Industry Use Cases with Demonstration on Kubernetes (Industry Experts Session)

Gursimar Singh

5 min readMar 9, 2021

▪️Let us introduce you all with today’s speakers for the session, they all are experts from the core industry :-

➡️ The First One is :-

”Mr. Neeraj Bhatt” (Senior Technical Engineer- OpenShift, Redhat )

▪️”Neeraj is working in Redhat from more than 4 years now”

➡️ And The Second One is :-

”Mr. Vijit Kuntal” (Consultant, Infosys Belgium)

▪️Vijit is an experienced Senior System Engineer extremely skilled in DevOps, Jenkins.

➡️ And the Third one is-

”Rushil Sharma” ( Customer Engineer Hybrid Cloud, Google)

▪️He has Experience in driving Financial institutions to optimize the Kubernetes workloads to leverage the optimum resources available without over committing the hardware. He has also worked at RedHat and contributed on Openshift 4.

A brief summary of the session:

Need of cvs git:
Distributed works better if there is big team.
Easy to create branches in git.
Git UI gives more clear picture of the repos.
Rest API implementation in git.
Git is easy to reconcile.
Code merges between the branches.
CVS works on a file level, whereas git works on a repo/module level.
There are two ways to do cvs conversion:
Git provides git cvsimport [options][options]
cvs2git is a tool that is mostly used.
Both of these tools are used to convert any type of centralized vs(cvs, svn) to distribute version control system(git)(hg).
Integration of CVS with Jenkins:
Depends on the version of jenkins in use, jenkins jobs can be created.
Pollers or git features(hooks)can be used to trigger the build after every commit.
For use case of 2 availability zones az1 and az2, it is recommended to use repurse hardware from openshift cluster and start migration of workloads on k8s cluster for the least critical first and then critical bang services.
For the requirement of resource optimization, it is recommended to use wide infrastructure service deployment using standardized resource allotment.
For the requirement of of monitoring cpu restarting pods and memory requests, it is recommended to implement elk stack along with grafana dashboards and prometheus.
For failover capacity and cluster level autoscaling, it is recommended to use microservice which will scale horizontally when required we can run out of resources.
For image security enhancement using notary server, it is advised to use docker notary to sign images.
custom ssc →sample ssc
default capability = net admin
system”serviceaccount:custom:custom-sa →>system account name:type:custom service/system service.
openshift.io is very specific kind of metadata inside verify scc.
capsh — print|grep net } used to check capability of network.
oc create role capscc — verb=use — resource=scc — resource-name=cap-add -n captest } used to create a role.
to create roll binding:
oc create rolebinding capscc-bind — role=capscc — serviceaccount=captest:default
WHAT ALL SCCs CAN CONTROL?
Whether pod can run privileged containers.
Container’s capability request.
Use of host directories as volumes.
SELinux context of the container.
Container user ID.
Use of host namespaces and networking.
Allocation of an FSGroup that owns the pods volumes.
Container requires the use of a read only root system or not.
Usage of volume types.
Configuration of allowable seccomp profiles.