Build cloud native solution using open source. I have tried to give a high level overview on How to build Cloud Native using CNCF graduated software's which are tested, proven and having many reference case studies and partner support for deployment
2. Open source is a type of licensing agreement that allows users to freely modify a
work, use said work in new ways, integrate the work into a larger project or derive a
new work based on the original.
Why Open Source is Important?
Lets explore how Open Source Software’s and Tools are
helping to build our Modern IT Infrastructure as a Code
4. Open Source Software’s considered here
• SoftwareFeatures-
• Kubernetes V1.14.0
• ETCD V3.3.4 A distributedkey value store
• ContainerRuntime Docker
• NetworkProvider Flannel A network fabricfor containers, designedfor Kubernetes
• OperatingSystem Ubuntu18.04 LTS,Ubuntu16.04LTS,CentOS7or CentOS6
• Prometheus An open-source monitoringsolution for metrics and alerting
• Grafana An open-source applicationfor visualizing large-scalemeasurement data.
• Ingress An API object thatmanages external access to the services in a cluster.
• KubernetesDashboard Web-based Kubernetesuser interface
• Helm A Kubernetes packagemanager
• Bacula For containerBackupand Restore
5. Difference between Traditional IT Vs Infra as a Code (Container)
Docker is OS independent and can run on all platforms.Uses
very less resources comparablyto the VMs. Since the size of
the Docker containeris in MBsthey always boot up swiftly!
Therefore Docker is well ahead of the Virtual Machines,have a
quick look at how Docker wins the challenge of Docker vs
VirtualMachines.
7. Container (Docker) vs Virtual Machine (VM): The Differences
Features /
Functions
Container
Virtual Machines (VMs)
Boot-Time Boots in a few seconds.
It takes a few minutes for
VMs to boot.
Runs on
Dockers make use of the
execution engine.
VMs make use of the
hypervisor.
Memory
Efficiency
No space is needed to
virtualize, hence less
memory.
Requires entire OS to be
loaded before startingthe
surface, so less efficient.
Isolation
Prone to adversities as no
provisions for
isolationsystems.
Interference possibilityis
minimum because of the
efficient isolationmechanism.
Deployment
Deployingis easyas only
a single image,
containerized can be
used across all platforms.
Deployment is comparatively
lengthyas separate instances
are responsible for execution.
Performance Limited performance Native performance
1) OperatingSystem:Virtual machine has its guest OS
above the hostOS, which makes virtual machines
heavy. While in Docker, multiple containersshare the
host OS, and thatis why they are lightweight.
2) Security:VirtualMachine does not share OS, and
there is strongisolation in the host kernel. Hence, they
are more secure as compared to containers.Docker has
a lot of security risks and vulnerabilities because
containersshare the host kernel.
3) Performance:Containersare lightweightand
consume fewer resourceswhile VM is heavy and
consumes more resources,so containersgive better
performance than VM.
4) Portability:Containersare easily portable because
they do not have separateoperatingsystems.While
virtual machines have separateOS, so portinga virtual
machine is very difficult.
8. How Does Docker Work?
Stepsinvolvedin deployinga Web Application
1. Packagea sample web applicationinto a Docker image.
2. Upload the Docker image to Container Registry.
3. Create a Kubernetes cluster.
4. Deploy the sample app to the cluster.
5. Manageautoscalingfor the deployment.
6. Expose the sample app to the internet.
7. Deploy a new version of the sample app.
9. Pros and Cons of Container/Docker
Pros Of Container
•Containerscan be as small as 10MBand you can easily limit their memory and CPU usage. So, they are lightweight.
•Since they are small in size, they can boot up faster and can be quickly scaled too.
•Containersare exemplary when it comes to Continous Integrationand Continous Deployment(CI/CD) implementation.
Cons Of Container
•Since the containersrun on host OS, it has a dependency on the host underlying host OperatingSystem.
•Containerscannot all by themselves cannotprovide security at a commendable level.
•When the containeris deleted if the data inside the containeris lost. You will have to add Data Volumes in order to
store the data.
Popular Container Providers:
•Docker
•Rocket– rkt
•Linux containers– LXC
•CRI-O
•containerd
10. How Does Container Orchestration Work?
DifferentContainerOrchestrationTools
Tools to manage, scale, and maintaincontainerized applicationsare called orchestrators,and the most common examples
of these are
• Kubernetes
• DockerSwarm and
• Apache Mesos.
11. Kubernetes Architecture Components
1) One or more master and multiple nodes. One of mastersused to provide high-availability.
2) The Masternode communicateswith Worker nodes using Kube API-server to kubelet communication.
3) In the Worker node, there can be one or more pods and pods can containone or more containers.
4) Containerscan be deployed using the image also can be deployed externally by the user.
12. Kubernetes HA Cluster
Achieving scalability and availability
Kubernetes cluster to both scale to accommodate increasing workloads and to be fault-tolerant (datacenter outages,
machine failures, network partitions).
Production cluster setup
Choose deploymenttools: You can deploy a controlplane using tools such
as kubeadm, kops,and kubespray.
Managecertificates: Securecommunicationsbetween control plane
services are implemented using certificates.
Configureload balancer for apiserver: Configurea
load balancer to distributeexternal API requests to the
apiserver service instances running on different nodes.
See Create an External Load Balancer for details.
Separateand backup etcd service: The etcd stores
cluster configuration data, backing up the etcd
databaseshould be doneregularly to ensure that you
can repair that databaseif needed.
13. Kubernetes HA Cluster
External etcd topology
An HA cluster with external etcd is a topology where the distributed data storage cluster provided by etcd is external to the
cluster formed by the nodes that run control plane components.
A minimum of three hosts for control plane
nodes and three hosts for etcd nodes are
required for an HA cluster with this topology.
This topology decouples thecontrol plane and
etcd member. It thereforeprovides an HA setup
where losing a controlplane instance or an etcd
member has less impact and does not affect the
cluster redundancy as much as the stacked HA
topology.
15. Architecture of Prometheus Monitoring & Management Tool
• The main Prometheus server - scrapesand
storestime series data
• client libraries -- instrumentingapplicationcode
• push gateway-- for supporting short-lived jobs
• special-purpose exportersfor services like
HAProxy,StatsD,Graphite,etc.
• alertmanager - to handle alerts
• PromQL, a flexible query languageto leverage
this dimensionality
• Targetsare discovered via service discovery or
staticconfiguration
• Multiple modes of graphingand dashboarding
support
• Time series collectionhappens via a pull model
over HTTP
• No reliance on distributedstorage;single server
nodes are autonomous
The Prometheus ecosystem Components and Features:
16. Prometheus – Pros and Cons
Prometheus scrapes metrics from instrumentedjobs, either directly or via an intermediary push gateway for short-
lived jobs. It stores all scraped sampleslocally andruns rules over this data to either aggregate and record new
time series from existing dataor generate alerts. Grafana or other API consumers can be used to visualize the
collecteddata.
When does it fit?
Prometheus works well for recording any purely numeric time series. It fits both machine-centricmonitoring as
well as monitoringof highly dynamic service-orientedarchitectures. In a world of microservices, its support for
multi-dimensional data collectionand querying is a particular strength.
Prometheus is designed for reliability, to be the system you go to during an outage to allow you to quickly
diagnose problems. Each Prometheus server is standalone, not depending on network storage or other remote
services. You can rely on it when other parts of your infrastructure are broken, and you do not need to setup
extensiveinfrastructureto use it.
When does it not fit?
Prometheus values reliability. You can always view what statisticsare available about your system, even under
failure conditions. If you need 100% accuracy,such as for per-request billing, Prometheus is not a good choice as
the collecteddata will likely not be detailed and complete enough. In such a case you would be best off using
some other system to collect and analyze the data for billing, and Prometheusfor the rest of your monitoring.
17. Grafana with Prometheus
Importing pre-built dashboards from
Grafana.com
Grafana.com maintains a collection of shared
dashboards whichcan be downloaded andused
with standalone instancesof Grafana. Use the
Grafana.com "Filter" option to browse dashboards
for the "Prometheus"data source only.
Creating a Prometheus data source
To create a Prometheus data sourcein Grafana:
1.Click on the "cogwheel" in the sidebar to open the Configuration
menu.
2.Click on "Data Sources".
3.Click on "Add data source".
4.Select "Prometheus" as the type.
5.Set the appropriatePrometheus server URL (for
example, http://localhost:9090/)
6.Adjust other data source settings as desired (for example, choosing the
right Access method).
7.Click "Save& Test" to save the new data source.
18. Voluntary and Involuntary Disruptions
Involuntary disruptions:
• a hardware failure of the physicalmachine backing the node
• cluster administratordeletes VM (instance) by mistake
• cloud provider or hypervisor failure makes VM disappear
• a kernel panic
• the node disappearsfrom the clusterdue to clusternetwork partition
• eviction of a pod due to the node being out-of-resources.
Voluntarydisruptions:
• deleting the deployment or other controller thatmanages the pod
• updating a deployment's pod templatecausing a restart
• directly deleting a pod (e.g. by accident)
• Draining a node for repair or upgrade.
• Draining a node from a cluster to scale the cluster down (learn about Cluster
Autoscaling).
• Removing a pod from a node to permit something else to fit on that node.
These actions might be taken directly by the cluster administrator, or by automation run by the cluster
administrator, or by your cluster hosting provider.
19. DevOps Platform
JFrog Platform,providinga seamless and unified DevOps experience acrossall JFrog products.The JFrog Platformunifies
the user experience and management of all the JFrogservices into a single pane of glass. https://youtu.be/r8nscXdb7y4
20. How does JFROG Artifactory Work?
The JFrogArtifactoryservicecontainsthefollowingmicroservices:
• Artifactory - The applicationserver
• Router - The central hub for communication between all the microservices,and cross-product.
• Access - The authentication serverand service registry.Used to manage Users, Groups,Permissions and Access Tokens for all products in
the JPD
• Event - The events distributionmechanism for JFrog products.Distributes Webhookevents to external systems.
• Frontend - The applicationuser interface (UIfor the entire JPD)
• Metadata - The Components metadataserver.Serves the Packages screen in the JPD UI.
• Replicator - The replicationengine (available with an Enterprise+ license)
Additionalexternal JFrogservicesare:
• Xray
• Mission Control
• Distribution
• Pipelines
Outsidethe JPD:
• Load Balancer - Communicate
with Artifactoryand Artifactory's Router
service (as demonstratedin the diagram
above).
• Browser / JFrog CLI / Other Clients
21. JFROG - Supported Partner Integration
JFrog Product(s) Partner Integration/ Deployment Type JFrog Subscription
Artifactory
These platformdeployments will deployJFrog
Artifactory as the entry point ofthe JFrog
Platform.
Amazon AWS Container Marketplace Pro/Enterprise
Microsoft Azure ARM Template Enterprise
Rancher CatalogHelm Chart Enterprise
Red Hat Certified UBI docker Image Pro/Enterprise
Red Hat OpenShift Certified OpenShift Operator Enterprise
Artifactory and Xray
These platformdeployments havethe option
to installArtifactoryand additional products.
Amazon AWS CloudFormation Templates Pro/Enterprise
Google GCP GKE Kubernetes App Enterprise
Red Hat Ansible Ansible Collection Pro/Enterprise
22. CEPH STORAGE CLUSTER
Ceph provides an infinitely scalable Ceph Storage Cluster based upon RADOS, which you can read about in RADOS - A
Scalable, Reliable Storage Service for Petabyte-scale Storage Clusters.
A Ceph Storage Cluster consists of multiple types of daemons:
• Ceph Monitor
• Ceph OSD Daemon
• Ceph Manager
• Ceph Metadata Server
• A Ceph Monitor maintains a master copy of
the cluster map. A cluster of Ceph monitors
ensures high availability should a monitor
daemon fail. Storage cluster clients retrieve a
copy of the cluster map from the Ceph
Monitor.
• A Ceph OSD Daemon checks its own state
and the state of other OSDs and reports
back to monitors.
• A Ceph Manager acts as an endpoint for
monitoring, orchestration, and plug-in
modules.
• A Ceph Metadata Server (MDS) manages
file metadata when CephFS is used to
provide file services.
24. Advanced Kubernetes Cluster Network Diagram
Fully managed Kubernetes-as-a-Service.Getit to work easily, quickly from Kube Clusters https://www.kubeclusters.com
full-management service allows you to apply Kubernetesin the productionenvironment quickly without worrying about
the overhead of its management and maintenance,reducing your time-to-market.
25. Enterprise Backup Architecture of Bacula
Enterprise Backup Solution of Bacula supportsVarious OS, Hypervisors, Kubernetes, Docker and Key Applications
26. Bacula Backup for Docker
DockerBackup
The backup of a single Docker container consists of the
following simple steps:
1. Save current container state to new image (container
commit – snapshot).
2. Execute Docker utility and save data.
3. Remove saved snapshot to free not needed resources.
DockerRestore
The Docker backup module provides two targets for restore
operations:
• Restore to Docker service;
• Restore to a local directory as archive files.
27. Flannel Virtual Network for Containers
flannel is a virtual networking layer designed specifically for containers. Each hostwithin the network runs an agent
called flanneld,which is responsible for:
• Managinga unique subnet on each host
• DistributingIP addresses to each containeron its host
• Mapping routesfrom one containerto another, even if on different hosts
Each flanneld agentprovides this informationto a centralizedetcdstoreso other agentson hosts can route packets to
other containerswithin the flannelnetwork.
28. Help for ApplicationPackaging on Kubernetes
Kubernetes Helm, by making application deployment easy, standardized and reusable, improves developer
productivity, reduces deployment complexity, enhances operational readiness, and speeds up the adoption of
cloud native apps.