Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Cloud Native on Google Cloud

Cloud Native on Google Cloud

In this presentation, we go through basics of Containers, Kubernetes, Istio and Knative and see how they work on Google Cloud

Mete Atamel

July 08, 2019
Tweet

More Decks by Mete Atamel

Other Decks in Programming

Transcript

  1. Confidential & Proprietary Cloud Native on Google Cloud Containers, Kubernetes,

    Istio, Knative Mete Atamel Developer Advocate at Google @meteatamel speakerdeck.com/meteatamel/cloud-native-on-google-cloud github.com/meteatamel/istio-on-gke-tutorial github.com/meteatamel/knative-tutorial
  2. Confidential & Proprietary Virtual machine OS Dependencies Application Code Hardware

    Bare-metal server OS Dependencies Application Code Hardware Container OS Dependencies Application Code Hardware
  3. Confidential & Proprietary Virtual machine Container ImageMagick 6.4.90 Container ImageMagick

    7.0.28 Payments application Rendering application OS Hardware Virtual machine ImageMagick 6.4.90 Payments application Rendering application Hardware OS
  4. 5 Docker: Tooling for containers FROM debian:latest RUN apt-get update

    RUN apt-get install -y nginx CMD [“nginx”,”-g”,”daemon off;”] EXPOSE 80 Docker is a container runtime and image format Dockerfile defines the dependencies, environment and the code to run Container is a consistent invocation of a Dockerfile
  5. #GoogleCloudSummit Benefits of containers Versioning Ease of sharing Reusability Introspection

    Faster deployments Portability Immutable infrastructure Isolation
  6. Confidential & Proprietary Containers are not enough Service Discovery Redundancy

    Scheduling Scaling up & down Rolling out & back Resiliency Config & Secrets Health Checks
  7. Confidential & Proprietary Kubernetes Κυβερνήτης means “governor” in Greek •

    Manages container clusters • Inspired and informed by Google’s internal container system called Borg • Supports multiple cloud and bare-metal environments • 100% Open source Manage applications, not machines
  8. Confidential & Proprietary The 10000 foot view kubelet UI kubelet

    CLI API users master nodes etcd kubelet scheduler controllers apiserver
  9. Confidential & Proprietary Microservices in Kubernetes world Service Pods Each

    pod containers one or more containers Nodes Role: frontend Role: frontend Role: frontend Role: frontend Deployment Replicas: 3 Env: prod microservice labels Service communication channel Blueprint “pod template” Env: prod Env: prod Env: prod registry containers
  10. 12 Compute Engine Full control: VMs for Linux and Windows

    Server App Engine Deploy your code and we scale it for you Cloud Functions A serverless platform for event-based microservices Google Kubernetes Engine (GKE) Kubernetes-as-a-service
  11. 13 $ gcloud container clusters create cluster-1 Creating cluster cluster-1...done.

    Created [https://container.googleapis.com/v1/projects/sandbox/zones/europe-west1-c/clusters/cluster-1]. kubeconfig entry generated for cluster-1. NAME ZONE MASTER_VERSION MASTER_IP MACHINE_TYPE NODE_VERSION NUM_NODES STATUS cluster-1 europe-west1-c 1.4.6 104.199.87.107 n1-standard-1 1.4.6 3 RUNNING $ gcloud container clusters get-credentials cluster-1 Fetching cluster endpoint and auth data. kubeconfig entry generated for cluster-1. $ kubectl get nodes NAME STATUS AGE gke-cluster-1-default-pool-6c50430d-chjm Ready 2m gke-cluster-1-default-pool-6c50430d-esqq Ready 2m gke-cluster-1-default-pool-6c50430d-zfm9 Ready 2m $ kubectl get pods $ $ gcloud container clusters resize cluster-1 --size 5 Pool [default-pool] for [cluster-1] will be resized to 5. Resizing cluster-1...done. Updated [https://container.googleapis.com/v1/projects/sandbox/zones/europe-west1-c/clusters/cluster-1].
  12. Confidential & Proprietary Kubernetes Terminology Deployment Pod Volume Label Selector

    ReplicaSet Liveness Probe Readiness Probe Service DaemonSet Job StatefulSet ConfigMap Secret
  13. Confidential & Proprietary Kubernetes is not enough either Dependency Visualisation

    Tracing Metrics Logging Circuit Breaking Service Identity & Auth Fault Injection Traffic Flow & Policies Failover
  14. Service architecture with Istio Proxy Auth Proxy Frontend Users Cloud

    SQL Pictures Proxy Payments Proxy External Payment Processor External Payment Processor
  15. Traffic transparently proxied — unaware of proxies Pilot Mixer Discovery

    & config data to proxies TLS certs to proxies Policy checks, telemetry Proxy Frontend Proxy Payments Istio-Auth How Istio works Istio Control Plane
  16. 23 $ gcloud beta container clusters create istio-demo \ --addons=Istio

    --istio-config=auth=MTLS_STRICT \ --cluster-version=latest \ --machine-type=n1-standard-2 \ --num-nodes=4 Creating cluster istio-demo in europe-west4-a Created[https://container.googleapis.com/v1beta1/projects/istio-project2517/zones/europe-west4-a/clus ters/istio-demo] NAME LOCATION MASTER_VERSION MASTER_IP MACHINE_TYPE NODE_VERSION NUM_NODES STATUS istio-demo europe-west4-a 1.12.5-gke.5 35.204.5.121 n1-standard-2 1.12.5-gke.5 4 RUNNING $ kubectl create clusterrolebinding cluster-admin-binding \ --clusterrole=cluster-admin \ --user=$(gcloud config get-value core/account) clusterrolebinding "cluster-admin-binding" created
  17. #GoogleCloudSummit In the past 10% canaries Load Balancing Traffic control

    tied to infrastructure Canary Default Default Default Default Default Default Default Default Default
  18. #GoogleCloudSummit With Istio Traffic flow separated from infrastructure Canary Default

    10% canaries Istio Load Balancing 90% of traffic 10% of traffic
  19. #GoogleCloudSummit pictures App rollout destination: pictures.example.local match: source: frontend.example.local route:

    - tags: version: v1.5 env: prod weight: 90 - tags: version: v2.0-alpha env: staging weight: 10 version: 2.0-alpha env: staging version: 1.5 env: prod 90% 10% Proxy Frontend Pictures Proxy Pictures Proxy
  20. #GoogleCloudSummit Traffic steering destination: pictures.example.local match: httpHeaders: user-agent: regex: ^(.*?;)?(iPhone)(;.*)?$

    precedence: 2 route: - tags: version: 2.0-alpha env: staging pictures version: 2.0-alpha env: staging version: 1.5 env: prod Proxy Frontend Pictures Proxy Pictures Proxy
  21. Confidential & Proprietary Developers want serverless ... just want to

    run their code. ... want to use their favorite languages and dependencies. ... don't want to manage the infrastructure. Operators want Kubernetes Kubernetes is great orchestrating microservices They love using GKE and not having to do operations for Kubernetes. Kubernetes is not the right abstraction for their developers.
  22. Confidential & Proprietary Knative Project - github.com/knative Set of components

    for serverless Solves for modern development patterns Implements learnings from Google, partners
  23. Knative stack Serving Eventing Kubernetes Platform Products Components Google Cloud

    Run Google Cloud Run on GKE Istio Gateway *No eventing * *
  24. Confidential & Proprietary Knative Stack Build Serving Kubernetes Platform Products

    Primitives Events ... Serverless Containers on GCF GKE Serverless Add-on SAP Kyma Pivotal Function Service IBM Cloud Functions Red Hat Cloud Functions Pivotal riff OpenFaaS T-mobile Jazz Istio Service Mesh # Get a Kubernetes Cluster $ gcloud beta container clusters create $CLUSTER_NAME \ --addons=HorizontalPodAutoscaling,HttpLoadBalancing,Istio \ --machine-type=n1-standard-4 \ --cluster-version=latest --zone=$CLUSTER_ZONE \ --enable-stackdriver-kubernetes --enable-ip-alias \ --enable-autoscaling --min-nodes=1 --max-nodes=10 \ --enable-autorepair \ --scopes cloud-platform Creating cluster hello-knative...done. NAME LOCATION MASTER_VERSION MASTER_IP MACHINE_TYPE NODE_VERSION NUM_NODES STATUS Hello-knative europe-west1-b 1.13.6-gke.5 35.190.182.251 n1-standard-1 1.13.6-gke.5 4 RUNNING # Create Cluster Role Binding $ kubectl create clusterrolebinding cluster-admin-binding \ --clusterrole=cluster-admin \ --user=$(gcloud config get-value core/account) clusterrolebinding "cluster-admin-binding" created
  25. Confidential & Proprietary Knative Stack Build Serving Kubernetes Platform Products

    Primitives Events ... Serverless Containers on GCF GKE Serverless Add-on SAP Kyma Pivotal Function Service IBM Cloud Functions Red Hat Cloud Functions Pivotal riff OpenFaaS T-mobile Jazz Istio Service Mesh # Install Knative $ kubectl apply -f https://github.com/knative/serving/releases/download/v0.9.0/serving.yaml \ -f https://github.com/knative/eventing/releases/download/v0.9.0/release.yaml \ -f https://github.com/knative/serving/releases/download/v0.9.0/monitoring.yaml
  26. Confidential & Proprietary Knative Serving What is it? Rapid deployment

    of serverless containers Automatic (0-n) scaling Configuration and revision management Traffic splitting between revisions Pluggable Connect to your own logging and monitoring platform, or use the built-in system Auto-scaler can be tuned or swapped out for custom code
  27. Confidential & Proprietary Knative Serving Primitives Knative Service High level

    abstraction for the application Configuration Current/desired state of an application Code & configuration separated (a la 12-factor) Revision Point in time snapshots for your code and configuration Route Maps traffic to revisions
  28. Cloud Run Fully managed, deploy your workloads and don’t see

    the cluster. Cloud Run on Anthos Deploy into your GKE cluster, run serverless side-by-side with your existing workloads. Knative Everywhere Use the same APIs and tooling anywhere you run Kubernetes with Knative. Serverless on Google Cloud
  29. Confidential & Proprietary Knative Eventing What is it? For loosely

    coupled, event-driven services with on/off cluster event sources Bind declaratively event sources, triggers and services Scales from just few events to live streams Uses standard CloudEvents Event type Flow Event source Event type Event type Event consumer(s)
  30. Confidential & Proprietary Knative Event Sources Name Description Apache Camel

    Allows to use Apache Camel components for pushing events into Knative Apache Kafka Brings Apache Kafka messages into Knative AWS SQS Brings AWS Simple Queue Service messages into Knative Cron Job Uses an in-memory timer to produce events on the specified Cron schedule. GCP PubSub Brings GCP PubSub messages into Knative GitHub Brings GitHub organization/repository events into Knative GitLab Brings GitLab repository events into Knative. Google Cloud Scheduler Google Cloud Scheduler events in Knative when jobs are triggered Google Cloud Storage Brings Google Cloud Storage bucket/object events into Knative Kubernetes Brings Kubernetes cluster/infrastructure events into Knative https://github.com/knative/docs/tree/master/docs/eventing/sources
  31. Confidential & Proprietary Knative Eventing Namespace subscribe Trigger Service (Callable)

    Broker Trigger Service (Callable) subscribe filter= filter= ✓ ✓ ✓ Source Events Source Events ingress ingress publish
  32. Confidential & Proprietary Knative Events { "specversion": "0.2", "type": "com.github.pull.create",

    "source": "https://github.com/cloudevents/spec/pull/123", "id": "A234-1234-1234", "time": "2019-04-08T17:31:00Z", "datacontenttype": "application/json", "data": "{ GitHub Payload... }" } FTP GitHub GCS Broker FTP Receive Adapter GitHub Receive Adapter GCS Receive Adapter CloudEvent
  33. Confidential & Proprietary Integrate Cloud Storage to Vision API Cloud

    Storage Bucket Cloud Storage -> Cloud PubSub -> Knative Eventing -> Knative Servicing -> Vision API Cloud PubSub Topic Knative Eventing Channel Knative Serving GKE Cloud Vision API Labels 1 2 3 4 5 6
  34. Confidential & Proprietary Tekton Pipelines What is it? Kubernetes style

    resources for declaring CI/CD-style pipelines Go from source code to container images on repositories Build pipelines can have multiple steps and can push to different registries Builds run in containers in the cluster. No need for Docker locally Primitives Task: Represents the work to be executed with 1 or more steps TaskRun: Runs the Task with supplied parameters Pipeline: A list of Tasks to execute in order ServiceAccount: For authentication with DockerHub etc.