DeveloperWeek SF: A DevOps State of Mind with Microservices and Containers

Transcript

1. A DevOps State of Mind with Microservices and Containers Chris

   Van Tuin Chief Technologist, West [email protected]

2. “Only the Paranoid Survive” - Andy Grove, 1998

3. Retail Finance Media Transportation ? ? SOFTWARE DISRUPTS BUSINESS

4. + ≠ TAXI TRANSPORTATION DISRUPTER https://goo.gl/MP7QQH Ack: Andrew Ng APP

   IT’S NOT JUST A… +

5. Culture of experimentation A B 20% vs. 25% Empowered organization

   Time Change Rapid Innovation THE DISRUPTORS = AI /
 ML Data-driven intelligence Data, Data, Data

6. I.T. ENABLING 
 BUSINESS DIFFERENTIATION Taxi Ridesharing $2.50/mile, $0.50/idle Fare

   Static
 Pricing Dynamic 
 Pricing vs. Ack: William Benton Fare 
 based on 
 real-time and historical data: supply/demand distance, time
 route, traffic etc.

7. BUT…

8. Innovation Months THE AVERAGE ENTERPRISE DOES 
 DEPLOYMENTS EVERY 6

   TO 9 MONTHS.

9. DEV QA OPS Walled off people, walled off processes, walled

   off technologies “THROW IT OVER THE WALL”

10. HOW DOES I.T. TRANSFORM FROM A COST CENTER INTO AN

    INNOVATION CENTER? Months Innovation

11. DEV QA OPS Collaborative and empowered teams, 
 consistent processes,

    consistent technologies MOVE FAST, BREAK THINGS Line of Business Security , DBA, Network, etc.

12. I.T. MUST EVOLVE Development Model Application Architecture Deployment & Packaging

    Application Infrastructur e Storage Waterfall Agile Monolithic N-tier Bare Metal Virtual Servers Data Center Hosted Scale Up Scale Out DevOps MicroServices Containers Hybrid Cloud Storage as a Service

13. DEV QA OPS Open organization + 
 cross-functional teams Software

    factory automation Linux + Containers IaaS Orchestration CI/CD Source Control Management Collaboration Build and Artifact Management Testing Frameworks Open Source CI/CD pipelines with feedback Culture Process Technology + + THE SOFTWARE FACTORY

14. THE SOFTWARE FACTORY BARE METAL VIRTUAL PRIVATE CLOUD PUBLIC CLOUD

15. None
16. None

17. CI/CD PIPELINE Continuous Integration Continuous Build Continuous Deployment Developer ->

    Source -> Git Git -> RPMS -> Images-> Registry Images from 
 Registry -> Clusters

18. 24x Faster Recovery From Failure 3x Lower Change Failure Rate

    2555x Shorter Lead Times https://puppet.com/resources/whitepaper/2016-state-of-devops-report 200x More Deployments THE IMPACT…

19. Hybrid Cloud: Self-Service, On-Demand, Elastic Infrastructure Automation + Containers CI

    & CD Deployment Pipeline Advanced Deployment Techniques Microservices (and flying elephants!) Re-Org to DevOps THE EVOLUTION

20. CASE STUDY

21. CUSTOMER CHALLENGES “It could take 6 weeks to get a

    single word changed on the web site.” “It took 2 years after a competitive start-up launch to get a competing product to market.” “When developers work in Node.js, they can change the code they’re working on, direct it to run, and see whether it works-in the blink of an eye.” “The environment, while stable, didn’t use the sexiest technologies, which made recruiting difficult.”

22. DEVELOPMENT TO PRODUCTION 
 IN <30 MINUTES Source CI Cloud

    Repo Repo 
 Cloud

23. Re-Org to DevOps

24. ORGANIZATION COMMUNICATION AND DECISION MAKING Decision
 Making Decision Making Siloed

    Open

25. Today’s Reality is Hybrid Cloud

26. APPS IN MULTIPLE ENVIRONMENTS ANY COMBINATION, WHETHER TRADITIONAL OR CONTAINERIZED

    LEGACY APPS (1,000+) BARE METAL PRIVATE CLOUD (OpenStack) PUBLIC CLOUD (AMZ, MS, GOOG, etc.) VMware/
 Red Hat Virtualization PRODUCTION DEV/TEST

27. PRODUCTION & DATA ON-PREMISE, 
 DEV/TEST OFF RED HAT OPENSHIFT

    CONTAINER PLATFORM RED HAT OPENSHIFT CONTAINER PLATFORM BARE METAL VIRTUAL PRIVATE CLOUD OFF-PREMISE ON-PREMISE AMAZON RELATIONAL DB (MySQL) RDS SERVICE

28. Automation + Containers

29. From development… …to production. COMMUNICATION IS THE KEY TO DEVOPS.

    
 DEV/TEST Q/A OPERATIONS MANAGEMENT OUTSOURCERS DEV/TEST Q/A AUTOMATION: CONFIGURATION MANAGEMENT + ORCHESTRATION BARE METAL VIRTUAL PRIVATE CLOUD PUBLIC CLOUD

30. • Application processes on a shared kernel • Simpler, lighter,

    and denser than VMs • Portable across different environments • Package apps with all dependencies • Deploy to any environment in seconds • Easily accessed and shared INFRASTRUCTURE APPLICATIONS WHAT ARE CONTAINERS? It depends who you ask…

31. docker.io Registry Private Registry Red Hat Certified FROM fedora:latest CMD

    echo “Hello” Build file Physical, Virtual, Cloud Image Container Build Run Ship CONTAINERS: BUILD, SHIP, RUN

32. 4 • Are there known vulnerabilities in the application layer?

    • Are the runtime and OS layers up to date? • How frequently will the container be updated and how will I know when it’s updated? CONTENT: EACH LAYER MATTERS CONTAINER OS RUNTIME APPLICATION AYER MATTERS CONTAINER OS RUNTIME APPLICATION JAR CONTAINER CONTAINERS

33. A CONVERGED SOFTWARE SUPPLY CHAIN

34. SECURITY IMPLICATIONS What’s inside matters…

35. Containers at Scale

36. TOP CHALLENGES WITH CONTAINERS AT SCALE Operational 
 Efficiency Service

    Health Security & Compliance Financial Management

37. DEV QA OPS Open organization + 
 cross-functional teams Software

    factory automation CI/CD pipelines with feedback Culture Process Technology + + THE SOFTWARE FACTORY

38. Scheduling Monitoring Persistence Discovery Lifecycle & health Scaling Aggregation Security

    CONTAINERS AT SCALE BARE METAL VIRTUAL PRIVATE CLOUD PUBLIC CLOUD

39. CrunchyData GitLab Iron.io Couchbase Sonatype EnterpriseDB and many more ...and

    virtually any docker image out there! PHP Python Java NodeJS Perl Ruby .NET Core Apache
 HTTP Server MySQL Redis nginx Tomcat Varnish JBoss EAP JBoss A-MQ JBoss Fuse JBoss BRMS JBoss BPMS JBoss Data Grid JBoss Data Virt RH Mobile RH SSO 3SCALE API mgmt JBoss Web Server Spring
 Boot Wildfly Swarm Vert.x PostgreSQ L MongoDB Phusion Passenger Third-party
 Language Runtimes Third-party
 Databases Third-party
 App Runtimes Third-party
 Middleware Third-party
 Middleware TRUE POLYGLOT PLATFORM

40. Enabling Microservices

41. code config data Kubernetes configmaps secrets Container image Traditional 


    data services, Kubernetes 
 persistent volumes TREAT CONTAINERS AS IMMUTABLE

42. Web Database replicas=1, 
 role=db replicas=2, 
 role=web ORCHESTRATION Deployment,

    Declarative Nodes Controller Manager & Data Store (etcd)

43. role=web role=web ORCHESTRATION Schedule + Provision Pods (Compute/Storage/Network) Image Registry

    Pods Nodes Web replicas=2, 
 role=web ReplicaSet

44. role=web role=db role=web Pods Nodes Image Registry ORCHESTRATION Schedule +

    Provision Pods (Compute/Storage/Network) Web replicas=2, 
 role=web ReplicaSet Database replicas=1, 
 role=db StatefulSet

45. Web Database role=web role=db role=web replicas=1, 
 role=db replicas=2, 


    role=web ORCHESTRATION Service (Load Balancer) Pods Nodes Services Controller Manager & Data Store (etcd)

46. HEALTH CHECK Monitoring & Logging Pods Nodes Services Web Database

    role=web role=db role=web replicas=1, 
 role=db replicas=2, 
 role=web

47. HEALTH CHECK Pods Nodes Services Web Database role=web role=db role=web

    replicas=1, 
 role=db replicas=2, 
 role=web role=web Controller Manager & Data Store (etcd)

48. Web Database replicas=1, 
 role=db replicas=2, 
 role=web HEALTH CHECK

    Pods Nodes Services role=web role=db role=web Controller Manager & Data Store (etcd)

49. Web Database replicas=1, 
 role=db replicas=2, 
 role=web AUTO-SCALE Monitoring

    & Logging 80% CPU Pods Nodes Services role=web role=db role=web

50. Web Database replicas=1, 
 role=db replicas=3 
 role=web AUTO-SCALE 80%

    CPU Pods Nodes Services role=web role=db role=web role=web Controller Manager & Data Store (etcd)

51. Pods Nodes Services Web Database replicas=1, 
 role=db replicas=3 


    role=web AUTO-SCALE 50% CPU role=web role=db role=web role=web Controller Manager & Data Store (etcd)

52. CI/CD PIPELINES with CONTAINERS

53. CI/CD WITH CONTAINERS BARE METAL VIRTUAL PRIVATE CLOUD PUBLIC CLOUD

54. Security CI/CD PIPELINES

55. CONTINUOUS DELIVERY: DEPLOYMENT STRATEGIES

56. CONTINUOUS DELIVERY DEPLOYMENT STRATEGIES DEPLOYMENT STRATEGIES • Recreate • Rolling

    updates • Blue / Green deployment • Canary deployments • A / B testing

57. Recreate

58. Version 1 Version 1 Version 1 Version 1.2 ` Tests

    / CI RECREATE WITH DOWNTIME

59. Version 1 Version 1 Version 1 Version 1.2 ` Tests

    / CI RECREATE WITH DOWNTIME

60. Version 1.2 Version 1.2 Version 1.2 RECREATE WITH DOWNTIME Use

    Case • Non-mission critical services Cons • Downtime Pros • Simple, clean • No Schema incompatibilities • No API versioning

61. Rolling Updates

62. Version 1 Version 1 Version 1 Version 1.2 ` Tests

    / CI ROLLING UPDATES with ZERO DOWNTIME

63. Deploy new version and wait until it’s ready… Version 1

    Version 1 V1.2 Health Check: readiness probe e.g. tcp, http, script V1

64. Each container/pod is updated one by one Version 1.2 50%

    Version 1 V1 V1.2

65. Each container/pod is updated one by one Version 1.2 Version

    1.2 Version 1.2 100% Use Case • Horizontally scaled • Backward compatible API/data • Microservices Cons • Require backward compatible APIs/data • Resource overhead Pros • Zero downtime • Reduced risk, gradual rollout w/health checks • Ready for rollback

66. Blue / Green Deployment

67. Version 1 BLUE / GREEN DEPLOYMENT Route BLUE

68. Version 1 BLUE / GREEN DEPLOYMENT Version 1.2 BLUE GREEN

69. Version 1 Tests / CI BLUE / GREEN DEPLOYMENT Version

    1.2 BLUE GREEN

70. Version 1 Version 1.2 BLUE / GREEN DEPLOYMENT Route Version

    1.2 BLUE GREEN

71. Version 1 BLUE / GREEN DEPLOYMENT Rollback Route Version 1.2

    BLUE GREEN Use Case • Self-contained micro services (data) Cons • Resource overhead • Data synchronization Pros • Low risk, never change production • No downtime • Production like testing • Rollback

72. A/B Testing

73. “Our experience at Microsoft is no different—only about 1/3 of

    ideas improve the metrics they were designed to improve.”
 Ronny Kohavi, Microsoft (Amazon) http://ai.stanford.edu/~ronnyk/ExPThinkWeek2009Public.pdf http://ai.stanford.edu/~ronnyk/ExPThinkWeek2009Public.pdf

74. A/B TESTING USING CANARY DEPLOYMENTS

75. Version 1.2 Version 1 100% Tests / CI Version 1.2

    Route 25% Conversion Rate ?! Conversion Rate CANARY DEPLOYMENTS

76. 50% 50% Version 1.2 Version 1 Route Version 1.2 25%

    Conversion Rate 30% Conversion Rate CANARY DEPLOYMENTS

77. 25% Conversion Rate 100% Version 1 Version 1.2 Route Version

    1.2 30% Conversion Rate CANARY DEPLOYMENTS

78. Version 1.2 Version 1 100% Route Rollback 25% Conversion Rate

    20% Conversion Rate CANARY DEPLOYMENTS

79. IMPACT

80. Deployment Frequency Change Volume Lead Time Deployment
 Failure Rate Mean

    Time to Recover 99.999 Service Availability DEVOPS METRICS

81. ROI Improve business agility Improve business predictability Improve developer productivity

    Improve operational efficiency and costs

82. THANK YOU linkedin: Chris Van Tuin email: [email protected] twitter: @chrisvantuin