Updated version for CloudExpo 2019 The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addresses many of the challenges faced by developers and operators as monolithic applications transition towards a distributed microservice architecture. A tracing tool like Jaeger analyzes what's happening as a transaction moves through a distributed system. Monitoring software like Prometheus captures time-series events for real-time alerting and other uses. Grafeas and Kritis provide security policy attestation and enforcement. And there are many more. In short, there's an entire new cloud-native ecosystem growing up around containers. Come to this talk by Red Hat technology evangelist Gordon Haff and learn all about it.

1. Cloud-Native:
A New Ecosystem for Putting Containers into Production
Gordon Haff, Emerging Tech Evangelist
June 2019
@ghaff

2. 2
Who am I?
● Evangelist for emerging
technologies and practices at Red
Hat
● Author of How Open Source Ate
Software, etc.
● Former IT industry analyst
● Former big system guy
● Website: http://www.bitmasons.com

3. 3
Virtual machines looked like servers
● Heterogeneous environments
● Can scale-up
● Direct support for “enterprise”
storage
● Support complex network topologies
● “Pet” features like live migration

4. 4
Without the low utilization

5. 5
This was sort of the point

6. 6
● Physical
● Logical
● Virtual
● Containers
● Application
● Etc.

7. 7
Containers change how we develop,
deploy, and manage applications
● Sandboxed processes on
shared Linux kernel
● Simpler, lighter, and denser
than VMs
● Portable across different
environments
INFRASTRUCTURE APPLICATIONS
● Package application with all
dependencies
● Fast & repeatable
deployments with CI/CD
● Immutable modular
components

8. 8
This is looking different from servers

9. 9
This was also the point

10. 10
Containers necessary foundation but
not sufficient
● OCI Image spec
● OCI runtime spec (e.g. runc)
● OCI distribution spec

11. 11
It takes a… city?
Cloud Native Computing Landscape
https://landscape.cncf.io/

12. 12
Containers necessary foundation but
not sufficient
● OCI Image spec
● OCI runtime spec (e.g. runc)
● OCI distribution spec

13. 13
Containers necessary foundation but
not sufficient
● Containers depend on the
Linux kernel for security,
performance,
compatibility, and more
SELinux Namespaces Cgroups SeccompCapabilities

14. 14
Modular open container tooling
● Build containers
● Inspect containers
● Run containers
● Work with containers at command
line
● Modular *nix philosophy
● Minimize attack surface
#nobigfatdaemons

15. 15
Operate containers at scale
● Originally from Google, inspired by
Borg
● Container orchestration & resource
management
● Declarative deployments of
containerized applications
https://thenewstack.io/kubernetes-deployments-work/

16. 16
Interface containers to orchestration
● Work with
Kubernetes to
manage and run OCI
runtimes
● Pulls images from
registry
● Handles networking
through Container
Network Interface
(CNI)
● Clean interface
boundaries
Container Runtime Daemon e.g. crio
Container Runtime Interface CRI-O
Kubernetes Kublet
Linux Container
}OCI Compliance
Container Runtime e.g. runC

17. 17
Deploy complete applications
● Method of packaging, deploying and
managing a Kubernetes application
● Encode the human operational
knowledge normally required to help
keep services running optimally
● Help to execute best practices

18. 18
Store artifacts in enterprise registries
SKOPEO
Image
Repository
Image
Registry
Host
/var/lib/containers
/var/lib/docker
● Geo-replication and HA
● Access controls
● Remote metadata inspection
● Automated builds
● Security scans

19. 19
Connect services
● Configurable service mesh
infrastructure layer for a
microservices application
● Provides service discovery, load
balancing, encryption,
authentication and authorization
● Common set of
language-independent services any
application can use

20. 20
Monitor the running apps/services
● Time series data model identified by
metric name and key/value pairs
● Collection happens via a pull model
over HTTP
● Values reliability even under failure
conditions over 100% accuracy
● Came from web-scale DevSecOps

21. 21
Log and analyze
Events:
Cloud,
Host,
Container,
Application
Event and Log aggregation
Normalize and store
Visualize and Alert

22. 22
Observe (the new distributed normal)
● Visualize service mesh topology
(Kiali)
● Distributed tracing (Jaeger)
● Performance and latency
optimization
● Service dependency analysis

23. 23
Serverless
● Framework for event-driven
programming
● Not just functions-as-a-service
(FaaS)
● Both architectural and pricing model

24. 24
Getting started: DIY?
● Visualize service mesh
topology (Kiali)
● Distributed tracing (Jaeger)
● Performance and latency
optimization
● Service dependency analysis

25. 25
Curating and integrating cloud native
OpenShift Application Lifecycle Management
(CI/CD)
Build Automation Deployment Automation
Service Catalog
(Language Runtimes, Middleware, Databases)
Self-Service
Infrastructure Automation & Cockpit
Networking Storage Registry
Logs &
Metrics
Security
Container Orchestration & Cluster Management
(Kubernetes)
Red Hat Enterprise LinuxAnsible / CloudForms
RHEL Container Runtime &
Packaging (SELinux and SCC)
Enterprise Container Host

26. 26
IT’S ABOUT GETTING TO
YOUR DESTINATION, NOT
JUST A CONTAINER
THANK YOU!