The focus of the interactive demonstration includes:
- Designing infrastructure for services in GCP and an on-premise data center
- Setup of environments using Google Kubernetes Engine and GKE On-Prem
- Configuration of Istio on GKE and launch of the demo application
- A demonstration of A/B testing with a vote for the final production design of the hybrid cross-environment application.
Target audience: CTOs, Architects, DevOps/System administrators.
Kubernetes design principles, patterns and ecosystemSreenivas Makam
Kubernetes began as Google's internal container orchestration system called Borg and was open sourced as Kubernetes in 2014. It uses a declarative model where users describe their application components and infrastructure as code to manage the desired state. Key principles include being extensible through custom resources and controllers, meeting users where they are through integration with applications, and decoupling applications from infrastructure. Common extension points allow customizing authorization, scheduling, resources, and controllers. Operators help manage custom applications and Prometheus is a widely used monitoring operator. Best practices for day 2 operations focus on cluster design, application patterns, and security. A rich ecosystem of tools has grown around Kubernetes.
Best Practices with Azure Kubernetes ServicesQAware GmbH
- AKS best practices discusses cluster isolation and resource management, storage, networking, network policies, securing the environment, scaling applications and clusters, and logging and monitoring for AKS clusters.
- It provides an overview of the different Kubernetes offerings in Azure (DIY, ACS Engine, and AKS), and recommends using at least 3 nodes for upgrades when using persistent volumes.
- The document discusses various AKS networking configurations like basic networking, advanced networking using Azure CNI, internal load balancers, ingress controllers, and network policies. It also covers cluster level security topics like IAM with AAD and RBAC.
Presentation in IBM Cloud Meet-up of Toronto
https://www.meetup.com/IBM-Cloud-Toronto/events/253903913/?_xtd=gatlbWFpbF9jbGlja9oAJGU3NmM3ZjdmLWE2NzgtNGVlNC1iNGZiLTBlZGE5ZWM0NDZjOQ
The document discusses Istio, an open source service mesh that provides traffic management, service migration and monitoring for microservices. It provides an overview of key Istio concepts like the control plane, data plane and components like Envoy, Pilot and Mixer. It also includes steps to install Istio on GKE and deploy a sample Bookinfo application to demonstrate traffic routing and load balancing capabilities.
Cloud Native Bern 05.2023 — Zero Trust VisibilityRaphaël PINSON
As the adoption of Kubernetes continues to grow, so does the need for securing containerized applications and their data. One effective security model that has gained popularity is Zero Trust Networking, which assumes that all resources, devices and users are untrusted, and access to resources is granted only after proper authentication and authorization. However, implementing Zero Trust Networking in Kubernetes can be challenging, given the dynamic nature of containerized workloads and the complexity of network policies.
In this presentation, we will explore how to implement Zero Trust Networking in Kubernetes using Cilium, Hubble & Grafana. We will start by setting up Cilium on a Kubernetes cluster, which provides network security by enforcing identity-based access control policies using eBPF. Next, we will export Network Policy Verdict metrics using Hubble, which allows us to visualize network policies and track security events in real-time. Finally, we will use a Grafana dashboard to visualize these metrics and demonstrate how to secure a Kubernetes namespace without affecting existing traffic in the namespace.
By the end of this presentation, attendees will have a good understanding of the importance of Zero Trust Networking in Kubernetes and how to implement it using Cilium, Hubble & Grafana. They will also learn how to secure a Kubernetes namespace and monitor network policies using a Grafana dashboard.
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Hello Cloud
Sai Linnthu is a founding partner at HelloCloud.io and discusses service meshes and Istio. Istio provides a framework-agnostic approach for managing communication policies and observability across cloud-native microservices. While Istio addresses many challenges of microservices, its complexity makes it difficult to use and manage across multiple clouds without additional capabilities like centralized metrics, access logging and lifecycle management.
Kubernetes design principles, patterns and ecosystemSreenivas Makam
Kubernetes began as Google's internal container orchestration system called Borg and was open sourced as Kubernetes in 2014. It uses a declarative model where users describe their application components and infrastructure as code to manage the desired state. Key principles include being extensible through custom resources and controllers, meeting users where they are through integration with applications, and decoupling applications from infrastructure. Common extension points allow customizing authorization, scheduling, resources, and controllers. Operators help manage custom applications and Prometheus is a widely used monitoring operator. Best practices for day 2 operations focus on cluster design, application patterns, and security. A rich ecosystem of tools has grown around Kubernetes.
Best Practices with Azure Kubernetes ServicesQAware GmbH
- AKS best practices discusses cluster isolation and resource management, storage, networking, network policies, securing the environment, scaling applications and clusters, and logging and monitoring for AKS clusters.
- It provides an overview of the different Kubernetes offerings in Azure (DIY, ACS Engine, and AKS), and recommends using at least 3 nodes for upgrades when using persistent volumes.
- The document discusses various AKS networking configurations like basic networking, advanced networking using Azure CNI, internal load balancers, ingress controllers, and network policies. It also covers cluster level security topics like IAM with AAD and RBAC.
Presentation in IBM Cloud Meet-up of Toronto
https://www.meetup.com/IBM-Cloud-Toronto/events/253903913/?_xtd=gatlbWFpbF9jbGlja9oAJGU3NmM3ZjdmLWE2NzgtNGVlNC1iNGZiLTBlZGE5ZWM0NDZjOQ
The document discusses Istio, an open source service mesh that provides traffic management, service migration and monitoring for microservices. It provides an overview of key Istio concepts like the control plane, data plane and components like Envoy, Pilot and Mixer. It also includes steps to install Istio on GKE and deploy a sample Bookinfo application to demonstrate traffic routing and load balancing capabilities.
Cloud Native Bern 05.2023 — Zero Trust VisibilityRaphaël PINSON
As the adoption of Kubernetes continues to grow, so does the need for securing containerized applications and their data. One effective security model that has gained popularity is Zero Trust Networking, which assumes that all resources, devices and users are untrusted, and access to resources is granted only after proper authentication and authorization. However, implementing Zero Trust Networking in Kubernetes can be challenging, given the dynamic nature of containerized workloads and the complexity of network policies.
In this presentation, we will explore how to implement Zero Trust Networking in Kubernetes using Cilium, Hubble & Grafana. We will start by setting up Cilium on a Kubernetes cluster, which provides network security by enforcing identity-based access control policies using eBPF. Next, we will export Network Policy Verdict metrics using Hubble, which allows us to visualize network policies and track security events in real-time. Finally, we will use a Grafana dashboard to visualize these metrics and demonstrate how to secure a Kubernetes namespace without affecting existing traffic in the namespace.
By the end of this presentation, attendees will have a good understanding of the importance of Zero Trust Networking in Kubernetes and how to implement it using Cilium, Hubble & Grafana. They will also learn how to secure a Kubernetes namespace and monitor network policies using a Grafana dashboard.
Service Mesh @Lara Camp Myanmar - 02 Sep,2023Hello Cloud
Sai Linnthu is a founding partner at HelloCloud.io and discusses service meshes and Istio. Istio provides a framework-agnostic approach for managing communication policies and observability across cloud-native microservices. While Istio addresses many challenges of microservices, its complexity makes it difficult to use and manage across multiple clouds without additional capabilities like centralized metrics, access logging and lifecycle management.
Google Cloud Platform is a cloud computing platform by Google that offers hosting on the same supporting infrastructure that Google uses internally for end-user products like Google Search and YouTube. Cloud Platform provides developer products to build a range of programs from simple websites to complex applications.
Google Cloud Platform is a part of a suite of enterprise solutions from Google for Work and provides a set of modular cloud-based services with a host of development tools. For example, hosting and computing, cloud storage, data storage, translations APIs and prediction APIs.
Topic Covered
Why Google Cloud Platform ?
Google Cloud Platform Services: First Insight !!!
This document provides an overview of Azure Kubernetes Service (AKS). It begins with introductions to containers and Kubernetes, then describes AKS's architecture and features. AKS allows users to quickly deploy and manage Kubernetes clusters on Azure without having to manage the master nodes. It reduces the operational complexity of running Kubernetes in production. The document outlines how to interact with AKS using the Azure portal, CLI, and ARM templates. It also lists AKS features like identity and access control, scaling, storage integration, and monitoring.
Kubernetes for Beginners: An Introductory GuideBytemark
Kubernetes is an open-source tool for managing containerized workloads and services. It allows for deploying, maintaining, and scaling applications across clusters of servers. Kubernetes operates at the container level to automate tasks like deployment, availability, and load balancing. It uses a master-slave architecture with a master node controlling multiple worker nodes that host application pods, which are groups of containers that share resources. Kubernetes provides benefits like self-healing, high availability, simplified maintenance, and automatic scaling of containerized applications.
Cloud computing provides on-demand access to shared computing resources like networks, servers, storage, applications and services available over the internet. It offers advantages like cost effectiveness, dynamic scaling, on-demand self-service and measured service. There are three main service models - Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). The document then discusses Google Cloud Platform's IaaS offering called Google Compute Engine and its PaaS offering called Google App Engine.
This document provides an overview of service mesh and Istio on Kubernetes. It discusses microservices and the need for visibility, monitoring, and traffic management which a service mesh can provide. It then describes Kubernetes, Istio architecture including Pilot, Envoy proxy, and Mixer components. It covers how Istio provides mutual TLS, ingress/egress traffic routing, request routing to service versions, observability with metrics and tracing, and application resilience through features like timeouts and retries. The document concludes with instructions for deploying Kubernetes and getting started with Istio.
Istio is a service mesh—a modernized service networking layer that provides a transparent and language-independent way to flexibly and easily automate application network functions. Istio is designed to run in a variety of environments: on-premise, cloud-hosted, in Kubernetes containers.
Google Kubernetes Engine (GKE) deep diveAkash Agrawal
This document provides an overview of Google Kubernetes Engine (GKE) including its architecture and request flow. It discusses GKE features like node pools, cluster scoping, auto repair, and integration with other Google Cloud services. The presenter then covers getting started with GKE, best practices for production usage, and the broader GKE ecosystem which includes GKE, GKE On-Prem, Anthos, and Cloud Run.
Cloud computing provides dynamically scalable resources as a service over the Internet. It addresses problems with traditional infrastructure like hard-to-scale systems that are costly and complex to manage. Cloud platforms like Google Cloud Platform provide computing services like Compute Engine VMs and App Engine PaaS, as well as storage, networking, databases and other services to build scalable applications without managing physical hardware. These services automatically scale as needed, reducing infrastructure costs and management complexity.
Helm is a package manager for Kubernetes that allows for easy installation, upgrade, and management of Kubernetes applications. It provides repeatability, reliability, and simplifies deploying applications across multiple Kubernetes environments. Helm originated from an internal hackathon at Deis and was jointly developed by Google and Deis. It is now maintained by the Cloud Native Computing Foundation. Helm consists of a client that interacts with the Tiller server running inside the Kubernetes cluster to manage application lifecycles using charts, which are packages containing Kubernetes resource definitions.
Microsoft Azure is an ever-expanding set of cloud services to help your organization meet your business challenges. It’s the freedom to build, manage, and deploy applications on a massive, global network using your favorite tools and frameworks.
Productive
Reduce time to market, by delivering features faster with over 100 end-to-end services.
Hybrid
Develop and deploy where you want, with the only consistent hybrid cloud on the market. Extend Azure on-premises with Azure Stack.
Intelligent
Create intelligent apps using powerful data and artificial intelligence services.
Trusted
Join startups, governments, and 90 percent of Fortune 500 businesses who run on the Microsoft Cloud today.
This document discusses Google Cloud Platform and how Google powers its own services. It notes that Google is the fourth largest server manufacturer and would be the second largest internet service provider by traffic. It describes how Google builds customized hardware from cheap commodity parts and manages vast numbers of homogeneous servers at scale with software resilience and horizontal layers rather than hardware resilience and vertical stacks. The document also provides an overview of how Google's global data centers, communications network, data storage and distribution, services and APIs, and compute platforms can be utilized to build and scale applications. It includes several customer stories about how companies have used Google Cloud Platform for applications experiencing peak traffic, global data storage, crowd-sourcing weather data, and syncing notes across devices.
A Comprehensive Introduction to Kubernetes. This slide deck serves as the lecture portion of a full-day Workshop covering the architecture, concepts and components of Kubernetes. For the interactive portion, please see the tutorials here:
https://github.com/mrbobbytables/k8s-intro-tutorials
Presentation for Introduction to Google Cloud Platform. This PPT provides basic understanding for services provided by Google Cloud Platform like Compute, Storage, VPC, IAM.
This document discusses OpenShift Container Platform, a platform as a service (PaaS) that provides a full development and deployment platform for applications. It allows developers to easily manage application dependencies and development environments across basic infrastructure, public clouds, and production servers. OpenShift provides container orchestration using Kubernetes along with developer tools and a user experience to support DevOps practices like continuous integration/delivery.
DevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptxTurja Narayan Chaudhuri
- DevSecOps integrates security as a shared responsibility throughout the IT lifecycle by automating security gates to keep the DevOps workflow from slowing down. Architecture matters as it represents significant design decisions that shape a system's structure and behavior. Non-functional requirements like security, reliability and deployability are important for architecture. DevSecOps principles extend architectural best practices by enforcing the same non-functional requirements across the development lifecycle. We need to ensure DevSecOps practices are based on architectural foundations to fulfill business needs now and in the future.
The document provides an overview of Red Hat OpenShift Container Platform, including:
- OpenShift provides a fully automated Kubernetes container platform for any infrastructure.
- It offers integrated services like monitoring, logging, routing, and a container registry out of the box.
- The architecture runs everything in pods on worker nodes, with masters managing the control plane using Kubernetes APIs and OpenShift services.
- Key concepts include pods, services, routes, projects, configs and secrets that enable application deployment and management.
Easy, Secure, and Fast: Using NATS.io for Streams and ServicesNATS
Colin Sullivan presented on using NATS for streaming and services. NATS is an open source cloud native messaging system that can be used for distributed communication patterns like publish/subscribe and request/reply. It provides high performance, simplicity, security and availability. Key features include streams for fan out data flows and load balanced services. NATS supports topologies from standalone servers to global clusters and uses subjects, accounts and permissions for security and multi-tenancy. JetStream adds capabilities like at-least-once delivery and data persistence.
This document provides an overview of Kubernetes including:
1) Kubernetes is an open-source platform for automating deployment, scaling, and operations of containerized applications. It provides container-centric infrastructure and allows for quickly deploying and scaling applications.
2) The main components of Kubernetes include Pods (groups of containers), Services (abstract access to pods), ReplicationControllers (maintain pod replicas), and a master node running key components like etcd, API server, scheduler, and controller manager.
3) The document demonstrates getting started with Kubernetes by enabling the master on one node and a worker on another node, then deploying and exposing a sample nginx application across the cluster.
Presenting the newest version of Cloudify - 4.6 including a orchestrated SD-WAN demo from MEF18 where Cloudify is used as the orchestration platform for uCPE based on containers.
JAX London 2019 "Cloud Native Communication: Using an API Gateway and Service...Daniel Bryant
The way in which communication is handled within a cloud native application has changed over the past few years. Kubernetes has become the de facto platform infrastructure, and inter-service communication is now handled via a service mesh. This session will explore how to integrate the open source Ambassador Kubernetes API gateway and the Consul Connect service mesh into your Java apps.
Learn about Kubernetes ingress and inter-service communication
Understand the tradeoffs of using different technologies to implement cloud native communication
Explore how these technologies integrate well – or not – with new and existing Java applications
Hear about lessons learned in production, at 3 a.m., with lots of coffee
Google Cloud Platform is a cloud computing platform by Google that offers hosting on the same supporting infrastructure that Google uses internally for end-user products like Google Search and YouTube. Cloud Platform provides developer products to build a range of programs from simple websites to complex applications.
Google Cloud Platform is a part of a suite of enterprise solutions from Google for Work and provides a set of modular cloud-based services with a host of development tools. For example, hosting and computing, cloud storage, data storage, translations APIs and prediction APIs.
Topic Covered
Why Google Cloud Platform ?
Google Cloud Platform Services: First Insight !!!
This document provides an overview of Azure Kubernetes Service (AKS). It begins with introductions to containers and Kubernetes, then describes AKS's architecture and features. AKS allows users to quickly deploy and manage Kubernetes clusters on Azure without having to manage the master nodes. It reduces the operational complexity of running Kubernetes in production. The document outlines how to interact with AKS using the Azure portal, CLI, and ARM templates. It also lists AKS features like identity and access control, scaling, storage integration, and monitoring.
Kubernetes for Beginners: An Introductory GuideBytemark
Kubernetes is an open-source tool for managing containerized workloads and services. It allows for deploying, maintaining, and scaling applications across clusters of servers. Kubernetes operates at the container level to automate tasks like deployment, availability, and load balancing. It uses a master-slave architecture with a master node controlling multiple worker nodes that host application pods, which are groups of containers that share resources. Kubernetes provides benefits like self-healing, high availability, simplified maintenance, and automatic scaling of containerized applications.
Cloud computing provides on-demand access to shared computing resources like networks, servers, storage, applications and services available over the internet. It offers advantages like cost effectiveness, dynamic scaling, on-demand self-service and measured service. There are three main service models - Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). The document then discusses Google Cloud Platform's IaaS offering called Google Compute Engine and its PaaS offering called Google App Engine.
This document provides an overview of service mesh and Istio on Kubernetes. It discusses microservices and the need for visibility, monitoring, and traffic management which a service mesh can provide. It then describes Kubernetes, Istio architecture including Pilot, Envoy proxy, and Mixer components. It covers how Istio provides mutual TLS, ingress/egress traffic routing, request routing to service versions, observability with metrics and tracing, and application resilience through features like timeouts and retries. The document concludes with instructions for deploying Kubernetes and getting started with Istio.
Istio is a service mesh—a modernized service networking layer that provides a transparent and language-independent way to flexibly and easily automate application network functions. Istio is designed to run in a variety of environments: on-premise, cloud-hosted, in Kubernetes containers.
Google Kubernetes Engine (GKE) deep diveAkash Agrawal
This document provides an overview of Google Kubernetes Engine (GKE) including its architecture and request flow. It discusses GKE features like node pools, cluster scoping, auto repair, and integration with other Google Cloud services. The presenter then covers getting started with GKE, best practices for production usage, and the broader GKE ecosystem which includes GKE, GKE On-Prem, Anthos, and Cloud Run.
Cloud computing provides dynamically scalable resources as a service over the Internet. It addresses problems with traditional infrastructure like hard-to-scale systems that are costly and complex to manage. Cloud platforms like Google Cloud Platform provide computing services like Compute Engine VMs and App Engine PaaS, as well as storage, networking, databases and other services to build scalable applications without managing physical hardware. These services automatically scale as needed, reducing infrastructure costs and management complexity.
Helm is a package manager for Kubernetes that allows for easy installation, upgrade, and management of Kubernetes applications. It provides repeatability, reliability, and simplifies deploying applications across multiple Kubernetes environments. Helm originated from an internal hackathon at Deis and was jointly developed by Google and Deis. It is now maintained by the Cloud Native Computing Foundation. Helm consists of a client that interacts with the Tiller server running inside the Kubernetes cluster to manage application lifecycles using charts, which are packages containing Kubernetes resource definitions.
Microsoft Azure is an ever-expanding set of cloud services to help your organization meet your business challenges. It’s the freedom to build, manage, and deploy applications on a massive, global network using your favorite tools and frameworks.
Productive
Reduce time to market, by delivering features faster with over 100 end-to-end services.
Hybrid
Develop and deploy where you want, with the only consistent hybrid cloud on the market. Extend Azure on-premises with Azure Stack.
Intelligent
Create intelligent apps using powerful data and artificial intelligence services.
Trusted
Join startups, governments, and 90 percent of Fortune 500 businesses who run on the Microsoft Cloud today.
This document discusses Google Cloud Platform and how Google powers its own services. It notes that Google is the fourth largest server manufacturer and would be the second largest internet service provider by traffic. It describes how Google builds customized hardware from cheap commodity parts and manages vast numbers of homogeneous servers at scale with software resilience and horizontal layers rather than hardware resilience and vertical stacks. The document also provides an overview of how Google's global data centers, communications network, data storage and distribution, services and APIs, and compute platforms can be utilized to build and scale applications. It includes several customer stories about how companies have used Google Cloud Platform for applications experiencing peak traffic, global data storage, crowd-sourcing weather data, and syncing notes across devices.
A Comprehensive Introduction to Kubernetes. This slide deck serves as the lecture portion of a full-day Workshop covering the architecture, concepts and components of Kubernetes. For the interactive portion, please see the tutorials here:
https://github.com/mrbobbytables/k8s-intro-tutorials
Presentation for Introduction to Google Cloud Platform. This PPT provides basic understanding for services provided by Google Cloud Platform like Compute, Storage, VPC, IAM.
This document discusses OpenShift Container Platform, a platform as a service (PaaS) that provides a full development and deployment platform for applications. It allows developers to easily manage application dependencies and development environments across basic infrastructure, public clouds, and production servers. OpenShift provides container orchestration using Kubernetes along with developer tools and a user experience to support DevOps practices like continuous integration/delivery.
DevSecOps in the Cloud from the Lens of a Well-Architected Framework.pptxTurja Narayan Chaudhuri
- DevSecOps integrates security as a shared responsibility throughout the IT lifecycle by automating security gates to keep the DevOps workflow from slowing down. Architecture matters as it represents significant design decisions that shape a system's structure and behavior. Non-functional requirements like security, reliability and deployability are important for architecture. DevSecOps principles extend architectural best practices by enforcing the same non-functional requirements across the development lifecycle. We need to ensure DevSecOps practices are based on architectural foundations to fulfill business needs now and in the future.
The document provides an overview of Red Hat OpenShift Container Platform, including:
- OpenShift provides a fully automated Kubernetes container platform for any infrastructure.
- It offers integrated services like monitoring, logging, routing, and a container registry out of the box.
- The architecture runs everything in pods on worker nodes, with masters managing the control plane using Kubernetes APIs and OpenShift services.
- Key concepts include pods, services, routes, projects, configs and secrets that enable application deployment and management.
Easy, Secure, and Fast: Using NATS.io for Streams and ServicesNATS
Colin Sullivan presented on using NATS for streaming and services. NATS is an open source cloud native messaging system that can be used for distributed communication patterns like publish/subscribe and request/reply. It provides high performance, simplicity, security and availability. Key features include streams for fan out data flows and load balanced services. NATS supports topologies from standalone servers to global clusters and uses subjects, accounts and permissions for security and multi-tenancy. JetStream adds capabilities like at-least-once delivery and data persistence.
This document provides an overview of Kubernetes including:
1) Kubernetes is an open-source platform for automating deployment, scaling, and operations of containerized applications. It provides container-centric infrastructure and allows for quickly deploying and scaling applications.
2) The main components of Kubernetes include Pods (groups of containers), Services (abstract access to pods), ReplicationControllers (maintain pod replicas), and a master node running key components like etcd, API server, scheduler, and controller manager.
3) The document demonstrates getting started with Kubernetes by enabling the master on one node and a worker on another node, then deploying and exposing a sample nginx application across the cluster.
Presenting the newest version of Cloudify - 4.6 including a orchestrated SD-WAN demo from MEF18 where Cloudify is used as the orchestration platform for uCPE based on containers.
JAX London 2019 "Cloud Native Communication: Using an API Gateway and Service...Daniel Bryant
The way in which communication is handled within a cloud native application has changed over the past few years. Kubernetes has become the de facto platform infrastructure, and inter-service communication is now handled via a service mesh. This session will explore how to integrate the open source Ambassador Kubernetes API gateway and the Consul Connect service mesh into your Java apps.
Learn about Kubernetes ingress and inter-service communication
Understand the tradeoffs of using different technologies to implement cloud native communication
Explore how these technologies integrate well – or not – with new and existing Java applications
Hear about lessons learned in production, at 3 a.m., with lots of coffee
This document discusses microservices and Azure Service Fabric. It provides an overview of architectural evolutions from monolithic to service-oriented to microservices. Azure Service Fabric is presented as a platform for developing microservices that provides high availability, scalability and reliability. Key concepts are defined including nodes, clusters, stateful and stateless services. The presentation concludes with a demonstration of creating an Azure Service Fabric cluster and deploying an application.
Service-Level Objective for Serverless Applicationsalekn
Deploying commercial applications that meet their expected business needs is challenging due to the differences between how business goals are specified and how the system is evaluated. Furthermore, business goals are dynamic, requiring deployment to change constantly over time. Such difficulties make it costly to maintain application quality as the underlying infrastructure is not always fast enough to keep up with business changes. Nowadays, serverless opens a new approach to build application. By abstracting out the deployment details, serverless application can be implemented with minimum deployment efforts. Serverless also reduces maintenance cost with auto-scaling and pay-as-you-go. Such abilities make us believe that by adopting serverless, we can build application that can meet and quickly adapt to business goals.
However, simply writing applications with serverless is not sufficient. Due to best-effort invocation mechanisms and the lack of application structure awareness, serverless performance is highly variable and often fails to support applications with rigorous quality of service requirements. In this study, we aim to mitigate such limitations by coupling serverless deployment with business needs. In particular, we define an Serverless Service-Level Objective (SLO) interface that allows developers to describe their application structure and business goals in terms of software-level objectives. We implement an SLO enforcer, which uses this information in combination with the system performance metrics to decide a proper serverless deployment and resource allocation for meeting business goals. The Serverless SLO leverages blueprint model, which allow developers to describe applications' architecture and runtime characteristics needs, to map application description to serverless function deployment on the top of Knative. We deploy our proposed system on KinD, a tool to run Kubernetes cluster over our local Docker container, and evaluate it with different system configurations. Evaluation results showed that SLO definition and enforcement helps serverless application use resources in accordance with business goals.
Reference architectures shows a microservices deployed to KubernetesRakesh Gujjarlapudi
The document discusses microservices architecture on Kubernetes. It describes microservices as minimal, independently deployable services that interact to provide broader functionality. It contrasts this with monolithic applications. It then covers key aspects of microservices like ownership, tradeoffs compared to traditional applications, common adoption cases, and differences from SOA. It provides a reference architecture diagram for microservices on Kubernetes including components like ingress, services, CI/CD pipelines, container registry, and data stores. It also discusses design considerations for Kubernetes microservices including using Kubernetes services for service discovery and load balancing, and using an API gateway for routing between clients and services.
Thomas Seibert and Gregor Zurowski demonstrate how Mercedes-Benz.io has achieved to go from idea to production in no time. Through the evolution of an effective and developer oriented application generation framework, utilization of a highly automated tool chain, organizational improvements and the infrastructure provided by PCF they will describe how their delivery performance has increased on many dimensions and how their ecosystem allows for scaling to a multitude of teams.
Adopting PCF At An Automobile ManufacturerVMware Tanzu
This document discusses the adoption of Pivotal Cloud Foundry at an automobile manufacturer. It describes the initial state with a Java portal and broken customer journey. The vision was to create the best customer experience. The target state used Pivotal Cloud Foundry, microservices architecture, and cloud infrastructure. Key decisions included using the cloud foundry PaaS, adopting a microservices style, and enabling development teams. Challenges included integrating cloud foundry and implementing shared services and versioning. Lessons learned included the need for automation and that cloud foundry is not a panacea and requires integration work.
Elastically Scaling Kafka Using Confluentconfluent
This document discusses how Confluent Platform provides elastic scaling for Apache Kafka. It offers fully managed cloud services through Confluent Cloud or self-managed software. Confluent Cloud allows users to easily scale Kafka workloads from 0 MBps to GBps without complex provisioning. It also offers pay-for-use pricing where customers only pay for the data streamed, with the ability to scale to zero. For self-managed deployments, Confluent Platform enables dynamic scaling of Kafka clusters on Kubernetes through features like tiered storage and self-balancing clusters that can rebalance partitions in seconds versus hours for other Kafka services.
Enterprise Service Delivery from the AWS Cloud (ARC208) | AWS re:Invent 2013Amazon Web Services
(Presented by Citrix)
As we move to a world where all users are mobile and apps are increasingly delivered from the cloud, security, compliance, and user experience service-level expectations are higher than ever, necessitating that IT look beyond traditional methods for delivering applications. However, there are intelligent cloud networking and provisioning solutions on AWS that can be leveraged to create a service delivery model that addresses the new paradigm. Learn how Citrix NetScaler VPX on AWS provides full application visibility and control through a combination of customer case studies and demos.
In this session, you learn how to:
-Deploy Citrix application delivery technologies (NetScaler, NetScaler Gateway, CloudBridge) into AWS
-Optimize next-gen web applications delivered from AWS, using traffic management and application acceleration capabilities
-Provide global application availability across on-premises data centers and multiple AWS regions using CloudBridge, global server load balancing, and Amazon Route 53 DNS
Apache CloudStack is open source software designed to deploy and manage large networks of virtual machines, as a highly available, highly scalable Infrastructure as a Service (IaaS) cloud computing platform.
It is used by a number of service providers to offer public cloud services, and by many companies to provide an on-premises (private) cloud offering, or as part of a hybrid cloud solution.
In this webinar, participants will learn:
Completely new way to manage Apache CloudStack with service provider, reseller and customer views.
Reliably collecting performance metrics from guests running inside Cloud stack
How to render Cloud Stack Tenant UI with ActOnCloud User Interface
Generate Detailed Billing Usage Reports for different cloudstack accounts
How to manage multiple cloudstack instances
How to perform capacity planning for Zones inside Cloud stack
How to autoscale VMs in VPC without depending on Hardware based loadbalancers
How to group VMs and apply policies and rules to govern and optimize them
Managing hybrid cloud.
Also if you are tired of seeing the old UI? You can find here the next generation mobile responsive interface to manage your cloud stack.
This document discusses designing microservices architectures. It begins by defining microservices as small, autonomous services that work together. The benefits of microservices include continuous innovation, independent deployments, and fault isolation. Challenges include complexity, testing, and service discovery. Key principles in designing microservices are modeling them around business domains, making each independently deployable, and decentralizing all components. Additional topics covered include service boundaries, communication patterns, data management, and monitoring microservices applications. The document provides examples and recommendations for implementing microservices on Azure.
Open Source Networking Days- Service MeshCloudOps2005
At the Linux Foundation's 2018 Open Source Networking Days, Syed Ahmed compared service mesh options (Istio, Linkerd, and Consul Connect) and spoke about how they diverge from many complications traditionally found in monolithic applications.
Sumo Logic Cert Jam - Advanced Metrics with KubernetesSumo Logic
This document outlines an agenda for a course to become certified as a Sumo Kubernetes Analyst. The course will provide an introduction to Kubernetes and Sumo Logic's monitoring capabilities, including four different views into Kubernetes systems. Attendees will participate in hands-on labs and have the opportunity to get certified through an online exam.
This document provides an overview of enterprise cloud transformation best practices. It discusses key aspects of cloud maturity models, alignment of IT and business strategy, agile cloud development practices, and software defined networking (SDN). Specific topics covered include virtualization maturity, cloud brokerage, application lifecycles, and network functions virtualization. Examples from AT&T and Virtela are given to illustrate real-world SDN implementations.
Pivotal Container Service (PKS) provides an enterprise-grade Kubernetes platform that can be deployed on any cloud infrastructure using the open source BOSH tool. PKS handles operations tasks like provisioning and upgrading Kubernetes clusters, integrates with VMware technologies for networking and security, and provides a centralized control plane for managing multiple clusters and tenants. It aims to deliver the benefits of Kubernetes to enterprises by adding capabilities for high availability, multi-tenancy, security and automation.
Microsoft Azure is the best cloud for your applications. Azure full-stack cloud covers frontend, backend, data, intelligence, and DevOps. In this session, Dileepa will show us how with Azure, you can modernise applications faster using your preferred technology stack or build applications born in the cloud, and deploy them faster and seamlessly with Azure PaaS and FaaS to take maximum advantage of the benefits and characteristics of the Azure platform.
Watch the recorded live session here - https://www.youtube.com/watch?v=MhXVyYEdXiw
The Microservices approach is a new way of building composable, cloud-native applications. This session is designed for developers who are transforming existing applications to Microservices, or creating new Microservices style applications. The session will cover best practices, patterns including Service Registration and Discovery, and key development tools required for building distributed Microservices style applications. The session will also cover best practices for automating the operations of these applications, using container orchestration services.
This document discusses Microsoft's use of software defined networking (SDN) in Windows Azure. Some key points:
- Microsoft uses SDN to provide infrastructure services like virtual networks (VNETs), load balancing, and tenant access control lists at scale in Windows Azure.
- The SDN approach separates the management, control, and data planes. A centralized controller programs network policies into virtual switches to enable services like VNETs and load balancing across hundreds of thousands of servers.
- This allows Windows Azure to securely connect enterprise infrastructure to the cloud and provide scalable networking services to tenants without relying on dedicated hardware appliances. SDN enables agility at massive scale in Windows Azure.
Similar to Anton Grishko "Multi-cloud with Google Anthos, Kubernetes and Istio. How to stop worry about infrastructure and stop losing money." (20)
"What I learned through reverse engineering", Yuri ArtiukhFwdays
In recent years, I have gained most of my knowledge through reverse engineering, how I did it and what I learned during this period, I decided to share. All this concerns graphic programming, performance, best practices in the frontend.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
"Micro frontends: Unbelievably true life story", Dmytro PavlovFwdays
A real life story about the experience of using Micro frontends in an existing Enterprise product. Problems and their solutions on the way from the integration of a separate component to an extensible No-code platform.
"Objects validation and comparison using runtime types (io-ts)", Oleksandr SuhakFwdays
A common task in modern JS is parsing, validating and then comparing JSON objects. In this talk I will quickly go through most common ways to parse/validate and compare objects we use today and then focus more on how runtime types (based on io-ts) can help make such tasks easier and quicker to implement.
"JavaScript. Standard evolution, when nobody cares", Roman SavitskyiFwdays
Should we take a look at JavaScript when everyone is writing in TypeScript? What happens to the standard? What did we get last year? What new features can we expect this and next year? And most importantly, when will Observer be standardized?
Let's try to answer all these questions and even a little more, dream about the future, and enjoy that Observer is alive (or not).
"How Preply reduced ML model development time from 1 month to 1 day",Yevhen Y...Fwdays
Case study of how small team in Preply started with inheriting an existing ranking model to being able to produce a model per day. In this talk we'll cover steps to take if you find yourself in a similar situation: what kind of technology and processes can you introduce in order to achieve a great speedup in a development speed.
"GenAI Apps: Our Journey from Ideas to Production Excellence",Danil TopchiiFwdays
In my talk, I will tell about the world of GenAI services beyond GPT-wrappers and how we developed and scaled GenAI-centric applications. I'll share personal experiences about the obstacles, lessons, and strategic tools and methodologies that were key in taking GenAI applications from 0 to 1. I'll talk about the challenges we faced when launching LLM-based and image generative applications and delivering them to end users, and what conclusions and solutions were made.
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
Python engineers are introduced to the transformative potential of Large Language Models (LLMs) in the realm of advanced data analysis and the application of Semantic Kernel techniques. We will talk about how LLMs like ChatGPT can be integrated into Python environments to automate data processing, enhance predictive modeling, and unlock deeper insights from complex datasets. The session will delve into practical strategies for embedding Semantic Kernel methods within Python projects, illustrating how these advanced techniques can refine the accuracy of machine learning models by embedding domain-specific knowledge directly into the analysis process. Attendees will leave with a clear roadmap for leveraging the combined power of LLMs and Semantic Kernels, equipped with actionable knowledge to drive innovation in their data analysis projects and beyond, marking a significant leap forward in the evolution of Python engineering practices.
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
Federated learning. Algorithmic solution to the problem of privacy preserving ML. Pieces involved to support the training with NVIDIA Flare as example. How newest legislation affects federated learning.
"What is a RAG system and how to build it",Dmytro SpodaretsFwdays
Today, large language models are becoming an integral part of almost every IT solution. However, their use is often accompanied by certain limitations, such as the relevance of information or its depth and specificity. One of the ways to overcome these limitations is the method of working with LLMs - RAG (Retrieval Augmented Generation).
In an ideal world, you would write Python code and then it would work perfectly. But unfortunately, it doesn't work in this manner. In my talk, I'll cover how to efficiently debug your programs, especially in cloud environments or inside Kubernetes.
MLOps (Machine Learning Operations) is a recent buzzword, that trends a lot. Let's figure out together how maintaining applications with machine learning components is significantly different from maintaining applications without them.
We will look into MLOps best practices and typical problems and their implementations/solutions in real world production.
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
Ever seen a code base where understanding a simple method meant jumping through tangled class hierarchies? We all have! And while "Favor composition over inheritance!" is almost as old as object-oriented programming, strictly avoiding all types of subclassing leads to verbose, un-Pythonic code. So, what to do?
The discussion on composition vs. inheritance is so frustrating because far-reaching design decisions like this can only be made with the ecosystem in mind – and because there's more than one type of subclassing!
Let's take a dogma-free stroll through the types of subclassing through a Pythonic lens and untangle some patterns and trade-offs together. By the end, you'll be more confident in deciding when subclassing will make your code more Pythonic and when composition will improve its clarity.
"Distributed graphs and microservices in Prom.ua", Maksym KindritskyiFwdays
The current architecture of Prom.ua is built on microservices and GraphQL API, but it was not always like that. In this talk, I'll tell you how far we've come and how we've made using graphs in a microservice architecture convenient and simple. I will talk about the problems we faced and how we overcame them, made our development process more accessible, deployments faster, and the remains of the monolith less loaded.
"Rethinking the existing data loading and processing process as an ETL exampl...Fwdays
ETL stands for extract, transform, load. It's a process that combines data from different sources into a single repository for further processing, analysis, and utilization.
This talk provides an example of how pandas can be used to solve ETL tasks as a stage in the evolution of the data intake component. This involves preliminary validation, filtering, and conversion of data according to a set of business rules and internal representation, with intermediate combination with other sources.
"How Ukrainian IT specialist can go on vacation abroad without crossing the T...Fwdays
I’m confident that many IT professionals are currently facing the same situation I was in a few months ago. Mobilization, uncertainty. How can I be maximally beneficial to the country with my experience and continue professional development in such circumstances? Since the onset of the full-scale invasion, I've been actively volunteering and assisting the army. Mobilization became the next logical step.
I want to share:
My journey in IT, volunteering, and the beginning of my service in the Armed Forces
Impressions from the first few months
Which Soft Skills are helpful in this context
I aim to dispel myths about the mobilization process and projects of the Armed Forces. Address your questions
And yes, military personnel can travel abroad during their leave.
"The Strength of Being Vulnerable: the experience from CIA, Tesla and Uber", ...Fwdays
The leader must be strong all the time. The leader cannot afford to make mistakes, let alone fail in front of their team. Is that really true? Nick Gicinto, a cybersecurity leader with over 25 years of experience, who has worked for the CIA and has built security systems from scratch at Tesla and Uber, fully hiring teams for these projects, will talk about the importance of being vulnerable to build trust within a team.
"[QUICK TALK] Radical candor: how to achieve results faster thanks to a cultu...Fwdays
Sharing open feedback can be difficult because it equals much work on yourself. However, feedback needs attention and a special place in the corporate culture. It helps to grow dynamically, build a team of like-minded people and achieve powerful results.
In the presentation, I will talk about:
The ability to work with feedback as a soft, solid skill in developing technical specialists.
A list of difficulties that prevent quality work with feedback.
The 4A Framework is a tool for successful giving and receiving feedback.
I will also help specialists learn the following:
Form constructive feedback and understand how and when to give it.
Work analytically with the received feedback.
Feel free to share your thoughts and be heard.
"[QUICK TALK] PDP Plan, the only one door to raise your salary and boost care...Fwdays
Will discuss:
Current communication challenges, including mishaps and toxic versus productive interactions.
Ever wondered about PDP? It’s likely because its relevance to career planning, even outside your current company, hasn’t been fully spotlighted.
Exploring how PDP functions within career planning, applicable even if you’re eyeing an exit.
“Who do I aspire to become?”
Summarizing key points with a reference to a practical form you can download to use.
"4 horsemen of the apocalypse of working relationships (+ antidotes to them)"...Fwdays
This talk will reveal four destructive communication patterns that can undermine team spirit, reduce productivity and cause conflict, and offer effective strategies for neutralizing them.
Let's start with exciting storytelling about a fictional team of developers working on Scrum. You will learn about situations that their team member noticed during team meetings.
Next, we will analyze "The Gottman Four Horsemen" model, which describes the four "horsemen of the apocalypse" of work relationships: criticism, defensiveness, contempt, and stonewalling. For each of these patterns, specific "antidotes" will be offered that allow you to build healthier and more productive relationships in the team.
Finally, we'll look at why this topic is critical to team productivity, drawing on Google's "Project Aristotle" research. Special attention will be paid to the concept of psychological safety, which is a key factor in the success of high-performance teams.
This talk will not only provide valuable insights and tools for improving communication and management in Tech teams, but will also help each member better understand their own contribution to the overall success of the team.
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
4. ARE WE READY FOR PRODUCTION?
Building a cost-effective and production-ready solution can be difficult.
Services with multiple component interactions and third-party dependencies
require careful planning.
And additional requirements, like specific business logic or microservice
requirements create an extra challenge.
7. K8S PROVIDES CONTAINER-CENTRIC
INFRASTRUCTURE
Once specific containers are no longer bound to specific machines/VMs,
host-centric infrastructure no longer works
▪ Scheduling: Decide where my containers should run
▪ Lifecycle and health: Keep my containers running
despite failures
▪ Scaling: Make sets of containers bigger or smaller
▪ Naming and discovery: Find where my containers
are now
▪ Load balancing: Distribute traffic across a set of
containers
▪ Storage volumes: Provide data for containers
▪ Logging and monitoring: Track what’s happening
with my containers
▪ Debugging and introspection: Enter or attach to
containers
▪ Identity and authorization: Control who can access
my containers
8. IN SIMPLE TERMS...
▪ Scheduling workload
▪ Finding the right host to fit your workload
▪ Monitoring health of the workload
▪ Scaling it up and down as needed
▪ Moving it around as needed
Kubernetes provides features similar to an OS for a host:
9. NODE COMPONENTS
▪ Kubelet (kubelet)
▪ Kube proxy (kube-proxy)
▪ Container runtime
▪ Docker (containerd)
▪ Monitoring/Logging
▪ Supervisord
▪ Fluentd
Clients use Kube Control (kubectl) CLI to interact with the cluster
KUBELET
KUBELET
NODES
KUBELET
10. MASTER COMPONENTS
▪ API server (kube-apiserver)
▪ etcd - reliable distributed key-value
store
▪ Scheduler (kube-scheduler)
▪ Controllers
▪ Kube controller (kube-controller-
manager)
▪ Replication controller
▪ Endpoints controller
▪ Service account and token controllers
▪ Cloud controller (cloud-controller-
manager)
MASTER /
CONTROL PLANE
ETCD
SCHEDULERZ
CONTROLLERS
APISERVER
▪ Add-ons
▪ Kube DNS (kube-dns)
▪ Web UI (dashboard)
▪ Container resource
▪ Monitoring
▪ Cluster-level logging
11. WHAT IS GOOGLE KUBERNETES
ENGINE?
Kubernetes Cluster managed by GCP
gcloud CLI (part of the Google Cloud SDK) can provision a
functional Kubernetes cluster in minutes
Tracks OSS Kubernetes typically < 1 week after every minor
release
Fully managed Kubernetes control plane backed by SLA
and without necessity to operate and maintain masters
Automated operations tasks built-in, like node
upgrades/node repair
node-pool-n
NODE NODENODENODE
AUTOMATED OPERATIONS
GOOGLE MANAGED
KUBERNETES MASTER
GOOGLE KUBERNETES ENGINE
12. GKE ARCHITECTURE: CLUSTER NODES
Managed by node pools, a group of nodes with
like configuration:
Can configure one or multiple node pools per
cluster
Can use node pools for regular VMs or
preemptible VMs
Can configure multi-zone node pools, even
with a single zone master
Is controlled by Managed Instance Groups, a
construct in Google Compute Engine
GOOGLE KUBERNETES ENGINE, MULTI-ZONE CLUSTER
Kubernetes Master
us-central1-a
node-pool-ndefault-pool dead-pool
NODE, US-
CENTRAL1-A
NODE, US-
CENTRAL1-B
NODE, US-
CENTRAL1-A
NODE, US-
CENTRAL1-B
NODE, US-
CENTRAL1-A
NODE, US-
CENTRAL1-B
13. GKE ARCHITECTURE: MASTER NODE
Kubernetes Master backed by 99.5% SLO for
single zone or 99.99% with regional cluster
Single VM running all control plane components
in a Google-managed project
Upgrades are automatic, can choose to opt-in
to upgrade earlier
Master scaled automatically to accommodate
cluster size
GOOGLE KUBERNETES ENGINE
KUBERNETES MASTER
US-CENTRAL1-A
Node-pool-n, us-central1-a
NODE NODENODENODE
14. GKE ARCHITECTURE
What ships with a Kubernetes Engine Cluster?
▪ Master Node (API Server, etcd Scheduler, Controller-
Managers)
▪ Nodes running container-optimized OS or Ubuntu
▪ Kube-dns deployment
▪ Kube-dns autoscaler deployment
▪ Event-exporter deployment logging to Stackdriver Logging
▪ fluentd daemon set logging to Stackdriver Logging
▪ Heapster deployment writing to Stackdriver Monitoring
GOOGLE KUBERNETES ENGINE
node-pool-n
NODE NODENODENODE
AUTOMATED OPERATIONS
GOOGLE MANAGED
KUBERNETES MASTER
15. ARE WE READY FOR PRODUCTION?
Managed services are not always bad. There is a border between vendor
locking and the "maintenance and support headache."
Think about GKE cluster features: Ease of Management / Reliability /
Performance / Security / User Experience
18. MICROSERVICES CREATE API
MANAGEMENT CHALLENGES
▪ Maintaining resilience, discovery, and
routing logic in code for independent
services written in different languages
becomes incredibly complex and
expensive to operate
▪ The role of a service mesh is to overlay
your services with a management
framework
19. SERVICE MESH FEATURES
A service mesh differs from an edge/API
service.
A service mesh is an infrastructure
built for service-to-service
communication and resiliency with zero
business logic.
▪ Routing/traffic shaping
▪ Advanced load balancing
▪ Service discovery
▪ Circuit breaking
▪ Timeouts/retries
▪ Rate limiting
▪ Metrics/logging/tracing
▪ Fault injection
20. SERVICE MESH CONCEPTUAL
OVERVIEW
A service mesh architecture is
comprised of two parts:
▪ Control plane — configures the service
proxies and manages the mesh
▪ Data plane — acts as a service proxy
and communicates service behavior
back to the control plane
Service
container
Service proxy
container
Service
container
Service proxy
container
KUBERNETES CLUSTER
Pod Pod
Pods/Containers
CONTROL PLANE
Data plane
21. ISTIO: CONNECT, MANAGE, & SECURE
MICROSERVICES
▪ Istio is an open-source service mesh
from Google and IBM that provides
service discovery, security,
instrumentation, intelligent client-side
load balancing, circuit breakers, and
dynamic routing with a pluggable
architecture for telemetry and policy.
▪ Istio uses the Envoy proxy to
transparently add in the service mesh
functionality.
▪ Istio provides uniform observability,
mTLS-based security, and traffic
management.
▪ Istio can be used with both Kubernetes-
based workloads as well as workloads
deployed on VMs.
22. KEY OPERATIONS TOPICS
A. Securing using RBAC
Istio role-based access control (RBAC) provides access control for services in Istio Mesh
B. Mutual TLS authentication
Istio's mutual TLS authentication architecture provides a strong service identity and secure
communication channels between services
C. Monitoring Istio
Monitoring tools (e.g., Prometheus, Stackdriver) provide monitoring for both Istio control plane
components and transparent proxies
D. A/B testing
Istio provides with a variety of traffic management and dynamic request routing for A/B testing,
gradual rollouts, and canary releases, it also handles failure recovery using timeouts, retries,
circuit breakers, and fault injection
23. A. ISTIO ROLE-BASED ACCESS CONTROL
Istio role-based access control (RBAC)
provides namespace-level, service-level,
and method-level access control for
services in Istio Mesh. It features:
▪ Role-based semantics, which is simple
and easy to use
▪ Service-to-service and end user-to-
service authorization
▪ Flexibility through custom properties
support in roles and role-bindings
Istio
RBAC
policy
Request
Context
Allow / Deny
Istio
RBAC
policy
Istio RBAC
Engine
Istio Config
Store
24. B. ISTIO MUTUAL TLS AUTHENTICATION
Istio Authentication’s aim is to enhance the security
of microservices and their communication without
requiring service code changes. It is responsible for:
▪ Providing each service with a strong identity that
represents its role, enabling interoperability
across clusters and clouds
▪ Securing service-to-service communication and
end user-to-service communication
▪ Providing a key management system to
automate key and certificate generation,
distribution, rotation, and revocation
Service
Frontend
Envoy
Service
Backend
Envoy
K8s
VM/Bare-metal
machine
CA
Volume
mount
Node Agent
CSR
SAN: “spiffe://myorg.com/frontend-team” SAN: “spiffe://myorg.com/backend-team”
25. C. ISTIO MONITORING
▪ Mixer — responsible for telemetry
reporting
▪ Prometheus — querying Istio
metrics provided by Mixer
▪ Grafana — visualizing metrics in a
graphical dashboard
▪ Zipkin — to collect traces and then
send to Stackdriver
Service Proxy
Container
Demo
Service
Container
Service
Container
Demo
Service
Container
KUBERNETES ENGINE
Pod Pod
Prometheus/Grafana
Data plane
istio-mixer
Istio Control Plane
TELEMETRY REPORTS
METRICS
Zipkin Stackdriver
TRACES
26. D. ISTIO A/B TESTING
A/B testing deployments route a subset of users to a
new functionality under specific conditions. It is usually
used for business analysis, to make decisions about
product changes. Possible list of conditions to distribute
traffic amongst the app versions include:
▪ Weight
▪ Cookies
▪ Query parameters
▪ Geolocation
▪ User-agent (browser version), operating system,
screen size, user device, etc.
▪ User language
Envoy
Demo
Service V1
Container
Envoy
Demo
Service V2
Container
Pod Pod
Pod
Envoy
GOOGLE KUBERNETES ENGINE
All user-agents
(except Safari)
Safari
user-agents
Traffic routing rules
USERS
27. ARE WE READY FOR THE FUTURE?
Can we design and build hybrid and multi-cloud architecture with managed
services?
Is it possible to launch GKE and Istio for on-premises environment or
integrate with Kubernetes/Istio solutions in other clouds?
28.
29. ANTHOS IS …
Hybrid cloud software, that solves
for operational cost and
complexity, and avoids the trade-
offs so you don’t compromise
between consistency and
flexibility and between agility and
reliability.
CSP Base Platform
CSP Base Platform
Anthos Base Platform
Control Plane
GKE On-Prem
Kubernetes Marketplace
Anthos Config
Management
Managed Istio
GKE Hub &
GKE Connect
Additional Services
Binary Authorization Basic API Management for CSM
GCP Logging BackendMulti-cluster Ingress
Infrastructure
Core
Infrastructure
(Purchased Separately)
Anthos
Base Platform
Agile
Development
Machine
Learning
SaaS /
Commerce
Anthos
Solution Bundles
31. ANTHOS CONFIG MANAGEMENT
▪ Centrally define entire CSP configuration in code
across Istio and Kubernetes
▪ Integrates with on-prem code repositories for
auditability and easy workflow
▪ Flexible configurations for:
▪ Separating different cluster groups (e.g.
“dev” or “prod”)
▪ Cross-cluster namespaces for
development
▪ Hierarchical, inheritable access control
rules for complex organizations
33. TYPICAL ANTHOS ENTERPRISE
SOLUTION DIAGRAM
Policy Configuration
Flow
Cross Environment
Service Traffic
Third-party App
Installation
GKE Connect Agent
Control Plane
Cloud
Interconnect
GCP Marketplace
Third-party
Integrations
Config
Management
Operator
Sync Policy
Cloud
Service
Mesh
Managed Istio
GKE Hub
Centralized UI
Google
Kubernetes
Engine
Google Cloud Platform
Cloud
Service
Mesh
Managed Istio
Config
Management
Operator
Sync Policy
GKE
On-Prem
On-Prem Data Center
Policy
Repository
Store Policy
34. ANTHOS BENEFITS
▪ Single centralized place to control all environments (cloud and on-premises)
▪ Single centralized place to control traffic across all environments (cloud and on-premises)
▪ Single centralized place where configuration files are stored - control application
configuration across all environments (cloud and on-premises)
▪ Anthos Migrate allows to move and convert physical servers and VMs running on-
premises, in Compute Engine, or on other clouds directly into containers in Google
Kubernetes Engine (GKE)
Editor's Notes
Hello all,
We greatly appreciate to see all of you here today.
Thanks all for joining us.
First of all, we would like to introduce ourselves.
Hi, I'm Ruslan Kusov, DevOps Architect from SoftServe’s Critical Services-Center of Excellence group. I have more than 9 years of experience in the IT industry as a System Administrator, Network Engineer, DevOps/SRE, and DevOps Architect. I created and optimized cloud architecture for global tourism, payment services, and mobile development companies. Also I'm a Certified Google Cloud Professional Architect.
Hi, I'm Anton Grishko, DevOps architect from SoftServe’s Critical Services-Center of Excellence group. I have 12 years of experience working as a System Administrator, DevOps Architect, and Head of DevOps. My main specialization is migration projects with zero downtime. I've helped to establish a DevOps culture in multiple Fortune 100 companies as well as several Silicon Valley startups.
And today we would like to share our own experience, SoftServe's best practices and show you how to do cost-effective A/B testing with Istio and Google Kubernetes Engine.
We would like to dive deeper into this and choose following topics to talk today:
1) We will start with GCP cloud and focus in detail on managed services themselves. We hope that at the end you'll clearly understand why it's so important to not ignore modern cloud services and how they can help your business and product.
2) We will do intro to Kubernetes, it's components and design principles. We will show you that Kubernetes is really powerful tool that can bring your product a lot of advantages. Kubernetes is a good choice for microservices architecture, but at the same time it is quite complicated in installation, maintenance and support. And it's great that in Google Cloud we have Container as a service solution - Google Kubernetes Engine - or GKE. We will focus on GKE basic features and highlight all it's benefits for your workload.
3) Ok, so we decided to proceed with Kubernetes and microservices architecture. But how can we improve this solution, make it more powerful, controllable, secure and easily adjust to microservices requirements. Istio can help us with this. We will help you to learn what is service mesh. We will talk about Istio, which is one of the most popular service mesh solutions. And at the end we will discuss A/B testing and demonstrate you how to do this in easiest and cost effective way with a power of Google Cloud, Google Kubernetes Engine and Istio.
4) After this we are going to introduce Anthos and share our own experience about this "young" but at the same time really progressive and forward-looking technology.
4) And at the and we would be happy to answer your questions, discuss your particular cases and help with advice for solutions.
So let's get it started.
And let's do this with the discussion about Google Cloud Platform and managed services.
Having this significant background we understand how it can be difficult to build modern, really cost effective and production ready solution. It is challenging for startups and mature enterprises likewise. Either you start from scratch, has not enough background, but realize how important is to be flexible, easily react on continuously changed requirements from your customers and survive in endless competition with business rivals. Or you want to migrate your current on-premise data center to the Google cloud, make your applications cloud-native to decrease capital expenditures, reduce time-to-market for new features and services, and release in more predictable way.
It's a struggle, because services with multiple component interactions and third-party dependencies require careful planning. Any additional demands, like specific business logic or microservice requirements create an extra challenge.
Let's have a look at these requirements:
- traffic shaping
- Routing
- Advanced load balancing (including Blue-Green deployment and A/B testing purposes)
- Service discovery
- Circuit breaking
- rate limiting
- Metrics and Monitoring
- Logging
- Tracing
Wow. It scares, isn't it?
Hm-m-m, maybe. But I don't want to frighten all of you today. So don't worry, you'll feel good and pretty familiar at the end of our meetup.
We've been asked about microservice architecture and cost effective solutions hundreds of times. For start-ups or enterprises, whatever. We still have the same answer, yes, it is possible to build it in any cases. If you are not versed about technologies, have not enough time or resources to fill knowledge gaps, or learn them and implement as a solution, you definitely should choose managed services. If you want to avoid maintenance "headache", you want to sleep better at night, don't want to be emergency awakened by support team, you have to choose managed services.
This is a trade-off, which is implemented as a shared responsibility model between you and Google Cloud.
But Ruslan, I heard a lot about flip side of managed services. Could you please explain me where is that border between vendor locking and "maintenance and support headache"?
Yes, sure Anton, no problem. And as a great example, let's look closer at our today's topic and talk about Kubernetes.
Kubernetes is Greek for "helmsman" or "captain" is a person who steers a ship. And the difference between management of self hosted Kubernetes cluster and GKE solution is like between steering frigate in middle ages and modern cruise ship nowadays respectively. I’ll show you this in details.
Anton, so what do we know about Kubernetes?
Kubernetes is open-source container management system originated and open-sourced by Google in 2014. It meets all the requirements to be a key tool to develop services in microservices architecture. Kubernetes has a large and rapidly growing community of users and contributors. It is advanced and mature orchestrator. Kubernetes services and tools are available, fully documented and well supported. It allows to create environments in seconds, using namespace isolation. It supports infrastructure as code ideas. Kubernetes runs on any cloud and bare metal.
Yes, Kubernetes provides container-centric infrastructure. We are talking about control and management on containers level, not a VM. Main Kubernetes features are:
- Scheduling: It decides where my containers should run
- Lifecycle and health: Kubernetes keeps our containers running despite failures
- Scaling: It makes sets of containers bigger or smaller, depending on incoming load for example
- Naming and discovery: Kubernetes finds where our containers are now
- Load balancing: It distributes traffic across a set of containers
- Storage volumes: Kubernetes provides data for containers
- Logging and monitoring: It tracks what’s happening with our containers
- Debugging and introspection: Kubernetes allows to enter or attach to containers
- Least but not last, Identity and authorization: It controls who can access our containers
Or in simple terms, Kubernetes provides features similar to an OS for a host:
- Scheduling workload
- Finding the right host to fit your workload
- Monitoring health of the workload
- Scaling it up and down as needed
- Moving it around as needed
I hope, that everyone has already got Kubernetes “treasure map” and had a chance to examine it in detail. Now you see how powerful Kubernetes is. How many features it has. Just look at this: Configville, Applandia, Volume Beach, GKE ClusterCity, Services Archipelago and finally Istio harbor. And all these features and services are real treasures for our projects. Let’s pretend pirates for few minutes and board this ship.
Anton, but I think that it is not a trivial task to support and maintain all of the Kubernetes components.
Exactly. Here is a structure of Kubernetes cluster. It contains 2 main components: master (control plane) and nodes (or workers). Users can interact with Kubernetes cluster via CLI, API calls, UI. But let's look deeper on master and nodes components.
And let's start with workers. Everything is pretty simple there. Here we have kubelet, kube-proxy, Docker container run-time and monitoring/logging components. Clients use Kube Control (kubectl) CLI to interact with the cluster. It's fairly simple and not a problem at all to manage Kubernetes nodes, isn’t it?
But what about deep dive to kubernetes masters components?
This list is much longer. Here we have
- API server (kube-apiserver)
- etcd - reliable distributed key-value store
- Scheduler (kube-scheduler)
- Controllers:
- Kube controller (kube-controller-manager)
- Replication controller
- Endpoints controller
- Service account and token controllers
- Cloud controller (cloud-controller-manager)
- Add-ons
Now, Anton, just imagine that you need to manage whole Kubernetes cluster. How are you going to do this? Are you ready to be responsible for HA architecture? Manage (by yourself, of course) at least 3 masters through 3 zones in Google cloud region, be responsible for etcd sync and backup? Gosh, I remember my own experience, when I started with Kubernetes. We had self managed cluster and our etcd failed because of unexpected termination of one instance and etcd restart on another one. We spent about 5 hours, woke up in the middle of the night by emergency call from support team. That was awful. And what about immutable infrastructure and consistent environments? Are you ready to create Terraform or Deployment manager configurations + Puppet manifests or Ansible playbooks to provision all that stuff? And are you ready to perform cluster updates? Especially for minor, not patch versions. I don’t think so. I believe, you have no reason for this. You respect your time and understand the border line of your responsibility.
Ok, Ruslan. I understand what you mean. You try to highlight all pros of managed services.
Exactly and as an example I would like to dive deeper in GKE – or Google Kubernetes Engine.
What is it? In simple words it is Kubernetes Cluster managed by GCP.
Formerly known as Google Container Engine, GKE is the easiest & fastest way to production Kubernetes. gcloud CLI (part of the Google Cloud SDK) can provision a functional Kubernetes cluster in minutes. It tracks OSS Kubernetes typically < 1 week after every minor release.
And here let’s get back to our comparison. Remember, I told you that Kubernetes is Greek for "helmsman". For a person who steers a ship. And the difference between management of self hosted Kubernetes cluster and GKE solution is like between steering frigate in middle ages and modern cruise ship nowadays respectively. So yes. In middle ages to be a good captain you had to know everything about sea navigation, the laws of physics. They knew exclusive technique of the wood processing. Captains created their own maps and built their ship from scratch, update and repair them after cruises. The same with self hosted Kubernetes. You need to know how it’s operate in detail. You build from scratch your own cluster, configure etcd, maintain and update it, etc.
On modern ship all what you need as a captain is to set destination port and after that control and monitor all ship systems and navigation. And here is our analogue from Kubernetes world – Google Kubernetes Engine or shortly GKE.
So GKE architecture suppose that you work with fully managed Kubernetes control plane backed by SLA without necessity to operate and maintain masters. All automated operations tasks built-in, like node upgrades/node repair. Non-overlay networking is native to GCP
And last but not least you have opinionated Kubernetes configuration.
GKE architecture of cluster nodes is managed by node pools, a group of nodes with alike configuration:
- You can configure one or multiple node pools per cluster
- You can use node pools for regular VMs or preemptible VMs (another cool GCP feature that allows you to build cost effective solutions)
- You can configure multi-zone node pools, even with a single zone master
- And finally, it Is controlled by Managed Instance Groups, a construct in Google Compute Engine
What about GKE Architecture of master nodes.
Kubernetes Master backed by 99.5% SLO, It is single VM running all control plane components in a Google-managed project, all upgrades are automatic, you can choose to opt-in to upgrade earlier, all masters are scaled automatically to accommodate cluster size, masters are currently scoped to a single zone, high-availability clusters are in Beta to replicate the master across three zones in a single region, that will increase the SLO to 99.99%.
Ok, let me draw a conclusion. What ships with a Kubernetes Engine Cluster?
- Firstly - Master Node (API Server, etcd Scheduler, Controller-Managers)
- Secondly - Nodes running container-optimized OS or Ubuntu
- Kube-dns deployment
- Kube-dns autoscaler deployment
- Event-exporter deployment logging to Stackdriver Logging
- fluentd daemon set logging to Stackdriver Logging
- Heapster deployment writing to Stackdriver Monitoring
Ok, now it looks like we have all required information about the idea of managed services. So let’s get back to our question: Are we ready to production? Managed services are not always bad. There is a border between vendor locking and the "maintenance and support headache." You still have your Kubernetes under the hood, use the same templates for deployments, services, etc. Operate with the same docker images from your own docker registry, still use your helm charts.
Think about GKE cluster features: Ease of Management / Reliability / Performance / Security / User Experience
And think that now you can go to production faster and have shorter on-boarding period for your team members.
Anton, are we good? Did Kubernetes and GKE solve all our problems and cover all the requirements to microservices?
No Ruslan, not exactly. We still have a half of this list that cannot be handled by Kubernetes itself. And Istio will help us here.
Meet Istio!
Maintaining resilience, discovery, and routing logic in code for independent services written in different languages becomes incredibly complex and expensive to operate
The role of a service mesh is to overlay your services with a management framework.
A service mesh differs from an edge/API service. A service mesh is an infrastructure built for service-to-service communication and resiliency with zero business logic. Here is the list of key features of service mesh:
· Routing/traffic shaping
· Advanced load balancing
· Service discovery
· Circuit breaking
· Timeouts/retries
· Rate limiting
· Metrics/logging/tracing
· Fault injection
Oh, now I see how they aligns with microservices requirements and supplement Kubernetes.
Yep, exactly. Let’s look at service mesh conceptual architecture.
A service mesh architecture is comprised of two parts:
Control plane — configures the service proxies and manages the mesh
Data plane — acts as a service proxy and communicates service behaviour back to the control plane.
Anton, I would like to ask our audience. Do you know any service mesh solution? Please, raise your hands. Ok, thanks. Have you already tested some of them? Do use any service mesh solution on your production environments? Could you please tell us what solutions do you use?
Ok. So we would like to provide you with new knowledge and information about, probably, one of the famous and mature service mesh solution nowadays – Istio.
Istio is an open-source service mesh from Google and IBM that provides service discovery, security, instrumentation, intelligent client-side load balancing, circuit breakers, and dynamic routing with a pluggable architecture for telemetry and policy.
Istio uses the Envoy proxy to transparently add in the service mesh functionality.
Istio provides uniform observability, mTLS-based security, and traffic management.
Istio can be used with both Kubernetes-based workloads as well as workloads deployed on VMs.
And moreover. Istio is now available as a service with Google Kubernetes Engine.
Anton, I propose us to go through Istio key operation topics and tell us in details next:
- Securing using RBAC
Istio role-based access control (RBAC) provides access control for services in Istio Mesh
- Mutual TLS authentication
Istio's mutual TLS authentication architecture provides a strong service identity and secure communication channels between services
- Monitoring Istio
Monitoring tools (e.g., Prometheus, Stackdriver) provide monitoring for both Istio control plane components and transparent proxies
- And last but not least A/B testing
Istio provides with a variety of traffic management and dynamic request routing for A/B testing, gradual rollouts, and canary releases, it also handles failure recovery using timeouts, retries, circuit breakers, and fault injection
Sure Ruslan. Let’s do this. And start with Istio Role Based Access Control. Pay your attention to this diagram.
Istio role-based access control (RBAC) provides namespace-level, service-level, and method-level access control for services in Istio Mesh. It features:
· Role-based semantics, which is simple and easy to use
· Service-to-service and end user-to-service authorization
· Flexibility through custom properties support in roles and role-bindings
Next feature is Istio mutual TLS or mTLS Authentication.
Istio Authentication’s aim is to enhance the security of microservices and their communication without requiring service code changes. It is responsible for:
· Providing each service with a strong identity that represents its role, enabling interoperability across clusters and clouds
· Securing service-to-service communication and end user-to-service communication
· Providing a key management system to automate key and certificate generation, distribution, rotation, and revocation
I remember one of my project, where we had a requirements to mTLS and secure communication between services, but we didn’t use Istio there. It was real pain in neck. We had to generate, revoke, update and properly store certificates and keys, make a lot of code changes to support these certificates and mTLS for application. If I’d known Istio deeply and had more experience with it, I would have used Istio service mesh on that project. I wish I could turn the clock back.
Ok Ruslan, don’t worry. You did everything you could. Next time will be better.
Let’s focus now on the other Istio feature and talk about Istio monitoring. What do we have here:
· Mixer — responsible for telemetry reporting
· Prometheus — querying Istio metrics provided by Mixer
· Grafana — visualizing metrics in a graphical dashboard
· Zipkin — to collect traces and then send to Stackdriver
And finally let’s talk about A/B testing with Istio. A/B testing deployments route a subset of users to a new functionality under specific conditions. It is usually used for business analysis, to make decisions about product changes. Possible list of conditions to distribute traffic amongst the app versions include:
· Weight
· Cookies
· Query parameters
· Geolocation
· User-agent (browser version), operating system, screen size, user device, etc.
· User language
Now, Anton, I have a question to you. But this time it is more global. And I have it because I’ve heard a lot of times from our customers following questions:
“Can we design and build hybrid and multi-cloud architecture with managed services?
Is it possible to launch GKE and Istio for on-premises environment or integrate with Kubernetes/Istio solutions in other clouds?”
So my question is: Are we ready to this future? Multi-cloud and hybrid environments? How Google can assist us with this?
Yep, Ruslan. And I have an answer. Meet Anthos.
Is this a new GCP technology that has been recently introduced?
Yes, it was introduced on Google Next 19 event.
Anthos is a modern application management platform that provides a consistent development and operations experience for cloud and on-prem environments. This page provides an overview of each layer of the Anthos infrastructure and shows how you can leverage its features. Anthos (formerly Cloud Services Platform) lets you build and manage modern hybrid applications across environments. Powered by Kubernetes and other industry-leading open-source technologies from Google, Anthos transforms your architectural approach, lets you focus on innovation, and allows you to move faster than ever without compromising security or increasing complexity. Become a strategic enabler of your business by modernizing your new and existing applications with containers, microservices architecture, and a service mesh delivered, and managed, by Google across your data center and the cloud.
Modernize in place
Migrate and modernize
Automate policy and security at scale
Consistent experience
Anthos Config Management has the following benefits for your Kubernetes Engine clusters:
Single source of truth, control, and management
Enables the use of code reviews, validation, and rollback workflows.
Avoids shadows ops, where Kubernetes clusters drift out of sync due to manual changes.
Enables the use of CI/CD pipelines for automated testing and rollout.
One-step deployment across all clusters
Anthos Config Management turns a single Git commit into multiple kubectl commands across all clusters.
Rollback by simply reverting the change in Git. The reversion is then automatically deployed at scale.
Rich inheritance model for applying changes
Using Namespaces, you can create configuration for all clusters, some clusters, some Namespaces, or even custom resources.
Using Namespace inheritance, you can create a layered Namespace model that allows for configuration inheritance across the repo folder structure.
Anthos is composed of multiple products and features. Below is a list of each component and its availability:
Google Kubernetes Engine (GA)
GKE On-Prem (Beta)
Google Cloud Platform Marketplace (Beta)
Anthos Config Management (Beta)
GKE Hub (Alpha)
Cloud Service Mesh (Alpha)
Anthos is composed of multiple products and features. Below is a list of each component and its availability:
Google Kubernetes Engine (GA)
GKE On-Prem (Beta)
Google Cloud Platform Marketplace (Beta)
Anthos Config Management (Beta)
GKE Hub (Alpha)
Cloud Service Mesh (Alpha)
OUR EXPERIENCE
Let me summarize what we have right now with Anthos:
Single centralized place to control all environments (cloud and on-premises)
Single centralized place to control traffic across all environments (cloud and on-premises)
Single centralized place where configuration files are stored - control application configuration across all environments (cloud and on-premises)
Ok, now it’s time for your questions.
Thank you for joining us today. We really appreciate your time and we hope that you got new information and food for thought after today’s meetup. Don’t hesitate to ask us if you have any further questions. Share with us your own experience, your problems and pain and we would try to help you and assist with choosing of proper solutions for your particular cases. Thank you and see you next time.