Lakshmi Sharma, Director Product Management, Networking ... · Lakshmi Sharma, Director Product...
Transcript of Lakshmi Sharma, Director Product Management, Networking ... · Lakshmi Sharma, Director Product...
1
Modernize, Deploy and Manage Enterprise Apps at scale in Hybrid
Lakshmi Sharma, Director Product Management, Networking, Google Cloud
2
IT must now manage across legacy on-prem, private-hosted, and one or more public cloud environments
On-prem legacy apps
Private-hosted apps
Threat of vendor lock in
Threat of new technology
Cloud apps
Established enterprises have built up increasingly complex software environments
3
1. With minimal down time
2. By re-architecting monolithic architecture into microservices
3. To lower our technical debt
4. But need a design that seamlessly manages all our business lines
5. And continue to use same tools, and APIs across
We want Hybrid with Modernization
4
1. Lift and shift
2. Transform
3. Greenfield
4. Hybrid approach
Migrationoptions
5
Legacy software development practice: An Example
New requirement to launch / scale mobile component of an existing legacy app
IT Teams build mobile backend based on existing legacy architecture
Difficult to migrate / break apart existing app due to hard dependencies in on-prem environment
At launch, unpredictable traffic spikes, causing downtime
Team decides to switch environments and replatform their app, forcing a full rewrite due to inflexibility of legacy systems
The mobile component needs to be developed, configured, secured, and scaled differently in each environment it’s deployed
CONTAINERIZATION
ORCHESTRATION
CI / CD
SERVICE MESH
Package applications
Run applications
Manage applications
Connect and secure applications
DOCKER
KUBERNETES
SPINNAKER
ISTIO+gRPC
Package applications
Run applications
Manage application
Connect and secure applications
8
Applications aren’ttied to underlyinginfrastructure or vendors...
...addressing issues of tight coupling
Container based methods offera flexible approach to infrastructure
01 Running Applications with Kubernetes
10
Automate deployment of applications on toany infrastructure
A portable platform on top of which developers can build applications, so that they are easily...
A portability layer hatabstracts away differences in underlying computer platforms
Kubernetes
Ported Changed Redeployed
GCP
VM VPC STORAGE ROUTERS FW LB IAM
API
On Prem / Cloud
VM VPC STORAGE ROUTERS FW LB IAM
KUBERNETES
Kubernetes is a declarative way to describe your applications
12
Containers at Google
● Google launches more than four billion containers every week globally
● Full range of Google-run applications including Search, Gmail, and YouTube.
● Inspired by Google’s Cluster Manager called Borg which enables direct software tasks across vast machine clusters.
● A culmination of Google’s experience deploying resilient applications at scale.
02 Managing applications with Spinnaker
CICD/ on Google Cloud
Build/Test
Artifact storage Deploy
Cloud Build Container Registry
Cloud Storage
Source
Source Repository
CSR Bitbucket Jenkins Circle CI quay DockerHub
jenkins Codefresh
Spinnaker
Spinnaker is an open-source, multi-cloud, continuous delivery platform
Application deployment Application management
Deployment Sequencing
Pipelines
Stages
Deployment Strategies
Safe Deployments
Execution Windows Manual Judgements Manual Rollbacks Automated Rollbacks
Trigger a pipeline that does a rollback on a failed deployment
03 Connecting and Securing Applications with gRPC and Istio
Learning from Predecessor of gRPC called Stubby at Google
Microservices at Google:
Images by Connie Zhou
O(1010) RPC per second
what did we learn from scaled Stubby ● Contracts between services should be strict● Common language helps● Common understanding for deadlines, cancellations, flow control messages● Common stats/tracing framework is essential for monitoring, debugging● Common framework lets uniform policy application for control and lb
Single point of integration for logging, monitoring, tracing, service discovery and load balancing makes lives much easier !
Android-Java Client
gRPC Stub
Ruby Client
gRPC Stub
Stubby to gRPC -> What Is gRPC?
C++ Service
gRPC Server
Proto Request
Proto Response
Proto Request
Proto Response(s)
gRPC Speaks Your Language
Java Service
gRPC Service
gRPC Stub
Python Service
gRPC Service
GoLang Service
gRPC Service
C++ Service
gRPC ServicegRPC
Stub
gRPC Stub
gRPC Stub
gRPC Stub
gRPC Runs Everywhere
Micro service architecture
3rd Party App
External
App
Internal
μService
μService
μService
μService
μService
μService
μService
μService
μService
APIs
APIs
Cloud Service
App
API
Front end
Backend & Shared Services
API
API
Internet of Things
30
API
APIAPI
• HTTP/2 performance: Multiplexing, Header Compression, Binary Framing
• Binary compact protos: Serialization time, size of message on wire, client and server compute time, network throughput
• Streaming is native to gRPC Service Mesh Integrations• Monitoring and Tracing
Prometheus, Zipkin, Opentracing integrations• Service Discovery
Etcd, Consul, Zookeeper as controller for gRPC-lb• Auth & Security
mTLS , Plugin auth mechanism (e.g. OAuth)• Proxies
Nginx and others
gRPC is:
PerformantExtensibleEasyWidely Adopted
Transparently automate application network functions.
Service Mesh
Separating (business Logic) applications from network functions
Everybody got all fired up about Kubernetes and microservices and then were like ‘Wow, what’s going on?’ Istio lets us view our entire system and find trouble spots.Anonymous early adopter
Istio is a service mesh. It is an open framework for connecting, securing, managing and monitoring services.
Secure, Monitor, Manage
Intelligent routing
● Dynamic route configuration
● A/B tests ● Canaries● Gradually upgrade
versions
Resilience
● Timeouts● Retries● Health checks● Circuit breakers
Security & policy
● Mutual TLS● Organizational policy● Access policies● Rate Limiting
Telemetry
● Service Dependencies● Traffic Flow● Distributed Tracing
Traffic transparently proxied —unaware of proxies
Pilot Mixer
Discovery & config data to proxies
TLS certsto proxies
Policy checks,telemetry
Proxy
Frontend
Proxy
Payments
Citadel
How Istio works
Istio Control Plane
HTTP/1.1, HTTP/2, gRPC or TCP -- with or without
mTLS
Control Plane API
Service architecture
AuthFrontend
Pictures Payments
Users Cloud SQL
External Payment Processor
Istio-enabling a service
spec: containers: - image: frontend:v2.0.17
spec: containers: - image: frontend:v2.0.17 - image: istio/proxy:v1.0
Frontend
Proxy
Frontend
Service architecture with Istio
Proxy
Auth
Proxy
Frontend
Users Cloud SQL
Pictures
Proxy
Payments
Proxy
External Payment ProcessorExternal Payment Processor
Steady state
Service
Traffic control tied to infrastructure
In the past
10% canariesLoad Balancing
Traffic control tied to infrastructure
Canary
Default
Default
Default
Default
Default
Default
Default
Default
Default
With IstioTraffic flow separated from infrastructure
Canary
Default
10% canariesIstio Load Balancing
90% of traffic
10% of traffic
Traffic steeringdestination: pictures.example.localmatch: httpHeaders: user-agent: regex: ^(.*?;)?(iPhone)(;.*)?$precedence: 2route:- tags: version: 2.0-alpha env: staging
pictures
version: 2.0-alpha env: staging
version: 1.5env: prod
Proxy
Frontend
Pictures
Proxy
Pictures
Proxy
Regular communication
Frontend Payments
Automatic secured Communication
Citadel
Istio Control Plane
Proxy
Frontend
Proxy
Payments
DOCKER
KUBERNETES
SPINNAKER
ISTIO+gRPC
Package applications
Run applications
Manage application
Connect and secure applications
Some important Links
https://cloud.google.com/solutions/hybrid-and-multi-cloud-patterns-and-practices
IO201-Best practices using Kubernetes, Spinnaker and Istio to Manage a Multi-cloud Environment
Best Practices from Google SRE: How You Can Use Them with GKE + Istio
https://cloud.google.com/containers/
https://cloud.google.com/kubernetes-engine/
https://cloud.google.com/istio/
43
Thank you