Slide 1
Slide 1 text
Oracle Cloud - Cloud Native 2021
Oracle Cloud Native
Kyotaro Nonaka / Takuya Niita / Shuhei Kawamura
Oracle Corporation Japan
March 10th, 2021
Slide 2
Slide 2 text
2 Copyright © 2021, Oracle and/or its affiliates.
1. Oracle Cloud Native
2. Container - by
3. API/FaaS - by
4. Messaging - by
Slide 3
Slide 3 text
•
•
• EC
• OCHaCafe 5
• fitbit
Copyright © 2021, Oracle and/or its affiliates.
3
@non_kyon
fitbit
…………………
…..
Slide 4
Slide 4 text
Copyright © 2021, Oracle and/or its affiliates.
4
Slide 5
Slide 5 text
• API
•
OSS DIY
•
•
•
•
•
Copyright © 2021, Oracle and/or its affiliates.
5
Slide 6
Slide 6 text
•
OCI
• DIY
End to End
•
•
OSS
Copyright © 2021, Oracle and/or its affiliates.
6
Inclusive
Managed Open
Slide 7
Slide 7 text
7
Monitoring Events
Streaming
Observability + Messaging
API Gateway
Container
Engine for
Kubernetes
Resource
Manager
Cloud
Infrastructure
Registry
Functions
Notifications
Application Development + Operations
Logging
OCI
Oracle Functions
Copyright © 2021, Oracle and/or its affiliates.
Slide 8
Slide 8 text
and more…
Copyright © 2021, Oracle and/or its affiliates.
8
API Gateway
Container
Engine for
Kubernetes
Cloud
Infrastructure
Registry
Functions Streaming
Slide 9
Slide 9 text
Container編
Takuya Niita
Oracle Corporation Japan
Mar 10, 2021
Copyright © 2021, Oracle and/or its affiliates.
9
Oracle Cloud Hangout Cafe Premium #3 Oracle Cloud – Cloud Native 2021
Slide 10
Slide 10 text
•
•
• SIer
• Oracle
• Cloud Native
•
• OCHaCafe 4
Copyright © 2021, Oracle and/or its affiliates.
10
@takuya_0301
Slide 11
Slide 11 text
Oracle Container Engine for Kubernetes(OKE)
• 2
•
• VCN API Server
Endpoint Private
• OCI LB Canal (CNI)
• Service OCI LoadBalancer
( )
• OCI LB Ingress
Controller
• SC/PC/PVC OCI FSS Block Volume
• OCI IAM OCI Audit
• OCI Service Broker
• HPA/VPA/Cluster Autoscaling
Oracle Cloud Infrastructure Registry(OCIR)
• Docker Registry HTTP API V2 docker
•
• OCI
•
Copyright © 2021, Oracle and/or its affiliates.
11
Slide 12
Slide 12 text
Kubernetes
Oracle Container Engine for Kubernetes (OKE)
Copyright © 2021, Oracle and/or its affiliates.
12
/ /HPC
Visual Builder Studio CI/CD
Oracle Cloud Service
• OCI Registry (OCIR)
OKE
Service
Broker
Object
Storage
Streaming
Events
Database
System
Container Engine
For Kubernetes
Virtual Machine
Load
Balancer
Container Registry
Container Engine
For Kubernetes
Slide 13
Slide 13 text
•
•
• Kubernetes
• v1.18.10/v1.17.13/v1.17.9/v1.16.15/v1.16.8
(2021/3 )
• Worker Node
• Private Subnet
• Public Subnet
•
• VM/BM/HPC CPU
flexible shape
•
•
• 50GB
• 32TB
Oracle Container Engine for Kubernetes(OKE)
Copyright © 2021, Oracle and/or its affiliates.
13
Slide 14
Slide 14 text
•
• etcd
• OCI Vault Key
• Pod Security Policy(PSP)
• VCN
• OKE VCN
• Load Balancer Subnet
• Kubernetes (Cluster IP) CIDR
• Pod IP CIDR
• Master Node(API Server) Endpoint
(Private/Public)
• OS
•
Oracle Container Engine for Kubernetes(OKE)
Copyright © 2021, Oracle and/or its affiliates.
14
Slide 15
Slide 15 text
OKE
• Service type: Load Balancer
OCI LoadBalancer (TCP/HTTP)
•
• HTTPS
• LoadBalancer shape
• 10Mbps/100Mbps/400Mbps/8000Mbps
• Flexible Shape(LB )
• Ingress Controller NGINX Ingress
Controller for Kubernetes
• flannel
• Network Policy Calico
(Canal )
Oracle Container Engine for Kubernetes(OKE)
Copyright © 2021, Oracle and/or its affiliates.
15
metadata.annotation
Slide 16
Slide 16 text
Block Volume Persistent Volume
• OKE build-in CSI(Container
Storage Interface) ”oci-bv”
• Persistent Volume
Claim(PVC)
• 50GB
Oracle Container Engine for Kubernetes(OKE)
Copyright © 2021, Oracle and/or its affiliates.
16
FSS Persistent Volume
• FSS
• StorageClass(SC)/PesistentVolume(PV)
• SC mount target
• PV NFS
• Persistent Volume Claim(PVC)
Slide 17
Slide 17 text
HPA(Horizontal Pod Autoscaling)
• HPA
• HorizontalPodAutoscaler
•
•
CPU
• Pod
• Pod
VPA(Vertical Pod Autoscaling)
• VPA
•
• https://github.com/kubernetes/autoscaler/tr
ee/master/vertical-pod-autoscaler
• Resource Request
Cluster Autoscaling
• OKE Cluster
Autoscaling Pod
•
Oracle Container Engine for Kubernetes(OKE)
Copyright © 2021, Oracle and/or its affiliates.
17
[opc@oke-client ~]$ kubectl apply -f
https://github.com/kubernetes-sigs/metrics-
server/releases/download/vx.x.x/components.yaml
Slide 18
Slide 18 text
OCI
• Kubernetes RBAC Authorizer OCI IAM
OCI OKE
• manifest kubectl OCI
OCID ID
• Ex) Pod
•
•
• OKE
• Role
• RoleBinding
• OCI Audit API Server
Oracle Container Engine for Kubernetes(OKE)
Copyright © 2021, Oracle and/or its affiliates.
18
Role
RoleBinding
ID
( OCID)
Slide 19
Slide 19 text
OKE Roadmap
• Kubernetes v1.19
• OCI Monitoring/OCI Logging
• OCI IAM Kubernetes RBAC Authorizer
• OCI IAM RBAC
• Worker Node
• Worker Node GPU
Oracle Container Engine for Kubernetes(OKE)
Copyright © 2021, Oracle and/or its affiliates.
19
Slide 20
Slide 20 text
Copyright © 2021, Oracle and/or its affiliates.
20
Docker Kubernetes
Docker v2
OKE
Oracle Cloud Service
• Oracle Container Engine for Kubernetes (OKE)
Container
Registry
OKE
Container Engine
For Kubernetes
Virtual Machine
Container Registry
Slide 21
Slide 21 text
OCIR
• Docker Registry HTTP API V2
• docker
• docker login
• docker pull
• docker push
• API
• docker login
•
• docker login nrt.ocir.io
• OCI
•
• OCIR
•
•
Oracle Cloud Infrastructure Registry(OCIR)
Copyright © 2021, Oracle and/or its affiliates.
21
Slide 22
Slide 22 text
OCIR
•
•
•
• pull
•
•
•
•
•
• 1
Oracle Cloud Infrastructure Registry(OCIR)
Copyright © 2021, Oracle and/or its affiliates.
22
Slide 23
Slide 23 text
OCIR Roadmap
• IP
•
•
• push
Oracle Cloud Infrastructure Registry(OCIR)
Copyright © 2021, Oracle and/or its affiliates.
23
Slide 24
Slide 24 text
Oracle Container Engine for Kubernetes(OKE)
• 2
•
• VCN API Endpoint
Private
• OCI LB Canal (CNI)
• Service OCI LoadBalancer
( )
• OCI LB Ingress
Controller
• SC/PC/PVC OCI FSS Block Volume
• OCI IAM OCI Audit
• OCI Service Broker
• HPA/VPA/Cluster Autoscaling
Oracle Cloud Infrastructure Registry(OCIR)
• Docker Registry HTTP API V2
docker
•
• OCI
•
OCI
Copyright © 2021, Oracle and/or its affiliates.
24
Slide 25
Slide 25 text
Copyright © 2021, Oracle and/or its affiliates.
25
Slide 26
Slide 26 text
Oracle Cloud Native
• https://github.com/oracle-
quickstart/oci-cloudnative
• Microservices Architecture on OKE
• Autonomous Database Object Storage
1 Click
• OCI Resource Manager
Copyright © 2021, Oracle and/or its affiliates.
26
Slide 27
Slide 27 text
Copyright © 2021, Oracle and/or its affiliates.
27
Slide 28
Slide 28 text
• Gatling HTTP
• https://gatling.io/
• Edge-Router
•
• Mushop URL( Load Balancer
URL)
•
• 100 / 1
OKE HPA(Horizontal Pod Autoscaler)
Copyright © 2021, Oracle and/or its affiliates.
28
Slide 29
Slide 29 text
FaaS, API編
Shuhei Kawamura
Oracle Corporation Japan
Mar 10, 2021
Copyright © 2021, Oracle and/or its affiliates.
29
Oracle Cloud Hangout Cafe Premium #3 Oracle Cloud – Cloud Native 2021
Slide 30
Slide 30 text
Copyright © 2021, Oracle and/or its affiliates.
30
• (Shuhei, Kawamura)
•
•
• 2020/10/15
•
• ( ) ( )
• Cercle, King Gnu
• etc.
• : !!
@shukawam shukawam shukawam
Slide 31
Slide 31 text
Oracle Functions
•
•
• Logging Function
• (Notifications Function)
•
API Gateway
•
•
• OpenAPI 2.0 & 3.0
• JWT ( )
•
Copyright © 2021, Oracle and/or its affiliates.
31
Slide 32
Slide 32 text
FaaS(Oracle Functions)
• Managed
• FaaS
•
• Inclusive
•
• Open
• OSS Fn Project (https://fnproject.io/)
Docker
•
•
•
API Gateway
• Managed
• API
•
• Inclusive
•
• Open
• OpenAPI (2.0 & 3.0)
Copyright © 2021, Oracle and/or its affiliates.
32
Slide 33
Slide 33 text
OSS Fn Project
Docker
• OCI
• Events
• OCI Logging
• Notification
• …
• Function (FDK)
• Java, Python, Go, Node.js, Ruby
Copyright © 2021, Oracle and/or its affiliates.
33
Oracle Cloud
Infrastructure
Oracle Cloud
Infrastructure
Events Oracle
Functions
API Gateway Streaming
Mobile Web
App
IoT
PLANNED!!!
Slide 34
Slide 34 text
Copyright © 2021, Oracle and/or its affiliates.
34
Oracle Cloud Infrastructure
Oracle Functions
Application
Virtual Cloud Network
Function
Definition
Instance
IAM User + Policy
Dynamic Group + Policy
Oracle Cloud
Infrastructure
Registry (OCIR)
schema_version: 20180708
name: fn-hello-java
version: 0.0.1
runtime: java11
build_image: fnproject/fn-java-
fdk-build:jdk11-1.0.118
run_image: fnproject/fn-java-
fdk:jre11-1.0.118
cmd: com.example.fn.HelloFunction
::handleRequest
func.yaml
Docker, Fn CLI, Runtime etc.
$ fn deploy --app
Set functions def.
Image push
Image pull
Instance/Container create
Invoke Events:
• Events, Notifications
• HTTP
• Fn CLI
• Oracle Cloud Infrastructure SDK
Slide 35
Slide 35 text
https://speakerdeck.com/oracle4engineer/lets-dive-serverless-world
Copyright © 2021, Oracle and/or its affiliates.
35
Slide 36
Slide 36 text
• IAM Policy Builder Functions
• Function 2 5
• Function Application
• UC
•
•
• PAYG
•
•
• Oracle Cloud Infrastructure Logging
• Logging Function(Service Connector Hub)
• Notifications Function( )
Copyright © 2021, Oracle and/or its affiliates.
36
Slide 37
Slide 37 text
•
•
• /
• (SQL )
•
•
• Functions Object Storage
etc.
Copyright © 2021, Oracle and/or its affiliates.
37
Logging
VCN
Flow Logs
Application Object Storage
Auditing
Oracle Functions
Streaming
Object
Storage
Slide 38
Slide 38 text
• Service Connector Hub(SCH)
Function
• Function
•
• OCI
•
•
• 3rd party
•
• …
Copyright © 2021, Oracle and/or its affiliates.
38
Logging
Functions
Oracle Functions
SCH
Invoke
OCI Resources
{
"data": {
"applicationId": “ocid.fnapp.oc1…",
// ...
"message": “Logging Test"
// ...
}
// ...
}
Functions ( )
Slide 39
Slide 39 text
Monitoring
Pub/Sub
Email Delivery, Functions, PagerDuty, Slack,
HTTPs
Copyright © 2021, Oracle and/or its affiliates.
39
Notifications
Notifications
Events
Monitoring Notifications
Topic
Email Delivery
Oracle Functions
Service
Application
Oracle Cloud Service
Events, Monitoring, Oracle Functions, API
Gateway, Email Delivery
HTTPs
Endpoint
Slide 40
Slide 40 text
• OCI Notifications Function
• Service Connector Hub
• Notifications
•
• Service Connector Hub
•
•
• Monitoring VM
•
• …
Copyright © 2021, Oracle and/or its affiliates.
40
Notifications
Notifications
Topic
Oracle Functions
Functions
( )
Slide 41
Slide 41 text
• Streaming Triggered Functions
• Service Connector Hub Streaming Functions
• Scheduled Functions
• Functions
•
•
• Cold Start
…
Copyright © 2021, Oracle and/or its affiliates.
41
Slide 42
Slide 42 text
API
API Gateway (Oracle
Functions/OKE/ API/ )
REST API
•
•
• JWT
• CORS
• API
•
•
• GUI/JSON Gateway
•
• OpenAPI 2.0/3.0
Copyright © 2021, Oracle and/or its affiliates.
42
Internet
(Public/Private)
Other Public
API Services
Load
Balancer
OKE
Oracle
Functions
On-Prem
API Server
Dynamic
Routing
Gateway
API Gateway
Oracle Cloud
Infrastructure
Authentication
Slide 43
Slide 43 text
• OpenAPI 2.0 & 3.0
• TLS
• Logging
•
• JWT ( )
Copyright © 2021, Oracle and/or its affiliates.
43
Slide 44
Slide 44 text
• API Gateway OpenAPI (2.0 & 3.0)
• API
• API → Gateway
•
• OpenAPI API Gateway
• Path, Method, Status Code
• (examples)
• ( etc.)
Copyright © 2021, Oracle and/or its affiliates.
44
openapi: '3.0.2'
info:
title: Employee API
version: '1.0'
servers:
- url: https://oci-api-gateway-host
paths:
# ...
/employee:
get:
responses:
'200':
description: return all employee.
# ...
examples:
OpenAPI
(JSON/YAML)
API
API
API Gateway API
Slide 45
Slide 45 text
”Authorizer Functions” ”JWT Validator”
Authorizer Functions
• HTTP
API Gateway
Oracle Functions
API
•
JWT Validator
• HTTP Identity Provider
JWT API Gateway
API
•
Copyright © 2021, Oracle and/or its affiliates.
45
Client API Gateway API Deployments
Oracle Functions
Client API Gateway API Deployments
IDCS
Identity Provider
Slide 46
Slide 46 text
Copyright © 2021, Oracle and/or its affiliates.
46
Client Backend
API Gateway
Auth Server
認証
トークン取得
トークンの検証 [^1]
(署名の検証
& クレームの検証)
検証失敗:HTTP 4xx
検証成功: API Request
API Response API Response
公開鍵の取得
JWT Validator
[^1]: トークンの改ざん検証に使用する公開鍵について
1. APIの実行時に動的に公開鍵を取得し、使用する
2. あらかじめ発行されている公開鍵(静的キー)を使用する
リクエストヘッダ/クエリパラメータにトークンを含めてリクエスト
Slide 47
Slide 47 text
OpenID Connect
1. IDCS (ID Token, Access Token)
2.
API
3. API Gateway Access Token
• JWT
• (API
)
•
•
4. Access Token scope API Gateway
scope
API
5. …
Copyright © 2021, Oracle and/or its affiliates.
47
IDCS
Client
API Gateway
IDCS
1. OpenID
Connect
2. API Request
3. &
ID Token
Access Token
user
scope
list,
create,
update,
delete
4. scope
Oracle Functions(A)
Oracle Functions(B)
VSCode
(REST Client)
Access Token
scope: list
scope: dummyScope
Slide 48
Slide 48 text
•
•
•
•
…
Copyright © 2021, Oracle and/or its affiliates.
48
Slide 49
Slide 49 text
Oracle Functions
• IAM Policy Builder
Functions
• Function 2 5
• Function Application
• Oracle Cloud Infrastructure Logging
• Logging Function
(Service Connector Hub)
• Notifications Triggered Function
API Gateway
• OpenAPI 2.0 & 3.0
• TLS
• Logging
•
• JWT
Copyright © 2021, Oracle and/or its affiliates.
49
Slide 50
Slide 50 text
Copyright © 2021, Oracle and/or its affiliates.
50
Oracle Cloud Hangout Cafe Premium #3 Oracle Cloud – Cloud Native 2021
Slide 51
Slide 51 text
Oracle Cloud Infrastructure Streaming Service (Streaming)
• Streaming
• Streaming
• Producer Consumer/Consumer Group
• Streaming
•
•
Copyright © 2021, Oracle and/or its affiliates.
51
Slide 52
Slide 52 text
Web/Mobile IoT
Streaming
Pub/Sub
Streaming API SDK
• Kafka API
Copyright © 2021, Oracle and/or its affiliates.
52
IoT Mobile/Web
Activities
App
Kafka
Client
Events API Gateway
Database
System
Object
Storage
Functions
Streaming
Oracle Cloud Service
• Events ( )
• Oracle Functions ( )
• API Gateway
Slide 53
Slide 53 text
Streaming
• Stream : Partition Message
• Stream Pool : Stream
•
• Message : Base64 (Key Value )
•
• Key : Message Key Message Partition
53
0 1 2 3 4 5
Partition0
0 1 2 3 4
Partition1
0 1 2 3 4 5 6
Partition2
Stream
Message
(Key Partition )
Stream Pool
Copyright © 2021, Oracle and/or its affiliates.
Slide 54
Slide 54 text
Streaming
• Offset : Partition Message
•
•
• Cursor : SDK Stream Massage
•
•
• Partition : Stream Message
•
•
54
0 1 2 4 5 7
Partition
Stream
Offset
Cursor
Copyright © 2021, Oracle and/or its affiliates.
Slide 55
Slide 55 text
• Stream ※
• Stream Pool
•
•
• Message
• Partition (= )
•
•
Copyright © 2021, Oracle and/or its affiliates.
55
Slide 56
Slide 56 text
Producer : Message (Publish)
• Key Message Partition
•
• Key Partition Key (first-in/first-out)
Consumer : Message (Subscribe)
• Message Message
•
• Message Offset
56
0 1 2
0 1
0
Stream
Producer 1
PutMessage API GetMessage API
Producer 2
Producer 3
Consumer 1
Consumer 2
Consumer 3
Partition0
Partition1
Partition2
Key0
Value
Key2
Value
Key1
Value
Key2
Value
Key0
Value
Copyright © 2021, Oracle and/or its affiliates.
Slide 57
Slide 57 text
Stream API (Produce)
• Stream OCI API
Message (Consume) Cursor
• Offset Cursor Partition
• Cursor Partition Message
• Cursor Message NextCursor
Produce/Consume
• Kafka API
• Kafka Connect
57 Copyright © 2021, Oracle and/or its affiliates.
Slide 58
Slide 58 text
OCI SDK Streaming
API
• Streaming
Kafka API
• Kafka
•
Kafka Connect
•
Messaging
Service Connector Hub
• OCI
• Streaming
Copyright © 2021, Oracle and/or its affiliates.
58
OCI SDK
Kafka
Connect
Service
Connector
Hub
Kafka
API
Slide 59
Slide 59 text
• InstancePrincipals (https://docs.oracle.com/en-
us/iaas/Content/Identity/Tasks/callingservicesfrominstances.htm)
• StreamClient Endpoint Region
Copyright © 2021, Oracle and/or its affiliates.
59
Slide 60
Slide 60 text
• key(partition
) value(
)
• Stream OCID streamId
request
Copyright © 2021, Oracle and/or its affiliates.
60
Slide 61
Slide 61 text
• Consume
Cursor
• Type(https://docs.oracle.c
om/en-
us/iaas/Content/Streami
ng/Tasks/using_a_single
_consumer.htm#usingcur
sors), partition, streamId
Copyright © 2021, Oracle and/or its affiliates.
61
Slide 62
Slide 62 text
• Consume
Cursor
• Type(https://docs.oracle.c
om/en-
us/iaas/Content/Streami
ng/Tasks/using_a_single
_consumer.htm#usingcur
sors), partition, streamId
Copyright © 2021, Oracle and/or its affiliates.
62
Slide 63
Slide 63 text
• Cursor streamId Consume
• Response Message NextCursor
Copyright © 2021, Oracle and/or its affiliates.
63
Slide 64
Slide 64 text
•
• Kafka Connect
• OCI API(Streaming API) Kafka API
• API
Copyright © 2021, Oracle and/or its affiliates.
64
Kafka Connect
Producer
Kafka Connect
Consumer
Streaming
Streaming API
Kafka API
Slide 65
Slide 65 text
Copyright © 2021, Oracle and/or its affiliates.
65
Slide 66
Slide 66 text
Copyright © 2021, Oracle and/or its affiliates.
66
Stream pool Kafka API
Kafka
Slide 67
Slide 67 text
Copyright © 2021, Oracle and/or its affiliates.
67
Slide 68
Slide 68 text
Copyright © 2021, Oracle and/or its affiliates.
68
Slide 69
Slide 69 text
Oracle Kafka Connector
• Oracle Cloud Infrastructure Object Storage
(S3 API )
•
•
• Oracle Integration Cloud
• Oracle Database (Kafka Connect JDBC )
• Oracle GoldenGate
Copyright © 2021, Oracle and/or its affiliates.
69
Kafka Connect
Slide 70
Slide 70 text
Oracle Cloud
Infrastructure
•
•
•
Copyright © 2021, Oracle and/or its affiliates.
https://blogs.oracle.com/cloud-infrastructure/oracle-cloud-infrastructure-service-connector-hub-now-generally-available
70
Slide 71
Slide 71 text
DB Streaming
Functions
• DB
•
OCR +
• Functions ( 5 )
•
Copyright © 2021, Oracle and/or its affiliates.
71
Service
Connector Hub
Functions
Streaming
Autonomous
Database
Database
System
Service
Connector Hub
Functions
Streaming
GPU
HPC
Data Flow
(Spark)
Slide 72
Slide 72 text
Flexible Streaming:
• Re-Partitioning – Partition /
• Fatter Partitions – Partition /
• Autoscaling – Partition Vertical/Horizontal
• Unlimited Data Retention
Integrations:
• Native integration with Oracle Autonomous database
• Native integration with OCI DataFlow (Serverless Spark)
• Integration with OCI Data Catalog (Schema registry)
Copyright © 2021, Oracle and/or its affiliates.
72
Slide 73
Slide 73 text
Copyright © 2021, Oracle and/or its affiliates.
73
Slide 74
Slide 74 text
OCI SDK Kafka API
• Message Produce OCI SDK Streaming API publish
• Partition 0 OCI SDK Streaming API consume
• Partition 1~3 Kafka API consume
Copyright © 2021, Oracle and/or its affiliates.
74
Producer
Consumer
Streaming
Streaming API
Kafka API
Kafka
Consumer
partition0
partition1
partition2
partition3
partition1
partition2
Slide 75
Slide 75 text
75 Copyright © 2021, Oracle and/or its affiliates.
Slide 76
Slide 76 text
No content
Slide 77
Slide 77 text
Our mission is to help people see
data in new ways, discover insights,
unlock endless possibilities.