Up Innovation Time Change Move Fast, Break Things Culture of experimentation A 20% vs. 25% Shorten the Feedback Loop Real-time data-driven intelligence & personalization AI / ML Data, Data, Data B
CENTER Development Model Application Architecture Deployment & Packaging Application Infrastructur e Storage Waterfall Agile Monolithic N-tier Bare Metal Virtual Servers Data Center Hosted Scale Up Scale Out DevOps MicroServices Containers Hybrid Cloud Storage as a Service
INNOVATION CENTER Powered by DevOps + Automation + + DEV QA OPS Culture Process Automation Technology Linux + Containers IaaS Orchestration CI/CD Source Control Management Collaboration Build and Artifact Management Testing Frameworks Cloud Native Applications Hybrid Cloud Open Source Agile, Iterative, Continuous, Infrastructure as Code Collaborative Transparent Open THE SOFTWARE FACTORY
Culture Process Technology Linux + Containers IaaS Orchestration CI/CD Source Control Management Collaboration Build and Artifact Management Testing Frameworks Open Source
Container Application OS dependencies LINUX VIRTUALIZATION Container Application OS dependencies Virtual Machine LINUX PRIVATE CLOUD Container Application OS dependencies Virtual Machine LINUX PUBLIC CLOUD Container Application OS dependencies Virtual Machine LINUX CONTAINERIZED MICROSERVICES Build Once, Deploy Anywhere
selector role: app replicas: 2, selector role: web ORCHESTRATION Services (Load Balancer), Service discovery with selectors and pod labels Pods Nodes Services Controller Manager & Data Store (etcd)
web replicas: 1, role: app replicas: 2, role: web role: web Controller Manager & Data Store (etcd) HEALTH CHECK Readiness Probe e.g. tcp, http, script Ingress / Routes
services, Kubernetes persistent volumes TREAT CONTAINERS AS IMMUTABLE To keep containerized apps portable Application Language runtimes OS dependencies
OS dependencies Environment Variable or Volume/File CONTAINER INSTANCE key:value from directories, files, or values KUBERNETES CONFIGMAP APPLICATION CONFIG FILE Application Configuration File e.g. XML etcd Pod Source Code Repository EnvVar require pod restart Files refresh in time
Security Guide for RHEL CCE-27002-5 Set Password Minimum Length Content Scan physical servers, virtual machines, docker images and containers for Security Policy Compliance (CCEs) and known Security Vulnerabilities (CVEs)
Case • Non-mission critical services Pros • Simple, clean • No Schema incompatibilities • No API versioning Cons • Downtime RECREATE WITH DOWNTIME Shutdown existing deployment Kubernetes Service
/ CI ROLLING UPDATES with ZERO DOWNTIME Rollingupdate maxUnavailable=0 maxSurge=1 ROLLING UPDATES Replace each pod using RollingUpdate deployment strategy Kubernetes Service
readiness probe e.g. tcp, http, script Version 1 Version 1 Version 1.2 Version 1 Rollingupdate maxUnavailable=0 maxSurge=1 ROLLING UPDATES Deploy new version, wait until it’s ready Kubernetes Service
Using Ingress 100% BLUE / GREEN DEPLOYMENT Single service, run two complete Deployments BLUE Version 1 Ingress e.g haproxy BLUE / GREEN DEPLOYMENT Using Ingress 100% Service selector: production=BLUE Kubernetes Deployment
/ GREEN DEPLOYMENT Using Ingress 100% Health Check: readiness probe e.g. tcp, http, script BLUE / GREEN DEPLOYMENT Using Deployments, Ingress Service selector: production=BLUE Kubernetes Deployment Kubernetes Deployment
2 Ingress Use Case • Self-contained micro services (data) Pros • Low risk, never change production • No downtime • Production like testing • Rollback Cons • Resource overhead • Data synchronization BLUE / GREEN DEPLOYMENT Rollback Service selector: production=BLUE
A Ingress CANARY DEPLOYMENTS Tests / CI CANARY DEPLOYMENTS Build confidence in new version Service selector: app=demo version=A label: app=demo version=A 25% Conversion Rate ??% Conversion Rate
Version A Ingress CANARY DEPLOYMENTS CANARY DEPLOYMENTS Requires app to support side-by-side version Service Service selector: app=demo label: app=demo version=A 25% Conversion Rate % Conversion Rate label: app=demo version=B
EXTERNAL SERVICES Using CNAME redirection mongodb:// <dbuser>: <dbpassword> @mongo:<port>/dev mongodb://<dbuser>:<dbpassword> @mongo52101.domain.name:52101/dev Cloud Mongo Database Service WebApp role=webapp replicas=2, role=webapp .name EXTERNAL SERVICE Connecting to Service with dynamic URI with a static ExternalName Kubernetes service
Container Data lost when Container terminates Data lost when Host terminates Independent of Container & Host Data in a Host Volume Networked Volume Data lost when Cloud instance terminates Data lost when Container terminates Independent of Container & Cloud instance DATA PERSISTENCE
mongo-1, mongo-2 2. Ordered Operations with ordinal index e.g. name-0, name-1, name-2 3. Stable, persistent storage (linked to ordinal index/name) 4. Mandatory headless service (no single IP) for integrations KUBERNETES STATEFULSETS
Mongo-1 Mongo-2 pvc pvc pvc Persistent Volume A B C C D Mongo StatefulSet replicas=3 role=mongo Read / Write Read / Only Read / Only DATABASE STATEFUL SETS Scale to 3 replicas Client
/ location, Short lived Data Sensitive, e.g. Finance Multi-AZ, Multi/ Hybrid cloud Production, Mission critical Security Scale Availability Latency Portability Performance Large cluster, multi/ hybrid cloud Internet, SaaS Efficiency Large cluster, Bare Metal, Recreate Many apps, Dev/ Test Consistent OS & Kubernetes version 1 app anywhere, e.g. ISVs Local, Small Cluster IoT, Retail Bare metal (Multus, SR-IOV, NFD, Scheduler, CPU pin) HPC, AI/ML, NFV
MESH WITH ISTIO Dedicated infrastructure layer for making service-to-service communication safe, fast, and reliable Deploy as a lightweight side-car network proxy
including packaging, deploying, managing of Kubernetes applications Takes human operational knowledge and encodes it into software Watches over your Kubernetes environment and uses its current state to make decisions in milliseconds.