Cloud Native Summit 2019 Summary
Download as PPTX, PDF•0 likes•206 views
The document summarizes key topics from the Cloud Native Summit conference, including: - Distributed tracing and Zipkin, which allows visibility into request paths and troubleshooting of latency issues. Zipkin is an open source distributed tracing system. - Production ready Kubernetes clusters on Catalyst Cloud, which provides security, high availability, and scalability for containerized applications. - Building serverless applications at scale using services like AWS Lambda, and addressing concurrency bottlenecks when autoscaling. - Istio service mesh, which provides control of traffic policies, authentication, and observability across distributed services through its control plane and sidecar proxy architecture. - GitOps for infrastructure as code deployments on Open
Cloud Native Summit 2019 Summary
- 3. CNS is an international tech conference where you will learn in a friendly and inclusive environment about the latest innovations and best practices in o Cloud Native Transformation o software development o DevOps principles o Microservices o Service Mesh o Continuous Delivery o Container technologies o automating IT operations o Testing o Security and more https://www.cloudnativesummit.co/nz/ Cloud Native Summit
- 4. o Cloud-Native is an approach to building and running applications that exploits the advantages of the cloud computing delivery model. o It is about how applications are created and deployed, not where o Apps are loosely coupled, meaning the code is not hard-wired to any of the infrastructure components, so that the app can scale up and down on demand and embrace the concepts of immutable infrastructure. o Not only that, but it even has its own foundation: the Cloud Native Computing Foundation (CNCF), launched in 2015 by the Linux Foundation. o https://www.cncf.io/ Cloud Native
- 5. Summaries
- 6. Distributed Tracing and Zipkin Adrian Cole (Pivotal) Benefits o See your architecture with live dependency diagrams built from traces o Allows for faster identification and isolation of bugs and performance problems in the dist sys o Distributed tracing lets you see the path that a request takes as it travels through a distributed system. o Helps gather timing data needed to troubleshoot latency problems in service architectures, reduce triage time, visualise latency and understand complexity o Includes both the collection and lookup of this data and one can setup the tracing system from scratch using Docker o Zipkin is distributed tracing system created by Twitter. Compatible with 3rd party libraries, proxies, etc For More Info o https://zipkin.io/ 1
- 7. o Catalyst Cloud based in NZ is a cloud provider that builds private cloud for customers using the same technology used by their public cloud. o OpenStack Magnum is a container orchestration engine provisioning service that make it easy to deploy, manage, and scale Kubernetes clusters to run containerised applications Benefits o Strong Security: Rolling upgrades and patching, new policies, authentication, etc. o High Availability/Resiliency o Performance escalation For More Info o https://catalystcloud.nz/services/paas/kubernetes/ Production Ready Kubernetes Clusters Bruno Lago and Fei Long Wang (Catalyst Cloud)2
- 8. o Serverless simply means that you don’t have to manage the servers on which your application runs o No worry about scaling your application as the load increases, it is handled automatically! o However when at scale, concurrency problems with bottleneck when spinning up autoscalers that take 10-15 minutes to spin up o Lambdas reading from Kinesis streams and SQS Benefits o Auto-scaling high demand applications (millions of requests) without bottleneck Building Serverless Applications at Scale Vanessa Thornton (Xero)3 For More Info o Practice proactive performance testing o Serverless Artillery (Testing Suite) - https://github.com/Nordstrom/serverless-artillery o Jtest o Roll your own Problem with many API calls Solution using Kinesis
- 9. o IT shift to a modern distributed architecture has left enterprises unable to monitor, connect, manage, & secure their services in a consistent way. o Pilot - Control plane to configure and push service communication policies. o Envoy - Network proxy to intercept communication and apply policies. o Mixer - Policy enforcement with a flexible plugin model for providers for a policy. o Citadel - Service-to-service auth using mutual TLS, with built-in identity and credential management. o Galley - Configuration validation, distribution Benefits o Service mesh moves these facets out of the application for better division of labour and... o Consistency across the fleet o Centralized control For More Info o http://bit.ly/cns-2019 Practical Istio Zack Butcher (Tetrate)4
- 10. o GitOps is a paradigm or a set of practices that empowers developers to perform tasks which typically fall under the purview of IT operations Consistency (Via Versioning) o The flow 1. Users 2. Git 3. Pipelines 4. Environment Benefits o Consistency (Via Versioning) o Self-service (Via Git) o Flexibility For More Info o https://platform.deloitte.com.au/articles/gitops- driven-deployments-on-openshift GitOps Driven Deployments on OpenShift Everett Toews and Heather Cumberworth-Lane (Deloitte/Education Payroll Ltd)5
- 11. o System Quality Attributes: 1. Coding Standards/Design Patterns 2. Templates ( e.g Spring boot actuator template) 3. Client Library (e.g AWS SDK client library) 4. Platform Library 5. Mesh (Istio) 6. Container Orchestration ( Kubernetes and ECS) Mastering Consistency in Microservices Architectures Andy Marks (ThoughtWorks)6 21/26 21/30 12/24 16/22 13/30 26/29 Coding Standard Template Services Client Library Platform Library Mesh Container Orchestration ? 75% using Spring boots ? ? 70% using Istio 60% Kubernetes 26% Amazon ECS Survey Results from 30 Tech teams o Autonomy vs Consistency o Scaling vs Logging o Coupling vs Security o Speed vs Resiliency
- 12. o Dev Ops responsibility split o Event driven architecture o Event stream to replace logging and metrics for meaningful reporting o Instrument everything o Data platform to allow for more accessibility to query – allow for data teams, security teams, networking teams etc. o Eg. Haystack from Expedia Observability for Everyone Inny So and Andrew Jones (Thoughtworks)7
- 13. The Nature and Characteristics of Adopting Hybrid Cloud Mandi Buswell (RedHat)8 Hybrid cloud is a combination of public and private clouds o The interconnection is multi-layered o Burstable/elastic compute o Network interconnectivity o Storage and data o The considerations at all levels need to be aligned o Abstraction o Orchestration/Automation/Operational Control o Visibility/Connectivity o Portability/Sustainability/Scalability o Security/Reliability o Open or closed? o Principles of reference for hybrid cloud o Infrastructure software across all footprints and intelligent routing o Cloud-native app platforms o Management and automation o Open/standards based o Security first Four Core Scenarios of Hybrid Cloud Deployments
- 14. o Portable open source serverless Kubernetes o Build o Easy-to-use, simple source-to-container builds o Focus on writing code o Serving o Run serverless containers on Kubernetes o Takes care of networking, scaling (even to zero) and revision tracking o Focus on core logic o Eventing o Universal description, delivery and management of events o Build modern apps by attaching compute to data stream with declarative event connectivity and developer-friendly object model o Middleware tools that allow for extending Kubernetes to run anywhere o Knative o OpenFaaS o Keda Serverless runtimes on top of Kubernetes: a developer guide Scott Coulton (Microsoft)9
- 15. o Asynchronous. Resilience, flexibility, replay o What is an event? A fact with no expectation of future consequences. o Immutable, grows over time, cannot be retracted o Embrace eventual consistency o Allows you to have your data ready for future forecasting and queries Preparing for the event-driven world Kiru Samapathy (Thoughtworks)10
- 16. o Containers are just processes, have their own filesystem and network but share a kernel o Workload or cluster compromise o Defence - Minimise container image attack surface o Supply chain (deps, images, git), o Pipeline controls (Secrets Mgmt, Gitops) o Infrastructure o Linux security (Apparmor) o Cluster (RBAC) o Network (network policy) o Use recommended controllers and restrictions o Think of security at the design process o Perform threat modelling o Document data flow and attack trees o Make security everyone’s job and part of your org’s culture (DevSecOps) o Slides - tiny.cc/iyfsaz Kubernetes Security Low-Hanging Fruit Luke Bond (Control Plane)11
- 17. o The complexity is real. Innovate. o Subtraction. Remove yourself. Let others take over. o Cropping. Move yourself from one team to another. o Adopted observability strategy o Alerting strategy o Getting Insights into your application right from code commit and the impact of each code change o Identifying Patterns and trends across your digital footprint o Establishing reasonable thresholds and minimising alerting fatigue o Ingest-store-visualise to break down system of systems - embrace controlled vs chaos engineering o Accountability and Responsibility - Gaining full visibility into your applications, dependencies and containers and the relationships between them Escaping Enterprise Complexity Diana Omuoyo & Nik Jain (New Relic)12
- 18. o Metrics. Sequence of data points, measuring the same thing over time o Histograms and tracing o 3D Observability to understand the system and removing bottlenecks o Being able to identify and isolate the bug easily allows for BeachOps o All for customer happiness Metrics, Histograms, Traces Annie Lin (VMWare)13
- 19. Will open-source (Kubernetes) be able to compete with enterprise? o Kubernetes is the new Linux – however not always the right choice o Open source awesome but way too many options o Tie it to business value and solving customer problems o Technical debt – security, compliance etc but especially adoption o Open standard and open cloud for open source - enterprise offers support o Commercial model wraps around open source to make it possible through vendors o Open source drives maturity of features that drives feature dev and adoption o Kubernetes made it more secure or made attack surface bigger by being more complex? - larger adoption means larger risk, however more eyes to spot vulnerabilities o Need more maturity on standards like the electricity industry Panel Kelly Griffin (Ranchers Labs), Mandi Buswell (RedHat), Roman Tarnavski (VMWare), Bruno Lago (Catalyst Cloud)14
- 20. Thank you