Notes taken at AWS Container Day, Kubecon and Cloud Native Conference Barcelona May 2019
EKS Workshop, all instructions available at
https://www.eksworkshop.com
Videos available at
https://aws.amazon.com/eks/container_day/
https://github.com/jsafrane/caas
Login to GCP console
App deployed at http://35.195.138.121/sample/html
https://kccnceu19.sched.com/event/MPh0/tutorial-a-day-in-the-life-of-a-cloud-native-developer-randy-abernethy-rx-m-llc-limited-availability-first-come-first-served-basis
Kubernetes, Prometheus, Envoy, Fluentd, gRPC, Containerd, Helm, Harbor and Telepresence
IP 18.197.149.195 Key cnd.pem
https://github.com/RX-M/kubecon-eu-2019
gRPC stands for gRPC remote procedure call operating over HTTP/2 for transport, protocol buffers for IDL and serialization
Containerd - industry-standard container runtime with an emphasis on simplicity, robustness, portability. Has a gRPC API. The OCI container manager under Docker. Available as a daemon for Linux and Windows. Manages complete container lifecyle (image transfer, image storage, container execution, container supervision, low level storage, network attachments and more)
Harbor is an open source container registry project. Stores containers, signs containers, scans container content. Extends open source Docker distribution by adding functionality.
Kubernetes, open source container orchestration system. Automates application deployment, scaling, management.
Helm is the first application package manager designed by Kubernetes. A chart is a directory, in the directory you can have many resources. Allows users to describe application structure through yaml based "helm charts". Deployed applications can be managed with simple helm commands. New application can be easily composed of existing loosely coupled microservices. Users deploying helm charts can tailor them to their needs by settings variables in a values file. Helm chart template is combined with variable values to produce K8s specific configuration file.
Prometheus - written in Go used to record real-time metrics in a time series database. Uses HTTP pull model (scraping metrics from end points using openMetrics format). Provides flexible timeseries DSL for queries, supports real-time alerting, integrates with K8s, easy to integrate with properly designed microservices, uses Grafana web GUI as a front-end.
Fluentd - Data collection tool used for log forwarding, log aggregation. Used in various roles to create a unified logging layer. Written in Ruby with core data processing elements in C for performance. EFK - ElasticSearch - Fluentd - Kibana
Istio - Service mesh that provides key cross cutting concerns needed to successfully run a distributed microservice architecture. Mutual authentication, service to service authorization, traffic management, tracing, monitoring, logging, policy, cluster ingress. Reduces complexity of managing microservice deployments by providing a uniform way to deploy and manage these services.
Telepresence - Lets you run a single service locally while making it act as a component of a remote Kubernetes cluster. This lets developers working on multi-service applications. Do fast local development of a single service, even if that service depends on other services in the cluster. Make a change in the service, build and immediately see the service in action. Use any tool installed locally to test/debug/edit the service. Debuggers, IDEs, etc. Works on Mac and Unix.
Industry is moving towards real time data centric streaming apps, automated ops. Towards fast data, real time, data centric, event driven, "fast data" applications. Serverless is not function as a service. Use cases, throughout is key rather than low latency. Requests can be completed in a short time window. Like low traffic apps, stateless web apps, parallel processing tasks (resizing images for example), orchestration functions, composing chains of functions, job scheduling. But it's hard to build general purpose applications. What is bad… Retains limitations of 3 tier architecture, no direct accessibility (need storage medium), functions are stateless, ephemeral and short lived, no co-location of state and processing, limited options for managing and coordinating distributed state, limited options for modelling various consistency guarantees. Support for use cases like.. Training and serving ml models, user sessions, real time distributed stream processing, distributed resilient transactional workflows, shared collaborative workspaces, leader election. Tech requirements for this to happen: Stateful long loved addressible communication (actors) … and other notes
Event sourcing
CRDT - like acid 2.0 (associateive, grouping foesn't matter, communicative, order doesn't matter, etc.)
Conflict free replicated data types - always converged correctly, is acid 2.0, data types are counters, registers, sets, maps, graphs (that all compose)
Message in - message out
Deltas in - deltas out
Akka - cloud native, reactive, distributed system runtime. Implementation of the actor model, concurrency and distribution. Good at distributed state management. See akka.io
Knative stateful serviing has an akka sidecar. Powered by akka cluster sidecars.
Summary
We have started with Knative, Akka and gRPC.
Serverless 2.0needs a runtime and programming model
https://bit.ly/stateful-serverless-intro
https://www.github.com/Lightbend/stateful-serverless
https://aka.ms/code-marketplace
https://aka.ms/vscodekubeapi
https://mitchdenny.com/the-inner-loop/
Some automation tools… MS Draft, Skaffolg, Gitkube Minikube, docker but doesn’t work well with 100 services running locally
"Fancy kubernetes von for development" "kubectl port forward on steroids"
Intercepts DNS, envionment variables and secrets, volumes, TCP
Benefits, now you can use any tool that runs on your laptop. Requirements, mac or linux.
Harshal Patil
No notes here
No notes here
API - Detect, Analysis, Build, Export Platform - pack (Local CLI for CNB), knative-integration (template for using CNB with knative/tekton) Implementation - lifecycle, libbuildpack (Go lang binding for API) Core - spec, rfcs
Builder.toml describes what goes into it. Stack - build image, run image Buildpacks.io
3.86 million USD average cost of a data breach Threat modelling - Adam Shoshack Fallacies of distributed computing explained paper. www.rgoarchitects.com/Files/fallacies.pdf
Service Mesh, the 3 pillars Observability, Reliability, Security
Internal network isolation is required Techniques: Network segmentation Service segmentation? Problem: Dynamic environments
Network/service segmentation with intention-based security?
https://kccnceu19.sched.com/event/MPYy/testing-your-k8s-apps-with-kind-benjamin-elder-google-james-munnelly-jetstackio
https://github.com/kubernetes-sigs/kind
Unit tests: Race and timing issues not surfaced, majority of the api's server's functionality does not exist. Integration tests: kubebuilder / controller-runtime use this approach. Run etcd + apiserver (+ optionally controller-manager) End-to-end tests: Start full cluster, ultimate functionality, black box testing, but can be slow and expensive (someone needs to pay for these clusters) Why e2e tests? Certain edge cases are only picked up, kubernetes has a lot of controllers, the way these inter operate is important, 'fighting' can cause massive issues for a level based system. Example: maintain backwards compatibility, implement new functionality, ensure tests still pass, add new tests! Blackbox and e2e tests give you confidence to ship.
Kind - kubernetes in docker Boots cluster in 30 seconds Hermetic (no external dependencies)
kind create cluster command
kind load docker-image myapp:latest command
kind-ci/examples repo provides examples on different CI platforms
No notes
Data is the new currency. Better decisions - better actions. Make it simple, fast and cost-effective.
https://kubeflow.org
TensorFlow serving
Kubernetes native TFServing
https://cloud.google.com/ai-hub/
https://kccnceu19.sched.com/event/MPkp/intro-deep-dive-containerd-wei-fu-alibaba-mike-brown-ibm
crictl tool
ctl is containerd cli