Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Microservice Architecture on Kubernetes - Husey...

Microservice Architecture on Kubernetes - Huseyin Babal

Production-grade best practices gained from experience on Sony and eBay on Microservice architecture on Kubernetes.
In this session, there will be best practices for migrating/architecting microservices on Kubernetes environment. There will be a brief introduction to Kubernetes followed by, building images, deployment strategies, CI/CD integration, autoscaling, logging architecture, and service mesh. Those items will be supported by code/configuration pieces.

DevOpsDays Zurich

May 14, 2019
Tweet

More Decks by DevOpsDays Zurich

Other Decks in Technology

Transcript

  1. Who Am I? Currently Implementing Hazelcast Cloud Ex-Sony and Ex-eBay

    Engineer (Microservice Transformation Project Architect) Organizer of Docker Istanbul, NodeSchool Istanbul, DevOps Underground meetups
  2. How to use? You can see managed versions of kubernetes

    on Google Cloud, AWS, and Azure. You can use kubespray to deploy k8s on datacenter. We will focused on architectural overview rather than how to install k8s from now on.
  3. When you use k8s, you will forget about infrastructure level

    operations and mainly focus on architecting your applications.
  4. Environments According to your needs, you may need different environments

    like dev, staging, prod for different purposes. Let see how we can do this.
  5. Cluster Level Isolation You can setup cluster per environment to

    have maximum isolation. Dev Staging Prod Cluster 1 Cluster 2 Cluster 3
  6. Tip Do not put all the things in default namespace,

    it will be very hard to manage them in the future. If you want to put all the things in default namespace, you will need to have good labelling on your pods to filter them based on needs
  7. Prometheus Grafana Unsee Product Service User Service Category Service Payment

    Service Payment Worker Scoring Worker Billing Worker monitoring microservice worker
  8. Good Tools for Daily Kubernetes kubectx: A tool for managing

    your kubernetes context kubens: A tool for managing your kubernetes namespace Thanks Ahmet Alp Balkan for those wonderful tools https://github.com/ahmetb
  9. Prometheus Prometheus is capable of collecting metrics from known sources

    like cAdvisor. Prometheus is mainly used for collecting metrics and alert manager to notify you on any kind of problem
  10. Prometheus Operator Hopefully, CoreOS team developed a project called prometheus

    operator to collect k8s specific metrics automatically. https://github.com/coreos/prometheus-operator
  11. Visualization Prometheus lets us to keep track of external services

    by using some endpoint via exporters. To visualize metrics, we will use grafana.
  12. Monitoring Multiple Clusters If you have multiple clusters to be

    monitored, you can use Prometheus Federation. This is simply handled by selection one member as central monitoring member and it is capable of collecting metrics from others.
  13. Cloud Based Scenario There are several ways to provide public

    traffic to k8s cluster, but in this scenario, we will go through a kubernetes cluster exists on AWS.
  14. Nginx Ingress You can expose your service to the outside

    in several ways like as LoadBalancer. However, creating an LB for each will be hard to manage and costful. When you deploy Nginx Ingress on kubernetes environment, it will automatically create a Load Balancer.
  15. Route53 If you have managed domain name on Route53, you

    can simply add a CNAME record to point domain to LB. Every request will be proxied to k8s cluster entrance, but how about pointing to specific service?
  16. Ingress Rules You can use ingress rule to proxy incoming

    requests to specific service in k8s.
  17. And yes, the truth is, only the name Microservice Architecture

    cannot solve your architectural problems. You need to consider applying best practices to Microservices to do it in an efficient way
  18. Kubectl configuration Kubectl is a client app for k8s api

    server in order to manage k8s cluster. If you use minikube, your kubectl will be automatically configured, and it is different for other cloud providers.
  19. Handling Confidential Data If you have confidential data like db

    password, api secret, etc… you can store them inside Kubernetes secrets kubectl -n microservice create secret generic product-service --from-literal=dbpassword=${dbpassword}
  20. Rolling Update Deployment resource on k8s uses RollingUpdate strategy by

    default. Within this strategy, pods deployed one by one instead of taking entire service down.
  21. Canary Deployment You deploy an experimental feature and allow small

    amount of request traffic to this deployment. You increment the size of traffic and after a while, canary replaces the production one
  22. After a while... You confirmed that, the feature on canary

    deployment works, replace prod image with canary one and delete canary deployment
  23. Blue & Green Deployment In this strategy, there will be

    2 environments with same properties except application version. The current version will be called blue and new version will be green. Just update ingress rules to redirect traffic to green deployment.
  24. Why Not Project Specific Configs? • Sensitive data walks around

    Git • Unable to inherit common properties like spring.main.banner-mode=OFF
  25. How to Centralized Config? • Consul can be used to

    keep config data as Key/Value • Create a project for just keeping project configurations. • Git2Consul for sync configuration to Consul
  26. Git2Consul npm install -g git2consul Create a file called git2consul.json

    and add necessary config git2consul --endpoint <consul_host> --port 8500 --config-file git2consul.json
  27. Pro Tip By default, Spring Boot refreshes its context on

    config change on Consul. This may cause down time problems, so disable config change watching with following.
  28. How? You can either use Swagger to generate your client

    code on any supported language, or feign client with a little annotation and client side load balancing with Ribbon.
  29. Swagger Doc Now you are able to access; http://your_api/swagger-ui.html for

    api documentation http://your_api/v2/api-docs for json specification of API doc.
  30. Pro Tip The best place to generate api client is

    while Jenkins build section. • If you are deploying a feature to non-prod environment you can generate client library with snapshot version and push to nexus. • If you are deploying a feature to prod environment, you can generate client with stable and push to nexus artifactory
  31. You can use several technology to send your logs to

    logging backend. It can be Graylog, ELK, etc...
  32. Why to Monitor Service Metrics? Beautiful graphs and dashboard fetched

    from log resources may not be helpful for you every time when you face a difficult issue. You may need to see your service insights to find the root cause.
  33. Tools Can Be Used NewRelic, AppDynamics, DynaTrace, Zipkin can be

    suggestion for your APM monitoring. However, in a containerized microservices world, you may need to have a tool that works in real-time and has some AI capabilities.