Microservice Architecture on Kubernetes - Huseyin Babal

Slide 1

Slide 1 text

Microservice Architecture on Kubernetes Huseyin BABAL Software Development Team Lead @ Hazelcast Cloud

Slide 2

Slide 2 text

Who Am I? Currently Implementing Hazelcast Cloud Ex-Sony and Ex-eBay Engineer (Microservice Transformation Project Architect) Organizer of Docker Istanbul, NodeSchool Istanbul, DevOps Underground meetups

Slide 3

Slide 3 text

#1 Kubernetes Overview

Slide 4

Slide 4 text

What is it? Open-source platform for managing containerized workloads and services.

Slide 5

Slide 5 text

How to use? You can see managed versions of kubernetes on Google Cloud, AWS, and Azure. You can use kubespray to deploy k8s on datacenter. We will focused on architectural overview rather than how to install k8s from now on.

Slide 6

Slide 6 text

#2 Cluster Environment Architecture

Slide 7

Slide 7 text

When you use k8s, you will forget about infrastructure level operations and mainly focus on architecting your applications.

Slide 8

Slide 8 text

Environments According to your needs, you may need diﬀerent environments like dev, staging, prod for diﬀerent purposes. Let see how we can do this.

Slide 9

Slide 9 text

Cluster Level Isolation You can setup cluster per environment to have maximum isolation. Dev Staging Prod Cluster 1 Cluster 2 Cluster 3

Slide 10

Slide 10 text

Namespace Level Isolation You can create namespace per environment to isolate them Cluster Dev Staging Prod

Slide 11

Slide 11 text

Tip Do not put all the things in default namespace, it will be very hard to manage them in the future. If you want to put all the things in default namespace, you will need to have good labelling on your pods to ﬁlter them based on needs

Slide 12

Slide 12 text

Prometheus Grafana Unsee Product Service User Service Category Service Payment Service Payment Worker Scoring Worker Billing Worker monitoring microservice worker

Slide 13

Slide 13 text

Good Tools for Daily Kubernetes kubectx: A tool for managing your kubernetes context kubens: A tool for managing your kubernetes namespace Thanks Ahmet Alp Balkan for those wonderful tools https://github.com/ahmetb

Slide 14

Slide 14 text

Kubectx

Slide 15

Slide 15 text

Kubens

Slide 16

Slide 16 text

#3 Monitoring

Slide 17

Slide 17 text

Monitor Everything

Slide 18

Slide 18 text

Prometheus Prometheus is capable of collecting metrics from known sources like cAdvisor. Prometheus is mainly used for collecting metrics and alert manager to notify you on any kind of problem

Slide 19

Slide 19 text

Prometheus Operator Hopefully, CoreOS team developed a project called prometheus operator to collect k8s speciﬁc metrics automatically. https://github.com/coreos/prometheus-operator

Slide 20

Slide 20 text

Getting Started You can install Prometheus with Helm charts

Slide 21

Slide 21 text

Visualization Prometheus lets us to keep track of external services by using some endpoint via exporters. To visualize metrics, we will use grafana.

Slide 22

Slide 22 text

No content

Slide 23

Slide 23 text

Alert Manager

Slide 24

Slide 24 text

Monitoring Multiple Clusters If you have multiple clusters to be monitored, you can use Prometheus Federation. This is simply handled by selection one member as central monitoring member and it is capable of collecting metrics from others.

Slide 25

Slide 25 text

Federation Sample

Slide 26

Slide 26 text

#4 Public Traffic

Slide 27

Slide 27 text

Cloud Based Scenario There are several ways to provide public traﬃc to k8s cluster, but in this scenario, we will go through a kubernetes cluster exists on AWS.

Slide 28

Slide 28 text

Nginx Ingress You can expose your service to the outside in several ways like as LoadBalancer. However, creating an LB for each will be hard to manage and costful. When you deploy Nginx Ingress on kubernetes environment, it will automatically create a Load Balancer.

Slide 29

Slide 29 text

Route53 If you have managed domain name on Route53, you can simply add a CNAME record to point domain to LB. Every request will be proxied to k8s cluster entrance, but how about pointing to speciﬁc service?

Slide 30

Slide 30 text

Ingress Rules You can use ingress rule to proxy incoming requests to speciﬁc service in k8s.

Slide 31

Slide 31 text

No content

Slide 32

Slide 32 text

Route53 Load Balancer Nginx Ingress Product Service User Service Kubernetes Cluster

Slide 33

Slide 33 text

#5 Microservice Overview

Slide 34

Slide 34 text

Once upon a time while we are in monolithic app days

Slide 35

Slide 35 text

After switching to Microservice Architecture ...

Slide 36

Slide 36 text

And yes, the truth is, only the name Microservice Architecture cannot solve your architectural problems. You need to consider applying best practices to Microservices to do it in an eﬃcient way

Slide 37

Slide 37 text

#6 Try to Reach Glory of REST

Slide 38

Slide 38 text

Leonard Richardson’s Maturity Model ●

Slide 39

Slide 39 text

#7 k8s Warm-up

Slide 40

Slide 40 text

Project Structure

Slide 41

Slide 41 text

deployment.yml

Slide 42

Slide 42 text

service.yml

Slide 43

Slide 43 text

Kubectl configuration Kubectl is a client app for k8s api server in order to manage k8s cluster. If you use minikube, your kubectl will be automatically configured, and it is different for other cloud providers.

Slide 44

Slide 44 text

Simple deployment git clone cd kubectl apply -f k8s

Slide 45

Slide 45 text

Handling Conﬁdential Data If you have conﬁdential data like db password, api secret, etc… you can store them inside Kubernetes secrets kubectl -n microservice create secret generic product-service --from-literal=dbpassword=${dbpassword}

Slide 46

Slide 46 text

No content

Slide 47

Slide 47 text

#8 Continuous Delivery

Slide 48

Slide 48 text

Build Test Deploy Cloud Provider

Slide 49

Slide 49 text

No content

Slide 50

Slide 50 text

Slack Notiﬁcations

Slide 51

Slide 51 text

Deployment Script

Slide 52

Slide 52 text

Deployment Types ● Rolling Update ● Canary Deployment ● Blue / Green Deployment

Slide 53

Slide 53 text

Rolling Update Deployment resource on k8s uses RollingUpdate strategy by default. Within this strategy, pods deployed one by one instead of taking entire service down.

Slide 54

Slide 54 text

Canary Deployment You deploy an experimental feature and allow small amount of request traﬃc to this deployment. You increment the size of traﬃc and after a while, canary replaces the production one

Slide 55

Slide 55 text

No content

Slide 56

Slide 56 text

No content

Slide 57

Slide 57 text

After a while... You conﬁrmed that, the feature on canary deployment works, replace prod image with canary one and delete canary deployment

Slide 58

Slide 58 text

No content

Slide 59

Slide 59 text

Blue & Green Deployment In this strategy, there will be 2 environments with same properties except application version. The current version will be called blue and new version will be green. Just update ingress rules to redirect traﬃc to green deployment.

Slide 60

Slide 60 text

#9 Distributed Conﬁguration

Slide 61

Slide 61 text

Why Not Project Speciﬁc Conﬁgs? ● Sensitive data walks around Git ● Unable to inherit common properties like spring.main.banner-mode=OFF

Slide 62

Slide 62 text

How to Centralized Config? ● Consul can be used to keep config data as Key/Value ● Create a project for just keeping project configurations. ● Git2Consul for sync configuration to Consul

Slide 63

Slide 63 text

Architecture Git2Consull Daemon Config Project Git push new config change Polling Sync configs to Consul User

Slide 64

Slide 64 text

Spring Boot Conﬁg

Slide 65

Slide 65 text

Spring Boot Conﬁg (Test)

Slide 66

Slide 66 text

Git2Consul npm install -g git2consul Create a file called git2consul.json and add necessary config git2consul --endpoint --port 8500 --config-file git2consul.json

Slide 67

Slide 67 text

Git2Consul Conﬁg File

Slide 68

Slide 68 text

Pro Tip By default, Spring Boot refreshes its context on conﬁg change on Consul. This may cause down time problems, so disable conﬁg change watching with following.

Slide 69

Slide 69 text

#10 Client Code Generation

Slide 70

Slide 70 text

How? You can either use Swagger to generate your client code on any supported language, or feign client with a little annotation and client side load balancing with Ribbon.

Slide 71

Slide 71 text

Feign Client

Slide 72

Slide 72 text

Swagger Doc

Slide 73

Slide 73 text

Swagger Doc Now you are able to access; http://your_api/swagger-ui.html for api documentation http://your_api/v2/api-docs for json speciﬁcation of API doc.

Slide 74

Slide 74 text

Swagger Codegen

Slide 75

Slide 75 text

Pro Tip The best place to generate api client is while Jenkins build section. ● If you are deploying a feature to non-prod environment you can generate client library with snapshot version and push to nexus. ● If you are deploying a feature to prod environment, you can generate client with stable and push to nexus artifactory

Slide 76

Slide 76 text

#11 Logging

Slide 77

Slide 77 text

Spring Boot Logging

Slide 78

Slide 78 text

Logging Types ● Node Level Logging ● Cluster Level Logging

Slide 79

Slide 79 text

Node Level Logging

Slide 80

Slide 80 text

Cluster-Level Logging

Slide 81

Slide 81 text

You can use several technology to send your logs to logging backend. It can be Graylog, ELK, etc...

Slide 82

Slide 82 text

No content

Slide 83

Slide 83 text

Humio

Slide 84

Slide 84 text

No content

Slide 85

Slide 85 text

Installation helm install --version "v0.8.0" stable/ﬂuent-bit --name=humio-agent -f humio-agent.yaml

Slide 86

Slide 86 text

#12 APM & Service Mesh

Slide 87

Slide 87 text

Why to Monitor Service Metrics? Beautiful graphs and dashboard fetched from log resources may not be helpful for you every time when you face a diﬃcult issue. You may need to see your service insights to ﬁnd the root cause.

Slide 88

Slide 88 text

Tools Can Be Used NewRelic, AppDynamics, DynaTrace, Zipkin can be suggestion for your APM monitoring. However, in a containerized microservices world, you may need to have a tool that works in real-time and has some AI capabilities.