[CPT DevOps Meetup] Developing Modern Applications in the Cloud

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Developing ModernApplications in
theCloud
COBUS BERNARD
AWS SENIORTECHNICAL EVANGELIST
@cobusbernard

© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Capabilitiesof a modern application
Secure Resilient Elastic
Modular Automated Interoperable

Assess and
prioritize,
app by app
Pick path to
modernization
Lift & shift:
data center → EC2
Re-platform:
VMs → containers
Refactor:
monolith → microservices
Re-invent:
host fleets → serverless
Modern application development: ajourney withmany
paths

Tomaintaincompetitiveadvantage,
digitalbusinessesmustinnovateasrapidlyas possible
FeedbackIdeas
Experiment
Innovation
Flywheel

Invention requires two things: the
ability to try a lot of experiments,
and not having to live with
the collateral damage of
failed experiments.“
Andy Jassy
CEO, Amazon Web Services

Structureappsascollectionsofmicroservices
When theimpact ofchange issmall,
releasevelocitycan increase
Monolithic application
Does everything
Shared release pipeline
Rigid scaling
High impact of change
Hard to adopt new technologies
Microservices
Does one thing
Independent deployments
Independent scaling
Small impact of change
Choice of technology

Whentheimpact ofchange issmall,
releasevelocitycan increase
Microservices
Do one thing – Well

Properties of microservices
Microservices
• Independent
• Individually Deployed & Scaled
• Polyglot
• Modular - Easily Replaced
• Decentralized

DesignConcepts
• Use managed services
• Focus on writing your business logic
(not on maintaining infrastructure)
• Loosely coupled & event driven
• Simplify delivery and discovery
AWS Lambda
AWS Fargate

APIs and decoupled communications enable
automation and improves reliability
FUNCTION
API
API
MICROSERVICE
FUNCTIONEVENT
API
MICROSERVICE
EVENT
API
MICROSERVICE
APPLICATION

Rigid Flexible
Abstractions
Easy Hard
1 System N Systems2 Systems

TechnicalDebtCost
Time
Absolute

TechnicalDebt
Time
Cost
Relative
Absolute

Monolith
Does everything
Monoliths are OK

Commondatacategoriesandusecases
Relational
Referential
integrity, ACID
transactions,
schema-
on-write
Lift and shift, ERP,
CRM, finance
Key-value
High
throughput, low-
latency reads
and writes,
endless scale
Real-time bidding,
shopping cart,
social, product
catalog, customer
preferences
Document
Store
documents and
quickly access
querying on any
attribute
Content
management,
personalization,
mobile
In-memory
Query by key
with
microsecond
latency
Leaderboards,
real-time analytics,
caching
Graph
Quickly and
easily create
and navigate
relationships
between
data
Fraud detection,
social networking,
recommendation
engine
Time-series
Collect, store,
and process
data sequenced
by time
IoT applications,
event tracking
Ledger
Complete,
immutable, and
verifiable history
of all changes to
application data
Systems
of record, supply
chain, health care,
registrations,
financial

Buildwithserverlesstechnologiesasmuchaspossible
Automation and abstractionfrees you
No infrastructure to
provision or manage
Automatically scales
by unit of consumption
Pay for value
billing model
Highly available
and durable

Usecodetomodelapplicationsandinfrastructure
Treatingeverythingas softwareincreases thespeed and
agilityof infrastructuredeployments
Design
Write application
code
Create infrastructure
templates
Create stacks Iterate

Infrastructure ascode
Declarative
I tell you
what I need
I tell you
what to do
Imperative

Infrastructure ascode goals
1. Make infrastructure changes repeatable and predictable
2. Release infrastructure changes using the same tools as code changes
3. Replicate production environment in a staging environment to enable
continuous testing

Model function environments withAWS
ServerlessApplication Model (SAM)
• Open source framework for building serverless
applications on AWS
• Shorthand syntax to express functions, APIs,
databases, and event source mappings
• Transforms and expands SAM syntax into AWS
CloudFormation syntax on deployment
• Supports all AWS CloudFormation resource types
https://aws.amazon.com/serverless/sam/

Rapidlyreleasehigh-qualityfeatureswithCI/CD
TeamsthatpracticeCI/CD
shipmore code faster,and withmore confidence
Source: Puppet 2017 State of DevOps Report
5x
Lower change
failure rate
440x
Faster from
commit to deploy
46x
More frequent
deployments
44%
More time spent on
new features & code

Monolith development lifecycle
monitorreleasetestbuild
developers
delivery pipelines
services

developers services
delivery pipelines
Monolithdevelopment lifecycle

Containers have become the standard for how to ship and run your
application in the cloud

Containers and Docker
A container is a standard unit of software that packages up code and all its
dependencies so the application runs quickly and reliably from one
computing environment to another.1
1 https://www.docker.com/resources/what-container
Server
Operating System
Docker Engine
AppA
AppB
AppC
AppD

Docker Image
• Used to launch container
• Instructions documented in Dockerfile
• Merge layers into single image
• Read-only template
kernel
Base Image
Image layer
Image layer
Image layer
References
parent image
layer

Containers and Microservices
• Do one thing, really well
• Any app, any language
• Isolated execution environment
• Test and deploy same artifact
• Faster startup
Container Container
Container Container

Manually downloading and launching containers by hand is
inefficient and error prone

Container orchestration

Buildwithserverlesstechnologiesasmuchaspossible
AWS container serviceslandscape
Management
Deployment, Scheduling,
Scaling & Management of
containerized applications
Hosting
Where the containers run
Amazon Elastic
Container Service
Amazon Elastic
Container Service
for Kubernetes
Amazon EC2AWS Fargate
Image Registry
Container Image Repository
Amazon Elastic
Container Registry

Amazon ECS key components
Development cluster
Container instance Container instance
Container instance
Productioncluster
Container instance Container instance
Container instance
AmazonElastic Container Service
(AmazonECS)
Container
Container
Volume
Taskdefinition
AmazonElastic Container Registry

Kubectl
EKS Architecture

Microservicecommunication
• IP / Ports constantly changing
• TLS between services
• Metrics
• Monitoring
• Auth

OSS Hystrix:
code changes required
Service Mesh:
decentral, language agnostic,
dumb endpoints
https://www.infoq.com/articles/microservices-post-kubernetes
Shift in Infrastructure Logic
ESB: clustered monolith

Open Source: Istio Service Mesh
Connect, secure, and observe services
• Shift in where functionality is located
• Control plane = Istio
• Data plane = set of all Envoy proxies
• Envoy proxy as sidecar in K8s pod
• Automatic or manual injection of proxy with EKS

Data Plane (Proxy)
• Touches every packet / request
• Service discovery
• Health Checking
• Routing
• Load Balancing
• Authentication / Authorization
• Observability

Istio Service Mesh with Envoy Proxy

Envoy Proxy
• Level 7 proxy
• HTTP, HTTP/2, gRPC, AWS Dynamo DB, MongoDB
• C++11 code base , only 8 MB (statically linked)
• No language or framework dependencies
• Rquires no code changes
• Battle proved OSS, started at Lyft
• Works across compute options – also on EC2
• Envoy is not tightly coupled Istio

Service Mesh
But Docker / Kubernetes can do rolling updates!
Yes, but Istio sparates traffic flow
from replica deployment

A bath tub full of cold water ? K8s roling update
25%
1 pod at a time
… or just wetten your feet? Service Mesh
3%
Traffic routing
🛁 🛁 🛁
💦
🛀🏽🛁
🌊❄️🌊❄️🌊❄️
Fancy a Swim in the Arctic Sea ?
Blue / Green
100%
All services at once
Microservices Update Strategies

User Based Routing Traffic Shifting

Control Plane (Istio)
• Routing information
• Policies & configuration

App Mesh works across compute services
Amazon ECS
AWS Fargate
Amazon EKS
Amazon EC2
Kubernetes on EC2

Based on Envoy proxy
Start App Mesh from the AWS CLI, console or SDK
There is no additional charge for using AWS App Mesh
Supports any third-party tool that works with Envoy
App Mesh

InstallAppMesh withHelmChart
# create ns and enable auto-injection
$ kubectl create ns appmesh-demo
$ kubectl label namespace appmesh-demo
appmesh.k8s.aws/sidecarInjectorWebhook=enabled
# deploy the demo
$ helm install -n aws-appmesh-demo
--namespace appmesh-demo
https://github.com/.../aws-appmesh-demo.tgz
https://github.com/PaulMaddox/aws-appmesh-helm

Logging
HTTP access logging
Amazon CloudWatch Logs
Available as container logs on Amazon ECS, Amazon EKS,
AWS Fargate
Metrics
CloudWatch metrics
StatsD (with tags)
Prometheus
Tracing
AWS X-Ray
Other Envoy tracing drivers
Observability

VisualizeServiceCallGraph (Lambda)

Pinpoint errors (Lambda)

Open-SourceGrafana

Traffic shaping
Load balancing
Weight targets
Service discovery (DNS + AWS Cloud Map)
Health checks
Retries*
Timeouts*
Circuit breakers*
*Coming soon
Traffic Management
Routing controls
Protocols support (HTTP, TCP, gRPC*)
Path-based
Header-based*
Cookie-based*
Host-based*

AWSApp MeshRoadmap is Public
https://github.com/awslabs/aws-app-mesh-examples

Thank you!
COBUS BERNARD
AWS SENIORTECHNICAL EVANGELIST
@cobusbernard

[CPT DevOps Meetup] Developing Modern Applications in the Cloud

More Related Content

Similar to [CPT DevOps Meetup] Developing Modern Applications in the Cloud

More from Cobus Bernard

Recently uploaded

[CPT DevOps Meetup] Developing Modern Applications in the Cloud