Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hands-on Cloud Native Lifecycle Management

Hands-on Cloud Native Lifecycle Management

Talk at Continuous Lifecycle London, see https://continuouslifecycle.london/

Michael Hausenblas

May 16, 2018
Tweet

More Decks by Michael Hausenblas

Other Decks in Technology

Transcript

  1. Hit me up on Twitter: @mhausenblas 2 • Developer Advocate

    @ Red Hat (Go, Kubernetes, OpenShift) • Developer Advocate @ Mesosphere (Mesos, DC/OS, Kubernetes) • Chief Data Engineer @ MapR (HDFS, HBase, Drill, etc.) • Applied research (4y in Ireland, 7y in Austria) • Nowadays mainly developing tools in Go (Python, Node, Java, C++) • Kinda developer turned ops (aka appops) $ whois mhausenblas
  2. Hit me up on Twitter: @mhausenblas 6 • containerized setup

    • observability • loose coupling • delivery vs deployment Terminology
  3. Hit me up on Twitter: @mhausenblas 8 Portability • Avoid

    platform lock-in • Enable hybrid cloud deployments • multi-cloud • on-premises and cloud
  4. Hit me up on Twitter: @mhausenblas 9 Unit of deployment

    • VMs • Containers • Functions
  5. Hit me up on Twitter: @mhausenblas 10 Distributed systems •

    Scale out on commodity hardware • Fallacies of distributed computing • Stateful services shard inherently
  6. Hit me up on Twitter: @mhausenblas 11 Roles • cluster

    admin • namespace admin • developer • user
  7. Hit me up on Twitter: @mhausenblas 12 Cluster admin •

    provision infrastructure (AWS, Azure, GCP, OpenStack) • infra monitoring • install and upgrade platform (Kubernetes) • user management • base image management • quotas
  8. Hit me up on Twitter: @mhausenblas 13 Namespace admin •

    application lifecycle management • namespace/app monitoring • quotas (?) • RBAC
  9. Hit me up on Twitter: @mhausenblas 14 Developer • application

    container images • testing/integration • troubleshooting (on-call?) • application-level monitoring • tracing
  10. Hit me up on Twitter: @mhausenblas 15 Challenges • Aligning

    incentives (dev vs. ops) • Fallacies of distributed computing • Security
  11. Hit me up on Twitter: @mhausenblas 17 Build and delivery

    status quo build artefacts build tooling runtime config code creds CI/CD pipeline |||| code repo binary bare metal server/VMs
  12. Hit me up on Twitter: @mhausenblas 18 Doing it the

    cloud native way build artefacts build tooling runtime CI/CD pipeline |||| code repo container container orchestrator +
 service mesh config code creds container image manifest container runtime manifest service mesh manifest container
 registry
  13. Hit me up on Twitter: @mhausenblas 19 Development modes (conceptually)

    remote local cluster dev cluster dev cluster dev dev cluster pure off-line proxied live pure on-line
  14. Hit me up on Twitter: @mhausenblas 20 A note on

    operational aspects monolith v1 monolith v2 time µS1
 v1 µS2
 v1 µS3
 v1 µS2
 v2 µS3
 v2 µS1
 v2 µS2
 v3 µS3
 v3 µS1
 v3 µS3
 v4 µS2
 v4 µS3
 v5 µS1
 v4 µS2
 v5 µS3
 v6
  15. Hit me up on Twitter: @mhausenblas 22 Kubernetes kubernetes.io •

    Container lifecycle management • Declarative, state-driven • Extensible, modular API • Robust, flexible, scalable Kudos to Lucas Käldström for this figure (source)
  16. Hit me up on Twitter: @mhausenblas 23 telepresence.io vapor-ware.github.io/ksync/ www.openshift.org

    kubed.sh kedgeproject.org ksonnet.io Minikube Minishift Docker Community Edition for Mac & Windows github.com/GoogleCloudPlatform/skaffold draft.sh forge.sh gitkube.sh github.com/weaveworks/flux github.com/MinikubeAddon/watchpod
  17. Hit me up on Twitter: @mhausenblas 24 Extensibility github.com/operator-framework •

    Use hooks: from pod-level to API Server • Write an operator (CRD + custom controller) • Develop Kubernetes-native apps using libraries such as client-go
  18. Hit me up on Twitter: @mhausenblas 25 Container images •

    Pipelines • 1st generation: Jenkins, Bamboo, TeamCity • 2nd generation: Travis, CircleCI, Jenkins X • Container registries • Cloud providers: ECR, ACR, GCR • Cross-platform: Artifactory, Quay
  19. Hit me up on Twitter: @mhausenblas 26 • Monitoring •

    Logging • Distributed tracing Observability
  20. Hit me up on Twitter: @mhausenblas 27 Monitoring node container

    app alerts dashboards storage event router
  21. Hit me up on Twitter: @mhausenblas 29 Distributed tracing opentracing.io

    • Roots ~ “time-synced logs” • Standardized • Must-have in a microservices setup • Examples: Zipkin, Jaeger
  22. Hit me up on Twitter: @mhausenblas 30 Good practices •

    Use namespaces • Use service accounts • Use policies (pod security policies, network policies) • Set resource requests and limits • Define liveness and readiness probes • Use kubectl apply
  23. Hit me up on Twitter: @mhausenblas 32 A simple cloud-native

    app • App consists of two microservices: • a stock generator written in Go • a stock consumer written in Node.js • Source code of demo app:
 github.com/kubernauts/dok-example-us stock-gen stock-con
  24. Hit me up on Twitter: @mhausenblas 35 Service meshes istio.io

    • Traffic management • Monitoring & tracing • Policy enforcement • Service identity and security • No app code changes
  25. Hit me up on Twitter: @mhausenblas 38 Data meshes dotmesh.com

    • Data state management across microservices • Operating on a filesystem level • Externalize snapshotting • Troubleshooting, debugging
  26. Hit me up on Twitter: @mhausenblas 41 Kubernetes landscape Project

    Backed by Claim to fame Started Apache OpenWhisk ASF, Adobe, IBM, Red Hat large community, mature 2015 Azure Functions Runtime Microsoft ease of use late 2017 Dispatch VMware meta-framework late 2017 Fission Platform9 performance 2016 Fn Oracle supported languages/envs late 2017 Funktion Red Hat/Fabric8 integration 2017 Kubeless Bitnami UX, monitoring 2017 Nuclio iguazio performance mid 2017 OpenFaaS VMware large community, UX late 2016 Project Riff Pivotal event-centric late 2017
  27. Hit me up on Twitter: @mhausenblas 44 • What is

    Cloud Native?
 container-solutions.com/what-is-cloud-native/ • Understanding Cloud Native Infrastructure
 infoq.com/articles/cloud-native-infrastructure • 5 reasons you should be doing container native development 
 open.microsoft.com/2018/04/23/5-reasons-you-should-be-doing-container-native-development/ • Kubernetes from the Ground Up: Server Components
 www.oznetnerd.com/kubernetes-from-the-ground-up-server-components/ • Developing on Kubernetes
 kubernetes.io/blog/2018/05/01/developing-on-kubernetes/ Articles
  28. Hit me up on Twitter: @mhausenblas 45 • Exploring container

    security: Isolation at different layers of the Kubernetes stack
 cloudplatform.googleblog.com/2018/05/Exploring-container-security-Isolation-at-different-layers-of-the-Kubernetes-stack.html • Kubernetes Application Operator Basics
 blog.openshift.com/kubernetes-application-operator-basics/ • Kubernetes Best Practices
 medium.com/google-cloud/kubernetes-best-practices-8d5cd03446e2 • Selecting an API Gateway for Continuous Delivery of Cloud Native Applications
 blog.getambassador.io/selecting-an-api-gateway-for-continuous-delivery-of-cloud-native-applications-8ba05fa1c74 • What is a Service Mesh, and Do I Need One When Developing Cloud Native Systems?
 skillsmatter.com/skillscasts/10668-looking-forward-to-daniel-bryant-talk Articles