joint workshop - vmware...joint workshop: hybrid open multi-cloud is the new normal. nigel watson...
TRANSCRIPT
Joint Workshop:Hybrid open multi-cloud is the new normal.
Nigel WatsonHead of Cloud Technology Partners, Google Asia Pacific and Japan
Vish PhaneendraTechnical Director, Platform Architecture, Pivotal South Asia
Michael LeawOpen Source Solutions Architect, Southeast Asia & Korea, VMWare
Hybrid is the new normal
Kārlis Dambrāns via Wikimedia Commons
Modernization strategies
Public
On-Prem
Classic Apps and Operations Cloud-Native Apps and Operations
Lift and ShiftReduced costSelf serviceElasticity Service Mesh
True hybrid deploymentService by service transformation
ContainerizationIncreased developer productivityPortability
Platform Consistency
Infrastructure consistency and abstraction across GCP, on-premises, and other cloud platforms
Service Provisioning and Discovery
Easy programmatic access to cloud services through a service catalog
Service Management
Control, monitor, and secure communication for microservices and external services
Enabling Service Mesh architectures
Service Management
Enabling Service Mesh Architectures
Kubernetes
Open platform for running containers, portable apps that run across environments
Run Open Services
Simple, elegant way to deliver and consume services across environments
Managed by policy
Connect, manage, and secure services across environments
Istio
Platform Consistency Service Provisioning and Discovery
Confidential & Proprietary
K8s provides a container-centric infrastructure
“first Google cage ... filled with ~30 PCs on shelves”1
Google’s decentralized cluster architecture is based on Containers: Light, VM-like, immutable process isolations. Borg, a declarative cluster resource allocation system runs them
Kubernetes and GKE inspired by Borg, it “controls through choreography—achieving a desired emergent behavior by combining the effects of separate, autonomous entities that collaborate”2
1) Urs Hölzle, https://plus.google.com/+UrsH%C3%B6lzle/posts/UseinB6wvmh2) Borg, Omega, and Kubernetes, ACM Queue 2016
Service provisioning and discovery
Management services
Analytics
Dev management
Security analytics
Monolithic systemson premise
Centralized governance of all API services
Kubernetes IntegrationAll Apigee services are Kubernetes services
Apigee
● Integrating legacy applications
● Recompose monolithic applications as services
● Build a service layer in front of existing systems to increase IT velocity
● Import legacy systems into modern, container-based architectures as services
1. Create a service broker
2. Browse service catalog
3. Create service instance; choose your plan size
4. Bind the service to your app
5. Unbind the service when you’re done
6. Delete the serviceBigQuery
CloudPub/Sub
CloudBigtable
CloudSQL
CloudSpanner
CloudStorage
Service provisioning and discovery
What is open service broker?
Service management
Istio Service Mesh
Securing service traffic
Service Discovery
Failure Recovery
Metrics / Monitoring
Uniform observability
Load Balancing
End to end authentication
Rate Limiting
Operational agility
A/B testing
Canary releases
Access Control
Embedded OS(Windows & Linux)
CPI
v1
v2
v3...
CVEsProduct Updates
vSphereAzure &
Azure StackGoogle CloudAWSOpenstack
PivotalNetwork
“3Rs”
Concourse
Repair — CVEs
Repave Rotate — Credhub
● Packaging with embedded OS
● Server provisioning on any IaaS
● Software deployment across clusters
● Service & server state monitoring
● Self-healing w/ Resurrector
● Rolling upgrades via canaries
● Dynamic scaling up or down
BOSH - What?
BOSH:Open Source tool.
The nucleus of Pivotal Cloud Foundry stack.
Tasks:1)Release engineering, 2)Deployment3)Lifecycle management 4)Monitoring of distributed systems.”
BOSH - Why?
● Provision services, not machines
● Enables continuous delivery
● Cloud-agnostic
● Holistic Toolchain to “rule them all"
● Clear visibility into config management
BOSH - Five S’ of Value
SavingsSecurity
ScalabilitySafetySpeed
Provides an automated way to easily create software releases to update
complex deployed systems with simple commands
Able to adapt from a single service, single vm, single IaaS to multiple
services, 1000s of vms, and multiple IaaS’
Utilizes HTTPS by default, provides accountability with audit trails, user
accounts, and protected vm/job credential management
Controlling software releases, Operating System images, persistent data, and system
configuration with a single pane of view reduces demand on IT Operational costs
Centralized server allows users to see and track changes made to the deployed system. Test driven deployments through
canaries, any update error causes the deployment to stop
BOSH - Component Architecture
Director
Postgres DB
NATS
CLI
Health Monitor
Blob Store
Agent
Agent
Agent
Agent
IaaS API
Cloud Provider Interface
IaaS
BOSH provides the means to go from deployment configuration to VM creation and management. It includes interfaces for Azure, vSphere, AWS, GCP, and OpenStack. Additional CPI can be written for alternative IaaS providers.
Registry
BOSH - Cloud Agnostic
Cloud Provider Interface (CPI)
API that the Director uses to interact with an IaaS to create and manage stemcells, VMs, and disks. A CPI abstracts infrastructure differences from the rest of BOSH.
Stemcell `create_stemcell` `delete_stemcell`
VM `create_vm` `delete_vm` `reboot_vm` `set_vm_metadata` `configure_networks`
Disk `create_disk` `delete_disk` `attach_disk` `detach_disk` `has_disk` `get_disk`
Snapshots `snapshot_disk` `delete_snapshot` `current_vm_id`
Multi - Cloud
BOSH - Process High Availability
Director
NATSAgent
Agent
IaaS
Proc-1
Proc-1
Restart! Health Monitor
Alert Sent!
BOSH - VM High AvailabilityManifest - Desired State
Director
NATS
Agent
Proc-1
Agent
IaaS
Proc-1
Health Monitor Agent
Proc-1
Alert Sent!
Agent
Agent
Proc-1
Proc-1
IaaS API
Cloud Provider Interface
Embedded OS(Windows & Linux)
CPI
v1
v2
v3...
CVEsProduct Updates
vSphereAzure &
Azure StackGoogle CloudAWSOpenstack
PivotalNetwork
“3Rs”
Concourse
Pivotal ServicesMarketplace
Pivotal and Partner Products
Public Cloud Services
Customer Managed Services
Repair — CVEs
Repave Rotate — Credhub
Java | .NET Spring | NodeJS
Pivotal Application Service (PAS)
>cf push
Pivotal Function
Service (PFS)
Functions
>riff create
Elastic | SparkPackaged Software
Pivotal Container Service (PKS)
>kubectl run
Github
Concourse
Continuousdelivery
Legacy Systems
Istio - service management & monitoring
Pivotal multi-cloud service mesh platform
VMware Pivotal Container Service (PKS)
A turnkey solution to provision, operate and manage enterprise grade Kubernetes clusters
+
+
Fully supported, globally available Kubernetes
distribution
Latest Stable version of Kubernetes
Deep integration with NSX-T
for networking and security
Runs on vSphere, GCP, AWS.
PKS Product Overview
▪ Kubernetes-based container service with:
▪ advanced networking, an enterprise container registry, and full lifecycle management.
▪ Simplifies deployment and operation of Kubernetes clusters for enterprises and service providers
▪ Jointly developed, marketed, sold and supported by VMware and Pivotal
Who is PKS built for?
IT Operator
– PRE (Platform Reliability Engineering)
– Deploy, Scale, Operate Platform
– Innovation of Business Capability as Cloud native Apps
– Develop, Deploy, Scale, Monitor Apps
– Physical Infrastructure is Operated
– Network & Security Control Policy is defined
• Platform Reliability Engineers– Platform is Reliable– Capacity Is planned for
– Platform is Secured & Controlled– Platform is Auditable– Application Dev/Ops owners are Agile
• Application Dev/Ops owner– Automate Everything
– Agile
Cloud Native Applications at scale can & should be kept running by a 2 Pizza Team approach (DevOps in Action)
ApplicationDev/Ops Owner
Platform Reliability Engineer
22
IaaS
Node
NodeKubernetes
Cluster Services
API
Cluster3
NSX-T
vSphere
PKS includes:
• PKS Control Plane, CFCR• NSX-T, Harbor, GCP Broker• BOSH Release for Kubernetes• Configures Day 1 of
- CFCR- vSphere- NSX Integration- Harbor
• Manages Day 2 of Kubernetes Clusters
- Auto Healing- Scaling- Patch & Upgrade- Upgrades- Control/Audit OPS Events
Kubo CFCR
Kubernetes(As a Bosh Release)
BOSH(Deploys/Manages VMs)
CPI
CNI
HarborPrivate Container
Registry
PKS “How it Works”
Node
Node
Node
Kubernetes Cluster Services
API
Node
Node
Node
Kubernetes Cluster Services
API
Node
Cluster1
Cluster2
Service Brokers
API
#pks create-cluster Cluster1#pks create-cluster Cluster2#pks create-cluster Cluster3
PKS Control Plane
VM
VM
VM
VM
VM
VM
VM
VM
VM
Node
NodeKubernetes
Cluster Services
API
Cluster3
Node
Node
Node
VM
VM
VM
VM
VM
23
PRE
Infrastructure
Compute Network Monitoring
Security Storage
Architecting with Application Requirements
Kubernetes Cluster
vSphere NSX Wavefront
NSX Datastores
PRE RoleFocus on mapping
Kubernetes constructs to a given infrastructure
Load Balancer
Storage Requirements
Availability Zone
Security Policy
Application Metrics
ELK Spark Nth App
K8s API
App Dev architects apps with native Kubernetes
constructs
the SDDC with
AppDev
24
PKS – Control Plane Authentication
InfrastructureStorageCompute Networking
Cluster Mgmt.
NameSpace1
vSphere Google Cloud Platform
Hybrid
NameSpace2
NameSpace3 NameSpace4
Operator admin
DevTeam1Namespace1
Platform Lifecycle Management
K8s Cluster1
K8s Cluster2
DevTeam3K8s Cluster2
Problem• Organizations will demand varying
level of isolation
Solution• Clusters as a unit of tenancy
• Namespaces as a unit of tenancy
How• Provide a simple way to deploy,
operate and maintain multiple clusters
• RBAC for clusters and namespaces
Developer2Namespace2
NameSpace(s)
Cluster Mgmt
K8s Cluster3
DevTeam4K8s Cluster3
NameSpace(s)
Cluster Mgmt
Flexible Multi-tenancy
Multi-AZ Support
Kubectl
NSX Load Balancer
Support of Multi-AZs
■ Distribute clusters and nodes across AZs
■ Dedicate AZs based on tenant requirements
High availability of workloads– Addresses AZ outages for the
worker nodes
Availability Zone = vSphere Cluster or vSphere Resource Pool
Virtual Server
Virtual Server
my_dev-store.acme.com/checkout
my_stage-store.acme.com/payment
AZ3
Worker Node
Worker Node
AZ2
Worker Node
Worker Node
AZ1
Worker Node
Master Node
Virtual Server
Multi-Master with Multi-AZ
Kubectl
NSX Load Balancer
Support of Multi-AZs
■ Distribute clusters and nodes across AZs
■ Dedicate AZs based on tenant requirements
■ Scalability of K8s cluster management plane with load distribution across masters
High availability of K8s cluster management and data plane
– Addresses AZ outages for both worker nodes and master nodes
– Master Node Outages– Dedicated Load Balancer with High
Availability– Health check monitor for K8s
Master NodesAvailability Zone = vSphere Cluster or vSphere Resource PoolDedicated Load Balancer per cluster
Virtual Server
Virtual Server
my_dev-store.acme.com/checkout
my_stage-store.acme.com/payment
AZ1
Worker Node
Master Node
Virtual Server
AZ2
Worker Node
Master Node
AZ3
Worker Node
Master Node
ODB Broker
PKS API
PKS - Open Service Broker API
Summary
Get started with Google Cloud: https://cloud.google.com/free/cloud.google.com/migrate
Velostrata: velostrata.com/google
CloudEndure: info.cloudendure.com/2017-Google-Migration.html
VMWare VRealise Orchestrator Announcement - tinyurl.com/vro-gcp
Pivotal
VMWare
Google Cloud
https://pivotal.io/platform
https://www.vmware.com/sg/try-vmware/pivotal-container-18-hol-labs.html
Summary