Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cloud-Native: A New Ecosystem for Putting Containers into Production

49 views

Published on

Updated version for CloudExpo 2019
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications.

Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addresses many of the challenges faced by developers and operators as monolithic applications transition towards a distributed microservice architecture. A tracing tool like Jaeger analyzes what's happening as a transaction moves through a distributed system. Monitoring software like Prometheus captures time-series events for real-time alerting and other uses. Grafeas and Kritis provide security policy attestation and enforcement. And there are many more.

In short, there's an entire new cloud-native ecosystem growing up around containers. Come to this talk by Red Hat technology evangelist Gordon Haff and learn all about it.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Cloud-Native: A New Ecosystem for Putting Containers into Production

  1. 1. Cloud-Native: A New Ecosystem for Putting Containers into Production Gordon Haff, Emerging Tech Evangelist June 2019 @ghaff
  2. 2. 2 Who am I? ● Evangelist for emerging technologies and practices at Red Hat ● Author of How Open Source Ate Software, etc. ● Former IT industry analyst ● Former big system guy ● Website: http://www.bitmasons.com
  3. 3. 3 Virtual machines looked like servers ● Heterogeneous environments ● Can scale-up ● Direct support for “enterprise” storage ● Support complex network topologies ● “Pet” features like live migration
  4. 4. 4 Without the low utilization
  5. 5. 5 This was sort of the point
  6. 6. 6 ● Physical ● Logical ● Virtual ● Containers ● Application ● Etc.
  7. 7. 7 Containers change how we develop, deploy, and manage applications ● Sandboxed processes on shared Linux kernel ● Simpler, lighter, and denser than VMs ● Portable across different environments INFRASTRUCTURE APPLICATIONS ● Package application with all dependencies ● Fast & repeatable deployments with CI/CD ● Immutable modular components
  8. 8. 8 This is looking different from servers
  9. 9. 9 This was also the point
  10. 10. 10 Containers necessary foundation but not sufficient ● OCI Image spec ● OCI runtime spec (e.g. runc) ● OCI distribution spec
  11. 11. 11 It takes a… city? Cloud Native Computing Landscape https://landscape.cncf.io/
  12. 12. 12 Containers necessary foundation but not sufficient ● OCI Image spec ● OCI runtime spec (e.g. runc) ● OCI distribution spec
  13. 13. 13 Containers necessary foundation but not sufficient ● Containers depend on the Linux kernel for security, performance, compatibility, and more SELinux Namespaces Cgroups SeccompCapabilities
  14. 14. 14 Modular open container tooling ● Build containers ● Inspect containers ● Run containers ● Work with containers at command line ● Modular *nix philosophy ● Minimize attack surface #nobigfatdaemons
  15. 15. 15 Operate containers at scale ● Originally from Google, inspired by Borg ● Container orchestration & resource management ● Declarative deployments of containerized applications https://thenewstack.io/kubernetes-deployments-work/
  16. 16. 16 Interface containers to orchestration ● Work with Kubernetes to manage and run OCI runtimes ● Pulls images from registry ● Handles networking through Container Network Interface (CNI) ● Clean interface boundaries Container Runtime Daemon e.g. crio Container Runtime Interface CRI-O Kubernetes Kublet Linux Container }OCI Compliance Container Runtime e.g. runC
  17. 17. 17 Deploy complete applications ● Method of packaging, deploying and managing a Kubernetes application ● Encode the human operational knowledge normally required to help keep services running optimally ● Help to execute best practices
  18. 18. 18 Store artifacts in enterprise registries SKOPEO Image Repository Image Registry Host /var/lib/containers /var/lib/docker ● Geo-replication and HA ● Access controls ● Remote metadata inspection ● Automated builds ● Security scans
  19. 19. 19 Connect services ● Configurable service mesh infrastructure layer for a microservices application ● Provides service discovery, load balancing, encryption, authentication and authorization ● Common set of language-independent services any application can use
  20. 20. 20 Monitor the running apps/services ● Time series data model identified by metric name and key/value pairs ● Collection happens via a pull model over HTTP ● Values reliability even under failure conditions over 100% accuracy ● Came from web-scale DevSecOps
  21. 21. 21 Log and analyze Events: Cloud, Host, Container, Application Event and Log aggregation Normalize and store Visualize and Alert
  22. 22. 22 Observe (the new distributed normal) ● Visualize service mesh topology (Kiali) ● Distributed tracing (Jaeger) ● Performance and latency optimization ● Service dependency analysis
  23. 23. 23 Serverless ● Framework for event-driven programming ● Not just functions-as-a-service (FaaS) ● Both architectural and pricing model
  24. 24. 24 Getting started: DIY? ● Visualize service mesh topology (Kiali) ● Distributed tracing (Jaeger) ● Performance and latency optimization ● Service dependency analysis
  25. 25. 25 Curating and integrating cloud native OpenShift Application Lifecycle Management (CI/CD) Build Automation Deployment Automation Service Catalog (Language Runtimes, Middleware, Databases) Self-Service Infrastructure Automation & Cockpit Networking Storage Registry Logs & Metrics Security Container Orchestration & Cluster Management (Kubernetes) Red Hat Enterprise LinuxAnsible / CloudForms RHEL Container Runtime & Packaging (SELinux and SCC) Enterprise Container Host
  26. 26. 26 IT’S ABOUT GETTING TO YOUR DESTINATION, NOT JUST A CONTAINER THANK YOU!

×