![Page 1: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/1.jpg)
@raravena80
Spice Up Your Workloads With Kata Containers
Ricardo Aravenabranch.io
@raravena80
![Page 2: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/2.jpg)
@raravena80
Who Am I?
Work @ Branch Metrics
Cloud Ops
Kata Containers contributor
Slack: rico
![Page 3: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/3.jpg)
@raravena80
Containers @ Branch
3
Mesos qa/dev/prodData pipelines Spark/Flink/HDFS/Druid
1
Where?Everywhere
4
RuntimeDocker/containerd/runC
2
K8s in qa/dev/prodAPI services - Lots of
different languages
5
DB & Big data appsStandalone
https://branch.io/
![Page 4: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/4.jpg)
@raravena80
Outline
Kata ● What● Why
Workloads ● API Services● Databases
Kubernetes ● Containerd● CRI-O
● Credentials Store● Big Data
● Docker● Serverless
Future ● Hotplug● Hypervisors
● GPUs● Blockchain
● GPUs● Blockchain
![Page 5: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/5.jpg)
@raravena80
Container A Container B Container C
App A
Middleware A
App B
Middleware B
Linux* Kernel
App C
Middleware C
Server Hardware
Virtual Machine
Linux Kernel
Traditional Containers
https://katacontainers.io
![Page 6: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/6.jpg)
@raravena80
Speed vs Security
Speed
Isolation
https://katacontainers.io
![Page 7: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/7.jpg)
@raravena80
Kata Containers
App A
Middleware A
Linux* Kernel
Server Hardware
Container A Container B Container C
Linux Kernel A
Virtual Machine
App B
Middleware B
Linux Kernel B
Virtual Machine
App C
Middleware C
Linux Kernel C
Virtual Machine
https://katacontainers.io
![Page 8: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/8.jpg)
How does it work?http://bit.ly/kata-containers-2-pager
Traditional ContainersProne to exploits
Kata ContainersEach container or container pod isolated in its
own lightweight VM
![Page 9: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/9.jpg)
@raravena80
Requirements
https://katacontainers.io
Private Cloud ● Openstack● Bare-metal & Nested Virt Providers
Public Cloud● GCP - Nested● Azure - Nested● AWS - i3.metal instances
OS ● Linux
Machine ● Bare Metal● Nested Virtualization
Platform ● Kubernetes - CRIO/Containerd● Docker
![Page 10: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/10.jpg)
@raravena80
Installation
https://katacontainers.io
Docker ● Kata Installation guide
Kubernetes ● Kata Deploy @egernst● github.com/egernst/kata-deploy
Requirements ● $ kata-runtime kata-check
![Page 11: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/11.jpg)
@raravena80
Kata WorkloadsAPIs or Microservices
Credentials Store
Databases
Kubernetes
Big Data & Analytics
![Page 12: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/12.jpg)
@raravena80
Workloads
APIs or Microservices
![Page 13: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/13.jpg)
@raravena80
Microservices
● gRPC or Rest with GoKit● go-micro● gin-gonic
High performance APIs
● Rails (Ruby)● Django (Python)● Play! Framework (Java, Scala)● Laravel (PHP)
MVCs
● React.js● Angular● Vue.js
Backend for web apps
![Page 14: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/14.jpg)
@raravena80
Microservices
User
Load Balancer
µService
µService
µService
Database
OR
![Page 15: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/15.jpg)
@raravena80
Microservices
User
Load Balancer
µService 1
µService 1
OR
Load Balancer
µService 2
µService 2
![Page 16: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/16.jpg)
@raravena80
Workloads
Databases
![Page 17: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/17.jpg)
@raravena80
Databases● Relational● NoSQL● Containerized
What?
● Easy to set up● Upgrades● Better resource utilization
Advantages
● Data Protection● Compliance● Memory Management
Why?
![Page 18: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/18.jpg)
@raravena80
Databases
Cluster KV DBs● Cassandra● Scylla● Hbase
NoSQL DBs● Redis● CouchDB● MongoDB
Relational DBs● MySQL● PostgreSQL● CockroachDB
https://landscape.cncf.io/grouping=landscape&landscape=database-and-data-warehouse
![Page 19: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/19.jpg)
@raravena80
Relational DBs
MySQL Slave
MySQL Master
Slave Disk
Master Disk
µService
OR
![Page 20: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/20.jpg)
@raravena80
DB Cluster
Cassandra - Node 2
Cassandra - Node 3
Cassandra - Node 4
Cassandra - Node 5
Cassandra - Node 1
Cassandra - Node 6
Disk 1
Disk 6
Disk 2
Disk 3
Disk 4Disk 5
OR
https://cassandra.apache.org/
OR
https://github.com/scylladb/scylla
![Page 21: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/21.jpg)
@raravena80
Workloads
Credentials Store
![Page 22: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/22.jpg)
@raravena80
Credentials Store● Centralized credentials● Microservices auth● Compliance
Why?
● Vault (Hashicorp)● Knox (Pinterest)● SPIFEE/SPIRE
Solutions
● In transit● At rest
Encryption
● KeyWhiz (Square)● Confidant (Lyft)
![Page 23: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/23.jpg)
@raravena80
Vault● Manage secrets● Audit logs● Microservice Auth
What?
● Multiple Storage Options● API Keys● Employee credentials
Features
● Redundant● Active/Standby● Client Server
Architecture
![Page 24: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/24.jpg)
@raravena80
Credentials Store
Vault Active
Vault Standby
Vault Standby
Storage
TLS
TLS
TLS
UserTLS
OR
![Page 25: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/25.jpg)
@raravena80
Demo
![Page 26: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/26.jpg)
@raravena80
Demo
Vault cluster in Kata
Create Credentials
Retrieve Credentials
Security in VM
![Page 27: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/27.jpg)
@raravena80
Demo
Vault with Consul
https://github.com/raravena80/oss-vaultsa
Vault Operator
https://github.com/kubevault/operator
![Page 28: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/28.jpg)
@raravena80
Workloads
Kubernetes
![Page 29: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/29.jpg)
@raravena80
Kubernetes
Microservices● Standalone● Service Mesh
○ Istio○ Conduit
Requirements● Bare Metal● Nested Virtualization● QEMU
How? ● CRIO● Containerd
![Page 30: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/30.jpg)
@raravena80
Kubernetes
K8 Masters
Kubelet
CRI
Istio Pod
Svc Pod
Svc Pod
Svc Pod
Svc Pod
Svc Pod
Kubelet
CRI
Leader
![Page 31: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/31.jpg)
@raravena80
KubernetesKubelet
CRI
Istio Pod
Svc Pod
Svc Pod
Svc Pod
Svc Pod
Svc Pod
Kubelet
CRI
UserLoad
Balancer
![Page 32: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/32.jpg)
@raravena80
Kubernetes CRIOapiVersion: v1
kind: Pod
metadata:
name: nginx
annotations:
io.kubernetes.cri-o.TrustedSandbox: "false"
labels:
env: test
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
nodeSelector:
kata-runtime: "true"
http://cri-o.io
![Page 33: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/33.jpg)
@raravena80
Kubernetes ContainerdapiVersion: v1
kind: Pod
metadata:
name: nginx
annotations:
io.kubernetes.cri.untrusted-workload: "true"
labels:
env: test
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
nodeSelector:
kata-runtime: "true"
https://containerd.io/
![Page 34: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/34.jpg)
@raravena80
Demo
![Page 35: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/35.jpg)
@raravena80
Demo
K8s Cluster
Run Stateful App with Containerd
Run Trusted With Untrusted Workloads
Add Sample Data
![Page 36: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/36.jpg)
@raravena80
Workloads
Big Data & Analytics
![Page 37: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/37.jpg)
@raravena80
Big Data & Analytics● Containerized workloads● Tie to Kubernetes
Why?
● Data In transit● Data at rest
Security
● Spark● Hadoop
Applications ● Flink
● Streaming● Batch
Workloads
Experimental
![Page 38: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/38.jpg)
@raravena80
Spark & Flink Streaming● Real-time processing● Large amounts of data
What?
● Ingest from Kafka● Process and change data
Workloads
● Object Storage● Columnar Storage (Druid/Vertica)
Storage
Experimental
![Page 39: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/39.jpg)
@raravena80
Spark & Flink Streaming
Kubelet
CRI
Spark Master
Spark Worker
Spark Worker
Spark Worker
Spark Worker
Spark Worker
Kubelet
CRI
Stream
https://spark.apache.org/https://flink.apache.org/
Experimental
![Page 40: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/40.jpg)
@raravena80
Apache Kafka● Streaming Platform● Real-time Processing● Geo-replication
What?
● Website Activity Traffic● Events Tracking● Metrics
Use Cases
● Distributed Cluster / Data Partition● Producers● Consumers
Architecture
Experimental
https://kafka.apache.org/
![Page 41: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/41.jpg)
@raravena80
Big Data & Analytics
Node 1
KubeletCRI
Kafka Node Fast Storage
Node 2
KubeletCRI
Kafka Node Fast Storage
Node 3
KubeletCRI
Kafka Node Fast Storage
Publish
Subscribe
https://kafka.apache.org/
Experimental
![Page 42: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/42.jpg)
@raravena80
Apache Druid● High Performance● Distributed Data Store● Columnar Based
What?
● Different Storage Options● Data Compression● Different Data Formats (parquet, avro, etc)
Features
● Different Node Types● Data Indexing in Hadoop or Local● Fast Real Time Queries
Architecture
Experimental
http://druid.io
![Page 43: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/43.jpg)
@raravena80
Big Data & Analytics
http://druid.io
Overlord Node
KubeletCRI
Overlord
Coordinator Node
KubeletCRI
Coordinator
Broker Nodes
KubeletCRI
Broker
Historical Nodes
KubeletCRI
Historical Fast Storage
Middle Manager Nodes
KubeletCRI
Middle Manager
Indexing
Inde
Experimental
User
![Page 44: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/44.jpg)
@raravena80
Future
![Page 45: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/45.jpg)
@raravena80
Kata Containers● Hyper-V● VMware● Xen
Hypervisors
● VM Hotplug CPUs, Memory, Network● Faster Shim Implementation
Features
● AWS Nested Virtualization● More Bare Metal Offerings● GKE?, AKS?, ACS?
Public Cloud
http://druid.io
![Page 46: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/46.jpg)
@raravena80
Workloads● Multus● https://github.com/intel/multus-cni
NFV
● Tensorflow / Kubeflow● GPUs● ML model training
AI/HPC
● 5G● IoT
Edge Computing
http://druid.io
![Page 47: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/47.jpg)
@raravena80
Resources● https://katacontainers.ioKata Containers
● http://microservices.io/Microservices
● https://github.com/hashicorpHashicorp
● https://github.com/cncf/landscapeCNCF
● https://kafka.apache.org/Kafka
● http://druid.ioDruid
![Page 48: Spice Up Your Workloads @raravena80 With Kata Containers … · @raravena80 Spice Up Your Workloads With Kata Containers Ricardo Aravena branch.io @raravena80](https://reader036.vdocument.in/reader036/viewer/2022070710/5ec56b735432f753074419a1/html5/thumbnails/48.jpg)
@raravena80
Thank You!