Hands-on Cloud Native Lifecycle Management Michael Hausenblas @mhausenblas
 Developer Advocate, Red Hat
 2018-05-16, Continuous Lifecycle London

Hit me up on Twitter: @mhausenblas 2 • Developer Advocate @ Red Hat (Go, Kubernetes, OpenShift) • Developer Advocate @ Mesosphere (Mesos, DC/OS, Kubernetes) • Chief Data Engineer @ MapR (HDFS, HBase, Drill, etc.) • Applied research (4y in Ireland, 7y in Austria) • Nowadays mainly developing tools in Go (Python, Node, Java, C++) • Kinda developer turned ops (aka appops) $ whois mhausenblas

Hit me up on Twitter: @mhausenblas 3 admin SRE developer QA architect PM PHB

The Cloud Native Lifecycle

Hit me up on Twitter: @mhausenblas 5

Hit me up on Twitter: @mhausenblas 6 • containerized setup • observability • loose coupling • delivery vs deployment Terminology

Hit me up on Twitter: @mhausenblas 7 Starting point: twelve factor apps 12factor.net

Hit me up on Twitter: @mhausenblas 8 Portability • Avoid platform lock-in • Enable hybrid cloud deployments • multi-cloud • on-premises and cloud

Hit me up on Twitter: @mhausenblas 9 Unit of deployment • VMs • Containers • Functions

Hit me up on Twitter: @mhausenblas 10 Distributed systems • Scale out on commodity hardware • Fallacies of distributed computing • Stateful services shard inherently

Hit me up on Twitter: @mhausenblas 11 Roles • cluster admin • namespace admin • developer • user

Hit me up on Twitter: @mhausenblas 12 Cluster admin • provision infrastructure (AWS, Azure, GCP, OpenStack) • infra monitoring • install and upgrade platform (Kubernetes) • user management • base image management • quotas

Hit me up on Twitter: @mhausenblas 13 Namespace admin • application lifecycle management • namespace/app monitoring • quotas (?) • RBAC

Hit me up on Twitter: @mhausenblas 14 Developer • application container images • testing/integration • troubleshooting (on-call?) • application-level monitoring • tracing

Hit me up on Twitter: @mhausenblas 15 Challenges • Aligning incentives (dev vs. ops) • Fallacies of distributed computing • Security

Building and delivering apps on Kubernetes

Hit me up on Twitter: @mhausenblas 17 Build and delivery status quo build artefacts build tooling runtime config code creds CI/CD pipeline |||| code repo binary bare metal server/VMs

Hit me up on Twitter: @mhausenblas 18 Doing it the cloud native way build artefacts build tooling runtime CI/CD pipeline |||| code repo container container orchestrator +
 service mesh config code creds container image manifest container runtime manifest service mesh manifest container
 registry

Hit me up on Twitter: @mhausenblas 19 Development modes (conceptually) remote local cluster dev cluster dev cluster dev dev cluster pure off-line proxied live pure on-line

Hit me up on Twitter: @mhausenblas 20 A note on operational aspects monolith v1 monolith v2 time µS1
 v1 µS2
 v1 µS3
 v1 µS2
 v2 µS3
 v2 µS1
 v2 µS2
 v3 µS3
 v3 µS1
 v3 µS3
 v4 µS2
 v4 µS3
 v5 µS1
 v4 µS2
 v5 µS3
 v6

Tooling

Hit me up on Twitter: @mhausenblas 22 Kubernetes kubernetes.io • Container lifecycle management • Declarative, state-driven • Extensible, modular API • Robust, flexible, scalable Kudos to Lucas Käldström for this figure (source)

Hit me up on Twitter: @mhausenblas 23 telepresence.io vapor-ware.github.io/ksync/ www.openshift.org kubed.sh kedgeproject.org ksonnet.io Minikube Minishift Docker Community Edition for Mac & Windows github.com/GoogleCloudPlatform/skaffold draft.sh forge.sh gitkube.sh github.com/weaveworks/flux github.com/MinikubeAddon/watchpod

Hit me up on Twitter: @mhausenblas 24 Extensibility github.com/operator-framework • Use hooks: from pod-level to API Server • Write an operator (CRD + custom controller) • Develop Kubernetes-native apps using libraries such as client-go

Hit me up on Twitter: @mhausenblas 25 Container images • Pipelines • 1st generation: Jenkins, Bamboo, TeamCity • 2nd generation: Travis, CircleCI, Jenkins X • Container registries • Cloud providers: ECR, ACR, GCR • Cross-platform: Artifactory, Quay

Hit me up on Twitter: @mhausenblas 26 • Monitoring • Logging • Distributed tracing Observability

Hit me up on Twitter: @mhausenblas 27 Monitoring node container app alerts dashboards storage event router

Hit me up on Twitter: @mhausenblas 28 Logging

Hit me up on Twitter: @mhausenblas 29 Distributed tracing opentracing.io • Roots ~ “time-synced logs” • Standardized • Must-have in a microservices setup • Examples: Zipkin, Jaeger

Hit me up on Twitter: @mhausenblas 30 Good practices • Use namespaces • Use service accounts • Use policies (pod security policies, network policies) • Set resource requests and limits • Define liveness and readiness probes • Use kubectl apply

… demo time!

Hit me up on Twitter: @mhausenblas 32 A simple cloud-native app • App consists of two microservices: • a stock generator written in Go • a stock consumer written in Node.js • Source code of demo app:
 github.com/kubernauts/dok-example-us stock-gen stock-con

Hit me up on Twitter: @mhausenblas 33 stock-gen :9876/stockdata stock-con :9898/average/NYSE:RHT

Service Meshes

Hit me up on Twitter: @mhausenblas 35 Service meshes istio.io • Traffic management • Monitoring & tracing • Policy enforcement • Service identity and security • No app code changes

Data Meshes

Hit me up on Twitter: @mhausenblas 37 Data meshes

Hit me up on Twitter: @mhausenblas 38 Data meshes dotmesh.com • Data state management across microservices • Operating on a filesystem level • Externalize snapshotting • Troubleshooting, debugging

Serverless/Function-as-a-Service

Hit me up on Twitter: @mhausenblas 40 Function-as-a-Service concept

Hit me up on Twitter: @mhausenblas 41 Kubernetes landscape Project Backed by Claim to fame Started Apache OpenWhisk ASF, Adobe, IBM, Red Hat large community, mature 2015 Azure Functions Runtime Microsoft ease of use late 2017 Dispatch VMware meta-framework late 2017 Fission Platform9 performance 2016 Fn Oracle supported languages/envs late 2017 Funktion Red Hat/Fabric8 integration 2017 Kubeless Bitnami UX, monitoring 2017 Nuclio iguazio performance mid 2017 OpenFaaS VMware large community, UX late 2016 Project Riff Pivotal event-centric late 2017

Resources

Hit me up on Twitter: @mhausenblas 43

Hit me up on Twitter: @mhausenblas 44 • What is Cloud Native?
 container-solutions.com/what-is-cloud-native/ • Understanding Cloud Native Infrastructure
 infoq.com/articles/cloud-native-infrastructure • 5 reasons you should be doing container native development 
 open.microsoft.com/2018/04/23/5-reasons-you-should-be-doing-container-native-development/ • Kubernetes from the Ground Up: Server Components
 www.oznetnerd.com/kubernetes-from-the-ground-up-server-components/ • Developing on Kubernetes
 kubernetes.io/blog/2018/05/01/developing-on-kubernetes/ Articles

Hit me up on Twitter: @mhausenblas 45 • Exploring container security: Isolation at different layers of the Kubernetes stack
 cloudplatform.googleblog.com/2018/05/Exploring-container-security-Isolation-at-different-layers-of-the-Kubernetes-stack.html • Kubernetes Application Operator Basics
 blog.openshift.com/kubernetes-application-operator-basics/ • Kubernetes Best Practices
 medium.com/google-cloud/kubernetes-best-practices-8d5cd03446e2 • Selecting an API Gateway for Continuous Delivery of Cloud Native Applications
 blog.getambassador.io/selecting-an-api-gateway-for-continuous-delivery-of-cloud-native-applications-8ba05fa1c74 • What is a Service Mesh, and Do I Need One When Developing Cloud Native Systems?
 skillsmatter.com/skillscasts/10668-looking-forward-to-daniel-bryant-talk Articles

plus.google.com/+RedHat linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHatNews learn.openshift.com