Hands-on Cloud Native Lifecycle Management

Hands-on Cloud Native Lifecycle Management

Talk at Continuous Lifecycle London, see https://continuouslifecycle.london/

5c3807aaaf0ffefe6c75e3dbbb8588b5?s=128

Michael Hausenblas

May 16, 2018
Tweet

Transcript

  1. Hands-on Cloud Native Lifecycle Management Michael Hausenblas @mhausenblas
 Developer Advocate,

    Red Hat
 2018-05-16, Continuous Lifecycle London
  2. Hit me up on Twitter: @mhausenblas 2 • Developer Advocate

    @ Red Hat (Go, Kubernetes, OpenShift) • Developer Advocate @ Mesosphere (Mesos, DC/OS, Kubernetes) • Chief Data Engineer @ MapR (HDFS, HBase, Drill, etc.) • Applied research (4y in Ireland, 7y in Austria) • Nowadays mainly developing tools in Go (Python, Node, Java, C++) • Kinda developer turned ops (aka appops) $ whois mhausenblas
  3. Hit me up on Twitter: @mhausenblas 3 admin SRE developer

    QA architect PM PHB
  4. The Cloud Native Lifecycle

  5. Hit me up on Twitter: @mhausenblas 5

  6. Hit me up on Twitter: @mhausenblas 6 • containerized setup

    • observability • loose coupling • delivery vs deployment Terminology
  7. Hit me up on Twitter: @mhausenblas 7 Starting point: twelve

    factor apps 12factor.net
  8. Hit me up on Twitter: @mhausenblas 8 Portability • Avoid

    platform lock-in • Enable hybrid cloud deployments • multi-cloud • on-premises and cloud
  9. Hit me up on Twitter: @mhausenblas 9 Unit of deployment

    • VMs • Containers • Functions
  10. Hit me up on Twitter: @mhausenblas 10 Distributed systems •

    Scale out on commodity hardware • Fallacies of distributed computing • Stateful services shard inherently
  11. Hit me up on Twitter: @mhausenblas 11 Roles • cluster

    admin • namespace admin • developer • user
  12. Hit me up on Twitter: @mhausenblas 12 Cluster admin •

    provision infrastructure (AWS, Azure, GCP, OpenStack) • infra monitoring • install and upgrade platform (Kubernetes) • user management • base image management • quotas
  13. Hit me up on Twitter: @mhausenblas 13 Namespace admin •

    application lifecycle management • namespace/app monitoring • quotas (?) • RBAC
  14. Hit me up on Twitter: @mhausenblas 14 Developer • application

    container images • testing/integration • troubleshooting (on-call?) • application-level monitoring • tracing
  15. Hit me up on Twitter: @mhausenblas 15 Challenges • Aligning

    incentives (dev vs. ops) • Fallacies of distributed computing • Security
  16. Building and delivering apps on Kubernetes

  17. Hit me up on Twitter: @mhausenblas 17 Build and delivery

    status quo build artefacts build tooling runtime config code creds CI/CD pipeline |||| code repo binary bare metal server/VMs
  18. Hit me up on Twitter: @mhausenblas 18 Doing it the

    cloud native way build artefacts build tooling runtime CI/CD pipeline |||| code repo container container orchestrator +
 service mesh config code creds container image manifest container runtime manifest service mesh manifest container
 registry
  19. Hit me up on Twitter: @mhausenblas 19 Development modes (conceptually)

    remote local cluster dev cluster dev cluster dev dev cluster pure off-line proxied live pure on-line
  20. Hit me up on Twitter: @mhausenblas 20 A note on

    operational aspects monolith v1 monolith v2 time µS1
 v1 µS2
 v1 µS3
 v1 µS2
 v2 µS3
 v2 µS1
 v2 µS2
 v3 µS3
 v3 µS1
 v3 µS3
 v4 µS2
 v4 µS3
 v5 µS1
 v4 µS2
 v5 µS3
 v6
  21. Tooling

  22. Hit me up on Twitter: @mhausenblas 22 Kubernetes kubernetes.io •

    Container lifecycle management • Declarative, state-driven • Extensible, modular API • Robust, flexible, scalable Kudos to Lucas Käldström for this figure (source)
  23. Hit me up on Twitter: @mhausenblas 23 telepresence.io vapor-ware.github.io/ksync/ www.openshift.org

    kubed.sh kedgeproject.org ksonnet.io Minikube Minishift Docker Community Edition for Mac & Windows github.com/GoogleCloudPlatform/skaffold draft.sh forge.sh gitkube.sh github.com/weaveworks/flux github.com/MinikubeAddon/watchpod
  24. Hit me up on Twitter: @mhausenblas 24 Extensibility github.com/operator-framework •

    Use hooks: from pod-level to API Server • Write an operator (CRD + custom controller) • Develop Kubernetes-native apps using libraries such as client-go
  25. Hit me up on Twitter: @mhausenblas 25 Container images •

    Pipelines • 1st generation: Jenkins, Bamboo, TeamCity • 2nd generation: Travis, CircleCI, Jenkins X • Container registries • Cloud providers: ECR, ACR, GCR • Cross-platform: Artifactory, Quay
  26. Hit me up on Twitter: @mhausenblas 26 • Monitoring •

    Logging • Distributed tracing Observability
  27. Hit me up on Twitter: @mhausenblas 27 Monitoring node container

    app alerts dashboards storage event router
  28. Hit me up on Twitter: @mhausenblas 28 Logging

  29. Hit me up on Twitter: @mhausenblas 29 Distributed tracing opentracing.io

    • Roots ~ “time-synced logs” • Standardized • Must-have in a microservices setup • Examples: Zipkin, Jaeger
  30. Hit me up on Twitter: @mhausenblas 30 Good practices •

    Use namespaces • Use service accounts • Use policies (pod security policies, network policies) • Set resource requests and limits • Define liveness and readiness probes • Use kubectl apply
  31. … demo time!

  32. Hit me up on Twitter: @mhausenblas 32 A simple cloud-native

    app • App consists of two microservices: • a stock generator written in Go • a stock consumer written in Node.js • Source code of demo app:
 github.com/kubernauts/dok-example-us stock-gen stock-con
  33. Hit me up on Twitter: @mhausenblas 33 stock-gen :9876/stockdata stock-con

    :9898/average/NYSE:RHT
  34. Service Meshes

  35. Hit me up on Twitter: @mhausenblas 35 Service meshes istio.io

    • Traffic management • Monitoring & tracing • Policy enforcement • Service identity and security • No app code changes
  36. Data Meshes

  37. Hit me up on Twitter: @mhausenblas 37 Data meshes

  38. Hit me up on Twitter: @mhausenblas 38 Data meshes dotmesh.com

    • Data state management across microservices • Operating on a filesystem level • Externalize snapshotting • Troubleshooting, debugging
  39. Serverless/Function-as-a-Service

  40. Hit me up on Twitter: @mhausenblas 40 Function-as-a-Service concept

  41. Hit me up on Twitter: @mhausenblas 41 Kubernetes landscape Project

    Backed by Claim to fame Started Apache OpenWhisk ASF, Adobe, IBM, Red Hat large community, mature 2015 Azure Functions Runtime Microsoft ease of use late 2017 Dispatch VMware meta-framework late 2017 Fission Platform9 performance 2016 Fn Oracle supported languages/envs late 2017 Funktion Red Hat/Fabric8 integration 2017 Kubeless Bitnami UX, monitoring 2017 Nuclio iguazio performance mid 2017 OpenFaaS VMware large community, UX late 2016 Project Riff Pivotal event-centric late 2017
  42. Resources

  43. Hit me up on Twitter: @mhausenblas 43

  44. Hit me up on Twitter: @mhausenblas 44 • What is

    Cloud Native?
 container-solutions.com/what-is-cloud-native/ • Understanding Cloud Native Infrastructure
 infoq.com/articles/cloud-native-infrastructure • 5 reasons you should be doing container native development 
 open.microsoft.com/2018/04/23/5-reasons-you-should-be-doing-container-native-development/ • Kubernetes from the Ground Up: Server Components
 www.oznetnerd.com/kubernetes-from-the-ground-up-server-components/ • Developing on Kubernetes
 kubernetes.io/blog/2018/05/01/developing-on-kubernetes/ Articles
  45. Hit me up on Twitter: @mhausenblas 45 • Exploring container

    security: Isolation at different layers of the Kubernetes stack
 cloudplatform.googleblog.com/2018/05/Exploring-container-security-Isolation-at-different-layers-of-the-Kubernetes-stack.html • Kubernetes Application Operator Basics
 blog.openshift.com/kubernetes-application-operator-basics/ • Kubernetes Best Practices
 medium.com/google-cloud/kubernetes-best-practices-8d5cd03446e2 • Selecting an API Gateway for Continuous Delivery of Cloud Native Applications
 blog.getambassador.io/selecting-an-api-gateway-for-continuous-delivery-of-cloud-native-applications-8ba05fa1c74 • What is a Service Mesh, and Do I Need One When Developing Cloud Native Systems?
 skillsmatter.com/skillscasts/10668-looking-forward-to-daniel-bryant-talk Articles
  46. plus.google.com/+RedHat linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHatNews learn.openshift.com