Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hands-on Cloud Native Lifecycle Management

Hands-on Cloud Native Lifecycle Management

Talk at Continuous Lifecycle London, see https://continuouslifecycle.london/

Michael Hausenblas

May 16, 2018
Tweet

More Decks by Michael Hausenblas

Other Decks in Technology

Transcript

  1. Hands-on Cloud Native Lifecycle Management
    Michael Hausenblas @mhausenblas

    Developer Advocate, Red Hat

    2018-05-16, Continuous Lifecycle London

    View full-size slide

  2. Hit me up on Twitter: @mhausenblas
    2
    • Developer Advocate @ Red Hat (Go, Kubernetes, OpenShift)
    • Developer Advocate @ Mesosphere (Mesos, DC/OS, Kubernetes)
    • Chief Data Engineer @ MapR (HDFS, HBase, Drill, etc.)
    • Applied research (4y in Ireland, 7y in Austria)
    • Nowadays mainly developing tools in Go (Python, Node, Java, C++)
    • Kinda developer turned ops (aka appops)
    $ whois mhausenblas

    View full-size slide

  3. Hit me up on Twitter: @mhausenblas
    3
    admin
    SRE
    developer
    QA
    architect
    PM
    PHB

    View full-size slide

  4. The Cloud Native Lifecycle

    View full-size slide

  5. Hit me up on Twitter: @mhausenblas
    5

    View full-size slide

  6. Hit me up on Twitter: @mhausenblas
    6
    • containerized setup
    • observability
    • loose coupling
    • delivery vs deployment
    Terminology

    View full-size slide

  7. Hit me up on Twitter: @mhausenblas
    7
    Starting point: twelve factor apps
    12factor.net

    View full-size slide

  8. Hit me up on Twitter: @mhausenblas
    8
    Portability
    • Avoid platform lock-in
    • Enable hybrid cloud deployments
    • multi-cloud
    • on-premises and cloud

    View full-size slide

  9. Hit me up on Twitter: @mhausenblas
    9
    Unit of deployment
    • VMs
    • Containers
    • Functions

    View full-size slide

  10. Hit me up on Twitter: @mhausenblas
    10
    Distributed systems
    • Scale out on commodity hardware
    • Fallacies of distributed computing
    • Stateful services shard inherently

    View full-size slide

  11. Hit me up on Twitter: @mhausenblas
    11
    Roles
    • cluster admin
    • namespace admin
    • developer
    • user

    View full-size slide

  12. Hit me up on Twitter: @mhausenblas
    12
    Cluster admin
    • provision infrastructure (AWS, Azure, GCP, OpenStack)
    • infra monitoring
    • install and upgrade platform (Kubernetes)
    • user management
    • base image management
    • quotas

    View full-size slide

  13. Hit me up on Twitter: @mhausenblas
    13
    Namespace admin
    • application lifecycle management
    • namespace/app monitoring
    • quotas (?)
    • RBAC

    View full-size slide

  14. Hit me up on Twitter: @mhausenblas
    14
    Developer
    • application container images
    • testing/integration
    • troubleshooting (on-call?)
    • application-level monitoring
    • tracing

    View full-size slide

  15. Hit me up on Twitter: @mhausenblas
    15
    Challenges
    • Aligning incentives (dev vs. ops)
    • Fallacies of distributed computing
    • Security

    View full-size slide

  16. Building and delivering apps on Kubernetes

    View full-size slide

  17. Hit me up on Twitter: @mhausenblas
    17
    Build and delivery status quo
    build artefacts build tooling runtime
    config
    code
    creds
    CI/CD pipeline
    ||||
    code repo binary
    bare metal server/VMs

    View full-size slide

  18. Hit me up on Twitter: @mhausenblas
    18
    Doing it the cloud native way
    build artefacts build tooling runtime
    CI/CD pipeline
    ||||
    code repo container
    container orchestrator +

    service mesh
    config
    code creds
    container
    image
    manifest
    container
    runtime
    manifest
    service
    mesh
    manifest
    container

    registry

    View full-size slide

  19. Hit me up on Twitter: @mhausenblas
    19
    Development modes (conceptually)
    remote
    local
    cluster
    dev
    cluster
    dev
    cluster
    dev
    dev
    cluster
    pure off-line proxied live pure on-line

    View full-size slide

  20. Hit me up on Twitter: @mhausenblas
    20
    A note on operational aspects
    monolith
    v1
    monolith
    v2
    time
    µS1

    v1
    µS2

    v1
    µS3

    v1
    µS2

    v2
    µS3

    v2
    µS1

    v2
    µS2

    v3
    µS3

    v3
    µS1

    v3
    µS3

    v4
    µS2

    v4
    µS3

    v5
    µS1

    v4
    µS2

    v5
    µS3

    v6

    View full-size slide

  21. Hit me up on Twitter: @mhausenblas
    22
    Kubernetes
    kubernetes.io
    • Container lifecycle management
    • Declarative, state-driven
    • Extensible, modular API
    • Robust, flexible, scalable
    Kudos to Lucas Käldström for this figure (source)

    View full-size slide

  22. Hit me up on Twitter: @mhausenblas
    23
    telepresence.io
    vapor-ware.github.io/ksync/
    www.openshift.org
    kubed.sh
    kedgeproject.org
    ksonnet.io
    Minikube
    Minishift
    Docker Community Edition for Mac & Windows
    github.com/GoogleCloudPlatform/skaffold
    draft.sh
    forge.sh
    gitkube.sh
    github.com/weaveworks/flux
    github.com/MinikubeAddon/watchpod

    View full-size slide

  23. Hit me up on Twitter: @mhausenblas
    24
    Extensibility
    github.com/operator-framework
    • Use hooks: from pod-level to API Server
    • Write an operator (CRD + custom controller)
    • Develop Kubernetes-native apps using libraries
    such as client-go

    View full-size slide

  24. Hit me up on Twitter: @mhausenblas
    25
    Container images
    • Pipelines
    • 1st generation: Jenkins, Bamboo, TeamCity
    • 2nd generation: Travis, CircleCI, Jenkins X
    • Container registries
    • Cloud providers: ECR, ACR, GCR
    • Cross-platform: Artifactory, Quay

    View full-size slide

  25. Hit me up on Twitter: @mhausenblas
    26
    • Monitoring
    • Logging
    • Distributed tracing
    Observability

    View full-size slide

  26. Hit me up on Twitter: @mhausenblas
    27
    Monitoring
    node
    container
    app
    alerts
    dashboards
    storage
    event router

    View full-size slide

  27. Hit me up on Twitter: @mhausenblas
    28
    Logging

    View full-size slide

  28. Hit me up on Twitter: @mhausenblas
    29
    Distributed tracing
    opentracing.io
    • Roots ~ “time-synced logs”
    • Standardized
    • Must-have in a microservices setup
    • Examples: Zipkin, Jaeger

    View full-size slide

  29. Hit me up on Twitter: @mhausenblas
    30
    Good practices
    • Use namespaces
    • Use service accounts
    • Use policies (pod security policies, network policies)
    • Set resource requests and limits
    • Define liveness and readiness probes
    • Use kubectl apply

    View full-size slide

  30. … demo time!

    View full-size slide

  31. Hit me up on Twitter: @mhausenblas
    32
    A simple cloud-native app
    • App consists of two microservices:
    • a stock generator written in Go
    • a stock consumer written in Node.js
    • Source code of demo app:

    github.com/kubernauts/dok-example-us
    stock-gen
    stock-con

    View full-size slide

  32. Hit me up on Twitter: @mhausenblas
    33
    stock-gen
    :9876/stockdata
    stock-con
    :9898/average/NYSE:RHT

    View full-size slide

  33. Service Meshes

    View full-size slide

  34. Hit me up on Twitter: @mhausenblas
    35
    Service meshes
    istio.io
    • Traffic management
    • Monitoring & tracing
    • Policy enforcement
    • Service identity and security
    • No app code changes

    View full-size slide

  35. Hit me up on Twitter: @mhausenblas
    37
    Data meshes

    View full-size slide

  36. Hit me up on Twitter: @mhausenblas
    38
    Data meshes
    dotmesh.com
    • Data state management across
    microservices
    • Operating on a filesystem level
    • Externalize snapshotting
    • Troubleshooting, debugging

    View full-size slide

  37. Serverless/Function-as-a-Service

    View full-size slide

  38. Hit me up on Twitter: @mhausenblas
    40
    Function-as-a-Service concept

    View full-size slide

  39. Hit me up on Twitter: @mhausenblas
    41
    Kubernetes landscape
    Project Backed by Claim to fame Started
    Apache OpenWhisk ASF, Adobe, IBM, Red Hat large community, mature 2015
    Azure Functions Runtime Microsoft ease of use late 2017
    Dispatch VMware meta-framework late 2017
    Fission Platform9 performance 2016
    Fn Oracle supported languages/envs late 2017
    Funktion Red Hat/Fabric8 integration 2017
    Kubeless Bitnami UX, monitoring 2017
    Nuclio iguazio performance mid 2017
    OpenFaaS VMware large community, UX late 2016
    Project Riff Pivotal event-centric late 2017

    View full-size slide

  40. Hit me up on Twitter: @mhausenblas
    43

    View full-size slide

  41. Hit me up on Twitter: @mhausenblas
    44
    • What is Cloud Native?

    container-solutions.com/what-is-cloud-native/
    • Understanding Cloud Native Infrastructure

    infoq.com/articles/cloud-native-infrastructure
    • 5 reasons you should be doing container native development 

    open.microsoft.com/2018/04/23/5-reasons-you-should-be-doing-container-native-development/
    • Kubernetes from the Ground Up: Server Components

    www.oznetnerd.com/kubernetes-from-the-ground-up-server-components/
    • Developing on Kubernetes

    kubernetes.io/blog/2018/05/01/developing-on-kubernetes/
    Articles

    View full-size slide

  42. Hit me up on Twitter: @mhausenblas
    45
    • Exploring container security: Isolation at different layers of the Kubernetes stack

    cloudplatform.googleblog.com/2018/05/Exploring-container-security-Isolation-at-different-layers-of-the-Kubernetes-stack.html
    • Kubernetes Application Operator Basics

    blog.openshift.com/kubernetes-application-operator-basics/
    • Kubernetes Best Practices

    medium.com/google-cloud/kubernetes-best-practices-8d5cd03446e2
    • Selecting an API Gateway for Continuous Delivery of Cloud Native Applications

    blog.getambassador.io/selecting-an-api-gateway-for-continuous-delivery-of-cloud-native-applications-8ba05fa1c74
    • What is a Service Mesh, and Do I Need One When Developing Cloud Native Systems?

    skillsmatter.com/skillscasts/10668-looking-forward-to-daniel-bryant-talk
    Articles

    View full-size slide

  43. plus.google.com/+RedHat
    linkedin.com/company/red-hat
    youtube.com/user/RedHatVideos
    facebook.com/redhatinc
    twitter.com/RedHatNews
    learn.openshift.com

    View full-size slide