9. 9
Overview
Helm is the first application package manager running on top of
Kubernetes.
It allows describing the application structure through convenient
helm-charts and managing it with simple commands.
11. 11
Why use Helm
● Quick app portability
● Better testing
● Easy dev onboarding
● Rollbacks are easy
Deploy crazy
microservices
architectures
12. 12
Helm Charts
What is a Chart?
A chart is a set of information necessary to create a Kubernetes
application, given a Kubernetes cluster:
● A chart is a collection of files organized in a specific directory
structure
● The configuration information related to a chart is managed in the
configuration
● Finally, a running instance of a chart with a specific config is
called a release
Helm manages
Kubernetes
resource packages
through Charts.
16. What Is A Kubernetes Operator?
Custom Resource Definition (CRD)
Custom Controller
Kubernetes Operator
Custom Resource Definition = Definition of New Object Managed Thru Kubernetes API
Custom Controller = Manages the Lifecycle of Custom Resource defined by the CRD
Operator Pattern
17. Custom Resource Detail
• Resource is an endpoint in the Kubernetes API that stores a collection of API Objects of a certain kind
• Example: /api/v1/namespaces/{namespace}/pods
• Custom Resource is an extension of the Kubernetes API that is not necessarily available in a default Kubernetes installation.
• Example: /apis/custom.vmware.com/v1/namespaces/*/myobjects/
• Custom Controller inspects state declared through Custom Resource and tries to keep Current State in Sync
• Provides Top Level Support through kubectl. Kubectl get my-custom-object object-name
Extend Set of Objects Kubernetes can manage
kubectl apply –f myobject.yaml
Supervisor Cluster
Master
myobject1
API
Master
myobject
Custom
Resource
Definition
myobject Operator Namespace
Object
Controller
User NamespaceObject
Custom
Resources
myobject2
myobject3
• Watches etcd through API Master
• Detects change in Desired State
• Handles CRUD operations on custom objects
• Provides API endpoint for Custom Object
• Defines things like Roles, Rolebindings,
Service Account, Config Maps, Secrets
kubectl apply –f customresourcedefinition.yaml
kubectl apply –f service-account.yaml
Kubectl apply –f config-map.yaml
Kubectl apply –f rolebindings.yaml
Kubectl apply –f Object-controller.yaml
Define the Custom Object
Create Instance of Object
• Instances of the object deployed here
Custom
Resource
Definition
18. 18
Tanzu Kubernetes Cluster Tanzu Cluster Controller
Cluster API Controllers
Pod Pod
Tanzu Kubernetes Grid
Cluster API Provider
VM Operator
Pod Pod
Tanzu Kubernetes Cluster
Resource
Cluster Resource
Machine Resources
VirtualMachine ResourcesNode VM Node VM Node VM
AuthCNICSI
vCenter
UI Integration
UI Integration
UI Integration
Supervisor Cluster
ESXi ESXi ESXi ESXi
……
Custom Resources
Developer Self Service
Tanzu Kubernetes Grid
Give me a cluster:
3 Nodes
Kubernetes 1.16
Machine Class:
Guarantee-Small
Networking:
Calico
Ctrl VM Ctrl VM Ctrl VM
20. Project Harbor
An open source enterprise-class registry server.
Initiated by VMware China, adopted by users worldwide.
Integrated into Tanzu Kubernetes Grid.
Apache 2 license.
https://github.com/vmware/harbor/
#CNA1632GU CONFIDENTIAL 20
21. Key Features
User management & access control
• RBAC: admin, developer, guest
• AD/LDAP integration
Policy based image replication
Notary
Vulnerability Scanning
Web UI
Audit and logs
Restful API for integration
Lightweight and easy deployment
#CNA1632GU CONFIDENTIAL 21
22. Shipping Images in Binary Format for Consistency
#CNA1632GU CONFIDENTIAL 22
Dev Registry
CI
Git
Test Registry
images
images
images
Staging Registry
images
images
Production Registry
images
Images are synchronized between environments by using Harbor registry.