Ce diaporama a bien été signalé.
Le téléchargement de votre SlideShare est en cours. ×

Voyage en terre du multi-cloud

Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité

Consultez-les par la suite

1 sur 34 Publicité

Voyage en terre du multi-cloud

Télécharger pour lire hors ligne

Retours d'expériences sur la conception et déploiement d'une architecture complétement multi-cloud pour la solution Omnicloud d'Astrachain (accompagnement par webofmars)

Slides présentées lors du devops DDAY du 18/11/2021

Retours d'expériences sur la conception et déploiement d'une architecture complétement multi-cloud pour la solution Omnicloud d'Astrachain (accompagnement par webofmars)

Slides présentées lors du devops DDAY du 18/11/2021

Publicité
Publicité

Plus De Contenu Connexe

Diaporamas pour vous (20)

Similaire à Voyage en terre du multi-cloud (20)

Publicité

Plus récents (20)

Publicité

Voyage en terre du multi-cloud

  1. 1. A journey to Multi-Cloud Tips & Traps
  2. 2. Store and share valuable and confidential documents on the decentralized Omnicloud™
  3. 3. Multi-Cloud why / when / where / how ? and others questions ...
  4. 4. WHY would you go MC ?
  5. 5. ● Really high availability ● CP and DRP at the same time ● Use the best of each cloud provider - no lockin ● A very cool score meter 😎
  6. 6. Omnicloud Decentralized Safe Data Storage Collaboration
  7. 7. WHEN and WHERE would you go MC ?
  8. 8. ● France: No “mature” french cloud provider ○ OVHCloud, Scaleway, Outscale ● AWS / Azure ○ Datacenters in France (Paris) ● GCP ○ Belgium or Germany ● AWS / GCP / AZ ○ Foreign countries data transfer (Privacy Shield)
  9. 9. vs Locality / Nationality / Capability 2018
  10. 10. HOW would you go MC ?
  11. 11. STATELESS STATEFUL
  12. 12. Should I need a LCD ? or maybe and OLED...
  13. 13. Find the Lowest Common Denominator ● LCD = Lowest Common Denominator ● You can’t really find a 1:1 match between cloud providers ● What will it be on-premise ? 5 6 2f 3 9b 8 a0 4
  14. 14. LCD - Areas of interest kubernetes Data Storage Networking Services Mesh
  15. 15. Building Bricks ● S3 like storage must be available ● LoadBalancer as a Service must be available ● Storage class ReadWriteOnce ● Instances types are hard to compare
  16. 16. (Dev)Ops / Day to Day
  17. 17. Operations - Areas of interest Backups Miscellaneous Observability Deployments
  18. 18. Backlog ● Hashicorp Vault ● Storage solutions ● Backbone with key features ● Embedded SecOps (CurieFense) ● API Portal for developers
  19. 19. Démo
  20. 20. COLLABORATION MULTI-CLOUD SECURITY / COMPLIANCE AVAILABILITY
  21. 21. Conclusion ● Building a multi-cloud native app is more difficult that you might think at first ● Often the more portable way is the best one ● Architecture and preparation is key ● A few techs are multi-cloud ready and will pass a “in vivo” test ● But once you found it, value it …
  22. 22. Questions
  23. 23. Merci !
  24. 24. Appendices
  25. 25. Networking ● How the nodes will reach each other ? ● What kind of CNI ? ● Load Balancers with private connectivity
  26. 26. Service Mesh ● Service Mesh is powerful but also complex ● Istio can be setup as multi-cluster / multi-network / multi-mesh ● Provides internal split horizon DNS at zero cost ○ whoami.eu1 / whoami.eu2 / whoami.eu3 / whoami.global ● Unexpected bonus: Security and Observability
  27. 27. Service Mesh
  28. 28. kubernetes ● Managed ? ● Vanilla or Packaged ?
  29. 29. Data storage ● Handle different use cases ● You might need a DB that is replicating data cross-sites ● The key is network latency and disconnect handling

Notes de l'éditeur

  • cf https://www.astrachain.com/

  • cf www.webofmars.com

  • @Fred

    ASK: who in the audience has a MC project ? What kind ?
    Very trendy topic | kubecon US 21
    Let’s dive in and see why / when / where and how you should go for MC !
    and so many other questions about it …
    It’s just a REX not a truth / YMMV …

  • Le bouclier de protection des données UE-États-Unis (en anglais : EU-US Privacy Shield) est un accord dans le domaine du droit de la protection des données personnelles, qui a été négocié entre 2015 et 2016 entre l'Union européenne et les États-Unis d'Amérique. Il n'est plus reconnu comme offrant une protection adéquate depuis le 16 juillet 2020, et ne peut donc plus servir de fondement à un transfert de données personnelles de l'Espace économique européen vers les États-Unis d'Amérique
  • Multi-cloud could be as simple as this picture. A big LB 3 CPs and go !
    But works mainly for stateless apps
  • But Astrachain is not stateless ...
  • LCD = Lowest Common Denominator
  • The equation is complex


  • The needs:
    Networking: build a trans cloud network thais transparent / efficient / secure / reliable
    Services mesh: how does the services reach each others ?
    Kubernetes: how we orchestrate all the infrastructure with the same methods (cloud & on-prem) ?
    Data Storage: how do we store data for forgetable data (GDPR) and persistent data ?
    The proposals / ideas:
    Networking: VPN-backbone / CNIs / LBs
    Services mesh: istio is a standard / can be setup in a different ways / split horizon dns at zero cost
    Kubernetes: use KaaS ? do we need all the cloud drivers in-tree ? k3s or k0s can be a good choice
    Data Storage: when traditional replications fails / multi-cloud DBs / latency is key here ...


  • The need
    Have a list of requirements that allow to select or pass on a given cloud-provider or setup
    our bricks
    S3 like storage available
    LoadBalancer as a Service
    At least one storage class RWO on each cloud provider
    Don’t really need a RWM class
    Bonus: cloud-controller available as external project
    Bonus: CSI compatible block storage
    Instances types need to be “kinda” equivalents

  • Day 2 operations have to be addressed as well
  • @Gilles & Fred

    The needs:
    Observability: Need a homogeneous way to observe / debug | cross clouds and not dependent of legislations and sites
    Deployments: Need to deploy new versions in multiple clusters as a breeze / source of truth
    Backups: Need a portable way to do backups
    Misc: Need a bunch of tooling ;-)
    The solutions:
    Observability
    Prometheus is now a standard
    Can use Thanos / Cortex to federate if needed
    Loki is a light solution vs ELK/EFK
    Can federate also if you use a common storage backend
    Deployments
    The solution is ArgoCD !
    App of the apps pattern
    A main repo is pulled automatically
    The main repo contains all the argocd apps definition
    Cascading deploys
    Backups
    Velero for portable backups / Coupled with minio on-prem
    Misc
    Infra as Code with terraform (hard !)
    Rancher 2 for managing cluster
    Gitlab CI/CD, OCI registry and helm registry
    Password Store
    Locust for load testing in CI/CD

  • Only accessible with direct link https://youtu.be/wkj3j9cTt2I

  • @Gilles
  • @Gilles et Fred

    the need
    nodes should be able to speak together
    security is a major concern

    How the nodes will reach each other ?
    No need
    VPN
    As a service
    BYO
    Backbone (Equinix / ...)

    What kind of CNI ?
    Encrypted ?
    Native IPs ?

    Load Balancers
    Scaleway LBs can’t be really connected to private VPC

  • @Fred

    We selected Istio
    well known
    kind of standard

    We implemented multi-cluster / multi-network / single mesh

    More on bonus at demo time ...
  • @Fred
  • @Gilles & Fred
    The need
    build a predictable platform in the cloud or on premise
    containers seems (almost) a must go
    then k8s is the way
    Managed ?
    a few of good offers (eks / gke / kapsule / etc …)
    Different versions / addons / way of configuring
    Still need a on premise version
    Vanilla or Packaged ?
    Do you need all in-tree cloudy code ?
    k3s or k0s might be the right option ...
  • @Gilles & Fred
    The need
    Store data in a different ways
    forgetable / non repudiable
    encrypted / clear text
    fragments / replicated
    Options:
    Simple scenarios like multi-master MySQL or PostgreSQL
    Galera and xtradb likes cluster
    We selected cockroachDB !
    OSS with community edition and paid features
    Multi-Cloud databases with placement constraints and replication strategies (RANGES)
    Some issues so far but at the end do the job
    Used only for configuration and “forgettable data” (blockchain is here for the “real” data)
  • @Gilles
  • @Gilles & Fred

    The need
    Need to deploy new versions in multiple clusters as a breeze
    Need a source of truth
    The solution is ArgoCD !
    App of the apps pattern
    A main repo is pulled automatically
    The main repo contains all the argocd apps definition
    Cascading deploys
  • @Fred

    terraform: that was so hard to standardize and there is challenges to maintain

×