Updated version for CloudExpo 2019
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications.
Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addresses many of the challenges faced by developers and operators as monolithic applications transition towards a distributed microservice architecture. A tracing tool like Jaeger analyzes what's happening as a transaction moves through a distributed system. Monitoring software like Prometheus captures time-series events for real-time alerting and other uses. Grafeas and Kritis provide security policy attestation and enforcement. And there are many more.
In short, there's an entire new cloud-native ecosystem growing up around containers. Come to this talk by Red Hat technology evangelist Gordon Haff and learn all about it.
Cloud-Native: A New Ecosystem for Putting Containers into Production
1. Cloud-Native:
A New Ecosystem for Putting Containers into Production
Gordon Haff, Emerging Tech Evangelist
June 2019
@ghaff
2. 2
Who am I?
● Evangelist for emerging
technologies and practices at Red
Hat
● Author of How Open Source Ate
Software, etc.
● Former IT industry analyst
● Former big system guy
● Website: http://www.bitmasons.com
3. 3
Virtual machines looked like servers
● Heterogeneous environments
● Can scale-up
● Direct support for “enterprise”
storage
● Support complex network topologies
● “Pet” features like live migration
7. 7
Containers change how we develop,
deploy, and manage applications
● Sandboxed processes on
shared Linux kernel
● Simpler, lighter, and denser
than VMs
● Portable across different
environments
INFRASTRUCTURE APPLICATIONS
● Package application with all
dependencies
● Fast & repeatable
deployments with CI/CD
● Immutable modular
components
13. 13
Containers necessary foundation but
not sufficient
● Containers depend on the
Linux kernel for security,
performance,
compatibility, and more
SELinux Namespaces Cgroups SeccompCapabilities
14. 14
Modular open container tooling
● Build containers
● Inspect containers
● Run containers
● Work with containers at command
line
● Modular *nix philosophy
● Minimize attack surface
#nobigfatdaemons
15. 15
Operate containers at scale
● Originally from Google, inspired by
Borg
● Container orchestration & resource
management
● Declarative deployments of
containerized applications
https://thenewstack.io/kubernetes-deployments-work/
16. 16
Interface containers to orchestration
● Work with
Kubernetes to
manage and run OCI
runtimes
● Pulls images from
registry
● Handles networking
through Container
Network Interface
(CNI)
● Clean interface
boundaries
Container Runtime Daemon e.g. crio
Container Runtime Interface CRI-O
Kubernetes Kublet
Linux Container
}OCI Compliance
Container Runtime e.g. runC
17. 17
Deploy complete applications
● Method of packaging, deploying and
managing a Kubernetes application
● Encode the human operational
knowledge normally required to help
keep services running optimally
● Help to execute best practices
18. 18
Store artifacts in enterprise registries
SKOPEO
Image
Repository
Image
Registry
Host
/var/lib/containers
/var/lib/docker
● Geo-replication and HA
● Access controls
● Remote metadata inspection
● Automated builds
● Security scans
19. 19
Connect services
● Configurable service mesh
infrastructure layer for a
microservices application
● Provides service discovery, load
balancing, encryption,
authentication and authorization
● Common set of
language-independent services any
application can use
20. 20
Monitor the running apps/services
● Time series data model identified by
metric name and key/value pairs
● Collection happens via a pull model
over HTTP
● Values reliability even under failure
conditions over 100% accuracy
● Came from web-scale DevSecOps