SlideShare una empresa de Scribd logo

Nils Rhode - Does it always have to be k8s - TeC Day 2019

Haufe-Lexware GmbH & Co KG
Haufe-Lexware GmbH & Co KG

This document discusses moving two customer-facing applications, Haufe Instant Feedback and Haufe Agile Hats, from self-hosted to cloud-native architectures on AWS. It provides an overview of the architectures, which include separating the applications by product at the VPC level and using AWS Fargate for container orchestration without Kubernetes. The document outlines the security measures taken and continuous integration/delivery pipeline used to deploy updates from development to production environments on AWS.

Software
1 de 40
Descargar para leer sin conexión
Does it always have to be K8s? v 1.0 Running multiple customer-facing application in Fargate! Nils Rhode | Mission 1 @ umantis | Haufe TEC Day
Haufe Talent Management Team Recruiting Instant Feedback Marketplace My Onboarding ….
• Mobile App with Administration Backend for Managers • … with a few clicks, employees can request feedback on their own behavior or provide feedback on a person, meeting or survey — at any time. Haufe Instant Feedback
• Web Application for employee and Manager • … helps organizations to establish an agile, self-organized and motivating culture. Give employees access to new work opportunities and help them achieve their career goals, unlock their potential and expand their professional network. Haufe Agile Hats
From self-hosted applications to cloud-native applications
2017 IF 1.0 developed as native app based on a backend, hosted at AzureDE* 2018 Backend reengineering (better multitenancy, Orchestration, new features) 2019 Hybride App approach with flutter Move to AWS Haufe Instant Feedback Haufe Agile Hats 2018 Start of development of Agile Hats as web application following a microservice approach 2019 Move to AWS
V 1.0 Backend Reengineering Move to AWS Haufe Instant Feedback V 2.0 (Kubernetes, Docker)
V 1.0 Backend Reengineering Move to AWS Haufe Instant Feedback on-prem to cloud native
Start of Development Move to AWSHaufe Agile Hats
Start of Development Move to AWSHaufe Agile Hats on-prem to cloud native
AWS Architecture based on EKS
Move to AWS - Overview Amazon Pinpoint Amazon Aurora Amazon SQS Amazon API Gateway AWS Lambda (Moible) data processing done via AWS Lambda instead of K8s containers Amazon CloudWatch AWS CloudTrail AWS Systems Manager AWS Trusted Advisor Amazon CloudFront Amazon Route 53 AWS Transit Gateway Amazon GuardDuty Amazon Cognito AWS Certificate Manager AWS WAF Amazon Pinpoint
AWS Architecture based on Fargate EKS to Fargate
AWS Architecture based on Fargate DeamonSets Pods ConfigMaps AutoScaler PV / PVC ReplicaSet Ingress Seamless integration into AWS services IAM ParameterStore K8s Updates AWS Fargate Amazon API Gateway AWS Lambda Amazon Aurora NLB VPC Link Containers Task Service Role-based access following least privileges
- K8s for hybrid-cluster over multiple cloud provider Not the right fit for our cloud-native applications/approaches - Fargate serves better and easier integration in AWS Services one abstraction layer less and usage of triggers and seamless integration (role-based access for Pods following least privileges in K8s is a mess) - Fargate reduces a lot of overhead like scaling, RBAC, namespaces, Updates & Security of K8s by using managed services - It is cheaper and better scalable AWS Architecture Conclusion
Architectural Deep Dive
Architectural Overview Deep dive
Architectural Overview Separation on product level VPC IN EU-CENTRAL 1 Availability Zone 1-3 Product IF Product AH AWS CLOUD Product *
Architectural Overview Container Orchestration VPC IN EU-CENTRAL 1 Availability Zone 1 AWS CLOUD Availability Zone 2 Availability Zone 3 WWW Container Task Service Container Task Service Container Task Service
Fargate Cluster Availability Zone 1 Availability Zone 2 Availability Zone 3
Fargate Cluster Availability Zone 1 Availability Zone 2 Availability Zone 3 Container Container Container
Fargate Cluster Availability Zone 1 Availability Zone 2 Availability Zone 3 Container Task Container Task Container Task
Fargate Cluster Availability Zone 1 Availability Zone 2 Availability Zone 3 Container Task Service Container Task Service Container Task Service
Network Load Balancer Availability Zone 1 Availability Zone 2 Availability Zone 3
API Gateway with VPC Link Availability Zone 1 Availability Zone 2 Availability Zone 3
API Gateway with VPC Link Availability Zone 1 Availability Zone 2 Availability Zone 3
- Least privileges on each container and service - No IAM users needed at all (deployment via EC2, Login via SSO) - No jump host or “open” port 22 => Transit Gateway in private Subnet - Nothing is deployed in public subnet (except NAT Gateway) - Everything is encrypted (RDS, S3, EFS, Backups, HTTPS-traffic) - Credentials to RDS shared via Parameter Store - CloudTrail with S3 and Athena - Security Hub with integration of GuardDuty, Inspector and some more tools - … Architectural Overview Security
Quick Journey: environment deployment for multiple production applications
Architectural Overview Setup of Infrastructure - Everything is done by terraform - Workspaces used to split between Dev, Int and Prod environment and also with var-files - Different accounts per environment/workspace - Gitlab Runner based on EC2 to deploy infrastructure (deployment happens from inside the AWS account) PRODUCT VPC AWS Cloud RUNNER VPCHAUFE Amazon EC2 AWS Direct Connect AWS DEV ACCOUNT AWS INT ACCOUNT AWS PROD ACCOUNT
Architectural Overview Setup of Infrastructure - Baseline
Architectural Overview Setup of Infrastructure - Instant Feedback
Architectural Overview Setup of Infrastructure - Agile Hats
Architectural Overview Setup of Infrastructure Base infrastructure to serve • VPC (Network) • Security • Backup • SES (setup) • Security Application specific infrastructure to serve application services like • API Gateways • Fargate • S3 • Elasticache • Cloudfront • ….
Architectural Overview Setup of Infrastructure - CI/CD Push to feature/bug branch => terraform validate … => merge request to develop => terraform plan … => merged into develop => terraform apply to dev environment … => merge request to master => terraform validate => terraform plan => terraform apply to new AWS account (int) => backup from prod into new AWS account (int) => testing… … => merge to master => terraform apply to prod env
Architectural Overview Setup of Infrastructure - CI/CD - Gitlab (own branch) with validate => request => validate, plan => merge => deploy in dev infra - Gitlab (dev) to master request => validate, plan, deploy to INT => check/test => merge => deploy to master
Architectural Overview Setup of Infrastructure - CI/CD validate plan apply
Architectural Overview CI/CD for our products PRODUCT VPC AWS Cloud RUNNER VPCHAUFE ECR 1. test 2. build Fargate 3. deploy 4. int-test 5. check (6.)Rollback if required
Conclusion
- Make use of services and reduce maintenance effort (Backups, DR, Scalability, Monitoring/Logging) - Reduce development overhead by making use of services (e.g. Lambda instead of own docker) - Handling and applying high security standards - K8s has a different purpose than cloud native – don’t depend on both - Outlook: AWS App Mesh Benefits of going cloud native
The big difference for cloud native applications is really how they are built, delivered and operated. If you are going cloud native: Rethink your architecture and avoid a lift and shift.

Recomendados

X-celerate 2019: Iterating fast with the MERN Stack
X-celerate 2019: Iterating fast with the MERN StackX-celerate 2019: Iterating fast with the MERN Stack
X-celerate 2019: Iterating fast with the MERN Stack
Haufe-Lexware GmbH & Co KG
 
Haufe Onboarding - Fast Iterating With the MERN Stack - TEC Day 2019
Haufe Onboarding - Fast Iterating With the MERN Stack - TEC Day 2019Haufe Onboarding - Fast Iterating With the MERN Stack - TEC Day 2019
Haufe Onboarding - Fast Iterating With the MERN Stack - TEC Day 2019
Haufe-Lexware GmbH & Co KG
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as Code
Prasant Kumar
 
Docker in Production at the Aurora Team
Docker in Production at the Aurora TeamDocker in Production at the Aurora Team
Docker in Production at the Aurora Team
Haufe-Lexware GmbH & Co KG
 
How to build the Cloud Native applications the way you want – not the way the...
How to build the Cloud Native applications the way you want – not the way the...How to build the Cloud Native applications the way you want – not the way the...
How to build the Cloud Native applications the way you want – not the way the...
Eficode
 
Deep Dive on Continuous Integration and Continuous Delivery in Anypoint Platf...
Deep Dive on Continuous Integration and Continuous Delivery in Anypoint Platf...Deep Dive on Continuous Integration and Continuous Delivery in Anypoint Platf...
Deep Dive on Continuous Integration and Continuous Delivery in Anypoint Platf...
NaimishKakkad2
 
IaC on AWS Cloud
IaC on AWS CloudIaC on AWS Cloud
IaC on AWS Cloud
Bhuvaneswari Subramani
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWS
Bhargav Amin
 

Recomendados

X-celerate 2019: Iterating fast with the MERN Stack
X-celerate 2019: Iterating fast with the MERN StackX-celerate 2019: Iterating fast with the MERN Stack
X-celerate 2019: Iterating fast with the MERN Stack
Haufe-Lexware GmbH & Co KG
 
Haufe Onboarding - Fast Iterating With the MERN Stack - TEC Day 2019
Haufe Onboarding - Fast Iterating With the MERN Stack - TEC Day 2019Haufe Onboarding - Fast Iterating With the MERN Stack - TEC Day 2019
Haufe Onboarding - Fast Iterating With the MERN Stack - TEC Day 2019
Haufe-Lexware GmbH & Co KG
 
Infrastructure as Code
Infrastructure as CodeInfrastructure as Code
Infrastructure as Code
Prasant Kumar
 
Docker in Production at the Aurora Team
Docker in Production at the Aurora TeamDocker in Production at the Aurora Team
Docker in Production at the Aurora Team
Haufe-Lexware GmbH & Co KG
 
How to build the Cloud Native applications the way you want – not the way the...
How to build the Cloud Native applications the way you want – not the way the...How to build the Cloud Native applications the way you want – not the way the...
How to build the Cloud Native applications the way you want – not the way the...
Eficode
 
Deep Dive on Continuous Integration and Continuous Delivery in Anypoint Platf...
Deep Dive on Continuous Integration and Continuous Delivery in Anypoint Platf...Deep Dive on Continuous Integration and Continuous Delivery in Anypoint Platf...
Deep Dive on Continuous Integration and Continuous Delivery in Anypoint Platf...
NaimishKakkad2
 
IaC on AWS Cloud
IaC on AWS CloudIaC on AWS Cloud
IaC on AWS Cloud
Bhuvaneswari Subramani
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWS
Bhargav Amin
 
.NET Cloud-Native Bootcamp
.NET Cloud-Native Bootcamp.NET Cloud-Native Bootcamp
.NET Cloud-Native Bootcamp
VMware Tanzu
 
Transformational DevOps with AWS Native Tools
Transformational DevOps with AWS Native ToolsTransformational DevOps with AWS Native Tools
Transformational DevOps with AWS Native Tools
Bhuvaneswari Subramani
 
Better Software is Better than Worse Software - Michael Coté (Cape Town 2019)
Better Software is Better than Worse Software - Michael Coté (Cape Town 2019)Better Software is Better than Worse Software - Michael Coté (Cape Town 2019)
Better Software is Better than Worse Software - Michael Coté (Cape Town 2019)
VMware Tanzu
 
Software Delivery at Warp Speed: Five Essential Techniques
Software Delivery at Warp Speed: Five Essential TechniquesSoftware Delivery at Warp Speed: Five Essential Techniques
Software Delivery at Warp Speed: Five Essential Techniques
Atlassian
 
Welcome - Kubernetes for the Enterprise - London
Welcome - Kubernetes for the Enterprise - LondonWelcome - Kubernetes for the Enterprise - London
Welcome - Kubernetes for the Enterprise - London
VMware Tanzu
 
Day 3 - DevOps Culture - Continuous Integration & Continuous Deployment on th...
Day 3 - DevOps Culture - Continuous Integration & Continuous Deployment on th...Day 3 - DevOps Culture - Continuous Integration & Continuous Deployment on th...
Day 3 - DevOps Culture - Continuous Integration & Continuous Deployment on th...
Amazon Web Services
 
A Pathway to Continuous Integration/Continuous Delivery on AWS
A Pathway to Continuous Integration/Continuous Delivery on AWSA Pathway to Continuous Integration/Continuous Delivery on AWS
A Pathway to Continuous Integration/Continuous Delivery on AWS
Bhuvaneswari Subramani
 
API Design in the Modern Era - Architecture Next 2020
API Design in the Modern Era - Architecture Next 2020API Design in the Modern Era - Architecture Next 2020
API Design in the Modern Era - Architecture Next 2020
Eran Stiller
 
Infrastructure as Code and AWS CDK
Infrastructure as Code and AWS CDKInfrastructure as Code and AWS CDK
Infrastructure as Code and AWS CDK
SupratipBanerjee
 
Can I Contain This?
Can I Contain This?Can I Contain This?
Can I Contain This?
Eficode
 
Build CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesBuild CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation Slides
Amazon Web Services
 
CICD With GitHub, Travis, SonarCloud and Docker Hub
CICD With GitHub, Travis, SonarCloud and Docker HubCICD With GitHub, Travis, SonarCloud and Docker Hub
CICD With GitHub, Travis, SonarCloud and Docker Hub
Carlos Cavero Barca
 
Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...
Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...
Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...
CodeOps Technologies LLP
 
Alon Fliess: APM – What Is It, and Why Do I Need It? - Architecture Next 20
Alon Fliess: APM – What Is It, and Why Do I Need It? - Architecture Next 20Alon Fliess: APM – What Is It, and Why Do I Need It? - Architecture Next 20
Alon Fliess: APM – What Is It, and Why Do I Need It? - Architecture Next 20
CodeValue
 
Magic of web components
Magic of web componentsMagic of web components
Magic of web components
HYS Enterprise
 
Azure Functions
Azure FunctionsAzure Functions
Azure Functions
Marco Parenzan
 
Infrastructure as Code on Azure: Show your Bicep!
Infrastructure as Code on Azure: Show your Bicep!Infrastructure as Code on Azure: Show your Bicep!
Infrastructure as Code on Azure: Show your Bicep!
Marco Obinu
 
Apache Continuum Build, Test, and Release
Apache Continuum Build, Test, and ReleaseApache Continuum Build, Test, and Release
Apache Continuum Build, Test, and Release
elliando dias
 
Cloud-native Patterns (July 4th, 2019)
Cloud-native Patterns (July 4th, 2019)Cloud-native Patterns (July 4th, 2019)
Cloud-native Patterns (July 4th, 2019)
Alexandre Roman
 
Building Microservices with the 12 Factor App Pattern on AWS
Building Microservices with the 12 Factor App Pattern on AWSBuilding Microservices with the 12 Factor App Pattern on AWS
Building Microservices with the 12 Factor App Pattern on AWS
Amazon Web Services
 
PCF: Platform for a New Era - Kubernetes for the Enterprise - London
PCF: Platform for a New Era - Kubernetes for the Enterprise - LondonPCF: Platform for a New Era - Kubernetes for the Enterprise - London
PCF: Platform for a New Era - Kubernetes for the Enterprise - London
VMware Tanzu
 
Red Hat Openshift on Microsoft Azure
Red Hat Openshift on Microsoft AzureRed Hat Openshift on Microsoft Azure
Red Hat Openshift on Microsoft Azure
John Archer
 

Más contenido relacionado

La actualidad más candente

Day 3 - DevOps Culture - Continuous Integration & Continuous Deployment on th...
Day 3 - DevOps Culture - Continuous Integration & Continuous Deployment on th...Day 3 - DevOps Culture - Continuous Integration & Continuous Deployment on th...
Day 3 - DevOps Culture - Continuous Integration & Continuous Deployment on th...
Amazon Web Services
 
API Design in the Modern Era - Architecture Next 2020
API Design in the Modern Era - Architecture Next 2020API Design in the Modern Era - Architecture Next 2020
API Design in the Modern Era - Architecture Next 2020
Eran Stiller
 
Can I Contain This?
Can I Contain This?Can I Contain This?
Can I Contain This?
Eficode
 
Alon Fliess: APM – What Is It, and Why Do I Need It? - Architecture Next 20
Alon Fliess: APM – What Is It, and Why Do I Need It? - Architecture Next 20Alon Fliess: APM – What Is It, and Why Do I Need It? - Architecture Next 20
Alon Fliess: APM – What Is It, and Why Do I Need It? - Architecture Next 20
CodeValue
 
Apache Continuum Build, Test, and Release
Apache Continuum Build, Test, and ReleaseApache Continuum Build, Test, and Release
Apache Continuum Build, Test, and Release
elliando dias
 
Building Microservices with the 12 Factor App Pattern on AWS
Building Microservices with the 12 Factor App Pattern on AWSBuilding Microservices with the 12 Factor App Pattern on AWS
Building Microservices with the 12 Factor App Pattern on AWS
Amazon Web Services
 

La actualidad más candente (20)

.NET Cloud-Native Bootcamp
.NET Cloud-Native Bootcamp.NET Cloud-Native Bootcamp
.NET Cloud-Native Bootcamp
 
Transformational DevOps with AWS Native Tools
Transformational DevOps with AWS Native ToolsTransformational DevOps with AWS Native Tools
Transformational DevOps with AWS Native Tools
 
Better Software is Better than Worse Software - Michael Coté (Cape Town 2019)
Better Software is Better than Worse Software - Michael Coté (Cape Town 2019)Better Software is Better than Worse Software - Michael Coté (Cape Town 2019)
Better Software is Better than Worse Software - Michael Coté (Cape Town 2019)
 
Software Delivery at Warp Speed: Five Essential Techniques
Software Delivery at Warp Speed: Five Essential TechniquesSoftware Delivery at Warp Speed: Five Essential Techniques
Software Delivery at Warp Speed: Five Essential Techniques
 
Welcome - Kubernetes for the Enterprise - London
Welcome - Kubernetes for the Enterprise - LondonWelcome - Kubernetes for the Enterprise - London
Welcome - Kubernetes for the Enterprise - London
 
Day 3 - DevOps Culture - Continuous Integration & Continuous Deployment on th...
Day 3 - DevOps Culture - Continuous Integration & Continuous Deployment on th...Day 3 - DevOps Culture - Continuous Integration & Continuous Deployment on th...
Day 3 - DevOps Culture - Continuous Integration & Continuous Deployment on th...
 
A Pathway to Continuous Integration/Continuous Delivery on AWS
A Pathway to Continuous Integration/Continuous Delivery on AWSA Pathway to Continuous Integration/Continuous Delivery on AWS
A Pathway to Continuous Integration/Continuous Delivery on AWS
 
API Design in the Modern Era - Architecture Next 2020
API Design in the Modern Era - Architecture Next 2020API Design in the Modern Era - Architecture Next 2020
API Design in the Modern Era - Architecture Next 2020
 
Infrastructure as Code and AWS CDK
Infrastructure as Code and AWS CDKInfrastructure as Code and AWS CDK
Infrastructure as Code and AWS CDK
 
Can I Contain This?
Can I Contain This?Can I Contain This?
Can I Contain This?
 
Build CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation SlidesBuild CICD Pipeline for Container Presentation Slides
Build CICD Pipeline for Container Presentation Slides
 
CICD With GitHub, Travis, SonarCloud and Docker Hub
CICD With GitHub, Travis, SonarCloud and Docker HubCICD With GitHub, Travis, SonarCloud and Docker Hub
CICD With GitHub, Travis, SonarCloud and Docker Hub
 
Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...
Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...
Containers and Developer Defined Data Centers - Evan Powell - Keynote in Bang...
 
Alon Fliess: APM – What Is It, and Why Do I Need It? - Architecture Next 20
Alon Fliess: APM – What Is It, and Why Do I Need It? - Architecture Next 20Alon Fliess: APM – What Is It, and Why Do I Need It? - Architecture Next 20
Alon Fliess: APM – What Is It, and Why Do I Need It? - Architecture Next 20
 
Magic of web components
Magic of web componentsMagic of web components
Magic of web components
 
Azure Functions
Azure FunctionsAzure Functions
Azure Functions
 
Infrastructure as Code on Azure: Show your Bicep!
Infrastructure as Code on Azure: Show your Bicep!Infrastructure as Code on Azure: Show your Bicep!
Infrastructure as Code on Azure: Show your Bicep!
 
Apache Continuum Build, Test, and Release
Apache Continuum Build, Test, and ReleaseApache Continuum Build, Test, and Release
Apache Continuum Build, Test, and Release
 
Cloud-native Patterns (July 4th, 2019)
Cloud-native Patterns (July 4th, 2019)Cloud-native Patterns (July 4th, 2019)
Cloud-native Patterns (July 4th, 2019)
 
Building Microservices with the 12 Factor App Pattern on AWS
Building Microservices with the 12 Factor App Pattern on AWSBuilding Microservices with the 12 Factor App Pattern on AWS
Building Microservices with the 12 Factor App Pattern on AWS
 

Similar a Nils Rhode - Does it always have to be k8s - TeC Day 2019

Continuous Integration and Deployment Best Practices on AWS
Continuous Integration and Deployment Best Practices on AWSContinuous Integration and Deployment Best Practices on AWS
Continuous Integration and Deployment Best Practices on AWS
Amazon Web Services
 
Zero to 1000+ Applications - Large Scale CD Adoption at Cisco with Spinnaker ...
Zero to 1000+ Applications - Large Scale CD Adoption at Cisco with Spinnaker ...Zero to 1000+ Applications - Large Scale CD Adoption at Cisco with Spinnaker ...
Zero to 1000+ Applications - Large Scale CD Adoption at Cisco with Spinnaker ...
DevOps.com
 

Similar a Nils Rhode - Does it always have to be k8s - TeC Day 2019 (20)

PCF: Platform for a New Era - Kubernetes for the Enterprise - London
PCF: Platform for a New Era - Kubernetes for the Enterprise - LondonPCF: Platform for a New Era - Kubernetes for the Enterprise - London
PCF: Platform for a New Era - Kubernetes for the Enterprise - London
 
Red Hat Openshift on Microsoft Azure
Red Hat Openshift on Microsoft AzureRed Hat Openshift on Microsoft Azure
Red Hat Openshift on Microsoft Azure
 
Pivotal Container Service (PKS) at SF Cloud Foundry Meetup
Pivotal Container Service (PKS) at SF Cloud Foundry MeetupPivotal Container Service (PKS) at SF Cloud Foundry Meetup
Pivotal Container Service (PKS) at SF Cloud Foundry Meetup
 
Technical Capabilities of the kitsune framework
Technical Capabilities of the kitsune frameworkTechnical Capabilities of the kitsune framework
Technical Capabilities of the kitsune framework
 
DevOps and BigData Analytics
DevOps and BigData Analytics DevOps and BigData Analytics
DevOps and BigData Analytics
 
VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...
VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...
VMworld 2013: Moving Beyond Infrastructure: Meeting Demands on App Lifecycle ...
 
Building a Service Mesh with NGINX Owen Garrett.pptx
Building a Service Mesh with NGINX Owen Garrett.pptxBuilding a Service Mesh with NGINX Owen Garrett.pptx
Building a Service Mesh with NGINX Owen Garrett.pptx
 
Continuous Integration and Deployment Best Practices on AWS
Continuous Integration and Deployment Best Practices on AWSContinuous Integration and Deployment Best Practices on AWS
Continuous Integration and Deployment Best Practices on AWS
 
Resilient Microservices with Spring Cloud
Resilient Microservices with Spring CloudResilient Microservices with Spring Cloud
Resilient Microservices with Spring Cloud
 
Containers as a Service with Docker
Containers as a Service with DockerContainers as a Service with Docker
Containers as a Service with Docker
 
Docker Container As A Service - March 2016
Docker Container As A Service - March 2016Docker Container As A Service - March 2016
Docker Container As A Service - March 2016
 
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
 
Zero to 1000+ Applications - Large Scale CD Adoption at Cisco with Spinnaker ...
Zero to 1000+ Applications - Large Scale CD Adoption at Cisco with Spinnaker ...Zero to 1000+ Applications - Large Scale CD Adoption at Cisco with Spinnaker ...
Zero to 1000+ Applications - Large Scale CD Adoption at Cisco with Spinnaker ...
 
Red hat cloud platforms
Red hat cloud platformsRed hat cloud platforms
Red hat cloud platforms
 
Serverless Pune Meetup 1
Serverless Pune Meetup 1Serverless Pune Meetup 1
Serverless Pune Meetup 1
 
Eseguire Applicazioni Cloud-Native con Pivotal Cloud Foundry su Google Cloud ...
Eseguire Applicazioni Cloud-Native con Pivotal Cloud Foundry su Google Cloud ...Eseguire Applicazioni Cloud-Native con Pivotal Cloud Foundry su Google Cloud ...
Eseguire Applicazioni Cloud-Native con Pivotal Cloud Foundry su Google Cloud ...
 
Reference architectures shows a microservices deployed to Kubernetes
Reference architectures shows a microservices deployed to KubernetesReference architectures shows a microservices deployed to Kubernetes
Reference architectures shows a microservices deployed to Kubernetes
 
WIN401_Migrating Microsoft Applications to AWS
WIN401_Migrating Microsoft Applications to AWSWIN401_Migrating Microsoft Applications to AWS
WIN401_Migrating Microsoft Applications to AWS
 
The evolving story for Agile Integration Architecture in 2019
The evolving story for Agile Integration Architecture in 2019The evolving story for Agile Integration Architecture in 2019
The evolving story for Agile Integration Architecture in 2019
 
Running Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWSRunning Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWS
 

Más de Haufe-Lexware GmbH & Co KG

Más de Haufe-Lexware GmbH & Co KG (20)

Tech stackhaufegroup
Tech stackhaufegroupTech stackhaufegroup
Tech stackhaufegroup
 
Cloud Journey: Lifting a Major Product to Kubernetes
Cloud Journey: Lifting a Major Product to KubernetesCloud Journey: Lifting a Major Product to Kubernetes
Cloud Journey: Lifting a Major Product to Kubernetes
 
ONA ( organizational network analysis ) to enable individuals to impact their...
ONA ( organizational network analysis ) to enable individuals to impact their...ONA ( organizational network analysis ) to enable individuals to impact their...
ONA ( organizational network analysis ) to enable individuals to impact their...
 
ONA ( organizational network analysis ) enabling individuals to impact their ...
ONA ( organizational network analysis ) enabling individuals to impact their ...ONA ( organizational network analysis ) enabling individuals to impact their ...
ONA ( organizational network analysis ) enabling individuals to impact their ...
 
Using word vectors to enable better search in our legal products
Using word vectors to enable better search in our legal productsUsing word vectors to enable better search in our legal products
Using word vectors to enable better search in our legal products
 
Identifying customer potentials through unsupervised learning
Identifying customer potentials through unsupervised learningIdentifying customer potentials through unsupervised learning
Identifying customer potentials through unsupervised learning
 
Field report: Rapid application development
Field report: Rapid application developmentField report: Rapid application development
Field report: Rapid application development
 
Behavior-Driven Development with JGiven
Behavior-Driven Development with JGivenBehavior-Driven Development with JGiven
Behavior-Driven Development with JGiven
 
Externalized Spring Boot App Configuration
Externalized Spring Boot App ConfigurationExternalized Spring Boot App Configuration
Externalized Spring Boot App Configuration
 
Managing short lived Kubernetes (Production) deployments
Managing short lived Kubernetes (Production) deploymentsManaging short lived Kubernetes (Production) deployments
Managing short lived Kubernetes (Production) deployments
 
DevOps Journey of Foundational Services at Haufe
DevOps Journey of Foundational Services at HaufeDevOps Journey of Foundational Services at Haufe
DevOps Journey of Foundational Services at Haufe
 
New Serverless World - Cloud Native Apps
New Serverless World - Cloud Native AppsNew Serverless World - Cloud Native Apps
New Serverless World - Cloud Native Apps
 
Microservice Transformation of the Haufe Publishing System
Microservice Transformation of the Haufe Publishing SystemMicroservice Transformation of the Haufe Publishing System
Microservice Transformation of the Haufe Publishing System
 
Haufe API Strategy
Haufe API StrategyHaufe API Strategy
Haufe API Strategy
 
Haufe's Tech Strategy In Practice
Haufe's Tech Strategy In PracticeHaufe's Tech Strategy In Practice
Haufe's Tech Strategy In Practice
 
Kubernetes Intro @HaufeDev
Kubernetes Intro @HaufeDev Kubernetes Intro @HaufeDev
Kubernetes Intro @HaufeDev
 
API Management with wicked.haufe.io
API Management with wicked.haufe.ioAPI Management with wicked.haufe.io
API Management with wicked.haufe.io
 
Reactive microservices
Reactive microservicesReactive microservices
Reactive microservices
 
An Introduction to event sourcing and CQRS
An Introduction to event sourcing and CQRSAn Introduction to event sourcing and CQRS
An Introduction to event sourcing and CQRS
 
The seven more deadly sins of microservices final
The seven more deadly sins of microservices finalThe seven more deadly sins of microservices final
The seven more deadly sins of microservices final
 

Último

%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 

Último (20)

Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 

Nils Rhode - Does it always have to be k8s - TeC Day 2019

  • 1. Does it always have to be K8s? v 1.0 Running multiple customer-facing application in Fargate! Nils Rhode | Mission 1 @ umantis | Haufe TEC Day
  • 3. • Mobile App with Administration Backend for Managers • … with a few clicks, employees can request feedback on their own behavior or provide feedback on a person, meeting or survey — at any time. Haufe Instant Feedback
  • 4. • Web Application for employee and Manager • … helps organizations to establish an agile, self-organized and motivating culture. Give employees access to new work opportunities and help them achieve their career goals, unlock their potential and expand their professional network. Haufe Agile Hats
  • 6. 2017 IF 1.0 developed as native app based on a backend, hosted at AzureDE* 2018 Backend reengineering (better multitenancy, Orchestration, new features) 2019 Hybride App approach with flutter Move to AWS Haufe Instant Feedback Haufe Agile Hats 2018 Start of development of Agile Hats as web application following a microservice approach 2019 Move to AWS
  • 7. V 1.0 Backend Reengineering Move to AWS Haufe Instant Feedback V 2.0 (Kubernetes, Docker)
  • 8. V 1.0 Backend Reengineering Move to AWS Haufe Instant Feedback on-prem to cloud native
  • 9. Start of Development Move to AWSHaufe Agile Hats
  • 10. Start of Development Move to AWSHaufe Agile Hats on-prem to cloud native
  • 12. Move to AWS - Overview Amazon Pinpoint Amazon Aurora Amazon SQS Amazon API Gateway AWS Lambda (Moible) data processing done via AWS Lambda instead of K8s containers Amazon CloudWatch AWS CloudTrail AWS Systems Manager AWS Trusted Advisor Amazon CloudFront Amazon Route 53 AWS Transit Gateway Amazon GuardDuty Amazon Cognito AWS Certificate Manager AWS WAF Amazon Pinpoint
  • 13. AWS Architecture based on Fargate EKS to Fargate
  • 14. AWS Architecture based on Fargate DeamonSets Pods ConfigMaps AutoScaler PV / PVC ReplicaSet Ingress Seamless integration into AWS services IAM ParameterStore K8s Updates AWS Fargate Amazon API Gateway AWS Lambda Amazon Aurora NLB VPC Link Containers Task Service Role-based access following least privileges
  • 15. - K8s for hybrid-cluster over multiple cloud provider Not the right fit for our cloud-native applications/approaches - Fargate serves better and easier integration in AWS Services one abstraction layer less and usage of triggers and seamless integration (role-based access for Pods following least privileges in K8s is a mess) - Fargate reduces a lot of overhead like scaling, RBAC, namespaces, Updates & Security of K8s by using managed services - It is cheaper and better scalable AWS Architecture Conclusion
  • 18. Architectural Overview Separation on product level VPC IN EU-CENTRAL 1 Availability Zone 1-3 Product IF Product AH AWS CLOUD Product *
  • 19. Architectural Overview Container Orchestration VPC IN EU-CENTRAL 1 Availability Zone 1 AWS CLOUD Availability Zone 2 Availability Zone 3 WWW Container Task Service Container Task Service Container Task Service
  • 20. Fargate Cluster Availability Zone 1 Availability Zone 2 Availability Zone 3
  • 21. Fargate Cluster Availability Zone 1 Availability Zone 2 Availability Zone 3 Container Container Container
  • 22. Fargate Cluster Availability Zone 1 Availability Zone 2 Availability Zone 3 Container Task Container Task Container Task
  • 23. Fargate Cluster Availability Zone 1 Availability Zone 2 Availability Zone 3 Container Task Service Container Task Service Container Task Service
  • 24. Network Load Balancer Availability Zone 1 Availability Zone 2 Availability Zone 3
  • 25. API Gateway with VPC Link Availability Zone 1 Availability Zone 2 Availability Zone 3
  • 26. API Gateway with VPC Link Availability Zone 1 Availability Zone 2 Availability Zone 3
  • 27. - Least privileges on each container and service - No IAM users needed at all (deployment via EC2, Login via SSO) - No jump host or “open” port 22 => Transit Gateway in private Subnet - Nothing is deployed in public subnet (except NAT Gateway) - Everything is encrypted (RDS, S3, EFS, Backups, HTTPS-traffic) - Credentials to RDS shared via Parameter Store - CloudTrail with S3 and Athena - Security Hub with integration of GuardDuty, Inspector and some more tools - … Architectural Overview Security
  • 29. Architectural Overview Setup of Infrastructure - Everything is done by terraform - Workspaces used to split between Dev, Int and Prod environment and also with var-files - Different accounts per environment/workspace - Gitlab Runner based on EC2 to deploy infrastructure (deployment happens from inside the AWS account) PRODUCT VPC AWS Cloud RUNNER VPCHAUFE Amazon EC2 AWS Direct Connect AWS DEV ACCOUNT AWS INT ACCOUNT AWS PROD ACCOUNT
  • 30. Architectural Overview Setup of Infrastructure - Baseline
  • 31. Architectural Overview Setup of Infrastructure - Instant Feedback
  • 32. Architectural Overview Setup of Infrastructure - Agile Hats
  • 33. Architectural Overview Setup of Infrastructure Base infrastructure to serve • VPC (Network) • Security • Backup • SES (setup) • Security Application specific infrastructure to serve application services like • API Gateways • Fargate • S3 • Elasticache • Cloudfront • ….
  • 34. Architectural Overview Setup of Infrastructure - CI/CD Push to feature/bug branch => terraform validate … => merge request to develop => terraform plan … => merged into develop => terraform apply to dev environment … => merge request to master => terraform validate => terraform plan => terraform apply to new AWS account (int) => backup from prod into new AWS account (int) => testing… … => merge to master => terraform apply to prod env
  • 35. Architectural Overview Setup of Infrastructure - CI/CD - Gitlab (own branch) with validate => request => validate, plan => merge => deploy in dev infra - Gitlab (dev) to master request => validate, plan, deploy to INT => check/test => merge => deploy to master
  • 36. Architectural Overview Setup of Infrastructure - CI/CD validate plan apply
  • 37. Architectural Overview CI/CD for our products PRODUCT VPC AWS Cloud RUNNER VPCHAUFE ECR 1. test 2. build Fargate 3. deploy 4. int-test 5. check (6.)Rollback if required
  • 39. - Make use of services and reduce maintenance effort (Backups, DR, Scalability, Monitoring/Logging) - Reduce development overhead by making use of services (e.g. Lambda instead of own docker) - Handling and applying high security standards - K8s has a different purpose than cloud native – don’t depend on both - Outlook: AWS App Mesh Benefits of going cloud native
  • 40. The big difference for cloud native applications is really how they are built, delivered and operated. If you are going cloud native: Rethink your architecture and avoid a lift and shift.