Hands-on Cloud Native Lifecycle Management

Transcript

1. Hands-on Cloud Native Lifecycle Management Michael Hausenblas @mhausenblas
 Developer Advocate,

   Red Hat
 2018-05-16, Continuous Lifecycle London

2. Hit me up on Twitter: @mhausenblas 2 • Developer Advocate

   @ Red Hat (Go, Kubernetes, OpenShift) • Developer Advocate @ Mesosphere (Mesos, DC/OS, Kubernetes) • Chief Data Engineer @ MapR (HDFS, HBase, Drill, etc.) • Applied research (4y in Ireland, 7y in Austria) • Nowadays mainly developing tools in Go (Python, Node, Java, C++) • Kinda developer turned ops (aka appops) $ whois mhausenblas

3. Hit me up on Twitter: @mhausenblas 3 admin SRE developer

   QA architect PM PHB

4. The Cloud Native Lifecycle

5. Hit me up on Twitter: @mhausenblas 5

6. Hit me up on Twitter: @mhausenblas 6 • containerized setup

   • observability • loose coupling • delivery vs deployment Terminology

7. Hit me up on Twitter: @mhausenblas 7 Starting point: twelve

   factor apps 12factor.net

8. Hit me up on Twitter: @mhausenblas 8 Portability • Avoid

   platform lock-in • Enable hybrid cloud deployments • multi-cloud • on-premises and cloud

9. Hit me up on Twitter: @mhausenblas 9 Unit of deployment

   • VMs • Containers • Functions

10. Hit me up on Twitter: @mhausenblas 10 Distributed systems •

    Scale out on commodity hardware • Fallacies of distributed computing • Stateful services shard inherently

11. Hit me up on Twitter: @mhausenblas 11 Roles • cluster

    admin • namespace admin • developer • user

12. Hit me up on Twitter: @mhausenblas 12 Cluster admin •

    provision infrastructure (AWS, Azure, GCP, OpenStack) • infra monitoring • install and upgrade platform (Kubernetes) • user management • base image management • quotas

13. Hit me up on Twitter: @mhausenblas 13 Namespace admin •

    application lifecycle management • namespace/app monitoring • quotas (?) • RBAC

14. Hit me up on Twitter: @mhausenblas 14 Developer • application

    container images • testing/integration • troubleshooting (on-call?) • application-level monitoring • tracing

15. Hit me up on Twitter: @mhausenblas 15 Challenges • Aligning

    incentives (dev vs. ops) • Fallacies of distributed computing • Security

16. Building and delivering apps on Kubernetes

17. Hit me up on Twitter: @mhausenblas 17 Build and delivery

    status quo build artefacts build tooling runtime config code creds CI/CD pipeline |||| code repo binary bare metal server/VMs

18. Hit me up on Twitter: @mhausenblas 18 Doing it the

    cloud native way build artefacts build tooling runtime CI/CD pipeline |||| code repo container container orchestrator +
 service mesh config code creds container image manifest container runtime manifest service mesh manifest container
 registry

19. Hit me up on Twitter: @mhausenblas 19 Development modes (conceptually)

    remote local cluster dev cluster dev cluster dev dev cluster pure off-line proxied live pure on-line

20. Hit me up on Twitter: @mhausenblas 20 A note on

    operational aspects monolith v1 monolith v2 time µS1
 v1 µS2
 v1 µS3
 v1 µS2
 v2 µS3
 v2 µS1
 v2 µS2
 v3 µS3
 v3 µS1
 v3 µS3
 v4 µS2
 v4 µS3
 v5 µS1
 v4 µS2
 v5 µS3
 v6

21. Tooling

22. Hit me up on Twitter: @mhausenblas 22 Kubernetes kubernetes.io •

    Container lifecycle management • Declarative, state-driven • Extensible, modular API • Robust, flexible, scalable Kudos to Lucas Käldström for this figure (source)

23. Hit me up on Twitter: @mhausenblas 23 telepresence.io vapor-ware.github.io/ksync/ www.openshift.org

    kubed.sh kedgeproject.org ksonnet.io Minikube Minishift Docker Community Edition for Mac & Windows github.com/GoogleCloudPlatform/skaffold draft.sh forge.sh gitkube.sh github.com/weaveworks/flux github.com/MinikubeAddon/watchpod

24. Hit me up on Twitter: @mhausenblas 24 Extensibility github.com/operator-framework •

    Use hooks: from pod-level to API Server • Write an operator (CRD + custom controller) • Develop Kubernetes-native apps using libraries such as client-go

25. Hit me up on Twitter: @mhausenblas 25 Container images •

    Pipelines • 1st generation: Jenkins, Bamboo, TeamCity • 2nd generation: Travis, CircleCI, Jenkins X • Container registries • Cloud providers: ECR, ACR, GCR • Cross-platform: Artifactory, Quay

26. Hit me up on Twitter: @mhausenblas 26 • Monitoring •

    Logging • Distributed tracing Observability

27. Hit me up on Twitter: @mhausenblas 27 Monitoring node container

    app alerts dashboards storage event router

28. Hit me up on Twitter: @mhausenblas 28 Logging

29. Hit me up on Twitter: @mhausenblas 29 Distributed tracing opentracing.io

    • Roots ~ “time-synced logs” • Standardized • Must-have in a microservices setup • Examples: Zipkin, Jaeger

30. Hit me up on Twitter: @mhausenblas 30 Good practices •

    Use namespaces • Use service accounts • Use policies (pod security policies, network policies) • Set resource requests and limits • Define liveness and readiness probes • Use kubectl apply

31. … demo time!

32. Hit me up on Twitter: @mhausenblas 32 A simple cloud-native

    app • App consists of two microservices: • a stock generator written in Go • a stock consumer written in Node.js • Source code of demo app:
 github.com/kubernauts/dok-example-us stock-gen stock-con

33. Hit me up on Twitter: @mhausenblas 33 stock-gen :9876/stockdata stock-con

    :9898/average/NYSE:RHT

34. Service Meshes

35. Hit me up on Twitter: @mhausenblas 35 Service meshes istio.io

    • Traffic management • Monitoring & tracing • Policy enforcement • Service identity and security • No app code changes

36. Data Meshes

37. Hit me up on Twitter: @mhausenblas 37 Data meshes

38. Hit me up on Twitter: @mhausenblas 38 Data meshes dotmesh.com

    • Data state management across microservices • Operating on a filesystem level • Externalize snapshotting • Troubleshooting, debugging

39. Serverless/Function-as-a-Service

40. Hit me up on Twitter: @mhausenblas 40 Function-as-a-Service concept

41. Hit me up on Twitter: @mhausenblas 41 Kubernetes landscape Project

    Backed by Claim to fame Started Apache OpenWhisk ASF, Adobe, IBM, Red Hat large community, mature 2015 Azure Functions Runtime Microsoft ease of use late 2017 Dispatch VMware meta-framework late 2017 Fission Platform9 performance 2016 Fn Oracle supported languages/envs late 2017 Funktion Red Hat/Fabric8 integration 2017 Kubeless Bitnami UX, monitoring 2017 Nuclio iguazio performance mid 2017 OpenFaaS VMware large community, UX late 2016 Project Riff Pivotal event-centric late 2017

42. Resources

43. Hit me up on Twitter: @mhausenblas 43

44. Hit me up on Twitter: @mhausenblas 44 • What is

    Cloud Native?
 container-solutions.com/what-is-cloud-native/ • Understanding Cloud Native Infrastructure
 infoq.com/articles/cloud-native-infrastructure • 5 reasons you should be doing container native development 
 open.microsoft.com/2018/04/23/5-reasons-you-should-be-doing-container-native-development/ • Kubernetes from the Ground Up: Server Components
 www.oznetnerd.com/kubernetes-from-the-ground-up-server-components/ • Developing on Kubernetes
 kubernetes.io/blog/2018/05/01/developing-on-kubernetes/ Articles

45. Hit me up on Twitter: @mhausenblas 45 • Exploring container

    security: Isolation at different layers of the Kubernetes stack
 cloudplatform.googleblog.com/2018/05/Exploring-container-security-Isolation-at-different-layers-of-the-Kubernetes-stack.html • Kubernetes Application Operator Basics
 blog.openshift.com/kubernetes-application-operator-basics/ • Kubernetes Best Practices
 medium.com/google-cloud/kubernetes-best-practices-8d5cd03446e2 • Selecting an API Gateway for Continuous Delivery of Cloud Native Applications
 blog.getambassador.io/selecting-an-api-gateway-for-continuous-delivery-of-cloud-native-applications-8ba05fa1c74 • What is a Service Mesh, and Do I Need One When Developing Cloud Native Systems?
 skillsmatter.com/skillscasts/10668-looking-forward-to-daniel-bryant-talk Articles

46. plus.google.com/+RedHat linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHatNews learn.openshift.com