Lee Calcote
Clouds, containers, functions, applications and their management.
November 2018
from containers to functions
Electrical and Computer Engineering
The University of Texas at Austin
Lee Calcote
October 2017
Electrical and Computer Engineering
The University of Texas at Austin
eth0
eth1
container
network namespace
Host
l0
loopback 0
host network namespace
clouds, containers, functions, applications, and their management
visit layer5.io for more
service mesh playground
compliments of NGINX
Missing: functions, unikernels, other? Needs pivoted to describe principles.
Development Process
Application Architecture
Deployment and Packaging
Application Infrastructure
Agile
Waterfall
DevOps
N-Tier
Monolithic
Microservices
Cloud
Containers
Physical Servers
Virtual Servers
Data Center
Hosted
Evolution to Cloud Native
Functions
Serverless
Events
SRE
(Unikernels)
bare metal
AND
virtual machines
AND
containers
AND
unikernels
AND
functions
We hold these truths to be self-evident...
Disclaimer: I'm a Docker Captain and organize Docker Austin.
450+
Docker EE customers
27B
Container downloads
200+
Docker Meetups
Containers are the “Fastest Growing Cloud Enabling Technology”
- 451 Research
"By 2020, more than 50% of global organizations will be running containers in production."
- Gartner
15K
Job listings on LinkedIn
3.5M
Dockerized Apps
Use namespaces to deal with resource isolation for a single process.
Use cgroups to manage resources for a group of processes.
Types of Containers - Cloud Native way
[k uh n- tey -ner]
[ awr -k uh -streyt-or]
Definition:
Cluster Management
Host Discovery
Host Health Monitoring
Scheduling
Orchestrator Updates and Host Maintenance
Service Discovery
Networking and Load-Balancing
Stateful services
Multi-tenant, multi-region
Application Health & Performance Monitoring
Application Deployments
Application Secrets
Docker Swarm 1.11 (Standalone)
Docker Swarm Mode 1.12 (Swarmkit)
A high-level perspective of the container orchestrator spectrum.
The first few services are relatively easy
Democratization of language and technology choice
Faster delivery, service teams running independently, rolling updates
The next 10 or so may introduce pain
Language and framework specific libraries
Distributed environments, ephemeral infrastructure, out-moded tooling
The "layer 5" challenge
• Observability
• Logging
• Metrics
• Tracing
• Traffic Control
• Resiliency
• Efficiency
• Security
• Policy
a dedicated layer for managing service-to-service communication
so, a microservices platform?
obviously.
Orchestrators don't bring all that you need
and neither do service meshes,
but they do get you closer.
Missing: application lifecycle management, but not by much
partially.
Missing: distributed debugging; provide nascent visibility (topology)
An open platform to connect, manage, and secure microservices
Observability
Resiliency
Traffic Control
Security
Policy Enforcement
@IstioMesh
is what gets people hooked on service metrics
Metrics without instrumenting apps
Consistent metrics across fleet
Trace flow of requests across services
Portable across metric backend providers
You get a metric! You get a metric! Everyone gets a metric!
control over chaos
Timeouts and Retries with timeout budget
Circuit breakers and Health checks
Control connection pool size and request load
content-based traffic steering
Control Plane
Data Plane
Touches every packet/request in the system. Responsible for service discovery, health checking, routing, load balancing, authentication, authorization and observability.
Provides policy and configuration for services in the mesh.
Takes a set of isolated stateless sidecar proxies and turns them into a service mesh.
Does not touch any packets/requests in the system.
Pilot
Auth
Mixer
Control Plane
Data Plane
istio-system namespace
policy check
Foo Pod
Proxy sidecar
Service Foo
tls certs
discovery & config
Foo Container
Bar Pod
Proxy sidecar
Service Bar
Bar Container
Out-of-band telemetry propagation
telemetry
reports
Control flow during request processing
application traffic
application traffic
application namespace
telemetry reports
Increasing focus on business logic
Decreasing concern (and control) over infrastructure implementation
Bare metal
VMs
Containers
Functions
VM
VM
VM
VM
No compute cost when idle.
Flexible and precise scaling.
No provisioning, updating, and managing server infrastructure.
with a few caveats
consider serverless when your workload is...
A library operating system
application
openGL
gtk
iconv
libgmp
libz
libstd++
libgcc
libc
kernel
libtls
a way of cross-compiling (existing) applications down to very small, lightweight, secure virtual machine
application
Microservices are (intended to be) small, self-contained, single-purpose applications.
Unikernels cannot handle multiple processes, so forking is not allowed.
Unikernels can handle threads.
Are single user, but who needs multiple users?
Can statically link data into application.
enforced
Unik - Unikernel Compiler and Deployment
Disclaimer: I'm a Cloud Native Ambassador and TOC Contributor
a vendor-neutral foundation to...
170 Members
cncf.io
...a community of open source projects, including Kubernetes, Envoy and Prometheus.
Kubernetes and other CNCF projects are some of the highest velocity projects in the history of open source.
Cloud Native Interactive Landscape
Cloud Native Landscape
Disclaimer: I organize the Austin CNCF meetup.
KubeCon + CloudNativeCon Attendees
Members of CNCF Meetups
Creating a common model for event data, similar to CNI and CSI. Coalescing on a single format between a few proposals:
Cloud-Native Event Mapping (CNEM) – (iguazio)
CloudEvents – (Serverless, Inc.)
Cloud Auditing Data Federation – (IBM, DMTF)
Event Specification |
CloudEvents.io
Stewarding the Networking working group.
Participating in the OpenMetrics working group.
Integrated with Prometheus, Istio, OpenTracing and OpenCensus.
Run Kubernetes, Prometheus, Open Policy Agent.
from containers to functions
This has been an infrastructure tour.
What about processes and organization?CI/CD, DevOps and SRE
clouds, containers, functions,
applications and their management
By Lee Calcote
Presented at UT Austin Electrical and Computer Engineering school. Discussion of what it means to be Cloud Native - from containers to functions.
Clouds, containers, functions, applications and their management.