Voyage en terre du multi-cloud
•1 j'aime•155 vues
Signaler
Partager
Télécharger pour lire hors ligne
Retours d'expériences sur la conception et déploiement d'une architecture complétement multi-cloud pour la solution Omnicloud d'Astrachain (accompagnement par webofmars) Slides présentées lors du devops DDAY du 18/11/2021
Recommandé
Contenu connexe
Tendances
Tendances(20)
Similaire à Voyage en terre du multi-cloud
Similaire à Voyage en terre du multi-cloud(20)
Plus de Frederic Leger
Plus de Frederic Leger(18)
Dernier
Dernier(20)
Voyage en terre du multi-cloud
- 1. A journey to Multi-Cloud Tips & Traps
- 3. Store and share valuable and confidential documents on the decentralized Omnicloud™
- 5. Multi-Cloud why / when / where / how ? and others questions ...
- 6. WHY would you go MC ?
- 7. ● Really high availability ● CP and DRP at the same time ● Use the best of each cloud provider - no lockin ● A very cool score meter 😎
- 9. WHEN and WHERE would you go MC ?
- 10. ● France: No “mature” french cloud provider ○ OVHCloud, Scaleway, Outscale ● AWS / Azure ○ Datacenters in France (Paris) ● GCP ○ Belgium or Germany ● AWS / GCP / AZ ○ Foreign countries data transfer (Privacy Shield)
- 11. vs Locality / Nationality / Capability 2018
- 12. HOW would you go MC ?
- 15. Should I need a LCD ? or maybe and OLED...
- 16. Find the Lowest Common Denominator ● LCD = Lowest Common Denominator ● You can’t really find a 1:1 match between cloud providers ● What will it be on-premise ? 5 6 2f 3 9b 8 a0 4
- 17. LCD - Areas of interest kubernetes Data Storage Networking Services Mesh
- 18. Building Bricks ● S3 like storage must be available ● LoadBalancer as a Service must be available ● Storage class ReadWriteOnce ● Instances types are hard to compare
- 19. (Dev)Ops / Day to Day
- 20. Operations - Areas of interest Backups Miscellaneous Observability Deployments
- 21. Backlog ● Hashicorp Vault ● Storage solutions ● Backbone with key features ● Embedded SecOps (CurieFense) ● API Portal for developers
- 22. Démo
- 25. Conclusion ● Building a multi-cloud native app is more difficult that you might think at first ● Often the more portable way is the best one ● Architecture and preparation is key ● A few techs are multi-cloud ready and will pass a “in vivo” test ● But once you found it, value it …
- 26. Questions
- 27. Merci !
- 28. Appendices
- 30. Networking ● How the nodes will reach each other ? ● What kind of CNI ? ● Load Balancers with private connectivity
- 31. Service Mesh ● Service Mesh is powerful but also complex ● Istio can be setup as multi-cluster / multi-network / multi-mesh ● Provides internal split horizon DNS at zero cost ○ whoami.eu1 / whoami.eu2 / whoami.eu3 / whoami.global ● Unexpected bonus: Security and Observability
- 32. Service Mesh
- 33. kubernetes ● Managed ? ● Vanilla or Packaged ?
- 34. Data storage ● Handle different use cases ● You might need a DB that is replicating data cross-sites ● The key is network latency and disconnect handling
Notes de l'éditeur
- cf https://www.astrachain.com/
- cf www.webofmars.com
- @Fred ASK: who in the audience has a MC project ? What kind ? Very trendy topic | kubecon US 21 Let’s dive in and see why / when / where and how you should go for MC ! and so many other questions about it … It’s just a REX not a truth / YMMV …
- Le bouclier de protection des données UE-États-Unis (en anglais : EU-US Privacy Shield) est un accord dans le domaine du droit de la protection des données personnelles, qui a été négocié entre 2015 et 2016 entre l'Union européenne et les États-Unis d'Amérique. Il n'est plus reconnu comme offrant une protection adéquate depuis le 16 juillet 2020, et ne peut donc plus servir de fondement à un transfert de données personnelles de l'Espace économique européen vers les États-Unis d'Amérique
- Multi-cloud could be as simple as this picture. A big LB 3 CPs and go ! But works mainly for stateless apps
- But Astrachain is not stateless ...
- LCD = Lowest Common Denominator
- The equation is complex
- The needs: Networking: build a trans cloud network thais transparent / efficient / secure / reliable Services mesh: how does the services reach each others ? Kubernetes: how we orchestrate all the infrastructure with the same methods (cloud & on-prem) ? Data Storage: how do we store data for forgetable data (GDPR) and persistent data ? The proposals / ideas: Networking: VPN-backbone / CNIs / LBs Services mesh: istio is a standard / can be setup in a different ways / split horizon dns at zero cost Kubernetes: use KaaS ? do we need all the cloud drivers in-tree ? k3s or k0s can be a good choice Data Storage: when traditional replications fails / multi-cloud DBs / latency is key here ...
- The need Have a list of requirements that allow to select or pass on a given cloud-provider or setup our bricks S3 like storage available LoadBalancer as a Service At least one storage class RWO on each cloud provider Don’t really need a RWM class Bonus: cloud-controller available as external project Bonus: CSI compatible block storage Instances types need to be “kinda” equivalents
- Day 2 operations have to be addressed as well
- @Gilles & Fred The needs: Observability: Need a homogeneous way to observe / debug | cross clouds and not dependent of legislations and sites Deployments: Need to deploy new versions in multiple clusters as a breeze / source of truth Backups: Need a portable way to do backups Misc: Need a bunch of tooling ;-) The solutions: Observability Prometheus is now a standard Can use Thanos / Cortex to federate if needed Loki is a light solution vs ELK/EFK Can federate also if you use a common storage backend Deployments The solution is ArgoCD ! App of the apps pattern A main repo is pulled automatically The main repo contains all the argocd apps definition Cascading deploys Backups Velero for portable backups / Coupled with minio on-prem Misc Infra as Code with terraform (hard !) Rancher 2 for managing cluster Gitlab CI/CD, OCI registry and helm registry Password Store Locust for load testing in CI/CD
- Only accessible with direct link https://youtu.be/wkj3j9cTt2I
- @Gilles
- @Gilles et Fred the need nodes should be able to speak together security is a major concern How the nodes will reach each other ? No need VPN As a service BYO Backbone (Equinix / ...) What kind of CNI ? Encrypted ? Native IPs ? Load Balancers Scaleway LBs can’t be really connected to private VPC
- @Fred We selected Istio well known kind of standard We implemented multi-cluster / multi-network / single mesh More on bonus at demo time ...
- @Fred
- @Gilles & Fred The need build a predictable platform in the cloud or on premise containers seems (almost) a must go then k8s is the way Managed ? a few of good offers (eks / gke / kapsule / etc …) Different versions / addons / way of configuring Still need a on premise version Vanilla or Packaged ? Do you need all in-tree cloudy code ? k3s or k0s might be the right option ...
- @Gilles & Fred The need Store data in a different ways forgetable / non repudiable encrypted / clear text fragments / replicated Options: Simple scenarios like multi-master MySQL or PostgreSQL Galera and xtradb likes cluster We selected cockroachDB ! OSS with community edition and paid features Multi-Cloud databases with placement constraints and replication strategies (RANGES) Some issues so far but at the end do the job Used only for configuration and “forgettable data” (blockchain is here for the “real” data)
- @Gilles
- @Gilles & Fred The need Need to deploy new versions in multiple clusters as a breeze Need a source of truth The solution is ArgoCD ! App of the apps pattern A main repo is pulled automatically The main repo contains all the argocd apps definition Cascading deploys
- @Fred terraform: that was so hard to standardize and there is challenges to maintain