Hack the Stack: Fast-track Kubernetes to Production with ...files.informatandm.com › uploads ›...
Transcript of Hack the Stack: Fast-track Kubernetes to Production with ...files.informatandm.com › uploads ›...
© 2019 DIAMANTI | CONFIDENTIAL | DO NOT DISTRIBUTE 1Information Classification: General
Hack the Stack: Fast-track Kubernetes to Production with the Right Infrastructure Strategy
Sean Roth, Director of Product MarketingDiamanti
© 2019 DIAMANTI | CONFIDENTIAL | DO NOT DISTRIBUTE 2Information Classification: General
Agenda
▪ Enterprises are going Cloud Native
▪ …but what actually defines ‘cloud native’?
▪ What Options Do I Have To Deploy My Cloud Native Apps?
▪ The DIY Kubernetes Stack In Depth
▪ Why You Should Run Containers On Bare Metal, And Not VMs
▪ A Look At Container Persistent Storage And Container Networking
© 2019 DIAMANTI | CONFIDENTIAL | DO NOT DISTRIBUTE 3Information Classification: General
What is ’Cloud Native’? 10 Key Attributes
1. Packaged as lightweight containers
2. Developed with best-of-breed languages and frameworks
3. Designed as loosely coupled microservices
4. Centered around APIs for interaction and collaboration
5. Architected with a clean separation of stateless and stateful services
6. Isolated from server and operating system dependencies
7. Deployed on self-service, elastic, cloud infrastructure
8. Managed through agile DevOps processes
9. Automated capabilities
10. Defined, policy-driven resource allocation
Source: https://thenewstack.io/10-key-attributes-of-cloud-native-applications/
© 2019 DIAMANTI | CONFIDENTIAL | DO NOT DISTRIBUTE 4Information Classification: General
Enterprises are Going ‘Cloud Native’: A Look Back At 2018
80 BILLIONDocker downloads to date
*Diamanti 2018 end-user survey
More than 50% of new workloads will be deployed
in containers in 2018
>70% of enterprisesplan to deploy containers in
production in 2018*
31% are modernizing legacy apps with containers*
Diamanti Survey
How are containers being used?
New cloud-native applications
Lightweight stateless applications
Cloud migrations
Modernizing legacy applications
Database
CI/CD pipeline
Stateful applications
requiring persistent storage
Content management
All the above
Other
54.19%
0 10 20 30 40 50 60
38.71%
32.26%
30.54%
30.32%
28.17%
20.86%
19.35%
9.03%
2.80%
© 2019 DIAMANTI | CONFIDENTIAL | DO NOT DISTRIBUTE 5Information Classification: General
Infrastructure Remains a Top Container Adoption Challenge
“Enterprise interest in Kubernetes to build
and deploy new applications is off the charts.
Security, storage, networking and monitoring
are the top challenges that our user
community have highlighted on the
Kubernetes adoption path.”
-- Dan Kohn, Executive Director
© 2019 DIAMANTI | CONFIDENTIAL | DO NOT DISTRIBUTE 6Information Classification: General
What Options Do I Have for Cloud Native App Deployments?
On-Prem: DIY with
Hypervisor
PROS:
▪ Low complexity at small scale
▪ Experience with traditional
technology components
CONS:
▪ Longer time-to-value
▪ With a VM layer, resource efficiency
is reduced and complexity
increases
▪ High complexity and cost at scale
▪ Difficult to manage at scale
Public Cloud
PROS:
▪ 100% OPEX means lowest cost
at small scale
▪ Proven, resilient infrastructure
as a service
CONS:
▪ Highest costs at large scale
▪ Difficult to optimize efficiency
▪ Security and compliance
concerns
▪ No bare metal support yet
On-Prem: DIY with Bare
Metal
PROS:
▪ Flexible, seamlessly scalable
infrastructure
▪ Better overall performance at scale
▪ TCO advantages are realized
CONS:
▪ Specialized skill sets required at
different areas of the stack
© 2019 DIAMANTI | CONFIDENTIAL | DO NOT DISTRIBUTE 7Information Classification: General
Major Container Adoption Challenges
Choose your cloud native infrastructure wisely;
it matters at every step.
Day 1 (Hard)
Deploy infrastructure
▪ Build the container stack
▪ Configure network, storage
▪ Install container runtime and orchestration
Day 2 (Harder)
Manage containers in production
▪ Guarantee real-time SLAs
▪ Infrastructure services
▪ 24x7 support
Day 3 (Hardest)
Expand with multi-cloud
▪ Quick movement of containers across cloud environments
▪ Seamless scalability
▪ Policy-driven
© 2019 DIAMANTI | CONFIDENTIAL | DO NOT DISTRIBUTE 8Information Classification: General
Do-It-Yourself Approach to Container Infrastructure
DAY 1:Build a
Container
Environment
Yourself
Vendor Engagement
Equipment Installation
Container Orchestration
Network Storage
Config Management
Orchestration
Network Overlay
Persistent Storage
Clustering
Management
Burn-In Testing
Run Applications
Monitoring
Access Controls
Upgrade Trials
Tribal Knowledge
Support / Handoff
Operationalized
Container
Environment
Is Complete
Ecosystem Research
© 2019 DIAMANTI | CONFIDENTIAL | DO NOT DISTRIBUTE 9Information Classification: General
CNCF Landscape
© 2019 DIAMANTI | CONFIDENTIAL | DO NOT DISTRIBUTE 10Information Classification: General
How Containers Use Compute Resources
▪ Kubernetes podspecs offers a declarative
model for carving out CPU and memory on a
per-container basis
▪ Limits = maximums
▪ Requests = guaranteed minimum
▪ K8S prevents oversubscription of requests
apiVersion: v1
kind: Pod
metadata:
name: qos-demo
namespace: qos-example
spec:
containers:
- name: qos-demo-ctr
image: nginx
resources:
limits:
memory: "200Mi”
cpu: "700m”
requests:
memory: "200Mi”
cpu: "700m"
© 2019 DIAMANTI | CONFIDENTIAL | DO NOT DISTRIBUTE 11Information Classification: General
Drilling Down: Storage For Stateful Containers
Kubernetes FlexVolume
/ CSI
▪ Single way to integrate 3rd
party storage
▪ replaces the need to
maintain several different
storage drivers as part of
the mainline Kubernetes
code
Local Storage
▪ Host paths can be mounted
to containers in Docker and
Kubernetes
CHALLENGES
▪ Persistence
▪ High Availability (HA)
▪ Who is managing it?
Kubernetes Native
Storage Drivers
▪ K8S team integrated
several popular filesystems
and storage drivers:
▪ iSCSI, NFS, GlusterFS,
CEPH, GCEpersistent,
AzureFile, etc.
© 2019 DIAMANTI | CONFIDENTIAL | DO NOT DISTRIBUTE 12Information Classification: General
Kubernetes Networking Model
POD 1
NETWORK
CNI
POD 2 POD n
Kubernetes accepts only ONE container network interface (CNI)
OTHERS
© 2019 DIAMANTI | CONFIDENTIAL | DO NOT DISTRIBUTE 13Information Classification: General
Container Networking Model: IP Layers and Port Mapping
HOST / Node IP:172.16.100.101/24
CLUSTER IP
10.100.100.101
Runtime Internal
192.168.xxx.yyy
CONTAINER 01
CLUSTER IP
10.100.100.102
Runtime Internal
192.168.xxx.yyy
CONTAINER 02
CLUSTER IP
10.100.100.103
Runtime Internal
192.168.xxx.yyy
CONTAINER 03
CLUSTER IP
10.100.100.104
Runtime Internal
192.168.xxx.yyy
CONTAINER 04
Node IP:172.16.100.102/24
CLUSTER IP
10.100.100.109
Runtime Internal
192.168.xxx.yyy
CONTAINER 09
CLUSTER IP
10.100.100.110
Runtime Internal
192.168.xxx.yyy
CONTAINER 10
CLUSTER IP
10.100.100.111
Runtime Internal
192.168.xxx.yyy
CONTAINER 11
CLUSTER IP
10.100.100.112
Runtime Internal
192.168.xxx.yyy
CONTAINER 12
Node IP:172.16.100.103/24
CLUSTER IP
10.100.100.113
Runtime Internal
192.168.xxx.yyy
CONTAINER 13
CLUSTER IP
10.100.100.121
Runtime Internal
192.168.xxx.yyy
CONTAINER 21
CLUSTER IP
10.100.100.107
Runtime Internal
192.168.xxx.yyy
CONTAINER 07
CLUSTER IP
10.100.100.114
Runtime Internal
192.168.xxx.yyy
CONTAINER 14
Outside World
It’s not NAT, but it sort of acts like it:
© 2019 DIAMANTI | CONFIDENTIAL | DO NOT DISTRIBUTE 14Information Classification: General
Drilling Down: Kubernetes Networking Model
Source: https://kubernetes.io/docs/concepts/services-networking/service/
NODE
ServiceIP
(iptables) kube-proxy
BACKEND POD 1 BACKEND POD 2 BACKEND POD 3
labels: app=MyApp
Port: 9376
labels: app=MyApp
Port: 9376
labels: app=MyApp
Port: 9376
client apiserver
client
© 2019 DIAMANTI | CONFIDENTIAL | DO NOT DISTRIBUTE 15Information Classification: General
OPERATING SYSTEM
ORCHESTRATOR
CONTAINER RUNTIME
OPERATING SYSTEM
HYPERVISOR
LEGACY INFRASTRUCTUREServersNetworkSAN Storage
Guest OS
/ Kernel
Guest OS
/ Kernel
Guest OS
/ Kernel
Guest bins
/ libs
Guest bins
/ libs
Guest bins
/ libs
Runtime
Orchestrator
▪ Complex
management
▪ Inefficient resource
utilization
▪ Low container
density
▪ Limited
performance
▪ High TCO
Runtime
Orchestrator
Runtime
Orchestrator
I/O LAYER
▪ Simpler
management
▪ Efficient resource
utilization
▪ High container
density
▪ Enhanced
performance
▪ Lower TCO
Application
Y
Container
Application
X
Container
Etcd
MASTER
Application
X
Container
Etcd
MASTER 1
Application
Y
Container
Application
Z
Container
Application
X
Container
Application
W
Container
Application
Y
Container
Application
Z
Container
Application
X
Container
Application
W
Container
Application
Y
Container
Application
Z
Container
Infrastructure: VMs VS. Bare Metal Hyperconverged
© 2019 DIAMANTI | CONFIDENTIAL | DO NOT DISTRIBUTE 16Information Classification: General
Case Study: Containers for Database-as-a-Service
▪ Solution:
▪ Solution up and running in a week
▪ Minutes to deploy new instance
▪ Nodes added dynamically without disruption
▪ $1.2M upfront savings
▪ $4M+ TCO savings over 3 years
▪ 4 FTE -> ½ FTE
▪ 23x faster than legacy
▪ 84 RUs down to 4 RUs
▪ Quality of service without overprovisioning
▪ High availability based on Kubernetes
▪ 24x7 support
10xFootprint reduction
$4MTCO savings over 3 years
10xFaster
deployment
7 Days Start to finish
▪ Challenge:
▪ Move to Postgres + DBaaS
▪ Looked at building it
▪ 6 FTE, 12 month development
▪ 4 FTE support
▪ 42 RUs
▪ Profile:
▪ Fortune 50 Financial Institution
▪ Sybase legacy app, ecosystem diminishing
▪ VM infrastructure takes months to deploy new instance
▪ Costly DB and VM licensing, overprovisioning, $10K per node + 84 Rus
© 2019 DIAMANTI | CONFIDENTIAL | DO NOT DISTRIBUTE 17Information Classification: General
Complete turnkey Kubernetes stack
▪ Hyperconverged 1U appliance built on x86 architecture
▪ Features container-optimized networking and storage models
▪ 24/7 full-stack support
Built for public cloud experience, on-prem
▪ Manage multiple on-prem clusters and private-cloud deployments through single UI
▪ Per container network and storage QoS
▪ Enterprise DP/DR features: mirroring/synchronous replication, snapshots/asynchronous replication
▪ Burst production workloads to the cloud
Benefits:
▪ High performance
▪ Efficient
▪ Secure
▪ Installs in minutes
▪ Low TCO
Diamanti Enterprise Kubernetes Platform