What it means to be
Cloud Native
November 2018
from containers to functions
Electrical and Computer Engineering
The University of Texas at Austin
Introduction to Container Networking
Lee Calcote
October 2017
Electrical and Computer Engineering
The University of Texas at Austin
eth0
eth1
container
network namespace
Host
l0
loopback 0
host network namespace
clouds, containers, functions, applications, and their management
Meshery
visit layer5.io for more
service mesh playground
Now Available
compliments of NGINX
What is Cloud Native?
-
Containerized. Each part (applications, processes, etc) is packaged in its own container. This facilitates reproducibility, transparency, and resource isolation.
-
Dynamically orchestrated. Containers are actively scheduled and managed to optimize resource utilization.
- Microservices oriented. Applications are segmented into microservices. This significantly increases the overall agility and maintainability of applications.
Missing: functions, unikernels, other? Needs pivoted to describe principles.
Development Process
Application Architecture
Deployment and Packaging
Application Infrastructure
Agile
Waterfall
DevOps
N-Tier
Monolithic
Microservices
Cloud
Containers
Physical Servers
Virtual Servers
Data Center
Hosted
Evolution to Cloud Native
λ
Functions
Serverless
Events
SRE
(Unikernels)
bare metal
AND
virtual machines
AND
containers
AND
unikernels
AND
functions
the future is AND not OR
We hold these truths to be self-evident...
From Engines to Orchestrators
Disclaimer: I'm a Docker Captain and organize Docker Austin.
450+
Docker EE customers
27B
Container downloads
200+
Docker Meetups
Containers are the “Fastest Growing Cloud Enabling Technology”
- 451 Research
"By 2020, more than 50% of global organizations will be running containers in production."
- Gartner
15K
Job listings on LinkedIn
3.5M
Dockerized Apps
System Containers
- Like a VM
- Full OS image
- Multiple processes
Application Containers
- Single process
-
Use namespaces to deal with resource isolation for a single process.
-
Use cgroups to manage resources for a group of processes.
Similarities:
Types of Containers - Cloud Native way
[k uh n- tey -ner]
[ awr -k uh -streyt-or]
Definition:
Core
Capabilities
-
Cluster Management
-
Host Discovery
-
Host Health Monitoring
-
-
Scheduling
-
Orchestrator Updates and Host Maintenance
-
Service Discovery
-
Networking and Load-Balancing
-
Stateful services
-
Multi-tenant, multi-region
Additional
Key Capabilities
-
Application Health & Performance Monitoring
-
Application Deployments
-
Application Secrets
Nomad Architecture
Docker Swarm 1.11 (Standalone)
Docker Swarm Mode 1.12 (Swarmkit)
+
Kubernetes Architecture
Mesos Architecture
A high-level perspective of the container orchestrator spectrum.
Microservices
The more, the more merrier?
Benefits
The first few services are relatively easy
Democratization of language and technology choice
Faster delivery, service teams running independently, rolling updates
Challenges
The next 10 or so may introduce pain
Language and framework specific libraries
Distributed environments, ephemeral infrastructure, out-moded tooling
Which is why...
I have a container orchestrator, right?
The "layer 5" challenge
What do we need?
• Observability
• Logging
• Metrics
• Tracing
• Traffic Control
• Resiliency
• Efficiency
• Security
• Policy
a Service Mesh
What is a Service Mesh?
a dedicated layer for managing service-to-service communication
so, a microservices platform?
obviously.
Orchestrators don't bring all that you need
and neither do service meshes,
but they do get you closer.
Missing: application lifecycle management, but not by much
partially.
a services-first network
Missing: distributed debugging; provide nascent visibility (topology)
Istio
An open platform to connect, manage, and secure microservices
-
Observability
-
Resiliency
-
Traffic Control
-
Security
-
Policy Enforcement
@IstioMesh
Observability
is what gets people hooked on service metrics
Goals
-
Metrics without instrumenting apps
-
Consistent metrics across fleet
-
Trace flow of requests across services
-
Portable across metric backend providers
You get a metric! You get a metric! Everyone gets a metric!
Traffic Control
control over chaos
- Traffic splitting
- L7 tag based routing?
- Traffic steering
- Look at the contents of a request and route it to a specific set of instances.
- Ingress and egress routing
Resilency
- Systematic fault injection
-
Timeouts and Retries with timeout budget
-
Circuit breakers and Health checks
-
Control connection pool size and request load
content-based traffic steering
Istio Architecture
Control Plane
Data Plane
Touches every packet/request in the system. Responsible for service discovery, health checking, routing, load balancing, authentication, authorization and observability.
Provides policy and configuration for services in the mesh.
Takes a set of isolated stateless sidecar proxies and turns them into a service mesh.
Does not touch any packets/requests in the system.
Istio Architecture
Pilot
Auth
Mixer
Control Plane
Data Plane
istio-system namespace
policy check
Foo Pod
Proxy sidecar
Service Foo
tls certs
discovery & config
Foo Container
Bar Pod
Proxy sidecar
Service Bar
Bar Container
Out-of-band telemetry propagation
telemetry
reports
Control flow during request processing
application traffic
application traffic
application namespace
telemetry reports
Functions
λ
But why?
Increasing focus on business logic
Decreasing concern (and control) over infrastructure implementation
Bare metal
VMs
Containers
Functions
- Faster start-up times
- Better resource utilization
- Finer-grained management
- Splitting up the monolith
VM
VM
VM
VM
λ
The Promised Land
No compute cost when idle.
Flexible and precise scaling.
No provisioning, updating, and managing server infrastructure.
with a few caveats
When to Use
- Asynchronous, concurrent, easy to parallelize into independent units of work
- Infrequent or has sporadic demand, with large, unpredictable variance in scaling requirements
- Stateless, ephemeral, without a major need for instantaneous cold start time
- Highly dynamic in terms of changing business requirements that drive a need for accelerated developer velocity
consider serverless when your workload is...
Serverless
Pain
Points
What is a Unikernel?
A library operating system
application
openGL
gtk
iconv
libgmp
libz
libstd++
libgcc
libc
kernel
libtls
a way of cross-compiling (existing) applications down to very small, lightweight, secure virtual machine
application
Microservices are (intended to be) small, self-contained, single-purpose applications.
Unikernels cannot handle multiple processes, so forking is not allowed.
Unikernels can handle threads.
Are single user, but who needs multiple users?
Can statically link data into application.
Immutable Infrastructure
enforced
Unik - Unikernel Compiler and Deployment
What is the CNCF?
- Foster growth and evolution of ecosystem
- Promote underlying technologies
- Provide stewardship for projects
- Make technologies accessible and reliable
Disclaimer: I'm a Cloud Native Ambassador and TOC Contributor
a vendor-neutral foundation to...
170 Members
cncf.io
Projects
...a community of open source projects, including Kubernetes, Envoy and Prometheus.
Kubernetes and other CNCF projects are some of the highest velocity projects in the history of open source.
Cloud Native Interactive Landscape
Cloud Native Landscape
Disclaimer: I organize the Austin CNCF meetup.
KubeCon + CloudNativeCon Attendees
Members of CNCF Meetups
Cloud Native Trail Map
Working Groups
- Formed in June 2017 at the request of CNCF Technical Oversight Committee (TOC)
- Asked for state of tech/community & recommendations for possible involvement
- Most key Serverless players involved
- IBM, VMWare, Google, Red Hat, Huawei, Microsoft, SolarWinds, Docker, iguazio, Amazon, MasterCard, Pivotal, Serverless Inc., Clay Labs, The New Stack, A Cloud Guru, Platform9, Bitnami, Auth0, and Hyper
Serverless WG
- Describes & defined Serverless
- Highlights promising use cases and areas where functions have already proven value
- Differentiates Serverless from PaaS and Container Orchestration
- Describes the mechanics of a generic Serverless system
- Identifies potential future "harmonization" the WG could look at
Serverless WG: White Paper
Creating a common model for event data, similar to CNI and CSI. Coalescing on a single format between a few proposals:
-
Cloud-Native Event Mapping (CNEM) – (iguazio)
-
CloudEvents – (Serverless, Inc.)
-
Cloud Auditing Data Federation – (IBM, DMTF)
Event Specification |
CloudEvents.io
Solarwinds Participation
- Our products included in Cloud Native Landscape.
-
Stewarding the Networking working group.
- Our works highlighted in CNI project adoption.
- We are on the OpenTracing Specification Council.
- SolarWinds working within Serverless WG.
- Published Serverless white paper. Creating CloudEvents.
-
Participating in the OpenMetrics working group.
-
Integrated with Prometheus, Istio, OpenTracing and OpenCensus.
-
Run Kubernetes, Prometheus, Open Policy Agent.
- Deliver analysis:
What it means to be
Cloud Native
from containers to functions
This has been an infrastructure tour.
What about processes and organization?CI/CD, DevOps and SRE
Lee Calcote
Thank you. Questions?
clouds, containers, functions,
applications and their management
