traefik-Online-Meetup.html

<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8"/>

<title>tr&aelig;fik Online Meetup</title>

<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/reveal.js@4.1.1/dist/reveal.css"/>
<link rel="stylesheet" href="themes/theme2021.css" id="theme"/>
<link rel="stylesheet" href="themes/common.css" id="theme"/>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/highlight.js@10.7.2/styles/rainbow.css"/>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.15.3/css/all.min.css"/>
</head>

<body>
<div class="reveal">
<div class="slides">

    <section data-markdown="" data-separator="^---$" data-separator-vertical="^--$"><textarea data-template="">
        <!-- .slide: data-background="images/Haufe Group Campus Building 11.jpeg" style="padding: 0.5em 1em 1em 1em; color: white; background: rgba(0, 0, 0, 0.5); width: 70%; margin: auto; position: absolute; top: 45%; bottom: 5%; left: 5%; right: 25%;" -->

        # Using Kubernetes, tr&aelig;fik and <br/>Monitoring-as-a-Service

        Nicholas Dille, Haufe Group

        <i class="fab fa-docker" style="width: 1.5em; text-align: center;"></i> Docker Captain <i class="fab fa-windows" style="width: 1.5em; text-align: center;"></i> Microsoft MVP
    </textarea></section>

    <section data-markdown="000_introduction/02_bio.md" data-separator="^---$" data-separator-vertical="^--$"></section>

    <section data-markdown="" data-separator="^---$" data-separator-vertical="^--$"><textarea data-template="">
        ## Agenda

        What is Haufe Group?

        Architecture built on tr&aelig;fik

        - High availability
        - Certificates
        - Automation

        Monitoring-as-a-Service
    </textarea></section>

    <section data-markdown="" data-separator="^---$" data-separator-vertical="^--$"><textarea data-template="">
        ## Haufe Group

        Family-owned enterprise founded in 1951

        Leading software and media company

        19 locations in Europe with HQ in Freiburg, Germany

        ~2.200 employees
        
        Dozens of autonomous development teams
    </textarea></section>

    <section data-markdown="" data-separator="^---$" data-separator-vertical="^--$"><textarea data-template="">
        ## Haufe Group

        Digital media: knowledge base for lawyers, accounts, HR

        Software: tax, accounting, human resources, talent management, ERP, real estate

        Training: seminars, brokering

        ### Numbers

        €393M renevue FY19/20
        
        All DAX 30 companies, 1M customers in SMB market
        
        360.000 seminars per year
    </textarea></section>

    <section data-markdown="" data-separator="^---$" data-separator-vertical="^--$"><textarea data-template="">
        ## Development Infrastructure

        Team of 8 engineers

        Running Jira, GitLab, Artifactory/Xray, Team Foundation Server, <br/>GoCD, build agents, SonarQube, Monitoring-as-a-Service

        ### Challenges

        Manage service lifecycle
        
        Enable development teams
        
        Balance work and family
    </textarea></section>

    <section data-markdown="" data-separator="^---$" data-separator-vertical="^--$"><textarea data-template="">
        ## Development Infrastructure

        Artifactory holds **1.4M artifacts** using **16TB storage**

        GitLab provides **4.000 repositories** to **1.100 active users**

        Build agents execute **2.500 Linux build jobs per day**
        
        **100 Windows VMs** build and test desktop products

        Monitoring-as-a-Service runs in **15 instances**

        tr&aelig;fik serves **60-100 connections/second**
    </textarea></section>

    <section data-markdown="" data-separator="^---$" data-separator-vertical="^--$"><textarea data-template="">
        ## tr&aelig;fik for access

        ![client access](000_introduction/haufe_group/access.drawio.svg) <!-- .element: style="float: left; width: 50%; padding: 1em 1em 2em 0;" -->

        Self-hosted clusters

        Only very few services are exposed to the internet

        270 ingress rules with 200 middlewares

        Assigned by label selector

        No performant hairpin mode
    </textarea></section>

    <section data-markdown="" data-separator="^---$" data-separator-vertical="^--$"><textarea data-template="">
        ## High availability for and with tr&aelig;fik

        ![high availability](000_introduction/haufe_group/ha.drawio.svg) <!-- .element: style="float: left; width: 40%; padding: 1em 1em 2em 0;" -->

        `CNAME` to tr&aelig;fik's `A` record

        Failover across DMZ hosts

        Failover across all workers

        `A` records are updated after failover

        Small TTL for short outage

        Avoid DNS servers overriding the TTL

        Mind TTL for negative caching
    </textarea></section>

    <section data-markdown="" data-separator="^---$" data-separator-vertical="^--$"><textarea data-template="">
        ## Demo environment

        ![Technical overview of demo environment](000_introduction/haufe_group/kind.drawio.svg) <!-- .element: style="float: left; width: 40%; padding: 1em 1em 2em 0;" -->

        Kubernetes-in-Docker (KinD)

        First worker serves external requests

        Host ports 80/443 are forwarded

        Other workers are only accessible from the inside

        Internal access using Squid proxy
    </textarea></section>

    <section data-markdown="" data-separator="^---$" data-separator-vertical="^--$"><textarea data-template="">
        ## Demo environment

        ![Equivalent to production environment](000_introduction/haufe_group/demo.drawio.svg) <!-- .element: style="float: left; width: 40%; padding: 1em 1em 2em 0;" -->

        kind network represents LAN/WAN

        First worker represents DMZ hosts

        Other workers represent internal hosts
    </textarea></section>

    <section data-markdown="" data-separator="^---$" data-separator-vertical="^--$"><textarea data-template="">
        ## Certificates

        No tr&aelig;fik+acme due to multiple instances

        `cert-manager` per cluster

        Certificates stored in dedicated secret

        More than 130 certificates

        Available to all instances of tr&aelig;fik
    </textarea></section>

    <section data-markdown="" data-separator="^---$" data-separator-vertical="^--$"><textarea data-template="">
        ## Automation

        ### Cluster deployment
        
        Currently based on [`kubespray`](https://github.com/kubernetes-sigs/kubespray)

        ### Declarative infrastructure

        Ingresses (tr&aelig;fik `IngressRoute` CRD)
        
        Certificates (`cert-manager`)
        
        DNS (`external-dns`)
    </textarea></section>

    <section data-markdown="" data-separator="^---$" data-separator-vertical="^--$"><textarea data-template="">
        ## Automation

        ### Cluster migration

        Semi-automated
        
        Based on DNS
        
        Exports certificates before cleanup in old cluster

        ### Monitoring
        
        Per cluster Prometheus
        
        Dashboards against centralized Premetheus
    </textarea></section>

    <section data-markdown="" data-separator="^---$" data-separator-vertical="^--$"><textarea data-template="">
        ## Links

        traefik: [external](https://traefik-external.demo-dillen.dille.io) | [internal](https://traefik-internal.demo-dillen.dille.io) | [qa](https://traefik-qa.demo-dillen.dille.io)

        Cluster monitoring: [Prometheus](https://prometheus.demo-dillen.dille.io)
    </textarea></section>

    <section data-markdown="" data-separator="^---$" data-separator-vertical="^--$"><textarea data-template="">
        ## Monitoring-as-a-Service

        Service born from our own needs

        We maintain the monitoring stack

        ### Components

        Grafana

        InfluxDB with telegraf and chronograf

        Prometheus with push gateway

        Loki with promtail
    </textarea></section>

    <section data-markdown="" data-separator="^---$" data-separator-vertical="^--$"><textarea data-template="">
        ## Links

        traefik: [external](https://traefik-external.demo-dillen.dille.io) | [internal](https://traefik-internal.demo-dillen.dille.io) | [qa](https://traefik-qa.demo-dillen.dille.io)

        Cluster monitoring: [Prometheus](https://prometheus.demo-dillen.dille.io)

        MaaS: [Grafana](https://test-dillen.maas.dille.io) | [Prometheus](https://prometheus.test-dillen.maas.dille.io)
    </textarea></section>

    <section data-markdown="" data-separator="^---$" data-separator-vertical="^--$"><textarea data-template="">
        ## Haufe Group

        ![QR code to slides](images/2021-07-21.svg) <!-- .element: style="float: right; width: 15%;" -->

        Family-owned software and media company

        Service offerings to support dozens of teams

        tr&aelig;fik drives the architecture

        Declarative infrastructure to simplify automation

        Monitoring-as-a-Service is a success

        ### Slides will be made available [<i class="fab fa-github" style="width: 1.5em; text-align: center;"></i>](https://github.com/nicholasdille/container-slides/releases/tag/20210721)
    </textarea></section>
</div>
</div>

<script src="https://cdn.jsdelivr.net/npm/reveal.js@4.1.1/dist/reveal.js" type="application/javascript"></script>
<script src="https://cdn.jsdelivr.net/npm/reveal.js@4.1.1/plugin/markdown/markdown.js" type="application/javascript"></script>
<script src="https://cdn.jsdelivr.net/npm/reveal.js@4.1.1/plugin/highlight/highlight.js" type="application/javascript"></script>
<script src="https://cdn.jsdelivr.net/npm/reveal.js@4.1.1/plugin/search/search.js" type="application/javascript"></script>
<script src="https://cdn.jsdelivr.net/npm/reveal.js@4.1.1/plugin/zoom/zoom.js" type="application/javascript"></script>
<script src="https://cdn.jsdelivr.net/npm/reveal.js@4.1.1/plugin/notes/notes.js" type="application/javascript"></script>
<script>
    Reveal.initialize({
        width: 1920,
        height: 1080,
        minScale: 1,
        maxScale: 1,
        controls: true,
        controlsTutorial: false,
        controlsLayout: 'bottom-right',
        progress: true,
        slideNumber: false,
        hash: true,
        history: true,
        keyboard: true,
        disableLayout: true,
        overview: true,
        center: false,
        touch: true,
        loop: false,
        rtl: false,
        navigationMode: 'default',
        shuffle: false,
        fragments: true,
        fragmentInURL: true,
        embedded: false,
        help: true,
        pause: true,
        showNotes: false,
        autoPlayMedia: null,
        preloadIframes: null,
        autoAnimate: true,
        autoSlide: 0,
        mouseWheel: false,
        previewLinks: false,
        postMessage: true,
        transition: 'convex',
        transitionSpeed: 'default',
        backgroundTransition: 'fade',
        viewDistance: 3,
        mobileViewDistance: 2,
        display: 'block',
        hideInactiveCursor: true,
        hideCursorTime: 3000,
        parallaxBackgroundImage: '',
        parallaxBackgroundSize: '',

        totalTime: 50 * 60,
        allottedTime: 50 * 60 * 1000,

        barColor: 'rgb(200, 0, 0)',
        pausedBarColor: 'rgba(200, 0, 0, .6)',

        markdown: {
            smartypants: true
        },

        keyboard: {
            // pause/resume time when Enter is pressed
            13: () => {
                ElapsedTimeBar.isPaused ? ElapsedTimeBar.resume() : ElapsedTimeBar.pause();
            },
            // reset timer when 'r' is pressed
            82: () => {
                ElapsedTimeBar.reset();
            }
        },

        dependencies: [
            { src: 'plugins/elapsed-time-bar-2699fc8/elapsed-time-bar.js' }
        ],

        plugins: [
            RevealMarkdown,
            RevealHighlight,
            RevealSearch,
            RevealZoom,
            RevealNotes
        ]
    });
</script>

</body>
</html>