Microservice Architecture on Kubernetes - Huseyin Babal

Transcript

1. Microservice Architecture on Kubernetes Huseyin BABAL Software Development Team Lead

   @ Hazelcast Cloud

2. Who Am I? Currently Implementing Hazelcast Cloud Ex-Sony and Ex-eBay

   Engineer (Microservice Transformation Project Architect) Organizer of Docker Istanbul, NodeSchool Istanbul, DevOps Underground meetups

3. #1 Kubernetes Overview

4. What is it? Open-source platform for managing containerized workloads and

   services.

5. How to use? You can see managed versions of kubernetes

   on Google Cloud, AWS, and Azure. You can use kubespray to deploy k8s on datacenter. We will focused on architectural overview rather than how to install k8s from now on.

6. #2 Cluster Environment Architecture

7. When you use k8s, you will forget about infrastructure level

   operations and mainly focus on architecting your applications.

8. Environments According to your needs, you may need different environments

   like dev, staging, prod for different purposes. Let see how we can do this.

9. Cluster Level Isolation You can setup cluster per environment to

   have maximum isolation. Dev Staging Prod Cluster 1 Cluster 2 Cluster 3

10. Namespace Level Isolation You can create namespace per environment to

    isolate them Cluster Dev Staging Prod

11. Tip Do not put all the things in default namespace,

    it will be very hard to manage them in the future. If you want to put all the things in default namespace, you will need to have good labelling on your pods to filter them based on needs

12. Prometheus Grafana Unsee Product Service User Service Category Service Payment

    Service Payment Worker Scoring Worker Billing Worker monitoring microservice worker

13. Good Tools for Daily Kubernetes kubectx: A tool for managing

    your kubernetes context kubens: A tool for managing your kubernetes namespace Thanks Ahmet Alp Balkan for those wonderful tools https://github.com/ahmetb

14. Kubectx

15. Kubens

16. #3 Monitoring

17. Monitor Everything

18. Prometheus Prometheus is capable of collecting metrics from known sources

    like cAdvisor. Prometheus is mainly used for collecting metrics and alert manager to notify you on any kind of problem

19. Prometheus Operator Hopefully, CoreOS team developed a project called prometheus

    operator to collect k8s specific metrics automatically. https://github.com/coreos/prometheus-operator

20. Getting Started You can install Prometheus with Helm charts

21. Visualization Prometheus lets us to keep track of external services

    by using some endpoint via exporters. To visualize metrics, we will use grafana.
22. None

23. Alert Manager

24. Monitoring Multiple Clusters If you have multiple clusters to be

    monitored, you can use Prometheus Federation. This is simply handled by selection one member as central monitoring member and it is capable of collecting metrics from others.

25. Federation Sample

26. #4 Public Traffic

27. Cloud Based Scenario There are several ways to provide public

    traffic to k8s cluster, but in this scenario, we will go through a kubernetes cluster exists on AWS.

28. Nginx Ingress You can expose your service to the outside

    in several ways like as LoadBalancer. However, creating an LB for each will be hard to manage and costful. When you deploy Nginx Ingress on kubernetes environment, it will automatically create a Load Balancer.

29. Route53 If you have managed domain name on Route53, you

    can simply add a CNAME record to point domain to LB. Every request will be proxied to k8s cluster entrance, but how about pointing to specific service?

30. Ingress Rules You can use ingress rule to proxy incoming

    requests to specific service in k8s.
31. None

32. Route53 Load Balancer Nginx Ingress Product Service User Service Kubernetes

    Cluster

33. #5 Microservice Overview

34. Once upon a time while we are in monolithic app

    days

35. After switching to Microservice Architecture ...

36. And yes, the truth is, only the name Microservice Architecture

    cannot solve your architectural problems. You need to consider applying best practices to Microservices to do it in an efficient way

37. #6 Try to Reach Glory of REST

38. Leonard Richardson’s Maturity Model •

39. #7 k8s Warm-up

40. Project Structure

41. deployment.yml

42. service.yml

43. Kubectl configuration Kubectl is a client app for k8s api

    server in order to manage k8s cluster. If you use minikube, your kubectl will be automatically configured, and it is different for other cloud providers.

44. Simple deployment git clone <http://project> cd <project> kubectl apply -f

    k8s

45. Handling Confidential Data If you have confidential data like db

    password, api secret, etc… you can store them inside Kubernetes secrets kubectl -n microservice create secret generic product-service --from-literal=dbpassword=${dbpassword}
46. None

47. #8 Continuous Delivery

48. Build Test Deploy Cloud Provider

49. None

50. Slack Notifications

51. Deployment Script

52. Deployment Types • Rolling Update • Canary Deployment • Blue

    / Green Deployment

53. Rolling Update Deployment resource on k8s uses RollingUpdate strategy by

    default. Within this strategy, pods deployed one by one instead of taking entire service down.

54. Canary Deployment You deploy an experimental feature and allow small

    amount of request traffic to this deployment. You increment the size of traffic and after a while, canary replaces the production one
55. None
56. None

57. After a while... You confirmed that, the feature on canary

    deployment works, replace prod image with canary one and delete canary deployment
58. None

59. Blue & Green Deployment In this strategy, there will be

    2 environments with same properties except application version. The current version will be called blue and new version will be green. Just update ingress rules to redirect traffic to green deployment.

60. #9 Distributed Configuration

61. Why Not Project Specific Configs? • Sensitive data walks around

    Git • Unable to inherit common properties like spring.main.banner-mode=OFF

62. How to Centralized Config? • Consul can be used to

    keep config data as Key/Value • Create a project for just keeping project configurations. • Git2Consul for sync configuration to Consul

63. Architecture Git2Consull Daemon Config Project Git push new config change

    Polling Sync configs to Consul User

64. Spring Boot Config

65. Spring Boot Config (Test)

66. Git2Consul npm install -g git2consul Create a file called git2consul.json

    and add necessary config git2consul --endpoint <consul_host> --port 8500 --config-file git2consul.json

67. Git2Consul Config File

68. Pro Tip By default, Spring Boot refreshes its context on

    config change on Consul. This may cause down time problems, so disable config change watching with following.

69. #10 Client Code Generation

70. How? You can either use Swagger to generate your client

    code on any supported language, or feign client with a little annotation and client side load balancing with Ribbon.

71. Feign Client

72. Swagger Doc

73. Swagger Doc Now you are able to access; http://your_api/swagger-ui.html for

    api documentation http://your_api/v2/api-docs for json specification of API doc.

74. Swagger Codegen

75. Pro Tip The best place to generate api client is

    while Jenkins build section. • If you are deploying a feature to non-prod environment you can generate client library with snapshot version and push to nexus. • If you are deploying a feature to prod environment, you can generate client with stable and push to nexus artifactory

76. #11 Logging

77. Spring Boot Logging

78. Logging Types • Node Level Logging • Cluster Level Logging

79. Node Level Logging

80. Cluster-Level Logging

81. You can use several technology to send your logs to

    logging backend. It can be Graylog, ELK, etc...
82. None

83. Humio

84. None

85. Installation helm install --version "v0.8.0" stable/fluent-bit --name=humio-agent -f humio-agent.yaml

86. #12 APM & Service Mesh

87. Why to Monitor Service Metrics? Beautiful graphs and dashboard fetched

    from log resources may not be helpful for you every time when you face a difficult issue. You may need to see your service insights to find the root cause.

88. Tools Can Be Used NewRelic, AppDynamics, DynaTrace, Zipkin can be

    suggestion for your APM monitoring. However, in a containerized microservices world, you may need to have a tool that works in real-time and has some AI capabilities.

89. Instana Instana is an AI Powered Application and Infrastructure Monitoring

90. None
91. None
92. None
93. None
94. None
95. None

96. Any Question? /huseyinbabal /huseyinbabal https://huseyinbabal.com