What it means to be

Cloud Native

Lee Calcote

April 2018

from containers to functions

clouds, containers, functions, applications  and their management

Show of Hands

What is Cloud Native ?

  • Containerized. Each part (applications, processes, etc) is packaged in its own container. This facilitates reproducibility, transparency, and resource isolation.
     
  • Dynamically orchestrated. Containers are actively scheduled and managed to optimize resource utilization.
     
  • Microservices oriented. Applications are segmented into microservices. This significantly increases the overall agility and maintainability of applications.

Missing: functions, unikernels, other? Needs pivoted to describe principles.

Development Process

Application Architecture

Deployment and Packaging

Application Infrastructure

Agile

Waterfall

DevOps

N-Tier

Monolithic

Microservices

Cloud

Containers

Physical Servers

Virtual Servers

Data Center

Hosted

Evolution to Cloud Native

λ

Functions

Serverless

Events

SRE

(Unikernels)

bare metal

      AND

          virtual machines

                AND

                    containers

                          AND

                              unikernels

                                   AND

                                        functions

the future is AND not OR

We hold these truths to be self-evident...

From Engines to Orchestrators

Disclaimer: I'm a Docker Captain and organize Docker Austin.

450+
Docker EE customers

27B

Container downloads

200+

Docker Meetups

Containers are the “Fastest Growing Cloud Enabling Technology”

- 451 Research

"By 2020, more than 50% of global organizations will be running containers in production."

- Gartner

15K

Job listings on LinkedIn

3.5M

Dockerized Apps

System Containers

  • Like a VM
  • Full OS image
  • Multiple processes

Application Containers

  • Single process
  • Use namespaces to deal with resource isolation for a single process.

  • Use cgroups to manage resources for a group of processes.

Similarities:

Types of Containers - Cloud Native way

[k uh  n- tey -ner]

[ awr -k uh -streyt-or]

Definition:

Core

Capabilities

  • Cluster Management

    • Host Discovery

    • Host Health Monitoring

  • Scheduling

  • Orchestrator Updates and Host Maintenance

  • Service Discovery

  • Networking and Load-Balancing

  • Stateful services

  • Multi-tenant, multi-region

Additional

Key Capabilities

  • Application Health & Performance Monitoring

  • Application Deployments

  • Application Secrets

Nomad Architecture

Docker Swarm 1.11 (Standalone)

Docker Swarm Mode 1.12 (Swarmkit)

+

Kubernetes Architecture

Mesos Architecture

A high-level perspective of the container orchestrator spectrum .

Microservices

The more, the more merrier?

Benefits

The first few services are relatively easy

 

 

Democratization of language and technology choice

 

Faster delivery, service teams running independently, rolling updates

Challenges

The next 10 or so may introduce pain

 

 

Language and framework specific libraries

 

 

Distributed environments, ephemeral infrastructure, out-moded tooling

Which is why...

 I have a container orchestrator, right?

The "layer 5" challenge

What do we need?

• Observability

• Logging
• Metrics
• Tracing

• Traffic Control

• Resiliency

• Efficiency
• Security

Policy

a Service Mesh

What is a Service Mesh?

a dedicated layer for managing service-to-service communication

so, a microservices platform?

obviously.

Orchestrators don't bring all that you need

and neither do service meshes,

but they do get you closer.

Missing: application lifecycle management, but not by much

partially.

a services-first network

Missing: distributed debugging; provide nascent visibility (topology)

Istio

An open platform to connect, manage, and secure microservices

  • Observability

  • Resiliency

  • Traffic Control

  • Security

  • Policy Enforcement

@IstioMesh

Observability

is what gets people hooked on service metrics

Goals

  • Metrics without instrumenting apps

  • Consistent metrics across fleet

  • Trace flow of requests across services

  • Portable across metric backend providers

You get a metric!  You get a metric!  Everyone gets a metric!

Traffic Control

control over chaos

  • Traffic splitting
    • L7 tag based routing?
  • Traffic steering
    • Look at the contents of a request and route it to a specific set of instances.
  • Ingress and egress routing

Resilency

 

  • Systematic fault injection
  • Timeouts and Retries with timeout budget

  • Circuit breakers and Health checks

  • Control connection pool size and request load

 

content-based traffic steering

Istio Architecture

Control Plane

Data Plane

Touches every packet/request in the system. Responsible for service discovery, health checking, routing, load balancing, authentication, authorization and observability.

Provides policy and configuration for services in the mesh.

Takes a set of isolated stateless sidecar proxies and turns them into a service mesh.

Does not touch any packets/requests in the system.

Istio Architecture

Pilot

Auth

Mixer

Control Plane

Data Plane

istio-system namespace

policy check

Foo Pod

Proxy sidecar

Service Foo

tls certs

discovery & config

Foo Container

Bar Pod

Proxy sidecar

Service Bar

Bar Container

Out-of-band telemetry propagation

telemetry

 

reports

Control flow during request processing

application traffic

application traffic

application namespace

telemetry reports

Functions

λ

But why?

Increasing focus on business logic

Decreasing concern (and control) over infrastructure implementation

Bare metal

VMs

Containers

Functions

  • Faster start-up times
  • Better resource utilization
  • Finer-grained management
  • Splitting up the monolith

VM

VM

VM

VM

λ

The Promised Land

No compute cost when idle.

Flexible and precise scaling.

No provisioning, updating, and managing server infrastructure.

with a few caveats

When to Use

  • Asynchronous, concurrent, easy to parallelize into independent units of work
  • Infrequent or has sporadic demand, with large, unpredictable variance in scaling requirements
  • Stateless, ephemeral, without a major need for instantaneous cold start time
  • Highly dynamic in terms of changing business requirements that drive a need for accelerated developer velocity

consider serverless when your workload is...

Serverless

Pain

Points

What is a Unikernel?

A library operating system

application

openGL

gtk

iconv

libgmp

libz

libstd++

libgcc

libc

kernel

libtls

a way of cross-compiling (existing) applications down to very small, lightweight, secure virtual machine

application

Microservices are (intended to be) small, self-contained, single-purpose applications.

 

Unikernels cannot handle multiple processes, so forking is not allowed.


Unikernels can handle threads.

Are single user, but who needs multiple users?

 

Can statically link data into application.

Immutable Infrastructure

enforced

Unik - Unikernel Compiler and Deployment

What is the CNCF?

  • Foster growth and evolution of ecosystem
  • Promote underlying technologies
  • Provide stewardship for projects
  • Make technologies accessible and reliable

Disclaimer: I'm a Cloud Native Ambassador and TOC Contributor

a vendor-neutral foundation to...

170 Members

cncf.io

 Projects

...a community of open source projects, including Kubernetes, Envoy and Prometheus.

 

Kubernetes and other CNCF projects are some of the highest velocity projects in the history of open source.

Cloud Native Interactive Landscape

Cloud Native Landscape

Disclaimer: I organize the Austin CNCF meetup.

KubeCon + CloudNativeCon Attendees

Members of CNCF Meetups

Cloud Native Trail Map

Working Groups

  • Formed in June 2017 at the request of CNCF Technical Oversight Committee (TOC)
     
  • Asked for state of tech/community & recommendations for possible involvement
     
  • Most key Serverless players involved
     
  • IBM, VMWare, Google, Red Hat, Huawei, Microsoft, SolarWinds, Docker, iguazio, Amazon, MasterCard, Pivotal, Serverless Inc., Clay Labs, The New Stack, A Cloud Guru, Platform9, Bitnami, Auth0, and Hyper 

 

Serverless WG

  • Describes & defined Serverless
  • Highlights promising use cases and areas where functions have already proven value
  • Differentiates Serverless from PaaS and Container Orchestration
  • Describes the mechanics of a generic Serverless system
  • Identifies potential future "harmonization" the WG could look at 

Serverless WG: White Paper

Creating a common model for event data, similar to CNI and CSI. Coalescing on a single format between a few proposals:

  • Cloud-Native Event Mapping (CNEM) – (iguazio)

  • CloudEvents – (Serverless, Inc.)

  • Cloud Auditing Data Federation – (IBM, DMTF)

Event Specification

CloudEvents.io

Solarwinds Participation

What it means to be

Cloud Native

from containers to functions

This has been an infrastructure tour.

 

What about processes and organization? CI/CD, DevOps and SRE

Lee Calcote

Thank you. Questions?

clouds, containers, functions,

applications and their management