• Slow startup time

• cgroup location

• /var/lib/docker.sock becomes a dir

- name: install docker

yum: name=docker-1.12.6

- --max-concurrent-downloads 128

docker pull <allthethings> (in packer)

- sudo mount –t tmpfs tmpfs /sys/fs/cgroup

sudo sed -i 's|cgroup|sys/fs/cgroup|' /etc/cgconfig.conf

- ¯\_(ツ)_/¯ - never worked this one out

Docker Images

Java Musl-libc DNS

JUST DON’T!!!!!!!!!!!!!!!!

Java Musl-libc DNS Cont.

JAVA_OPTS=-Dsun.net.spi.nameservice.provider.1=default-Dsun.net.spi.nameservice.provider.2=dns,sun-Dsun.net.spi.nameservice.nameservers=<vpc endpoint>

Magical Rancher CNI and KubeDNS goes here

Rancher• RDS resources exhausted

• Host clean up

- Make it bigger, much bigger

- Build combat-wombat

combat-wombat

Kubernetes• T2 instance CPU credit exhaustion

• etcd split-brain

• anti-affinity

• Launch configuration UpdatePolicy

- etcd gets really busy

don’t use T2s, use Cs

- etcdctl cluster-health

disaster

- json embedded inside yaml for beta/alpha features

sleepy-sloth

- rolling-raccoon

sleepy-sloth

rolling-raccoon

What did we learn?SoDD: Stackoverflow Driven Development

If at first you don’t succeed: Double Tap

Requirements/Specifications change: use code to build generalised building blocks

The upgrade loop never stops: Fix bug, incur tech debt, raise issue/PR, wait for next release, upgrade, rinse, repeat.

Rancher + Kubernetes; Stories from the trenches

Technology

Oper ator’s manual 455e Rancher 455 Rancher 460 Rancherpdf.lowes.com/operatingguides/024761034968_oper.pdf · 455e Rancher 455 Rancher 460 Rancher Oper ator’s manual ... (ANSI

Rancher/Kubernetes入門ハンズオン資料～第2回さくらとコンテナの夕べ #さくらの夕べ番外編

Kubernetes laravel and kubernetes

Oper 455e Rancher 455 Rancher 460 - husqvarna.com · 455e Rancher 455 Rancher 460 Oper ator’s manual ... 11 Throttle lockout 12 Decompression valve ... • Do not use the chain

Rancher 55

Rancher Kubernetes Cluster using CSI Driver for Dell EMC VxFlex … · 2021. 1. 31. · using global security policies. Use Helm or Rancher App Catalog to deploy and manage applications

The Rancher

Rancher is a trademark of Rancher Labs, Inc. in the United ...sysadmin:...DEPLOYING AND SCALING KUBERNETES WITH RANCHER 1.3.2 Data and Storage By their very nature, containers are

Rancher Kubernetes Cluster using CSI Driver for Dell …...including app packaging, CI/CD, logging, monitoring, and service mesh. Solution infrastructure 9 Rancher Kubernetes Cluster

Rancherで簡単に作るk8s環境 Kubernetes meetup tokyo #4 LT kubernetes on rancher

Oper ator s manual - ProductReview.com.au · English 455 Rancher II, 455e Rancher II 455e TrioBrake Rancher II 465 Rancher II Oper ator ′ s manual Please r ead the operator’s

Multicloud CI/CD with OpenStack and Kubernetes · 2019-04-29 · Kubernetes install tools Magnum OpenStack only Smaller ecossytem Kops No OpenStack support, AWS only Rancher No OpenStack

Accelerating Edge Computing with Arm and Rancher k3s ... reports, and...container orchestration. The pace of adoption of Kubernetes has been very rapid and is accounted for by numerous

Rancher Kubernetes Cluster using CSI Driver for Dell EMC ... · CSI driver to dynamically provision persistent volumes in a Rancher managed Kubernetes cluster. Readers are expected

IPv6 on Container Plattforms · vshn.ch - The DevOps Company 2018-10-01 Kubernetes Distributions Software distributions: • Redhat OpenShift • Rancher • Canonical • Docker

Rancher Meetup Tokyo #7 Rancher Home

Potbelly Rancher Installation

Southwest Rancher

Implantando e escalando kubernetes com rancher

Kubernetes Patterns Kubernetes Patterns