P to V to C: The Value of Bringing “Everything” to Containers

P to V to C:
The Value of Bringing “Everything” to Containers
Cornelia Davis
@cdavisafc
Mukesh Gadiya
@mcgadiya

Unless otherwise indicated, these slides are © 2013-2018 Pivotal Software, Inc. and licensed under a Creative Commons
Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/
Safe Harbor Statement
The following is intended to outline the general direction of Pivotal's offerings. It is intended for information purposes
only and may not be incorporated into any contract. Any information regarding pre-release of Pivotal offerings, future
updates or other planned modifications is subject to ongoing evaluation by Pivotal and is subject to change. This
information is provided without warranty or any kind, express or implied, and is not a commitment to deliver any
material, code, or functionality, and should not be relied upon in making purchasing decisions regarding Pivotal's
offerings. These purchasing decisions should only be based on features currently available. The development,
release, and timing of any features or functionality described for Pivotal's offerings in this presentation remain at the
sole discretion of Pivotal. Pivotal has no obligation to update forward looking information in this presentation.
2

“I want to move all
workloads from V(irtual) to
C(ontainers) so that we no
longer have to worry about
things like patching
operating systems.” Major US Telco Provider

Agenda
What is Container(ization)?
Benefits of Containerization
The Different Faces of Containerization
What is the Right Abstraction for my Workload?
PKS Secret Sauce
4

What is a Container?

Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 6
“container” doesn’t mean anything super
precise. Basically there are a few new Linux
kernel features (“namespaces” and
“cgroups”) that let you isolate processes
from each other and set controls on their
resource usage. When you use these
features, you call it a “container”
Julia Evans

All containers
must share same
host OS & kernel
Virtualization Hierarchy

What is Containerization?

Start with building a container image
# our base image
FROM python:3-onbuild
# specify the port number the container
should expose
EXPOSE 5000
# run the application
CMD ["python", "./app.py"]
9
Specify language runtime, dependencies
Specify runtime app configuration
How to start your application

Host the image on container registry
10
DTR
GitLab
Quay
Harbor
Docker hub
GCR
ECR
ACR
On-prem
Public
Cloud

Extracts image onto filesystem
11
‘Copy On Write’ sharing
strategy for efficient disk usage
for storing images on filesystem

Creates isolated resources & runs container
12
uses cgroups, (for resource accounting)
namespaces (for secure isolation) and host
filesystem (for storing image layers) to run
applications

Benefits of Containerization

Benefits for DevOps
14
Consistency Agility
•Source code, lang runtime, app
dependencies in container image
standardizes app deploy model
•Container image as a single
deployment model enables
★Build once, run anywhere
★Less env snowflakes
★Better separation of concerns
between development and
operations
•Lightweight containers enable
★ Faster provisioning
★ Faster app deployments
★ Support microservices arch
★ Handling traffic spikes
efficiently
•Container images enable
streamlined CI/CD workflows
Efficiency
• Higher app density per host
•Efficient disk usage
•Standardizing on container images
enables efficient OS patching
process

The Different Faces of
Containerization

like

patching operating
systems
like

HOST
Host OS
(Kernel)
OS Image
Runtime Layer
Application Layer
App container
We can
Repair
the OS kernel
(imagine Meltdown
remediated in 16 hours)
Embeds
the
Operating System
https://content.pivotal.io/blog/how-to-apply-the-meltdown-fix-to-all-your-systems-in-less-than-a-day

Teams Delivering Outcomes
20
Database
Web
Server
Messaging
Your Application Code
Virtualized
Infrastructure
PLATFORM
Platform Team
Application Team
Iteratively building and
delivering digital offerings
to the consumer
Enabling the app teams all
while maintaining
Security
Compliance
Resilience
Cost Efficiency
20

HOST
Host OS
(Kernel)
OS Image
Runtime Layer
Application Layer

HOST
Host OS
(Kernel)
OS Image
Runtime Layer
Application Layer
OS Image
Runtime Layer
Application Layer

HOST
Host OS
(Kernel)
OS Image
Runtime Layer
Application Layer
OS Image
Runtime Layer
Application Layer
App-team
Provided

HOST
Host OS
(Kernel)
OS Image
Runtime Layer
Application Layer
OS Image
Runtime Layer
Application Layer
App-team
Provided
HOST
Host OS
(Kernel)
OS Image
Runtime Layer
Application Layer

HOST
Host OS
(Kernel)
OS Image
Runtime Layer
Application Layer
OS Image
HOST
Host OS
(Kernel)
OS Image
Runtime Layer
Application Layer
Runtime Layer
OS Image
Runtime Layer
HOST
Host OS
(Kernel)
Application Layer
OS Image
Runtime Layer
Application Layer Application Layer
Platform-
team
Provided
App-team
Provided
Trusted Container
Pipeline
We can
Repair
everything up to the
app itself
We can
Repair
the OS kernel

patching operating
systems
like
malware

HOST
Host OS
(Kernel)
OS Image
Runtime Layer
Application Layer

HOST
Host OS
(Kernel)
OS Image
Runtime Layer
Application Layer
OS Image
Runtime Layer
Application Layer

OS Image
Runtime Layer
Application Layer
HOST
Host OS
(Kernel)
31
OS Image
Runtime Layer
Application Layer
HOST
Host OS
(Kernel)
You can
Repave
the entire
environment
VERY Often!!!

like
prediction-based
capacity management
malware

HOST
Host OS
(Kernel)
HOST
Host OS
(Kernel)

HOST
Host OS
(Kernel)
HOST
Host OS
(Kernel)
HOST
Host OS
(Kernel)

Predictions
On-demand
Capacity
Management

Teams Managing Their Products
37
Database
Web
Server
Messaging
Your Application Code
Virtualized
Infrastructure
PLATFORM
Platform Team
Application Team
Monitor application usage
and scale capacity up and
down as needed
Monitor platform usage
and scale capacity up and
down as needed
37
Quotas
are an important
part of the contract
between platform
and app teams
And this scaling may be
automated
at both layers

like
prediction-based
capacity management
load balancer
configuration

Workflow:
• Provision Machine
• Install Operating
System & Middleware
• Install App
• Configure Firewall
• …
• Done!!!
Imperative Systems Management
39

Workflow:
• Provision Machine
• Install Operating
System & Middleware
• Install App
• Configure Firewall
• …
• Done!!!
Imperative Systems Management
40

© Copyright 2015 Pivotal. All rights reserved. !41
Failed Application Instances Replaced (Diego)
Router
Blobstore
Cloud
Controller
etcd
Cell Cell Cell
Pivotal Cloud Foundry
Elastic Runtime
Access
App
DB
Converger & Auctioneer
Desired State
Actual State

like
load balancer
configuration

All of this
containerization…but needn’t all be the
same way

The
(Raw)
Container
Abstraction

docker build
kubectl apply
Dockerfile
docker push

The
Application
Abstraction

Here is my code
Run it in the cloud for me
I do not care how
- Onsi Fakhouri

Deploying a Microservice into PAS
cf push

The
Function
Abstraction

Knative
Described by Google as a “collection of components that [extend
Kubernetes and] provide the missing building blocks that developers
need to create modern, source-centric, container-based cloud-native
applications.”
Basically, it’s a simpler way for developers to deploy and run
serverless apps and functions atop Kubernetes and Istio.

Betting our FaaS future on Knative
Community-driven
ecosystem of
EventSources,
Buses,
Invokers,  
BuildTemplates,
etc.
Kubernetes
VALUE LINE
BuildTemplates
Channels
CLI/UI
Invokers
VALUE LINE

What is the Right Abstraction?

A Taxonomy
55
Tech Type
• Microservices, Spring Boot
• JEE - WebSphere, Weblogic
• .NET
• Data
• Partner provided Software e.g
CloudBees Jenkins
• Legacy/UnCommon runtimes
Workload Lifecycle
• High value, many releases per
quarter
• Low value, few releases per
year
• Retirement status
• Tied to Partner lifecycle
• Already containerized
Team Skills
• Pure Dev, No Infra
• Platform savvy
• Kubernetes savvy
There are some easy ones…

A Taxonomy
56
Workload Lifecycle
quarter
year
Team Skills
• Pure Dev, No Infra,
• Platform savvy
Tech Type
• .NET
• Data
CloudBees Jenkins

A Taxonomy
57
Workload Lifecycle
quarter
year
Team Skills
• Platform savvy
Tech Type
• .NET
• Data
CloudBees Jenkins

A Taxonomy
58
Workload Lifecycle
quarter
year
Team Skills
• Platform savvy
Tech Type
• .NET
• Data
CloudBees Jenkins
• Legacy/UnCommon runtimes Dev team responsible day 2
image operations

A Taxonomy
59
Workload Lifecycle
quarter
year
Team Skills
• Platform savvy
Tech Type
• .NET
• Data
CloudBees Jenkins

A Taxonomy
60
Workload Lifecycle
quarter
year
Team Skills
• Platform savvy
Tech Type
• .NET
• Data
CloudBees Jenkins
• Web events
Pivotal
Function

A Tale of Multiple Abstractions

62
IaaS
CaaS
PaaS
FaaS
Bare Metal

63
IaaS
vSphere, AWS,
GCP, Azure
Bare Metal
•Customize OS
•Status quo
☺
•BUT it runs on my machine!
•App lifecycle (boot, scale)
changes are slow
•Turns into monoliths which
become harder to maintain
and upgrade
😠

64
IaaS
CaaS
PKS, K8s
Bare Metal
•Consistency
• Agility
• Efficiency
☺
•Container images lifecycle
management - e.g. create,
update, registry, patching
which can lead to image
snowflakes
• Less dev productivity -
bring in own routing,
observability, secrets mgmt,
service brokering etc
😠

65
IaaS
CaaS
PaaS
PAS
Bare Metal
•No need to learn OS,
docker & no patching
• Very high dev
productivity - power
of cf push
• No snowflakes
☺
•Mostly stateless & conform
to best practices
• Minimal support for
persistent data
•TCP/HTTP only
😠

66
IaaS
CaaS
PaaS
FaaS
PFS
Host OS
•Resource efficient
• High dev
productivity
• Decoupled
deployments
☺
•Mostly suitable for event
driven use cases
•Observability nightmare
across functions
• HTTP(S) only
• Significant redevelopment
😠

67
IaaS
CaaS
PaaS
FaaS
Event driven use cases e.g. Webhook
handlers
• Stateless, 12 factor apps
• Microservices
• Kernel customization is necessary
• If you can only scale vertically
Bare Metal
Almost never!
• Need Persistent local storage
• Vendor provided software
• Uncommon runtimes ( e.g. Cobol)
• Non HTTP/TCP protocols
• Multiple TCP/IP Ports
None of these?
Then PaaS is the best place to start

68
IaaS
CaaS
PaaS
FaaS
Strategic goal: Push as many workloads as
technically feasible to the top of the platform hierarchy
Higher flexibility and
less enforcement of
standards
Lower development
complexity and higher
operational efficiency
Bare Metal

Enterprise Kubernetes

Kubernetes is a Runtime for Containerized Workloads
K8s ClusterTooling for
Managing
Workloads:
➤ kubectl
➤ Kubernetes
Dashboard
App
Teams
Kubernetes Master

But we need more than a runtime
K8s Cluster
App
Teams
Tooling for
Managing
Workloads:
➤ kubectl
➤ Kubernetes
Dashboard
Compute
Storage
Networking
Routing
ImageReg
ExternalSvc
...
Tooling for
Managing
Kubernetes:
➤ Installation
➤ Upgrades
➤ Patch mgmt
➤ Resilience
➤ Monitoring/
Logging
➤ Backup/
Recovery
➤ …
Platform
Team
Kubernetes Master

PKS Secret Sauce

K8s Cluster
App
Teams
Tooling for
Managing
Workloads:
➤ kubectl
➤ Kubernetes
Dashboard
Compute
Storage
Networking
Routing
ImageReg
ExternalSvc
...
Tooling for
Managing
Kubernetes:
➤ Installation
➤ Upgrades
➤ Patch mgmt
➤ Resilience
➤ Monitoring/
Logging
➤ Backup/
Recovery
➤ …
Platform
Team
Kubernetes Master

@cdavisafc
K8s Cluster
App
Teams
Tooling for
Managing
Workloads:
➤ kubectl
➤ Kubernetes
Dashboard
Platform
Team
Kubernetes Master Tooling for
Managing
Kubernetes:
➤ Installation
➤ Upgrades
➤ Patch mgmt
➤ Resilience
➤ Monitoring/
Logging
➤ Backup/
Recovery
➤ …
Compute
Storage
Networking
Routing
ImageReg
ExternalSvc
...

PKS does for your Kubernetes
what
Kubernetes does for your apps

Multi-tenancy
Multi-tenant clusters
# Leverage Kubernetes namespaces
Limitations with Kubernetes alone
# Noisy neighbors (workloads can affect other
tenants)
# Share the same network
# Share DNS
# Shared Configuration
# ...
We add
# Network microsegmentation with NSX-T
○ Eliminating “Share the same network”
Multi (Single-tenant) clusters
It is having an API for creation and management
that enables this!!!
# Every tenant get’s their own cluster
Addresses limitations
# Single tenant worker VMs (depend on the
hypervisor to ensure host is properly shared)
# Every cluster has own network segment
# Every cluster has own DNS
# Every cluster has own configuration
# ...
No other “on
prem” solution
has this!!!

Summary

Containerization Brings Value
80
Enables Platforms to do Even More
OS Patching
Repaving (i.e. against malware)
Auto scaling
Dynamic routing
…
Many Faces of Containerization
Use the right tool for the job!

vSphere Openstack AWS
Google 
Cloud
Azure &  
Azure Stack
Shared Services
Shared Security
Shared Networking
Logging & Metrics / Services Brokers / API Management
Credhub / UAA / Single Sign On
VMWare NSX
Embedded Operating System (Windows / Linux)
Application Code & Frameworks
Buildpacks / Spring Boot / Spring Cloud / Steeltoe
PAS
 
Pivotal Application  
Service
Pivotal Services 
Marketplace
 
Pivotal and
Partner Products
Concourse
PKS
 
Pivotal Container  
Service
PFS 
Pivotal Function Service

Safe Harbor Statement
The following is intended to outline the general direction of Pivotal's offerings. It is intended for information purposes
only and may not be incorporated into any contract. Any information regarding pre-release of Pivotal offerings, future
updates or other planned modifications is subject to ongoing evaluation by Pivotal and is subject to change. This
information is provided without warranty or any kind, express or implied, and is not a commitment to deliver any
material, code, or functionality, and should not be relied upon in making purchasing decisions regarding Pivotal's
offerings. These purchasing decisions should only be based on features currently available. The development,
release, and timing of any features or functionality described for Pivotal's offerings in this presentation remain at the
sole discretion of Pivotal. Pivotal has no obligation to update forward looking information in this presentation.
82

> Stay Connected.
Cornelia Davis • cdavis@pivotal.io • @cdavisafc
Mukesh Gadiya • mgadiya@pivotal.io • @mcgadiya
This whole track!!
#springon@s1

P to V to C: The Value of Bringing “Everything” to Containers

More Related Content

What's hot

Similar to P to V to C: The Value of Bringing “Everything” to Containers

More from VMware Tanzu

Recently uploaded

P to V to C: The Value of Bringing “Everything” to Containers