BoSRE - The Bose Cloud Platform

Transcript

1. T H E B O S E C L O

   U D P L A T F O R M B o S R E 2 0 1 8 1

2. 2 It’s all about… Perspective

3. “ E V E R Y T H I N

   G T H A T C A N B E I N V E N T E D H A S B E E N I N V E N T E D . ” C H A R L E S H . D U E L L , C O M M I S S I O N E R , U . S . P A T E N T O F F I C E , 1 8 9 9 3

4. A U T O M O T I V E

   W H Y D O E S B O S E E V E N N E E D A C L O U D A N Y W A Y ? 4

5. We sell speakers and headphones. 5 Turns out, those actually

   require a lot of supporting infrastructure… • Device activation and registration • Over-the-Air updates • User registration • User music service account linking • Voice Assistant integration • Remote device control • … and the list goes on as people dream up new ideas.

6. Ye Olde “Cloud Platforms” 6 • VMware • Mesos /

   Mantl • “raw” AWS EC2 • AWS Lambda (mainly for Proof-of-Concepts) • Google GCE • Other vendors and experiments…

7. People Need Options 7 New constraints require different solutions and

   optimizations. Different iterations of platforms solve best-in-class for that specific timeframe… This is fine. (Really, it is!)

8. We’ll build a new cloud platform! 8 All the new

   hotness (late-2016) • Developer first: “Push to deploy” • Self-Service wherever possible • Fast on-ramp for new teams • “Fail fast” on business ideas • Cloud-first, no on-premises • Self-monitoring, Self-healing The reliable hotness • Infrastructure-as-Code • Labs -> Stage -> Prod http://www.tshirtvortex.net/charles-darwin-riding-a-tortoise/

9. 9

10. We’ll build a new cloud platform! 10 All the new

    hotness (late-2016) • DOCKER DOCKER DOCKER DOCKER DOCKER v1.12.1 • Kubernetes 1.5.0 • Traefik v1.2.0 • Prometheus v1.5.0 The reliable hotness • AWS EC2 + Terraform • CentOS 7 (systemd) + Ansible • Grafana v4.6.3 • Single-Sign-On with Corp LDAP http://www.tshirtvortex.net/charles-darwin-riding-a-tortoise/

11. 11

12. 12

13. A U T O M O T I V E

    A T B O S E , W E ’ R E O B S E S S E D W I T H P E R F O R M A N C E O N W H A T M A T T E R S M O S T : T H E L I T T L E D E T A I L S T H A T M A K E A B I G D I F F E R E N C E A N D T H E B I G D E T A I L S T H A T A S T O N I S H . 13

14. We’ll re-build our cloud platform! 14 New hotness! • Calico

    v2.6 • Network Policies • Developer-first access • HAProxy-Ingress v0.5-beta1 Mostly the same hotness (late-2017) • Docker v17.12 • Kubernetes 1.8.0 • Traefik v1.5.4 • Role-Based Access Control The (still) reliable warmth • AWS EC2 + Terraform • CentOS 7 (systemd) + Ansible • Prometheus v1.8.2 + Grafana v5.0.3 http://www.tshirtvortex.net/charles-darwin-riding-a-tortoise/

15. 15 Mesh vs Route Reflection

16. 16

17. H E L P I N G P E O

    P L E R E A C H T H E I R F U L L E S T H U M A N P O T E N T I A L S O T H E Y C A N F E E L M O R E , D O M O R E , A N D B E M O R E . 17

18. # D E V O P S 18

19. Developer Productivity 19 • Globally secured ingress with known domains

    • Managed-TLS • Centralized Monitoring, Alerting, Healthchecks • Centralized Logging (ELK) • Distributed Tracing (Jaeger) • Integrated Message Bus (Apache Pulsar) • Service-identity authentication mesh (in-house) • Full Developer access in Non-Production • Read-Only Developer access in Production • Abstracted away Kubernetes manifests into custom tooling • Jenkins-as-a-Service • Environment-aware Service Discovery for both services and devices

20. 20

21. We’ll re-re-build our cloud platform! 21 New hotness! • Calico

    v3? Cilium? • Global Network Policies • Developer-first Deployments • Service Mesh Mostly the same hotness (mid-2019) • Docker v17.12? CRI-O? • Kubernetes 1.12.0 • Traefik / HAProxy / KONG? • OpenPolicyAgent The (still) reliable warmth • AWS EC2 + Terraform • Fedora Atomic? • OpenCortex? + Grafana http://www.tshirtvortex.net/charles-darwin-riding-a-tortoise/

22. 22 M U L T I - R E G

    I O N M U L T I - C L O U D

23. Achievement Unlocked 23 • Well, maybe. • Knowing when you

    have achieved your objective is hard. • As you build, your expectations and your users expectations all increase, too.

24. Lessons Learned 24 • Security still is difficult • Focus

    on developer productivity • Remember to invest in your own tools • Leverage your tools and ecosystem communities • Service Level Objectives/Agreements are critical for managing expectations • Still avoid inventing your own crypto strategy… • Do not write your own Kubernetes installer… • Realize that your own goalposts likely move even more than your customers.

25. 25