今から始めるクラウドネイティブインフラ - 哲学編

Transcript

1. ࠓ͔Β࢝ΊΔΫϥ΢ドωΠςΟブ - Πϯϑϥ఩ֶฤ 2018/06/26

2. Obligatory Self Introduction - @ken5scal - 2018/01 ʙ : FOLIO

   - ͓࢓ࣄ - Security Architect/Engineer - SRE - ৘γε ˜'SPN4PGUXBSF

3. ࠓ೔࿩͢͜ͱ - Ϋϥ΢υωΠςΟϒͳΠϯϑϥ - ߏ੒ཁૉͱಛ௃ʢͳͲʣ ؒҧͬͯͨΒ͢·Μʂ

4. 1. Cloud Nativeͱ͸ʢΠϯϑϥͱΞϓϦʣ 2. ࢖͍ॴ 3. ΠϯϑϥΞϓϦͷσβΠϯɾ։ൃ 4. Πϯϑϥͷςετ 5.

   Ϋϥ΢υωΠςΟϒΞϓϦͷӡ༻ 6. ΞϓϦͷηΩϡϦςΟ 7. Πϯϑϥͷ࣮૷ 8. จ۟ ໨࣍

5. Why?

6. Scalability Agility

7. Cloud Native ͱ ొ৔ਓ෺

8. *BB4 $MPVE
   /BUJWF
   *OGSB $MPVE
   /BUJWF
   
   "QQMJDBUJPO *OGSBTUSVDUVSF
   "QQMJDBUJPO Cloud Native֓ཁਤ Deploy

9. *BB4 IaaS Deploy $MPVE
   /BUJWF
   *OGSB $MPVE
   /BUJWF
   "QQ *OGSBTUSVDUVSF
   "QQMJDBUJPO

10. *BB4 $MPVE
    /BUJWF
    
    *OGSBTUSVDUVSF $MPVE
    /BUJWF
    
    "QQ *OGSBTUSVDUVSF
    "QQMJDBUJPO Cloud Native Infrastructure

    Deploy "1* )PPL

11. Cloud Native Infrastructure - Cloud Native AppΛ૸ΒͤΔ - IaaSͷίϯϙʔωϯτ͔Β͸ந৅Խ͞Ε͍ͯΔ -

    API͕͋Δ - ιϑτ΢ΣΞʹΑͬͯɺεέʔϧɾݎ࿚ɾϓϩϏδϣϯɾ ӡ༻͞ΕΔ - ؅ཧιϑτ: Infrastructure Application

12. *BB4 $MPVE
    /BUJWF
    *OGSB *OGSBTUSVDUVSF
    "QQMJDBUJPO Cloud Native Infrastructure Deploy "1* Α͠ͳʹந৅Խ͞ΕͨϨΠϠʔ

    $MPVE
    /BUJWF
    
    "QQ

13. *BB4 $MPVE
    /BUJWF
    *OGSB $MPVE
    /BUJWF
    
    "QQMJDBUJPO *OGSBTUSVDUVSF
    "QQMJDBUJPO Cloud Native Application Deploy

    $MPVE
    /BUJWF
    *OGSB "1* Α͠ͳʹந৅Խ͞ΕͨϨΠϠʔ

14. “Designed to be managed by SW, not humans” (p.88)

15. Cloud Native Application ΰʔϧ ֓ཁ ྫ "HJMJUZ  EFQMPZT
    GBTU
    

    JUFSBUFT
    RVJDLMZ 0QFSBCJMJUZ  JOGPSN
    BQQ
    MJGF
    DZDMF
    TUBUF
    GSPN
    BQQ w %FQMPZ
    3VO
    3FUSJSF 0CTFSWBCJMJUZ  BOTXFST
    BQQ
    TUBUF
    EJSFDUMZ
    B⒎FDUT
    CVTJOFTT w 4-0ʹؔ܎͢Δ4-"΍,1*ʹؔ͢ΔσʔλɾϝτϦΫε
    w ྫ
    ඵؒϦΫΤετ਺ɺΤϥʔ਺ɺϨεϙϯεԠ౴࣌ؒ
    w ͦΕΒʹؔΘΔΞϥʔτ 3FTJMJFODZ  FNCSBDFT
    GBJMVSF
     HSBDFGVM
    EFHSBEBUJPO w 4-0Ҏ্Λ࣮ݱ͢ΔΤϯδχΞϦϯά͸ແବ
    w ৘ใྔ΍ਖ਼֬ੑ͕௿ͯ͘΋Α͍ͷͰͱΓ͋͑ͣϨεϙϯε͢Δ

16. *BB4 $MPVE
    /BUJWF
    
    "QQ *OGSBTUSVDUVSF
    "QQMJDBUJPO Cloud Native Application Deploy "1*

    )PPL "1*΍)PPLʹΑͬͯΠϯϑϥ͔Βͷૢ࡞Λ
    Մೳʹ͢Δ $MPVE
    /BUJWF
    *OGSB "1* Α͠ͳʹந৅Խ͞ΕͨϨΠϠʔ

17. *BB4 $MPVE
    /BUJWF
    *OGSB *OGSBTUSVDUVSF
    "QQMJDBUJPO Infrastructure Application Deploy "1* Α͠ͳʹந৅Խ͞ΕͨϨΠϠʔ $MPVE
    /BUJWF
    
    

    "QQ "1* )PPL ࣮࣭ओ໾

18. Infrastructure Apps

19. ໾ׂ - Cloud Native Appؔ࿈ͷ໾ׂ - Cloud Native Infraͷ؅ཧ

20. Cloud Native Appؔ࿈ͷ໾ׂɹ - runtime and isolation - resource allocation

    and scheduling - env isolation - service discovery - state mgt - monitoring and logging - metrics aggregation - debugging and tracing

21. Cloud Native Appؔ࿈ͷ໾ׂɹ - runtime and isolation (Multi-tenancy) - resource

    allocation and scheduling - env isolation - service discovery - state mgt - monitoring and logging - metrics aggregation - debugging and tracing

22. Cloud Native Appؔ࿈ͷ໾ׂɹ - runtime and isolation - resource allocation

    and scheduling - env isolation - service discovery - state mgt - monitoring and logging - metrics aggregation - debugging and tracing

23. - runtime and isolation - resource allocation and scheduling -

    env isolation - service discovery - state mgt - monitoring and logging - metrics aggregation - debugging and tracing Cloud Native Appؔ࿈ͷ໾ׂɹ

24. Cloud Native Appؔ࿈ͷ໾ׂɹ - runtime and isolation - resource allocation

    and scheduling - env isolation - service discovery - state mgt - monitoring and logging - metrics aggregation - debugging and tracing

25. Cloud Native Appؔ࿈ͷ໾ׂɹ - runtime and isolation - resource allocation

    and scheduling - env isolation - service discovery - state management - monitoring and logging - metrics aggregation - debugging and tracing

26. Cloud Native Appؔ࿈ͷ໾ׂɹ - runtime and isolation - resource allocation

    and scheduling - env isolation - service discovery - state mgt - monitoring and logging - metrics aggregation - debugging and tracing

27. Cloud Native Infraͷ؅ཧ - ߏ੒ฤ - ؅ཧ͍ͨ͠ߏ੒ΛσʔλετϥΫνϟ(API)ͱͯ͠දݱ - ࣮ࡍͷΠϯϑϥͷߏ੒ΛStateͰ؅ཧ -

    ࠩ෼Λಥ߹͢ΔReconciler Pattern

28. *BB4 $MPVE
    /BUJWF
    *OGSB *OGSBTUSVDUVSF
    "QQMJDBUJPO Infrastructure Application Deploy "1* Α͠ͳʹந৅Խ͞ΕͨϨΠϠʔ $MPVE
    /BUJWF
    
    

    "QQ "1* )PPL

29. *OGSBTUSVDUVSF
    "QQMJDBUJPO Infrastructure Application Deploy "1*

30. APIʢσʔλετϥΫνϟʣ - Πϯϑϥߏ੒Λද͢σʔλߏ଄ - YAML΍JSONͰදݱ - ྫ: AWSͷIAM Policy {

    "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "guardduty:*", "Resource": "*" }, { "Effect": "Allow", "Action": "iam:CreateServiceLi "Resource": "*", "Condition": { "StringLike": { "iam:AWSServiceName": } } } ] }

31. εςʔτ - ࣮ࡍͷΠϯϑϥߏ੒ͷදݱʢAudited API) - ετϨʔδʹอଘ͞ΕΔ - ཁٻ͞ΕΔstate (exptected) vs

    ࣮ࡍͷstate (actual)

32. εςʔτྫʢTerraformʣ resource "aws_iam_policy" "example" { name = "example_policy" path =

    "/" policy = "${data.aws_iam_policy_document.example.json}" } data "aws_iam_policy_document" "example" { statement { actions = ["s3:ListAllMyBuckets"] resources = ["arn:aws:s3:::*"] } }

33. Reconcile Pattern - Actual StateΛExpected Stateʹಥ߹ͤ͞Δ - ྫ: terraform apply,

    kubectl apply - ࣮૷ྫ type Reconciler interface { GetActual() (*API, error) GetExpected() (*API, error) Reconcile(actualAPI, expectedAPI *API) (*API, error) Destroy(actualAPI *API) (*API, error) }

34. Reconcile ཧ૝ USVTU SFDPODJMF
    GSFRVFODZ

35. TrustͷͨΊͷInfra Appςετ - ໨త - Confidence(Trust)Λ࣋ͭ͜ͱ - ཁ݅ - ཁ݅௨ΓͷΠϯϑϥ͕͋Δ͜ͱ

    - ٯʹཁ݅ʹͳ͍΋ͷ͸Ұ੾ଘࡏ͠ͳ͍͜ͱ

36. ςετͷλΠϓ - Unit Test - AssertionϕʔεɻMock͸ؒҧͬͨconfidenceʹͭͳ͕ΔͷͰਪ঑͞Εͳ͍ɻ - Integration - ऴྃޙʹϦιʔε͕ഁյ͞ΕΔ͜ͱ

    - Chaos 1. ࣌ؒ࣠Ͱܭଌ 2. Chaosͷ஫ೖ 3. Chaosͷݕ஌ 4. Πϯϑϥࣗಈมߋ 5. Reconcile https://www.slideshare.net/kumagi/ss-81368169

37. ΧΦεؔ࿈ϓϩμΫτ - Chaos Monkey - Chaos Gorilla - Gremlin

38. Cloud Native Infraͷ؅ཧ - ηΩϡϦςΟฤ - Policy as Code -

    Deployment Gating - Conformity Testing - Compliance Testing - Activity Testing - Auditing - Immutable Infra

39. Cloud Nativeͷ؅ཧ - ηΩϡϦςΟฤ - Policy as Code - Deployment

    Gating - Conformity Testing - Compliance Testing - Activity Testing - Auditing - Immutable Infra

40. Cloud Nativeͷ؅ཧ - ηΩϡϦςΟฤ - Policy as Code - Deployment

    Gating - Conformity Testing - Compliance Testing - Activity Testing - Auditing - Immutable Infra

41. Cloud Native Infraͷ؅ཧ - ηΩϡϦςΟฤ - Policy as Code -

    Deployment Gating - Conformity Testing - Compliance Testing - Activity Testing - Auditing - Immutable Infra Template Conformity Test

42. Cloud Nativeͷ؅ཧ - ηΩϡϦςΟฤ - Policy as Code - Deployment

    Gating - Conformity Testing - Compliance Testing - Activity Testing - Auditing - Immutable Infra

43. Cloud Nativeͷ؅ཧ - ηΩϡϦςΟฤ - Policy as Code - Deployment

    Gating - Conformity Testing - Compliance Testing - Activity Testing - Auditing - Immutable Infra

44. Cloud Native Infra Infra App ࣮૷ύλʔϯ

45. *BB4 $MPVE
    /BUJWF
    *OGSB $/
    
    "QQ 3FTJMJFODZ ϥΠϒϥϦʹΑΔ࣮૷ 4FSWJDF
    %JTDPWFSZ DPOpH MPHHJOH NPOJUPSJOH

    USBDJOH NFUSJDT

46. *BB4 $MPVE
    /BUJWF
    *OGSB ϥΠϒϥϦʹΑΔ࣮૷ $/
    
    "QQ 3FTJMJFODZ 4FSWJDF
    %JTDPWFSZ DPOpH MPHHJOH NPOJUPSJOH

    USBDJOH NFUSJDT $/
    
    "QQ USBDJOH MPHHJOH

47. *BB4 SideCarύλʔϯʹΑΔ࣮૷ $MPVE
    /BUJWF
    *OGSB $/
    "QQ
     $/
    "QQ
     .FUSJDT
    -PHHJOH 3FTJMJFODZ $POpH 4FSWJDF
    

    %JTDPWFSZ .POJUPS 5SBDJOH Side Cars

48. *BB4 $MPVE
    /BUJWF
    *OGSB $/
    "QQ
     $/
    "QQ
     .FUSJDT
    -PHHJOH 3FTJMJFODZ $POpH 4FSWJDF
    %JTDPWFSZ

    .POJUPS 5SBDJOH SideCarύλʔϯʹΑΔ࣮૷ w/ CNCF Incubation

49. ·ͱΊ

50. *BB4 $MPVE
    /BUJWF
    *OGSB $MPVE
    /BUJWF
    
    "QQMJDBUJPO *OGSBTUSVDUVSF
    "QQMJDBUJPO Cloud Native֓ཁਤ Deploy ओ໾

    ίʔυΛॻ͚ $MPVE
    /BUJWF
    *OGSBTUSVDUVSFʢຊʣ
    ͸͍͍ͧ

51. ʢ͓·͚ʣ੯͔ͬͨ͠෦෼

52. Thank you!