Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The Challenges of Becoming Cloud Native

278 views

Published on

Talk presented at Cloud Native London meetup, 4th July 2017

Demos available online @ https://www.katacoda.com

Published in: Technology
  • Login to see the comments

  • Be the first to like this

The Challenges of Becoming Cloud Native

  1. 1. The Challenges of Becoming Cloud-Native Ben Hall Ben@Katacoda.com Katacoda.com
  2. 2. Hands up if one applies to your team • We need to deploy Windows applications • We’re still managing/refactoring our monolith • We may need to deploy 100s of microservices • We have “big data” • We’re not sure what Kubernetes/CloudNative is… • We need to teach Kubernetes/CloudNative ...
  3. 3. The challenges of becoming cloud-native • Deploying Windows Containers onto Kubernetes • Kubernetes Extending Traditional Applications • Handling Microservices with Istio
  4. 4. @Ben_Hall / Blog.BenHall.me.uk WHOAMI?
  5. 5. Katacoda Interactive Technical Training Platform Katacoda.com
  6. 6. Windows Containers
  7. 7. Cloud-Native Impact
  8. 8. > type Dockerfile FROM microsoft/iis:windowsservercore-10.0.14393.693 SHELL ["powershell", "-command"] RUN Install-WindowsFeature NET-Framework-45-ASPNET; Install- WindowsFeature Web-Asp-Net45 RUN Remove-Website -Name 'Default Web Site'; mkdir c:NerdDinner; New-Website -Name 'nerd-dinner' -Port 80 -PhysicalPath 'c:NerdDinner' -ApplicationPool '.NET v4.5‘ EXPOSE 80 COPY NerdDinner c:NerdDinner
  9. 9. PS C:> docker run -d -p 80:80 nerddinner
  10. 10. Cloud Native + Windows?
  11. 11. Microsoft & Red Hat https://github.com/kubernetes/features/issues/116
  12. 12. Does your application need to be Kubernetes aware?
  13. 13. Ingress Routing / Session Affinity / Local Only
  14. 14. apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test-ingress spec: rules: - host: katacoda.com http: paths: - path: /payments backend: serviceName: orders servicePort: 80 - backend: serviceName: app servicePort: 80
  15. 15. apiVersion: extensions/v1beta1 kind: Ingress metadata: name: test-ingress spec: rules: - host: katacoda.com http: paths: - path: /payments backend: serviceName: orders servicePort: 80 - backend: serviceName: app servicePort: 80
  16. 16. apiVersion: extensions/v1beta1 kind: Ingress metadata: name: nginx-test annotations: kubernetes.io/ingress.class: "nginx" ingress.kubernetes.io/affinity: "cookie" ingress.kubernetes.io/session-cookie-name: "route" ingress.kubernetes.io/session-cookie-hash: "sha1" spec: rules: - host: stickyingress.example.com http: paths: - backend: serviceName: nginx-service servicePort: 80 path: /
  17. 17. apiVersion: v1 kind: Service metadata: name: echoheaders-nodeport annotations: service.beta.kubernetes.io/external-traffic: OnlyLocal labels: app: echoheaders-nodeport spec: type: NodePort ports: - port: 80 nodePort: 30416 targetPort: 8080 protocol: TCP name: http selector: app: echoheaders
  18. 18. Pods, Sidecars, Controllers
  19. 19. Creating a Custom Controller Controller Manager Scheduler API Server etcd
  20. 20. Creating a Custom Controller Controller Manager Scheduler API Server etcd Custom Controller Custom Controller Custom Controller
  21. 21. Kelsey’s Secrets Controller
  22. 22. apiVersion: extensions/v1beta1 kind: ReplicaSet metadata: name: secrets-controller labels: app: secrets-controller spec: replicas: 1 template: metadata: labels: name: secrets-controller spec: containers: - name: secrets-controller image: gcr.io/hightowerlabs/secrets-controller:0.0.3 env: - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace args: - "-namespace=$(NAMESPACE)" - "-secretName=oscon" - "-vault-addr=http://vault-0.vault.$(NAMESPACE).svc.cluster.local:8200" - "-vault-token=3e4a5ba1-oscon-422b-d1db-844979cab098”
  23. 23. func main() { k8sClient, err = k8s.NewInClusterClient() k8sClient.Namespace = namespace // Create a Vault client. vaultClient, err = vaultapi.NewClient(vaultapi.DefaultConfig()) vaultClient.SetToken(vaultToken) go func() { for { time.Sleep(10 * time.Second) err := syncSecret() if err != nil { log.Println(err) } } }() quit := make(chan os.Signal, 1) signal.Notify(quit, syscall.SIGINT, syscall.SIGTERM) <-quit log.Printf("Shutdown signal received, exiting...") }
  24. 24. Pods and Sidecars
  25. 25. Sidecars as adapters
  26. 26. Kubernetes DNS
  27. 27. Kubernetes DNS
  28. 28. Statd to Prometheus sidecar
  29. 29. Your Application statsd_exporter localhost:9125 Prometheus Pod 1 Pod 2
  30. 30. DaemonSet + Prometheus
  31. 31. apiVersion: v1 kind: Service metadata: annotations: prometheus.io/scrape: 'true' labels: app: node-exporter name: node-exporter name: node-exporter spec: clusterIP: None ports: - name: scrape port: 9100 protocol: TCP selector: app: node-exporter type: ClusterIP
  32. 32. https://www.linkedin.com/pulse/dependency-hell-microservices-how-avoid-nabil-hijazi
  33. 33. Service Mesh
  34. 34. Service Mesh • A service mesh is a dedicated infrastructure layer for making service-to-service communication safe, fast, and reliable. • If you’re building a cloud native application, you need a service mesh! https://blog.buoyant.io/2017/04/25/whats-a-service-mesh-and-why-do-i-need-one/
  35. 35. Prometheus Insights
  36. 36. Zipkin Integration
  37. 37. Service-to-Service TLS Encryption
  38. 38. Kuber… What?
  39. 39. Teach your teams cloud-native
  40. 40. Thank you @Ben_Hall Ben@Katacoda.com Katacoda.com

×