Oracle Cloud Hangout Cafe Premium - Oracle Cloud - Cloud Native 2021

Oracle Cloud - Cloud Native 2021
Oracle Cloud Native
Kyotaro Nonaka / Takuya Niita / Shuhei Kawamura
Oracle Corporation Japan
March 10th, 2021

View Slide

2 Copyright © 2021, Oracle and/or its affiliates.
1. Oracle Cloud Native
2. Container - by
3. API/FaaS - by
4. Messaging - by

View Slide

•
•
• EC
• OCHaCafe 5
• fitbit
Copyright © 2021, Oracle and/or its affiliates.
3
@non_kyon
fitbit
…………………
…..

View Slide

4

View Slide

• API
•
OSS DIY
•
•
•
•
•
5

View Slide

•
OCI
• DIY
End to End
•
•
OSS
6
Inclusive
Managed Open

View Slide

7
Monitoring Events
Streaming
Observability + Messaging
API Gateway
Container
Engine for
Kubernetes
Resource
Manager
Cloud
Infrastructure
Registry
Functions
Notifications
Application Development + Operations
Logging
OCI
Oracle Functions

View Slide

and more…
8
API Gateway
Container
Engine for
Kubernetes
Cloud
Infrastructure
Registry
Functions Streaming

View Slide

Container編
Takuya Niita
Mar 10, 2021
9
Oracle Cloud Hangout Cafe Premium #3 Oracle Cloud – Cloud Native 2021

View Slide

•
•
• SIer
• Oracle
• Cloud Native
•
• OCHaCafe 4
10
@takuya_0301

View Slide

Oracle Container Engine for Kubernetes(OKE)
• 2
•
• VCN API Server
Endpoint Private
• OCI LB Canal (CNI)
• Service OCI LoadBalancer
( )
• OCI LB Ingress
Controller
• SC/PC/PVC OCI FSS Block Volume
• OCI IAM OCI Audit
• OCI Service Broker
• HPA/VPA/Cluster Autoscaling
Oracle Cloud Infrastructure Registry(OCIR)
• Docker Registry HTTP API V2 docker
•
• OCI
•
11

View Slide

Kubernetes
Oracle Container Engine for Kubernetes (OKE)
12
/ /HPC
Visual Builder Studio CI/CD
Oracle Cloud Service
• OCI Registry (OCIR)
OKE
Service
Broker
Object
Storage
Streaming
Events
Database
System
Container Engine
For Kubernetes
Virtual Machine
Load
Balancer
Container Registry
Container Engine
For Kubernetes

View Slide

•
•
• Kubernetes
• v1.18.10/v1.17.13/v1.17.9/v1.16.15/v1.16.8
(2021/3 )
• Worker Node
• Private Subnet
• Public Subnet
•
• VM/BM/HPC CPU
flexible shape
•
•
• 50GB
• 32TB
13

View Slide

•
• etcd
• OCI Vault Key
• Pod Security Policy(PSP)
• VCN
• OKE VCN
• Load Balancer Subnet
• Kubernetes (Cluster IP) CIDR
• Pod IP CIDR
• Master Node(API Server) Endpoint
(Private/Public)
• OS
•
14

View Slide

OKE
• Service type: Load Balancer
OCI LoadBalancer (TCP/HTTP)
•
• HTTPS
• LoadBalancer shape
• 10Mbps/100Mbps/400Mbps/8000Mbps
• Flexible Shape(LB )
• Ingress Controller NGINX Ingress
Controller for Kubernetes
• flannel
• Network Policy Calico
(Canal )
15
metadata.annotation

View Slide

Block Volume Persistent Volume
• OKE build-in CSI(Container
Storage Interface) ”oci-bv”
• Persistent Volume
Claim(PVC)
• 50GB
16
FSS Persistent Volume
• FSS
• StorageClass(SC)/PesistentVolume(PV)
• SC mount target
• PV NFS
• Persistent Volume Claim(PVC)

View Slide

HPA(Horizontal Pod Autoscaling)
• HPA
• HorizontalPodAutoscaler
•
•
CPU
• Pod
• Pod
VPA(Vertical Pod Autoscaling)
• VPA
•
• https://github.com/kubernetes/autoscaler/tr
ee/master/vertical-pod-autoscaler
• Resource Request
Cluster Autoscaling
• OKE Cluster
Autoscaling Pod
•
17
[opc@oke-client ~]$ kubectl apply -f
https://github.com/kubernetes-sigs/metrics-
server/releases/download/vx.x.x/components.yaml

View Slide

OCI
• Kubernetes RBAC Authorizer OCI IAM
OCI OKE
• manifest kubectl OCI
OCID ID
• Ex) Pod
•
•
• OKE
• Role
• RoleBinding
• OCI Audit API Server
18
Role
RoleBinding
ID
( OCID)

View Slide

OKE Roadmap
• Kubernetes v1.19
• OCI Monitoring/OCI Logging
• OCI IAM Kubernetes RBAC Authorizer
• OCI IAM RBAC
• Worker Node
• Worker Node GPU
19

View Slide

20
Docker Kubernetes
Docker v2
OKE
• Oracle Container Engine for Kubernetes (OKE)
Container
Registry
OKE
Container Engine
For Kubernetes
Virtual Machine
Container Registry

View Slide

OCIR
• Docker Registry HTTP API V2
• docker
• docker login
• docker pull
• docker push
• API
• docker login
•
• docker login nrt.ocir.io
• OCI
•
• OCIR
•
•
21

View Slide

OCIR
•
•
•
• pull
•
•
•
•
•
• 1
22

View Slide

OCIR Roadmap
• IP
•
•
• push
23

View Slide

• 2
•
• VCN API Endpoint
Private
• OCI LB Canal (CNI)
• Service OCI LoadBalancer
( )
• OCI LB Ingress
Controller
• SC/PC/PVC OCI FSS Block Volume
• OCI IAM OCI Audit
• OCI Service Broker
• HPA/VPA/Cluster Autoscaling
• Docker Registry HTTP API V2
docker
•
• OCI
•
OCI
24

View Slide

25

View Slide

Oracle Cloud Native
• https://github.com/oracle-
quickstart/oci-cloudnative
• Microservices Architecture on OKE
• Autonomous Database Object Storage
1 Click
• OCI Resource Manager
26

View Slide

27

View Slide

• Gatling HTTP
• https://gatling.io/
• Edge-Router
•
• Mushop URL( Load Balancer
URL)
•
• 100 / 1
OKE HPA(Horizontal Pod Autoscaler)
28

View Slide

FaaS, API編
Shuhei Kawamura
Mar 10, 2021
29

View Slide

30
• (Shuhei, Kawamura)
•
•
• 2020/10/15
•
• ( ) ( )
• Cercle, King Gnu
• etc.
• : !!
@shukawam shukawam shukawam

View Slide

Oracle Functions
•
•
• Logging Function
• (Notifications Function)
•
API Gateway
•
•
• OpenAPI 2.0 & 3.0
• JWT ( )
•
31

View Slide

FaaS(Oracle Functions)
• Managed
• FaaS
•
• Inclusive
•
• Open
• OSS Fn Project (https://fnproject.io/)
Docker
•
•
•
API Gateway
• Managed
• API
•
• Inclusive
•
• Open
• OpenAPI (2.0 & 3.0)
32

View Slide

OSS Fn Project
Docker
• OCI
• Events
• OCI Logging
• Notification
• …
• Function (FDK)
• Java, Python, Go, Node.js, Ruby
33
Oracle Cloud
Infrastructure
Oracle Cloud
Infrastructure
Events Oracle
Functions
API Gateway Streaming
Mobile Web
App
IoT
PLANNED!!!

View Slide

34
Oracle Cloud Infrastructure
Oracle Functions
Application
Virtual Cloud Network
Function
Definition
Instance
IAM User + Policy
Dynamic Group + Policy
Oracle Cloud
Infrastructure
Registry (OCIR)
schema_version: 20180708
name: fn-hello-java
version: 0.0.1
runtime: java11
build_image: fnproject/fn-java-
fdk-build:jdk11-1.0.118
run_image: fnproject/fn-java-
fdk:jre11-1.0.118
cmd: com.example.fn.HelloFunction
::handleRequest
func.yaml
Docker, Fn CLI, Runtime etc.
$ fn deploy --app
Set functions def.
Image push
Image pull
Instance/Container create
Invoke Events:
• Events, Notifications
• HTTP
• Fn CLI
• Oracle Cloud Infrastructure SDK

View Slide

https://speakerdeck.com/oracle4engineer/lets-dive-serverless-world
35

View Slide

• IAM Policy Builder Functions
• Function 2 5
• Function Application
• UC
•
•
• PAYG
•
•
• Oracle Cloud Infrastructure Logging
• Logging Function(Service Connector Hub)
• Notifications Function( )
36

View Slide

•
•
• /
• (SQL )
•
•
• Functions Object Storage
etc.
37
Logging
VCN
Flow Logs
Application Object Storage
Auditing
Oracle Functions
Streaming
Object
Storage

View Slide

• Service Connector Hub(SCH)
Function
• Function
•
• OCI
•
•
• 3rd party
•
• …
38
Logging
Functions
Oracle Functions
SCH
Invoke
OCI Resources
{
"data": {
"applicationId": “ocid.fnapp.oc1…",
// ...
"message": “Logging Test"
// ...
}
// ...
}
Functions ( )

View Slide

Monitoring
Pub/Sub
Email Delivery, Functions, PagerDuty, Slack,
HTTPs
39
Notifications
Notifications
Events
Monitoring Notifications
Topic
Email Delivery
Oracle Functions
Service
Application
Events, Monitoring, Oracle Functions, API
Gateway, Email Delivery
HTTPs
Endpoint

View Slide

• OCI Notifications Function
• Service Connector Hub
• Notifications
•
• Service Connector Hub
•
•
• Monitoring VM
•
• …
40
Notifications
Notifications
Topic
Oracle Functions
Functions
( )

View Slide

• Streaming Triggered Functions
• Service Connector Hub Streaming Functions
• Scheduled Functions
• Functions
•
•
• Cold Start
…
41

View Slide

API
API Gateway (Oracle
Functions/OKE/ API/ )
REST API
•
•
• JWT
• CORS
• API
•
•
• GUI/JSON Gateway
•
• OpenAPI 2.0/3.0
42
Internet
(Public/Private)
Other Public
API Services
Load
Balancer
OKE
Oracle
Functions
On-Prem
API Server
Dynamic
Routing
Gateway
API Gateway
Oracle Cloud
Infrastructure
Authentication

View Slide

• OpenAPI 2.0 & 3.0
• TLS
• Logging
•
• JWT ( )
43

View Slide

• API Gateway OpenAPI (2.0 & 3.0)
• API
• API → Gateway
•
• OpenAPI API Gateway
• Path, Method, Status Code
• (examples)
• ( etc.)
44
openapi: '3.0.2'
info:
title: Employee API
version: '1.0'
servers:
- url: https://oci-api-gateway-host
paths:
# ...
/employee:
get:
responses:
'200':
description: return all employee.
# ...
examples:
OpenAPI
(JSON/YAML)
API
API
API Gateway API

View Slide

”Authorizer Functions” ”JWT Validator”
Authorizer Functions
• HTTP
API Gateway
Oracle Functions
API
•
JWT Validator
• HTTP Identity Provider
JWT API Gateway
API
•
45
Client API Gateway API Deployments
Oracle Functions
Client API Gateway API Deployments
IDCS
Identity Provider

View Slide

46
Client Backend
API Gateway
Auth Server
認証
トークン取得
トークンの検証 [^1]
(署名の検証
& クレームの検証)
検証失敗：HTTP 4xx
検証成功: API Request
API Response API Response
公開鍵の取得
JWT Validator
[^1]: トークンの改ざん検証に使用する公開鍵について
1. APIの実行時に動的に公開鍵を取得し、使用する
2. あらかじめ発行されている公開鍵(静的キー)を使用する
リクエストヘッダ／クエリパラメータにトークンを含めてリクエスト

View Slide

OpenID Connect
1. IDCS (ID Token, Access Token)
2.
API
3. API Gateway Access Token
• JWT
• (API
)
•
•
4. Access Token scope API Gateway
scope
API
5. …
47
IDCS
Client
API Gateway
IDCS
1. OpenID
Connect
2. API Request
3. &
ID Token
Access Token
user
scope
list,
create,
update,
delete
4. scope
Oracle Functions(A)
Oracle Functions(B)
VSCode
(REST Client)
Access Token
scope: list
scope: dummyScope

View Slide

•
•
•
•
…
48

View Slide

Oracle Functions
• IAM Policy Builder
Functions
• Function 2 5
• Function Application
• Oracle Cloud Infrastructure Logging
• Logging Function
(Service Connector Hub)
• Notifications Triggered Function
API Gateway
• OpenAPI 2.0 & 3.0
• TLS
• Logging
•
• JWT
49

View Slide

50

View Slide

Oracle Cloud Infrastructure Streaming Service (Streaming)
• Streaming
• Streaming
• Producer Consumer/Consumer Group
• Streaming
•
•
51

View Slide

Web/Mobile IoT
Streaming
Pub/Sub
Streaming API SDK
• Kafka API
52
IoT Mobile/Web
Activities
App
Kafka
Client
Events API Gateway
Database
System
Object
Storage
Functions
Streaming
• Events ( )
• Oracle Functions ( )
• API Gateway

View Slide

Streaming
• Stream : Partition Message
• Stream Pool : Stream
•
• Message : Base64 (Key Value )
•
• Key : Message Key Message Partition
53
0 1 2 3 4 5
Partition0
0 1 2 3 4
Partition1
0 1 2 3 4 5 6
Partition2
Stream
Message
(Key Partition )
Stream Pool

View Slide

Streaming
• Offset : Partition Message
•
•
• Cursor : SDK Stream Massage
•
•
• Partition : Stream Message
•
•
54
0 1 2 4 5 7
Partition
Stream
Offset
Cursor

View Slide

• Stream ※
• Stream Pool
•
•
• Message
• Partition (= )
•
•
55

View Slide

Producer : Message (Publish)
• Key Message Partition
•
• Key Partition Key (first-in/first-out)
Consumer : Message (Subscribe)
• Message Message
•
• Message Offset
56
0 1 2
0 1
0
Stream
Producer 1
PutMessage API GetMessage API
Producer 2
Producer 3
Consumer 1
Consumer 2
Consumer 3
Partition0
Partition1
Partition2
Key0
Value
Key2
Value
Key1
Value
Key2
Value
Key0
Value

View Slide

Stream API (Produce)
• Stream OCI API
Message (Consume) Cursor
• Offset Cursor Partition
• Cursor Partition Message
• Cursor Message NextCursor
Produce/Consume
• Kafka API
• Kafka Connect

View Slide

OCI SDK Streaming
API
• Streaming
Kafka API
• Kafka
•
Kafka Connect
•
Messaging
Service Connector Hub
• OCI
• Streaming
58
OCI SDK
Kafka
Connect
Service
Connector
Hub
Kafka
API

View Slide

• InstancePrincipals (https://docs.oracle.com/en-
us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm)
• StreamClient Endpoint Region
59

View Slide

• key(partition
) value(
)
• Stream OCID streamId
request
60

View Slide

• Consume
Cursor
• Type(https://docs.oracle.c
om/en-
us/iaas/Content/Streami
ng/Tasks/using_a_single
_consumer.htm#usingcur
sors), partition, streamId
61

View Slide

• Consume
Cursor
• Type(https://docs.oracle.c
om/en-
us/iaas/Content/Streami
ng/Tasks/using_a_single
_consumer.htm#usingcur
sors), partition, streamId
62

View Slide

• Cursor streamId Consume
• Response Message NextCursor
63

View Slide

•
• Kafka Connect
• OCI API(Streaming API) Kafka API
• API
64
Kafka Connect
Producer
Kafka Connect
Consumer
Streaming
Streaming API
Kafka API

View Slide

65

View Slide

66
Stream pool Kafka API
Kafka

View Slide

67

View Slide

68

View Slide

Oracle Kafka Connector
• Oracle Cloud Infrastructure Object Storage
(S3 API )
•
•
• Oracle Integration Cloud
• Oracle Database (Kafka Connect JDBC )
• Oracle GoldenGate
69
Kafka Connect

View Slide

Oracle Cloud
Infrastructure
•
•
•
https://blogs.oracle.com/cloud-infrastructure/oracle-cloud-infrastructure-service-connector-hub-now-generally-available
70

View Slide

DB Streaming
Functions
• DB
•
OCR +
• Functions ( 5 )
•
71
Service
Connector Hub
Functions
Streaming
Autonomous
Database
Database
System
Service
Connector Hub
Functions
Streaming
GPU
HPC
Data Flow
(Spark)

View Slide

Flexible Streaming:
• Re-Partitioning – Partition /
• Fatter Partitions – Partition /
• Autoscaling – Partition Vertical/Horizontal
• Unlimited Data Retention
Integrations:
• Native integration with Oracle Autonomous database
• Native integration with OCI DataFlow (Serverless Spark)
• Integration with OCI Data Catalog (Schema registry)
72

View Slide

73

View Slide

OCI SDK Kafka API
• Message Produce OCI SDK Streaming API publish
• Partition 0 OCI SDK Streaming API consume
• Partition 1~3 Kafka API consume
74
Producer
Consumer
Streaming
Streaming API
Kafka API
Kafka
Consumer
partition0
partition1
partition2
partition3
partition1
partition2

View Slide


View Slide

Our mission is to help people see
data in new ways, discover insights,
unlock endless possibilities.

View Slide

Oracle Cloud Hangout Cafe Premium - Oracle Cloud - Cloud Native 2021

Oracle Cloud Hangout Cafe Premium - Oracle Cloud - Cloud Native 2021

oracle4engineer
PRO

More Decks by oracle4engineer

Other Decks in Technology

Featured

Transcript

Oracle Cloud Hangout Cafe Premium - Oracle Cloud - Cloud Native 2021

Oracle Cloud Hangout Cafe Premium - Oracle Cloud - Cloud Native 2021

oracle4engineer PRO

More Decks by oracle4engineer

Other Decks in Technology

Featured

Transcript

oracle4engineer
PRO