Application
placement
constraints

Carlo Alberto Ferraris

DevOps Engineer

Rakuten Platform as a Service

 

@cafxx

Placement constraints

Load segregation

SECURITY

network ISOLATION

"No, you can't bind dev and prod networks to the same VM"

COMPUTE RESOURCES ISOLATION

Side-channel? Which side-channel?

performance factors

premium resources

I hate noisy neighbors

Where's my GPU?

I love the smell of bare metal in the morning

ECONOMY-CLASS resources

Overcommit to 11

Best-effort service level

ELASTIC CLUSTERS

"isolate workloads across separate networks, IaaS providers, and datacenters to meet compliance, availability, [...] cost requirements [and] compliance requirements with respect to their network isolation and accessibility"

THE STACK HACK

- name: dea
  properties:
    dea_next:
      stacks:
      - name: cflinuxfs2
        package_path: /var/vcap/packages/rootfs_cflinuxfs2/rootfs
- name: dea
  properties:
    dea_next:
      stacks:
      - name: cflinuxfs2        
        package_path: /var/vcap/packages/rootfs_cflinuxfs2/rootfs
      - name: myotherstack
        package_path: /var/vcap/packages/rootfs_myotherstack/rootfs
cf push -s cflinuxfs2     # deploy to dea
cf push -s myotherstack   # deploy to dea

- name: dea_cflinuxfs2
  properties:
    dea_next:
      stacks:
      - name: cflinuxfs2
        package_path: /var/vcap/packages/rootfs_cflinuxfs2/rootfs

- name: dea_myotherstack
  properties:
    dea_next:
      stacks:
      - name: myotherstack
        package_path: /var/vcap/packages/rootfs_myotherstack/rootfs

 

cf push -s cflinuxfs2    # deploy to dea_cflinuxfs2
cf push -s myotherstack  # deploy to dea_myotherstack

- name: dea
  properties:
    dea_next:
      stacks:
      - name: cflinuxfs2
        package_path: /var/vcap/packages/rootfs_cflinuxfs2/rootfs

- name: dea_b
  properties:
    dea_next:
      stacks:
      - name: cflinuxfs2_b
        package_path: /var/vcap/packages/rootfs_cflinuxfs2/rootfs
cf push -s cflinuxfs2    # deploy to dea_cflinuxfs2 (cflinuxfs2)
cf push -s cflinuxfs2_b  # deploy to dea_cflinuxfs2_b (cflinuxfs2)

- name: dea_high_performance
  properties:
    dea_next:
      stacks:
      - name: high_performance
        package_path: /var/vcap/packages/rootfs_cflinuxfs2/rootfs
  resource_pool: dea_high_performance_pool

- name: dea_low_performance
  properties:
    dea_next:
      stacks:
      - name: low_performance
        package_path: /var/vcap/packages/rootfs_cflinuxfs2/rootfs
  resource_pool: dea_low_performance_pool 

 

cf push -s high_performance
cf push -s low_performance

- name: dea_production
  properties:
    dea_next:
      stacks:
      - name: production
        package_path: /var/vcap/packages/rootfs_cflinuxfs2/rootfs
  resource_pool: dea_production_pool

- name: dea_development
  properties:
    dea_next:
      stacks:
      - name: development
        package_path: /var/vcap/packages/rootfs_cflinuxfs2/rootfs
  resource_pool: dea_development_pool 

 

cf push -s production
cf push -s development

ALL GOOD AND WELL?

NOT REALLY

Requires configuring/patching the buildpacks

Makes monitoring more complicated

NOT REALLY

One more knob for the users

(although they have plenty to shoot
themselves in the foot with already)

NOT REALLY

(but it's definitely worth it)

Made with Slides.com