1

Modernize, Deploy and Manage Enterprise Apps at scale in Hybrid

Lakshmi Sharma, Director Product Management, Networking, Google Cloud

2

IT must now manage across legacy on-prem, private-hosted, and one or more public cloud environments

On-prem legacy apps

Private-hosted apps

Threat of vendor lock in

Threat of new technology

Cloud apps

Established enterprises have built up increasingly complex software environments

3

1. With minimal down time

2. By re-architecting monolithic architecture into microservices

3. To lower our technical debt

4. But need a design that seamlessly manages all our business lines

5. And continue to use same tools, and APIs across

We want Hybrid with Modernization

4

1. Lift and shift

2. Transform

3. Greenfield

4. Hybrid approach

Migrationoptions

5

Legacy software development practice: An Example

New requirement to launch / scale mobile component of an existing legacy app

IT Teams build mobile backend based on existing legacy architecture

Difficult to migrate / break apart existing app due to hard dependencies in on-prem environment

At launch, unpredictable traffic spikes, causing downtime

Team decides to switch environments and replatform their app, forcing a full rewrite due to inflexibility of legacy systems

The mobile component needs to be developed, configured, secured, and scaled differently in each environment it’s deployed

CONTAINERIZATION

ORCHESTRATION

CI / CD

SERVICE MESH

Package applications

Run applications

Manage applications

Connect and secure applications

DOCKER

KUBERNETES

SPINNAKER

ISTIO+gRPC

Package applications

Run applications

Manage application

Connect and secure applications

8

Applications aren’ttied to underlyinginfrastructure or vendors...

...addressing issues of tight coupling

Container based methods offera flexible approach to infrastructure

01 Running Applications with Kubernetes

10

Automate deployment of applications on toany infrastructure

A portable platform on top of which developers can build applications, so that they are easily...

A portability layer hatabstracts away differences in underlying computer platforms

Kubernetes

Ported Changed Redeployed

GCP

VM VPC STORAGE ROUTERS FW LB IAM

API

On Prem / Cloud

VM VPC STORAGE ROUTERS FW LB IAM

KUBERNETES

Kubernetes is a declarative way to describe your applications

12

Containers at Google

● Google launches more than four billion containers every week globally

● Full range of Google-run applications including Search, Gmail, and YouTube.

● Inspired by Google’s Cluster Manager called Borg which enables direct software tasks across vast machine clusters.

● A culmination of Google’s experience deploying resilient applications at scale.

02 Managing applications with Spinnaker

CICD/ on Google Cloud

Build/Test

Artifact storage Deploy

Cloud Build Container Registry

Cloud Storage

Source

Source Repository

CSR Bitbucket Jenkins Circle CI quay DockerHub

jenkins Codefresh

Spinnaker

Spinnaker is an open-source, multi-cloud, continuous delivery platform

Application deployment Application management

Deployment Sequencing

Pipelines

Stages

Deployment Strategies

Safe Deployments

Execution Windows Manual Judgements Manual Rollbacks Automated Rollbacks

Trigger a pipeline that does a rollback on a failed deployment

03 Connecting and Securing Applications with gRPC and Istio

Learning from Predecessor of gRPC called Stubby at Google

Microservices at Google:

Images by Connie Zhou

O(1010) RPC per second

what did we learn from scaled Stubby ● Contracts between services should be strict● Common language helps● Common understanding for deadlines, cancellations, flow control messages● Common stats/tracing framework is essential for monitoring, debugging● Common framework lets uniform policy application for control and lb

Single point of integration for logging, monitoring, tracing, service discovery and load balancing makes lives much easier !

Android-Java Client

gRPC Stub

Ruby Client

gRPC Stub

Stubby to gRPC -> What Is gRPC?

C++ Service

gRPC Server

Proto Request

Proto Response

Proto Request

Proto Response(s)

gRPC Speaks Your Language

Java Service

gRPC Service

gRPC Stub

Python Service

gRPC Service

GoLang Service

gRPC Service

C++ Service

gRPC ServicegRPC

Stub

gRPC Stub

gRPC Stub

gRPC Stub

gRPC Runs Everywhere

Micro service architecture

3rd Party App

External

App

Internal

μService

μService

μService

μService

μService

μService

μService

μService

μService

APIs

APIs

Cloud Service

App

API

Front end

Backend & Shared Services

API

API

Internet of Things

30

API

APIAPI

• HTTP/2 performance: Multiplexing, Header Compression, Binary Framing

• Binary compact protos: Serialization time, size of message on wire, client and server compute time, network throughput

• Streaming is native to gRPC Service Mesh Integrations• Monitoring and Tracing

Prometheus, Zipkin, Opentracing integrations• Service Discovery

Etcd, Consul, Zookeeper as controller for gRPC-lb• Auth & Security

mTLS , Plugin auth mechanism (e.g. OAuth)• Proxies

Nginx and others

gRPC is:

PerformantExtensibleEasyWidely Adopted

Transparently automate application network functions.

Service Mesh

Separating (business Logic) applications from network functions

Everybody got all fired up about Kubernetes and microservices and then were like ‘Wow, what’s going on?’ Istio lets us view our entire system and find trouble spots.Anonymous early adopter

Istio is a service mesh. It is an open framework for connecting, securing, managing and monitoring services.

Secure, Monitor, Manage

Intelligent routing

● Dynamic route configuration

● A/B tests ● Canaries● Gradually upgrade

versions

Resilience

● Timeouts● Retries● Health checks● Circuit breakers

Security & policy

● Mutual TLS● Organizational policy● Access policies● Rate Limiting

Telemetry

● Service Dependencies● Traffic Flow● Distributed Tracing

Traffic transparently proxied —unaware of proxies

Pilot Mixer

Discovery & config data to proxies

TLS certsto proxies

Policy checks,telemetry

Proxy

Frontend

Proxy

Payments

Citadel

How Istio works

Istio Control Plane

HTTP/1.1, HTTP/2, gRPC or TCP -- with or without

mTLS

Control Plane API

Service architecture

AuthFrontend

Pictures Payments

Users Cloud SQL

External Payment Processor

Istio-enabling a service

spec: containers: - image: frontend:v2.0.17

spec: containers: - image: frontend:v2.0.17 - image: istio/proxy:v1.0

Frontend

Proxy

Frontend

Service architecture with Istio

Proxy

Auth

Proxy

Frontend

Users Cloud SQL

Pictures

Proxy

Payments

Proxy

External Payment ProcessorExternal Payment Processor

Steady state

Service

Traffic control tied to infrastructure

In the past

10% canariesLoad Balancing

Traffic control tied to infrastructure

Canary

Default

Default

Default

Default

Default

Default

Default

Default

Default

With IstioTraffic flow separated from infrastructure

Canary

Default

10% canariesIstio Load Balancing

90% of traffic

10% of traffic

Traffic steeringdestination: pictures.example.localmatch: httpHeaders: user-agent: regex: ^(.*?;)?(iPhone)(;.*)?$precedence: 2route:- tags: version: 2.0-alpha env: staging

pictures

version: 2.0-alpha env: staging

version: 1.5env: prod

Proxy

Frontend

Pictures

Proxy

Pictures

Proxy

Regular communication

Frontend Payments

Automatic secured Communication

Citadel

Istio Control Plane

Proxy

Frontend

Proxy

Payments

DOCKER

KUBERNETES

SPINNAKER

ISTIO+gRPC

Package applications

Run applications

Manage application

Connect and secure applications

Some important Links

https://cloud.google.com/solutions/hybrid-and-multi-cloud-patterns-and-practices

IO201-Best practices using Kubernetes, Spinnaker and Istio to Manage a Multi-cloud Environment

Best Practices from Google SRE: How You Can Use Them with GKE + Istio

https://cloud.google.com/containers/

https://cloud.google.com/kubernetes-engine/

https://cloud.google.com/istio/

43

Thank you