The presentation was given on 11/12/2018 on CloudExpo NY. The presentation talks about software portability approaches and technologies on Kubernetes, microservices, service mesh, and serverless platforms
2. Introductions
Oleg Chunikhin
CTO, Kublr
• Nearly 20 years in the field of software
architecture and development.
• Joined Kublr in 2016.
• Kublr is an enterprise Kubernetes
management and operations platform that
helps accelerate Kubernetes adoption and
containerized applications management for
enterprises.
3. Software Portability
Ability to be used in
varying environments
• Different clouds
• Cloud, on-prem, hybrid
• Different OS or OS flavors
• Desktop, data center
Why?
• Move load quickly (geography,
cost, features)
• Lifecycle (dev / test / staging /
production environments)
• Disaster recovery
• Split-tier architecture
(application tiers may reside in
different environments)
• Cloud-bursting
4. Portability Pre-requisites
• Generalized abstraction between the application
logic and system interfaces.
• Application designed for portability
• Technology stack and platform that support
portability
11. Kubernetes to the Rescue
Kubernetes is a portable container orchestration framework
• Simple and powerful application abstraction – interconnected
containers
• Simple and flexible containers configuration and connections
• Extensible framework and abstractions for traffic management
processing
• Service
• Ingress and Ingress Controllers
• Extensible framework and abstractions for storage management
• Configuration templating tools: Helm, Ksonnet
• Microservices and Serverless frameworks
14. Service
External node ports or external load balancer
Kubernetes cluster
Pod A-1
10.0.0.3
Pod A-2
10.0.1.5
Pod B-1
10.0.0.8
SrvB
10.7.0.3
Internal service
SrvA
10.7.0.1
SrvC
10.7.0.5
Ext
Resourc
e
16. Ingress Controller
Ingress controller implementations
• AWS ALB
• HAProxy
• Nginx
• Kong API Management
• Letsencrypt
• ...
Edge / entry point / load balancer
Kubernetes cluster
SrvA
10.7.0.1
SrvB
10.7.0.3
Ingress
controller
Ingress rule 1:
abc.com/abc > SrvA
Ingress rule 2:
def.com/def > SrvB
Pod A-1
Pod A-2
Pod B-1
17. Configurability and Persistence
Pod
Container 1 Container 2
Persistent Volume:
NFS, Gluster, ceph,
EBS, dir, etc
Volume
Volume
Claim
Volume
Mount
Volume
Mount
Config Map
Secret
Storage Class
Static or dynamically allocated
18. Service Mesh on Kubernetes
Kubernetes
Service B
Infrastructu
re and
application
containers
Pod
Envoy
Svc B
Service A
Infrastructu
re and
application
containers
Pod
Envoy
Svc A
HTTP, gRPC, TCP
SSL or plain
Istio Control Plane
Pilot Mixer Auth
HTTP, gRPC, TCP
SSL or plain
• Access control policies
• Routing policies
• Usage policies
Tracing
Dashboard Collector
Istio, Conduit, Linkerd, Zipkin, Jaeger
• Pilot
• Service discovery for Envoy and traffic routing
• Splitting: gradual (canary) rollout, A/B testing
• Fault injection
• Mirroring
• Failure recovery: circuit breakers, retries, timeouts
• Mixer
• Per-request policies: access and usage control
• Auth
• Request authentication and encryption
• Identity and credential management
• Envoy
• Request routing and processing; attributes
• Zipkin/Jaeger, Prometheus/Grafana
• Distributed request tracing
• Monitoring
19. Serverless on Kubernetes
Kubernetes serverless
Frameworks:
• Fn
• Fission
• Kubeless
Kubernetes
Generic Executor
Pod
Controller
HTTP, gRPC, TCP
SSL or plain
Specific Executor
Pod
BuilderRouter
Pod
Message queue (async calls)
22. Putting it all Together
Application
AWS EFS
AWS EKS
AWS ELB
Amazon API Management
AWS RDS
AWS Lambda
Application
Vitess
Kubeless
Ingress Nginx
Kong
Rook/Ceph
NAS
Hardware LB
Serverless
23. Gotchas and Considerations
• Abstractions leak
• Ingress rules often use controller specific annotations
• Implementations may defy abstractions
• AWS Cert management hides private keys, while
letsencrypt K8S integration
• Managed vs self-hosted
• Self-hosted is more difficult to operate than managed
• Data synchronization / replication
• Cross-environment ingress management
• Cross-environment operations
24. Gotchas and Considerations
• Implementations are different
• Functionality
• SLA, QoS, Performance
• Tuning
• Managed services may be better tuned for hardware
• Self-hosted services may be better tuned for applications
• Examples
• AWS EBS are AZ local
• Letsencrypt certificate issuance rate limits
25. Takeaways
• Kubernetes provides powerful and flexible
infrastructure abstractions: PV, Ingress, Services
etc
• Kubernetes enables and simplifies usage of self-
hosted resources and frameworks where
managed ones are not available
• Well-designed cloud native Kubernetes
applications are portable, and easy to test,
experiment, and configure
Kublr CTO
Building Kublr – a platform for managing Kubernetes clusters in an enterprise
Feel free to ask questions as you have them
As they say, good portability is a two way street.
Application should be designed for portability, but technology stack and environments you use should support it too.
We will focus on technology stack and environment, but here is also a brief note on application design.
Those are also “hard problems”
AWS, Azure
Same platform differences
…
So platforms differ.
Shell we limit ourselves to the least common denominator of the services available in different environments?
Extreme ease and flexibility of component configurations and connections
Container orchestration
Abstractions and extensible framework for ingress traffic processing
Service
Ingress and Ingress Controllers
Abstractions and extensible framework for storage management
Volumes and Persistent Volumes
Configuration templating tools
Helm
Microservices and Serverless frameworks