Oracle Cloud Hangout Cafe Premium - Oracle Cloud - Cloud Native 2021

Transcript

1. Oracle Cloud - Cloud Native 2021 Oracle Cloud Native Kyotaro

   Nonaka / Takuya Niita / Shuhei Kawamura Oracle Corporation Japan March 10th, 2021

2. 2 Copyright © 2021, Oracle and/or its affiliates. 1. Oracle

   Cloud Native 2. Container - by 3. API/FaaS - by 4. Messaging - by

3. • • • EC • OCHaCafe 5 • fitbit Copyright

   © 2021, Oracle and/or its affiliates. 3 @non_kyon fitbit ………………… …..

4. Copyright © 2021, Oracle and/or its affiliates. 4

5. • API • OSS DIY • • • • •

   Copyright © 2021, Oracle and/or its affiliates. 5

6. • OCI • DIY End to End • • OSS

   Copyright © 2021, Oracle and/or its affiliates. 6 Inclusive Managed Open

7. 7 Monitoring Events Streaming Observability + Messaging API Gateway Container

   Engine for Kubernetes Resource Manager Cloud Infrastructure Registry Functions Notifications Application Development + Operations Logging OCI Oracle Functions Copyright © 2021, Oracle and/or its affiliates.

8. and more… Copyright © 2021, Oracle and/or its affiliates. 8

   API Gateway Container Engine for Kubernetes Cloud Infrastructure Registry Functions Streaming

9. Container編 Takuya Niita Oracle Corporation Japan Mar 10, 2021 Copyright

   © 2021, Oracle and/or its affiliates. 9 Oracle Cloud Hangout Cafe Premium #3 Oracle Cloud – Cloud Native 2021

10. • • • SIer • Oracle • Cloud Native •

    • OCHaCafe 4 Copyright © 2021, Oracle and/or its affiliates. 10 @takuya_0301

11. Oracle Container Engine for Kubernetes(OKE) • 2 • • VCN

    API Server Endpoint Private • OCI LB Canal (CNI) • Service OCI LoadBalancer ( ) • OCI LB Ingress Controller • SC/PC/PVC OCI FSS Block Volume • OCI IAM OCI Audit • OCI Service Broker • HPA/VPA/Cluster Autoscaling Oracle Cloud Infrastructure Registry(OCIR) • Docker Registry HTTP API V2 docker • • OCI • Copyright © 2021, Oracle and/or its affiliates. 11

12. Kubernetes Oracle Container Engine for Kubernetes (OKE) Copyright © 2021,

    Oracle and/or its affiliates. 12 / /HPC Visual Builder Studio CI/CD Oracle Cloud Service • OCI Registry (OCIR) OKE Service Broker Object Storage Streaming Events Database System Container Engine For Kubernetes Virtual Machine Load Balancer Container Registry Container Engine For Kubernetes

13. • • • Kubernetes • v1.18.10/v1.17.13/v1.17.9/v1.16.15/v1.16.8 (2021/3 ) • Worker

    Node • Private Subnet • Public Subnet • • VM/BM/HPC CPU flexible shape • • • 50GB • 32TB Oracle Container Engine for Kubernetes(OKE) Copyright © 2021, Oracle and/or its affiliates. 13

14. • • etcd • OCI Vault Key • Pod Security

    Policy(PSP) • VCN • OKE VCN • Load Balancer Subnet • Kubernetes (Cluster IP) CIDR • Pod IP CIDR • Master Node(API Server) Endpoint (Private/Public) • OS • Oracle Container Engine for Kubernetes(OKE) Copyright © 2021, Oracle and/or its affiliates. 14

15. OKE • Service type: Load Balancer OCI LoadBalancer (TCP/HTTP) •

    • HTTPS • LoadBalancer shape • 10Mbps/100Mbps/400Mbps/8000Mbps • Flexible Shape(LB ) • Ingress Controller NGINX Ingress Controller for Kubernetes • flannel • Network Policy Calico (Canal ) Oracle Container Engine for Kubernetes(OKE) Copyright © 2021, Oracle and/or its affiliates. 15 metadata.annotation

16. Block Volume Persistent Volume • OKE build-in CSI(Container Storage Interface)

    ”oci-bv” • Persistent Volume Claim(PVC) • 50GB Oracle Container Engine for Kubernetes(OKE) Copyright © 2021, Oracle and/or its affiliates. 16 FSS Persistent Volume • FSS • StorageClass(SC)/PesistentVolume(PV) • SC mount target • PV NFS • Persistent Volume Claim(PVC)

17. HPA(Horizontal Pod Autoscaling) • HPA • HorizontalPodAutoscaler • • CPU

    • Pod • Pod VPA(Vertical Pod Autoscaling) • VPA • • https://github.com/kubernetes/autoscaler/tr ee/master/vertical-pod-autoscaler • Resource Request Cluster Autoscaling • OKE Cluster Autoscaling Pod • Oracle Container Engine for Kubernetes(OKE) Copyright © 2021, Oracle and/or its affiliates. 17 [opc@oke-client ~]$ kubectl apply -f https://github.com/kubernetes-sigs/metrics- server/releases/download/vx.x.x/components.yaml

18. OCI • Kubernetes RBAC Authorizer OCI IAM OCI OKE •

    manifest kubectl OCI OCID ID • Ex) Pod • • • OKE • Role • RoleBinding • OCI Audit API Server Oracle Container Engine for Kubernetes(OKE) Copyright © 2021, Oracle and/or its affiliates. 18 Role RoleBinding ID ( OCID)

19. OKE Roadmap • Kubernetes v1.19 • OCI Monitoring/OCI Logging •

    OCI IAM Kubernetes RBAC Authorizer • OCI IAM RBAC • Worker Node • Worker Node GPU Oracle Container Engine for Kubernetes(OKE) Copyright © 2021, Oracle and/or its affiliates. 19

20. Copyright © 2021, Oracle and/or its affiliates. 20 Docker Kubernetes

    Docker v2 OKE Oracle Cloud Service • Oracle Container Engine for Kubernetes (OKE) Container Registry OKE Container Engine For Kubernetes Virtual Machine Container Registry

21. OCIR • Docker Registry HTTP API V2 • docker •

    docker login • docker pull • docker push • API • docker login • • docker login nrt.ocir.io • OCI • • OCIR • • Oracle Cloud Infrastructure Registry(OCIR) Copyright © 2021, Oracle and/or its affiliates. 21

22. OCIR • • • • pull • • • •

    • • 1 Oracle Cloud Infrastructure Registry(OCIR) Copyright © 2021, Oracle and/or its affiliates. 22

23. OCIR Roadmap • IP • • • push Oracle Cloud

    Infrastructure Registry(OCIR) Copyright © 2021, Oracle and/or its affiliates. 23

24. Oracle Container Engine for Kubernetes(OKE) • 2 • • VCN

    API Endpoint Private • OCI LB Canal (CNI) • Service OCI LoadBalancer ( ) • OCI LB Ingress Controller • SC/PC/PVC OCI FSS Block Volume • OCI IAM OCI Audit • OCI Service Broker • HPA/VPA/Cluster Autoscaling Oracle Cloud Infrastructure Registry(OCIR) • Docker Registry HTTP API V2 docker • • OCI • OCI Copyright © 2021, Oracle and/or its affiliates. 24

25. Copyright © 2021, Oracle and/or its affiliates. 25

26. Oracle Cloud Native • https://github.com/oracle- quickstart/oci-cloudnative • Microservices Architecture on

    OKE • Autonomous Database Object Storage 1 Click • OCI Resource Manager Copyright © 2021, Oracle and/or its affiliates. 26

27. Copyright © 2021, Oracle and/or its affiliates. 27

28. • Gatling HTTP • https://gatling.io/ • Edge-Router • • Mushop

    URL( Load Balancer URL) • • 100 / 1 OKE HPA(Horizontal Pod Autoscaler) Copyright © 2021, Oracle and/or its affiliates. 28

29. FaaS, API編 Shuhei Kawamura Oracle Corporation Japan Mar 10, 2021

    Copyright © 2021, Oracle and/or its affiliates. 29 Oracle Cloud Hangout Cafe Premium #3 Oracle Cloud – Cloud Native 2021

30. Copyright © 2021, Oracle and/or its affiliates. 30 • (Shuhei,

    Kawamura) • • • 2020/10/15 • • ( ) ( ) • Cercle, King Gnu • etc. • : !! @shukawam shukawam shukawam

31. Oracle Functions • • • Logging Function • (Notifications Function)

    • API Gateway • • • OpenAPI 2.0 & 3.0 • JWT ( ) • Copyright © 2021, Oracle and/or its affiliates. 31

32. FaaS(Oracle Functions) • Managed • FaaS • • Inclusive •

    • Open • OSS Fn Project (https://fnproject.io/) Docker • • • API Gateway • Managed • API • • Inclusive • • Open • OpenAPI (2.0 & 3.0) Copyright © 2021, Oracle and/or its affiliates. 32

33. OSS Fn Project Docker • OCI • Events • OCI

    Logging • Notification • … • Function (FDK) • Java, Python, Go, Node.js, Ruby Copyright © 2021, Oracle and/or its affiliates. 33 Oracle Cloud Infrastructure Oracle Cloud Infrastructure Events Oracle Functions API Gateway Streaming Mobile Web App IoT PLANNED!!!

34. Copyright © 2021, Oracle and/or its affiliates. 34 Oracle Cloud

    Infrastructure Oracle Functions Application Virtual Cloud Network Function Definition Instance IAM User + Policy Dynamic Group + Policy Oracle Cloud Infrastructure Registry (OCIR) schema_version: 20180708 name: fn-hello-java version: 0.0.1 runtime: java11 build_image: fnproject/fn-java- fdk-build:jdk11-1.0.118 run_image: fnproject/fn-java- fdk:jre11-1.0.118 cmd: com.example.fn.HelloFunction ::handleRequest func.yaml Docker, Fn CLI, Runtime etc. $ fn deploy --app <application-name> Set functions def. Image push Image pull Instance/Container create Invoke Events: • Events, Notifications • HTTP • Fn CLI • Oracle Cloud Infrastructure SDK

35. https://speakerdeck.com/oracle4engineer/lets-dive-serverless-world Copyright © 2021, Oracle and/or its affiliates. 35

36. • IAM Policy Builder Functions • Function 2 5 •

    Function Application • UC • • • PAYG • • • Oracle Cloud Infrastructure Logging • Logging Function(Service Connector Hub) • Notifications Function( ) Copyright © 2021, Oracle and/or its affiliates. 36

37. • • • / • (SQL ) • • •

    Functions Object Storage etc. Copyright © 2021, Oracle and/or its affiliates. 37 Logging VCN Flow Logs Application Object Storage Auditing Oracle Functions Streaming Object Storage

38. • Service Connector Hub(SCH) Function • Function • • OCI

    • • • 3rd party • • … Copyright © 2021, Oracle and/or its affiliates. 38 Logging Functions Oracle Functions SCH Invoke OCI Resources { "data": { "applicationId": “ocid.fnapp.oc1…", // ... "message": “Logging Test" // ... } // ... } Functions ( )

39. Monitoring Pub/Sub Email Delivery, Functions, PagerDuty, Slack, HTTPs Copyright ©

    2021, Oracle and/or its affiliates. 39 Notifications Notifications Events Monitoring Notifications Topic Email Delivery Oracle Functions Service Application Oracle Cloud Service Events, Monitoring, Oracle Functions, API Gateway, Email Delivery HTTPs Endpoint

40. • OCI Notifications Function • Service Connector Hub • Notifications

    • • Service Connector Hub • • • Monitoring VM • • … Copyright © 2021, Oracle and/or its affiliates. 40 Notifications Notifications Topic Oracle Functions Functions ( )

41. • Streaming Triggered Functions • Service Connector Hub Streaming Functions

    • Scheduled Functions • Functions • • • Cold Start … Copyright © 2021, Oracle and/or its affiliates. 41

42. API API Gateway (Oracle Functions/OKE/ API/ ) REST API •

    • • JWT • CORS • API • • • GUI/JSON Gateway • • OpenAPI 2.0/3.0 Copyright © 2021, Oracle and/or its affiliates. 42 Internet (Public/Private) Other Public API Services Load Balancer OKE Oracle Functions On-Prem API Server Dynamic Routing Gateway API Gateway Oracle Cloud Infrastructure Authentication

43. • OpenAPI 2.0 & 3.0 • TLS • Logging •

    • JWT ( ) Copyright © 2021, Oracle and/or its affiliates. 43

44. • API Gateway OpenAPI (2.0 & 3.0) • API •

    API → Gateway • • OpenAPI API Gateway • Path, Method, Status Code • (examples) • ( etc.) Copyright © 2021, Oracle and/or its affiliates. 44 openapi: '3.0.2' info: title: Employee API version: '1.0' servers: - url: https://oci-api-gateway-host paths: # ... /employee: get: responses: '200': description: return all employee. # ... examples: OpenAPI (JSON/YAML) API API API Gateway API

45. ”Authorizer Functions” ”JWT Validator” Authorizer Functions • HTTP API Gateway

    Oracle Functions API • JWT Validator • HTTP Identity Provider JWT API Gateway API • Copyright © 2021, Oracle and/or its affiliates. 45 Client API Gateway API Deployments Oracle Functions Client API Gateway API Deployments IDCS Identity Provider

46. Copyright © 2021, Oracle and/or its affiliates. 46 Client Backend

    API Gateway Auth Server 認証 トークン取得 トークンの検証 [^1] (署名の検証 & クレームの検証) 検証失敗：HTTP 4xx 検証成功: API Request API Response API Response 公開鍵の取得 JWT Validator [^1]: トークンの改ざん検証に使用する公開鍵について 1. APIの実行時に動的に公開鍵を取得し、使用する 2. あらかじめ発行されている公開鍵(静的キー)を使用する リクエストヘッダ／クエリパラメータにトークンを含めてリクエスト

47. OpenID Connect 1. IDCS (ID Token, Access Token) 2. API

    3. API Gateway Access Token • JWT • (API ) • • 4. Access Token scope API Gateway scope API 5. … Copyright © 2021, Oracle and/or its affiliates. 47 IDCS Client API Gateway IDCS 1. OpenID Connect 2. API Request 3. & ID Token Access Token user scope list, create, update, delete 4. scope Oracle Functions(A) Oracle Functions(B) VSCode (REST Client) Access Token scope: list scope: dummyScope

48. • • • • … Copyright © 2021, Oracle and/or

    its affiliates. 48

49. Oracle Functions • IAM Policy Builder Functions • Function 2

    5 • Function Application • Oracle Cloud Infrastructure Logging • Logging Function (Service Connector Hub) • Notifications Triggered Function API Gateway • OpenAPI 2.0 & 3.0 • TLS • Logging • • JWT Copyright © 2021, Oracle and/or its affiliates. 49

50. Copyright © 2021, Oracle and/or its affiliates. 50 Oracle Cloud

    Hangout Cafe Premium #3 Oracle Cloud – Cloud Native 2021

51. Oracle Cloud Infrastructure Streaming Service (Streaming) • Streaming • Streaming

    • Producer Consumer/Consumer Group • Streaming • • Copyright © 2021, Oracle and/or its affiliates. 51

52. Web/Mobile IoT Streaming Pub/Sub Streaming API SDK • Kafka API

    Copyright © 2021, Oracle and/or its affiliates. 52 IoT Mobile/Web Activities App Kafka Client Events API Gateway Database System Object Storage Functions Streaming Oracle Cloud Service • Events ( ) • Oracle Functions ( ) • API Gateway

53. Streaming • Stream : Partition Message • Stream Pool :

    Stream • • Message : Base64 (Key Value ) • • Key : Message Key Message Partition 53 0 1 2 3 4 5 Partition0 0 1 2 3 4 Partition1 0 1 2 3 4 5 6 Partition2 Stream Message (Key Partition ) Stream Pool Copyright © 2021, Oracle and/or its affiliates.

54. Streaming • Offset : Partition Message • • • Cursor

    : SDK Stream Massage • • • Partition : Stream Message • • 54 0 1 2 4 5 7 Partition Stream Offset Cursor Copyright © 2021, Oracle and/or its affiliates.

55. • Stream ※ • Stream Pool • • • Message

    • Partition (= ) • • Copyright © 2021, Oracle and/or its affiliates. 55

56. Producer : Message (Publish) • Key Message Partition • •

    Key Partition Key (first-in/first-out) Consumer : Message (Subscribe) • Message Message • • Message Offset 56 0 1 2 0 1 0 Stream Producer 1 PutMessage API GetMessage API Producer 2 Producer 3 Consumer 1 Consumer 2 Consumer 3 Partition0 Partition1 Partition2 Key0 Value Key2 Value Key1 Value Key2 Value Key0 Value Copyright © 2021, Oracle and/or its affiliates.

57. Stream API (Produce) • Stream OCI API Message (Consume) Cursor

    • Offset Cursor Partition • Cursor Partition Message • Cursor Message NextCursor Produce/Consume • Kafka API • Kafka Connect 57 Copyright © 2021, Oracle and/or its affiliates.

58. OCI SDK Streaming API • Streaming Kafka API • Kafka

    • Kafka Connect • Messaging Service Connector Hub • OCI • Streaming Copyright © 2021, Oracle and/or its affiliates. 58 OCI SDK Kafka Connect Service Connector Hub Kafka API

59. • InstancePrincipals (https://docs.oracle.com/en- us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm) • StreamClient Endpoint Region Copyright ©

    2021, Oracle and/or its affiliates. 59

60. • key(partition ) value( ) • Stream OCID streamId request

    Copyright © 2021, Oracle and/or its affiliates. 60

61. • Consume Cursor • Type(https://docs.oracle.c om/en- us/iaas/Content/Streami ng/Tasks/using_a_single _consumer.htm#usingcur sors),

    partition, streamId Copyright © 2021, Oracle and/or its affiliates. 61

62. • Consume Cursor • Type(https://docs.oracle.c om/en- us/iaas/Content/Streami ng/Tasks/using_a_single _consumer.htm#usingcur sors),

    partition, streamId Copyright © 2021, Oracle and/or its affiliates. 62

63. • Cursor streamId Consume • Response Message NextCursor Copyright ©

    2021, Oracle and/or its affiliates. 63

64. • • Kafka Connect • OCI API(Streaming API) Kafka API

    • API Copyright © 2021, Oracle and/or its affiliates. 64 Kafka Connect Producer Kafka Connect Consumer Streaming Streaming API Kafka API

65. Copyright © 2021, Oracle and/or its affiliates. 65

66. Copyright © 2021, Oracle and/or its affiliates. 66 Stream pool

    Kafka API Kafka

67. Copyright © 2021, Oracle and/or its affiliates. 67

68. Copyright © 2021, Oracle and/or its affiliates. 68

69. Oracle Kafka Connector • Oracle Cloud Infrastructure Object Storage (S3

    API ) • • • Oracle Integration Cloud • Oracle Database (Kafka Connect JDBC ) • Oracle GoldenGate Copyright © 2021, Oracle and/or its affiliates. 69 Kafka Connect

70. Oracle Cloud Infrastructure • • • Copyright © 2021, Oracle

    and/or its affiliates. https://blogs.oracle.com/cloud-infrastructure/oracle-cloud-infrastructure-service-connector-hub-now-generally-available 70

71. DB Streaming Functions • DB • OCR + • Functions

    ( 5 ) • Copyright © 2021, Oracle and/or its affiliates. 71 Service Connector Hub Functions Streaming Autonomous Database Database System Service Connector Hub Functions Streaming GPU HPC Data Flow (Spark)

72. Flexible Streaming: • Re-Partitioning – Partition / • Fatter Partitions

    – Partition / • Autoscaling – Partition Vertical/Horizontal • Unlimited Data Retention Integrations: • Native integration with Oracle Autonomous database • Native integration with OCI DataFlow (Serverless Spark) • Integration with OCI Data Catalog (Schema registry) Copyright © 2021, Oracle and/or its affiliates. 72

73. Copyright © 2021, Oracle and/or its affiliates. 73

74. OCI SDK Kafka API • Message Produce OCI SDK Streaming

    API publish • Partition 0 OCI SDK Streaming API consume • Partition 1~3 Kafka API consume Copyright © 2021, Oracle and/or its affiliates. 74 Producer Consumer Streaming Streaming API Kafka API Kafka Consumer partition0 partition1 partition2 partition3 partition1 partition2

75. 75 Copyright © 2021, Oracle and/or its affiliates.

76. None

77. Our mission is to help people see data in new

    ways, discover insights, unlock endless possibilities.