Matt Johnson - My developer journey towards true hybrid cloud with Kubernetes - Codemotion Milan 2018
0 likes117 views
The document details Matt Johnson's personal exploration of hybrid cloud technologies, focusing on the evolution from traditional app deployments to modern containerized environments. It emphasizes the importance of Kubernetes and the Open Service Broker for creating standardized deployment processes across multiple cloud providers. The document also discusses the significance of security, monitoring, and automation in achieving a seamless hybrid cloud experience.
Matt Johnson - My developer journey towards true hybrid cloud with Kubernetes - Codemotion Milan 2018
- 2. Matt Johnson Technologist, Cisco DEVNET A personal journey towards Hybrid Cloud November 29th, 2018 CODEMOTION Milan @mattdashj @ciscodevnet
- 3. /usr SERVER ONE / /bin etc A Brief History Lesson One Old School App Deployments.
- 4. /usr SERVER ONE / /bin etc A Brief History Lesson One Old School App Deployments. APP 1 APP 1 APP 1 APP 2 APP 2 APP 2
- 5. /usr SERVER ONE / /bin etc A Brief History Lesson One Old School App Deployments. APP 1 APP 1 APP 1 APP 2 APP 2 APP 2 APP 3 APP 3APP 3
- 6. VM One SERVER ONE HYPERVISOR VM Two VM Three All Applications Happy. More “Servers” to manage. A Brief History Lesson One Virtual Machines / usr / / bin / etc / usr / / bin / etc / usr / / bin / etc APP 1 APP 1 APP 1 APP 2 APP 2 APP 2 APP 3 APP 3 APP 3
- 7. VM One SERVER ONE HYPERVISOR VM Two VM Three Configuration Management – Great until it isn’t. A Brief History Lesson One Virtual Machines / usr / / bin / etc / usr / / bin / etc / usr / / bin / etc APP 1 APP 1 APP 1 APP 2 APP 2 APP 2 APP 3 APP 3 APP 3 Config Management
- 8. VM One SERVER ONE HYPERVISOR LOCATION B Known good images. Things don’t change. New versions replace them. / usr / / bin / etc VM Image / usr / / bin / etc SNAPSHOT SERVER X HYPERVISOR DEPLOY LOCATION A VM Y / usr / / bin / etc
- 9. Dockerfile SERVER ONE CONTAINERD LOCATION B Known good images: Take Two. Things don’t change. New versions replace them. Container Image / usr / / bin / etc BUILD SERVER X CONTAINERD DEPLOY LOCATION A Container Y / usr / / bin / etc
- 10. So Why not VM’s? Not all VM’s are created equal. VM Image / usr / / bin / etc Built as.. Openstack Image? VMWare Image? Virtualbox Image? Xen Image? KVM Image? Deployment Automation: O(n) Europe On-Premise Americas On- Premise Pick a Cloud Provider
- 11. Example: Terraform Managed VM Compute Your tool is the same, but plugins are completely different. • That’s a lot of duplicate and change if each of your instances are virtual machines.
- 12. Containers could have missed the boat too.. VM Image / usr / / bin / etc Built as.. ONE Deployment Automation: O(n) Deployed to Mesos / Marathon? Kubernetes? DCOS? Docker Enterprise Edition? Native LXC?
- 13. Google Kubernetes Engine Amazon Elastic Kubernetes Service Azure Kubernetes Service Docker Enterprise Edition 2.0 Cisco Container Platform Mesosphere Kubernetes Engine
- 14. Imagine a world Where VSPHERE spoke the OPENSTACK API. And Vice Versa. Where automating deployments on them was one and the same thing.
- 15. One Definition per App. Globally. Cloud Provider A Cloud Provider B Headquarters EU Branch RetailHeadquarters US Environment settings may change. But the app is described once.
- 16. Get to the Kubernetes API… ASAP.
- 17. KUBERNETES SERVICE ACCOUNT SETUP PROVIDER X TERRAFORM GIT PROVIDER Y PROVIDER Z ACCOUNT SETUP PROVIDER X TERRAFORM GIT PROVIDER Y PROVIDER Z MANAGING K8S OBJETS COMPUTE COMPUTE ACCESS COMPUTE OS IMAGES LOGGING / MONITORING Minimum bootstrap to get away from proprietary API’s. Allows reduction of automation overhead. MISC PROVIDER SPECIFIC OBJECTS You still need to request Kubernetes. And hopefully you’re going to automate that.
- 18. A sidebar with on-premise. “Get to a layer that’s the same everywhere, ASAP, and let someone else manage the underlying complexity”
- 19. When you ask for KaaS. Do you care?
- 20. Historically hard to offer the same on-premise. RACK & CABLE MULTIPLETEAMS COMPUTE STORAGE NETWORK DESIGN REQUIREMENTS OPERATING SYSTEMS LICENCING OPEN STACK VMWARE CUSTOM SECURITY TOOLING ORCHESTRATION MONITORING & LOGGING
- 21. Private Cloud should feel like public cloud. Assured, Instant, API-Accessible, A Known Quantity. Cisco Container Platform
- 22. Cisco Container Platform Gets us to Kubernetes. Cisco Container Platform
- 24. </SIDEBAR>
- 25. So Kubernetes? That’s it? But it gives us the right mindset for hybrid & multicloud. Alas, no.
- 26. Feel like one Environment - For Deployments - For Access - For Security and Visibility Increase complexity (Linear). Require completely new tooling. “True Hybrid/MultiCloud” (In my personal opinion) SHOULD SHOULD NOT
- 27. Deployments Services IngressPersistence Feel like one Environment - For Deployments Where does Kubernetes get us too? Checking things off the wish list. Same deployment definition everywhere. Describing an App is more than just “this container”.
- 28. One Environment Control Complexity What else can we do? To move us closer? CI/CD Data Services Visibility End User Access
- 29. What else can we do? To move us closer? CI/CD Cloud Provider A Cloud Provider B Headquarters EU Branch RetailHeadquarters US
- 30. What else can we do? To move us closer? DATA SERVICES
- 31. Consumed Kubernetes… To land back in the same issue with services. DATA SERVICE VM / usr / / bin / etc Built as.. Openstack Image? VMWare Image? Virtualbox Image? Xen Image? KVM Image? Deployment Automation: O(n) Europe On-Premise Americas On- Premise Pick a Cloud Provider
- 32. Consumed Kubernetes… To land back in the same issue with services. DATA AS A SERVICE Deployment Automation: O(n) Cloud Provider A Cloud Provider B Cloud Provider C
- 33. Enter the Open Service Broker Doing for services what K8s does for apps. DATA SERVICES
- 34. Enter the Open Service Broker Doing for services what K8s does for apps. DATA SERVICES App Definition: Needs: 20GB Relational DB OpenServiceBroker Specific logic for creation of MySQL Instance OpenServiceBroker Specific logic for creation of Amazon Aurora instance No increase in complexity for defining app/service for multiple environments
- 35. Enter the Open Service Broker Doing for services what K8s does for apps. DATA SERVICES “AWS Service Broker supports a subset of AWS services, including Amazon Relational Database Service (Amazon RDS), Amazon EMR, Amazon DynamoDB, Amazon Simple Storage Service (Amazon S3), and Amazon Simple Queue Service (Amazon SQS); for a full list, see the AWS Service Broker documentation.” “GCP services available via Service Broker are: BigQuery, Cloud Bigtable, Cloud Pub/Sub, Cloud Spanner, Cloud SQL, Cloud Storage, Cloud IAM”
- 36. What else can we do? To move us closer? SECURITY VISIBILITY
- 37. Deployment Service Where does Kubernetes get us too? Checking things off the wish list. SECURITY Pod Pod Pod Pod Pod Pod
- 38. Deployment Service Where does Kubernetes get us too? Checking things off the wish list. SECURITY Pod Pod Killed Pod Pod Pod PodNew Pod
- 39. What else can we do? Cloud Security enables automated response to compromise. SECURITY Cloud Provider A Cloud Provider B Headquarters EU Branch RetailHeadquarters US
- 40. What else can we do? To move us closer?
- 41. What else can we do? Historically one “Mesh” per cluster SERVICE MESH Cloud Provider A Cloud Provider B Headquarters EU Branch RetailHeadquarters US
- 42. Extra Requirements What else can we do? Istio 0.8+ Multi Cluster control plane. SERVICE MESH Cloud Provider A Cloud Provider B Branch Retail
- 43. What else can we do? Istio as a policy-based CDN. SERVICE MESH Closest Entrypoint Remote Cluster C via TLS to endpoint a.b.c.d using certs
- 44. Join our AppDev community, Cisco DEVNET and talk to our mentors available at the Cisco Codemotion Milan booth! THOUGHTS AND FEEDBACK WELCOMED