SlideShare une entreprise Scribd logo

DevOpsDays 2018 - Migrating a Cloud Native App to k8s

Télécharger en tant que PPTX, PDF
Gökhan Şengün
Gökhan Şengün

Video record is on https://youtu.be/1qOuK4UwTvc

Technologie
1  sur  35
@gokhansengun Migrating a Cloud Native App Running on AWS to k8s Gökhan Şengün DevOpsDays İstanbul - Sep 2018
DEVOPS Zirvesi 2017 me • Full-Stack Developer with 12 years of experience • Blogging every Monday on Medium • In Turkish and mostly about DevOps related concepts @gokhansengun • Currently working for • Sending random tweets @gokhansengun
@gokhansengun 1. What is this talk about? Replatforming a cloud native app running on Aws to k8s
@gokhansengun 2. How does application look like?
DEVOPS Zirvesi 2017 @gokhansengun • Runs on • 15 services all written with • Heavily using Aws services like • In 3 different Aws regions • Complex integrations with 3rd parties • Not a simple mobile application :-) How does application look like?
@gokhansengun 3. What were customer’s requirements?
DEVOPS Zirvesi 2017 @gokhansengun • Be cloud agnostic • Run on bare metal • Create a new installation by clicking of a button • Improve developer experience • Improve operational experience • Prevent SPOF on vital system components • Make it cost effective • Improve observability and operational measurements • Run hand-to-hand with legacy system to ease migration • Have zero-downtime deployments • Have auto-scale in infrastructure level What were customer’s requirements?
@gokhansengun 4. How did we approach it?
DEVOPS Zirvesi 2017 @gokhansengun • Abstract away creation of compute, network, storage resources • to support becoming cloud agnostic • Apply Immutable Infrastructure and Infrastructure as Code (IaC) • to automate and ease new installations • Containerize and orchestrate services • to create parity between dev, test, prod environments • to build health checks, observability and prevent SPOF • Leave stateful parts out of the first phase’s scope • to run hand-to-hand with legacy system How did we approach it?
@gokhansengun 5. How did we do it actually?
@gokhansengun 5.1. Creation of Cloud Resources
DEVOPS Zirvesi 2017 @gokhansengun • Used HashiCorp Packer to bake cloud images (ex: ami for Aws) • Packer’s Ansible provisioner is used • This is to use the same Ansible playbooks in on-prem case • Used HashiCorp Terraform to create/provision cloud resources Creation of Cloud Resources
DEVOPS Zirvesi 2017 @gokhansengun Creation of Cloud Resources Cloud Images Ansible Playbooks On-prem Servers 172.27.44.10 172.27.44.11 172.27.44.20 172.27.44.21
@gokhansengun 5.2. Containerization and Orchestration
DEVOPS Zirvesi 2017 @gokhansengun • Docker was used as the container runtime • Main stream, everybody knows it • People familiar with its CLI • Apps were quickly containerized • Kubernetes is selected as the Container Orchestrator • There are not many choices these days • It is the de facto standard • Preparing k8s definition files were easy too • App already had health check endpoints • Handling signals correctly • Harbor is used for container registry Containerization and Orchestration
@gokhansengun 5.3. Configuration and Secret Mgmt
DEVOPS Zirvesi 2017 @gokhansengun • etcd is used as K/V store • Configuration files are templated • Confd was used to render them • We found konfd not usable/flexible • Configuration values kept installation-based • Same template used for dev, test, staging and every installation • Configuration change • Triggers re-render of the template • Triggers re-deploy of the app w/ no downtime Configuration Management
DEVOPS Zirvesi 2017 @gokhansengun • HashiCorp Vault is used as storage for secrets • Confd renders secrets from template to config • k8s-Vault Integration used for seamless integration • Secrets are visible only inside the container • Used Vault as CA (Certificate Authority) for X.509 Certificates • k8s component certificates generated with it • Used Vault to generate Aws keys for short period of time • Will use Vault to manage SSH access to machines • Except to k8s workers where containers run Secret Management
@gokhansengun 5.4. k8s Cluster Setup
DEVOPS Zirvesi 2017 @gokhansengun • Used kubeadm initially but replaced after a custom setup • Kops and other solutions not possible due to cloud + on-prem support • Control plane services run with systemd • Supports both HA (production) or non-HA (test, staging) mode • Terraform provisioners used to bootstrap the cluster for cloud case • HashiCorp Vault is used for creating and renewing certificates • Allowed easily creating/destroying worker nodes in auto-scaling scenario • cfssl is used for developer box k8s certificates k8s Cluster Setup
@gokhansengun 5.5. CI/CD Pipeline
DEVOPS Zirvesi 2017 @gokhansengun • Jenkins is used to initiate all processes • It is the single point of contact to whole infra • Docker images for services auto-built, tagged and pushed • Tagging scheme selected for the need, details irrelevant • Spinnaker is used to manage the k8s deployments • Workflows and accountability were the reasons of selection • Infrastructure creation/modification is also done through Jenkins • Called GitOps these days • Change on the Terraform source code applied on infra CI/CD Pipeline
@gokhansengun 5.6. Logging, Monitoring, Alarming
DEVOPS Zirvesi 2017 @gokhansengun • Our Motto: “Do not search issues in log files, look into alarms” • If there is a problem but no alarm, think of creating an alarm • Prometheus used to infra and application collect metrics • Still need to generate more operational metrics • Still need to create more alarms based on OM data • Grafana used to visualize collected metrics • Container logs collected on each worker node with syslogd • Logs then collected by existing ELK infrastructure Logging, Monitoring, Alarming
@gokhansengun 5.7. Overall Architectural Look
DEVOPS Zirvesi 2017 @gokhansengun Overall Architectural Look Coordination Environment eu-west installation ap-southeast-2 installation
@gokhansengun 5.8. Developer Box
DEVOPS Zirvesi 2017 @gokhansengun • Every developer has her/his separate environment locally • Including Jenkins/Grafana/Prometheus/ELK • HashiCorp Vagrant is used to orchestrate and provision developer box • Developer may configure any test/staging environments on Aws for stateful parts for his local machine • Best of all – real magic: developer may develop/debug any of the 15 services on her/his host machine with IDE :-) Developer Box
DEVOPS Zirvesi 2017 @gokhansengun Developer Box – Developing Locally Dev Host Box Virtual Box Stateful Components in the Cloud App containers run by k8s Apps running on the host directly Routing Point
DEVOPS Zirvesi 2017 @gokhansengun • GameChanger move: It is possible to change mobile app’s endpoint to route traffic to selected developer box from public internet Developer Box – Connect Mobile App Installation in the Cloud Proxy Tunnel Server Tunnel Client App running locally Tunnel between dev-box and the cloud Mobile App Isolated Network w Firewall/NAT Dev Box
DEVOPS Zirvesi 2017 @gokhansengun • Performance move: Developer box has lots of Docker images, a registry mirror VM is used to cache and speed bootstraping up Developer Box – Registry Mirror Harbor – Private RegistryDev Box Registry Mirror Box Docker Hub gcr.io quay.io etc
@gokhansengun Immutability and Infrastructure as Code (IaC) Tips and Benefits
DEVOPS Zirvesi 2017 @gokhansengun • Not everything is container but everything is immutable • Spinnaker and Harbor have its own VMs and but not containers • Jenkins has its own VM but container • All dependencies are included with version no latest tag • Example: FROM jenkins/jenkins:2.121.1 • Every non-stateful system component is mortal • May be recreated at any time without any data loss • Even the whole cluster (k8s et all) is mortal • Any time a new one could be created and traffic moved over Immutability and IaC - Tips and Benefits
DEVOPS Zirvesi 2017 @gokhansengun • Everything including infrastructure is coded • It allows full-automation • All system component (Harbor, Spinnaker, Jenkins) configurations are also coded • Example: Jenkins is a container • Plugins coded • Job definitions coded and kept in git • Job configurations coded • Job configurations baked into Jenkins during Docker build • When run, Jenkins container becomes ready immediately Immutability and IaC - Tips and Benefits
@gokhansengun Thanks

Recommandé

An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...
An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...
An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...VMware Tanzu
 
Containers & Cloud Native Ops Cloud Foundry Approach
Containers & Cloud Native Ops Cloud Foundry ApproachContainers & Cloud Native Ops Cloud Foundry Approach
Containers & Cloud Native Ops Cloud Foundry ApproachCodeOps Technologies LLP
 
How to contribute to cloud native computing foundation (CNCF)
How to contribute to cloud native computing foundation (CNCF)How to contribute to cloud native computing foundation (CNCF)
How to contribute to cloud native computing foundation (CNCF)Krishna-Kumar
 
An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...
An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...
An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...VMware Tanzu
 
Serverless Functions: Accelerating DevOps Adoption
Serverless Functions: Accelerating DevOps AdoptionServerless Functions: Accelerating DevOps Adoption
Serverless Functions: Accelerating DevOps AdoptionAll Things Open
 
Building and Running Workloads the Knative Way
Building and Running Workloads the Knative WayBuilding and Running Workloads the Knative Way
Building and Running Workloads the Knative WayQAware GmbH
 
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...Daniel Bryant
 
Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...
Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...
Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...Docker, Inc.
 

Recommandé

An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...
An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...
An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...VMware Tanzu
 
Containers & Cloud Native Ops Cloud Foundry Approach
Containers & Cloud Native Ops Cloud Foundry ApproachContainers & Cloud Native Ops Cloud Foundry Approach
Containers & Cloud Native Ops Cloud Foundry ApproachCodeOps Technologies LLP
 
How to contribute to cloud native computing foundation (CNCF)
How to contribute to cloud native computing foundation (CNCF)How to contribute to cloud native computing foundation (CNCF)
How to contribute to cloud native computing foundation (CNCF)Krishna-Kumar
 
An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...
An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...
An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...VMware Tanzu
 
Serverless Functions: Accelerating DevOps Adoption
Serverless Functions: Accelerating DevOps AdoptionServerless Functions: Accelerating DevOps Adoption
Serverless Functions: Accelerating DevOps AdoptionAll Things Open
 
Building and Running Workloads the Knative Way
Building and Running Workloads the Knative WayBuilding and Running Workloads the Knative Way
Building and Running Workloads the Knative WayQAware GmbH
 
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...Daniel Bryant
 
Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...
Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...
Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...Docker, Inc.
 
Docker Enterprise Workshop - Intro
Docker Enterprise Workshop - IntroDocker Enterprise Workshop - Intro
Docker Enterprise Workshop - IntroPatrick Chanezon
 
Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...
Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...
Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...Bitnami
 
India Serverless Summit 2017 - Sponsorship Deck
India Serverless Summit 2017 - Sponsorship DeckIndia Serverless Summit 2017 - Sponsorship Deck
India Serverless Summit 2017 - Sponsorship DeckCodeOps Technologies LLP
 
Devops CI-CD pipeline with Containers
Devops CI-CD pipeline with ContainersDevops CI-CD pipeline with Containers
Devops CI-CD pipeline with ContainersNuSpace
 
Going Serverless with Kubeless In Google Container Engine (GKE)
Going Serverless with Kubeless In Google Container Engine (GKE)Going Serverless with Kubeless In Google Container Engine (GKE)
Going Serverless with Kubeless In Google Container Engine (GKE)Bitnami
 
Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19marketingsyone
 
DevOps as a Service - Kuberiter
DevOps as a Service - KuberiterDevOps as a Service - Kuberiter
DevOps as a Service - Kuberiterlawrence143
 
Using Rancher and Docker with RightScale at Industrie IT
Using Rancher and Docker with RightScale at Industrie IT Using Rancher and Docker with RightScale at Industrie IT
Using Rancher and Docker with RightScale at Industrie IT RightScale
 
Why kubernetes matters
Why kubernetes mattersWhy kubernetes matters
Why kubernetes mattersPlatform9
 
Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...
Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...
Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...Docker, Inc.
 
Docker and Devops
Docker and DevopsDocker and Devops
Docker and DevopsDocker, Inc.
 
Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...
Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...
Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...Red Hat Developers
 
The what, why and how of knative
The what, why and how of knativeThe what, why and how of knative
The what, why and how of knativeMofizur Rahman
 
DockerCon SF 2015: From Months to Minutes
DockerCon SF 2015: From Months to MinutesDockerCon SF 2015: From Months to Minutes
DockerCon SF 2015: From Months to MinutesDocker, Inc.
 
DCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any InfrastructureDCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any InfrastructureDocker, Inc.
 
DockerCon SF 2015: How to Build a Secure DevOps Environment for the Government
DockerCon SF 2015: How to Build a Secure DevOps Environment for the GovernmentDockerCon SF 2015: How to Build a Secure DevOps Environment for the Government
DockerCon SF 2015: How to Build a Secure DevOps Environment for the GovernmentDocker, Inc.
 
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Docker, Inc.
 
KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...
KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...
KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...Patrick Chanezon
 
Kubernetes and the Rise of Application-centric Computing
Kubernetes and the Rise of Application-centric ComputingKubernetes and the Rise of Application-centric Computing
Kubernetes and the Rise of Application-centric ComputingBitnami
 
Knative, Serverless on Kubernetes, and Openshift
Knative, Serverless on Kubernetes, and OpenshiftKnative, Serverless on Kubernetes, and Openshift
Knative, Serverless on Kubernetes, and OpenshiftChris Suszyński
 
Containers, microservices and serverless for realists
Containers, microservices and serverless for realistsContainers, microservices and serverless for realists
Containers, microservices and serverless for realistsKarthik Gaekwad
 
Docker Birthday #5 Meetup Cluj - Presentation
Docker Birthday #5 Meetup Cluj - PresentationDocker Birthday #5 Meetup Cluj - Presentation
Docker Birthday #5 Meetup Cluj - PresentationAlex Vranceanu
 

Contenu connexe

Tendances

Docker Enterprise Workshop - Intro
Docker Enterprise Workshop - IntroDocker Enterprise Workshop - Intro
Docker Enterprise Workshop - IntroPatrick Chanezon
 
Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...
Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...
Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...Bitnami
 
India Serverless Summit 2017 - Sponsorship Deck
India Serverless Summit 2017 - Sponsorship DeckIndia Serverless Summit 2017 - Sponsorship Deck
India Serverless Summit 2017 - Sponsorship DeckCodeOps Technologies LLP
 
Devops CI-CD pipeline with Containers
Devops CI-CD pipeline with ContainersDevops CI-CD pipeline with Containers
Devops CI-CD pipeline with ContainersNuSpace
 
Going Serverless with Kubeless In Google Container Engine (GKE)
Going Serverless with Kubeless In Google Container Engine (GKE)Going Serverless with Kubeless In Google Container Engine (GKE)
Going Serverless with Kubeless In Google Container Engine (GKE)Bitnami
 
Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19marketingsyone
 
DevOps as a Service - Kuberiter
DevOps as a Service - KuberiterDevOps as a Service - Kuberiter
DevOps as a Service - Kuberiterlawrence143
 
Using Rancher and Docker with RightScale at Industrie IT
Using Rancher and Docker with RightScale at Industrie IT Using Rancher and Docker with RightScale at Industrie IT
Using Rancher and Docker with RightScale at Industrie IT RightScale
 
Why kubernetes matters
Why kubernetes mattersWhy kubernetes matters
Why kubernetes mattersPlatform9
 
Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...
Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...
Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...Docker, Inc.
 
Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...
Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...
Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...Red Hat Developers
 
The what, why and how of knative
The what, why and how of knativeThe what, why and how of knative
The what, why and how of knativeMofizur Rahman
 
DockerCon SF 2015: From Months to Minutes
DockerCon SF 2015: From Months to MinutesDockerCon SF 2015: From Months to Minutes
DockerCon SF 2015: From Months to MinutesDocker, Inc.
 
DCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any InfrastructureDCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any InfrastructureDocker, Inc.
 
DockerCon SF 2015: How to Build a Secure DevOps Environment for the Government
DockerCon SF 2015: How to Build a Secure DevOps Environment for the GovernmentDockerCon SF 2015: How to Build a Secure DevOps Environment for the Government
DockerCon SF 2015: How to Build a Secure DevOps Environment for the GovernmentDocker, Inc.
 
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Docker, Inc.
 
KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...
KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...
KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...Patrick Chanezon
 
Kubernetes and the Rise of Application-centric Computing
Kubernetes and the Rise of Application-centric ComputingKubernetes and the Rise of Application-centric Computing
Kubernetes and the Rise of Application-centric ComputingBitnami
 
Knative, Serverless on Kubernetes, and Openshift
Knative, Serverless on Kubernetes, and OpenshiftKnative, Serverless on Kubernetes, and Openshift
Knative, Serverless on Kubernetes, and OpenshiftChris Suszyński
 

Tendances (20)

Docker Enterprise Workshop - Intro
Docker Enterprise Workshop - IntroDocker Enterprise Workshop - Intro
Docker Enterprise Workshop - Intro
 
Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...
Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...
Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...
 
India Serverless Summit 2017 - Sponsorship Deck
India Serverless Summit 2017 - Sponsorship DeckIndia Serverless Summit 2017 - Sponsorship Deck
India Serverless Summit 2017 - Sponsorship Deck
 
Devops CI-CD pipeline with Containers
Devops CI-CD pipeline with ContainersDevops CI-CD pipeline with Containers
Devops CI-CD pipeline with Containers
 
Going Serverless with Kubeless In Google Container Engine (GKE)
Going Serverless with Kubeless In Google Container Engine (GKE)Going Serverless with Kubeless In Google Container Engine (GKE)
Going Serverless with Kubeless In Google Container Engine (GKE)
 
Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19
 
DevOps as a Service - Kuberiter
DevOps as a Service - KuberiterDevOps as a Service - Kuberiter
DevOps as a Service - Kuberiter
 
Using Rancher and Docker with RightScale at Industrie IT
Using Rancher and Docker with RightScale at Industrie IT Using Rancher and Docker with RightScale at Industrie IT
Using Rancher and Docker with RightScale at Industrie IT
 
Why kubernetes matters
Why kubernetes mattersWhy kubernetes matters
Why kubernetes matters
 
Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...
Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...
Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...
 
Docker and Devops
Docker and DevopsDocker and Devops
Docker and Devops
 
Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...
Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...
Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...
 
The what, why and how of knative
The what, why and how of knativeThe what, why and how of knative
The what, why and how of knative
 
DockerCon SF 2015: From Months to Minutes
DockerCon SF 2015: From Months to MinutesDockerCon SF 2015: From Months to Minutes
DockerCon SF 2015: From Months to Minutes
 
DCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any InfrastructureDCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any Infrastructure
 
DockerCon SF 2015: How to Build a Secure DevOps Environment for the Government
DockerCon SF 2015: How to Build a Secure DevOps Environment for the GovernmentDockerCon SF 2015: How to Build a Secure DevOps Environment for the Government
DockerCon SF 2015: How to Build a Secure DevOps Environment for the Government
 
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
 
KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...
KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...
KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...
 
Kubernetes and the Rise of Application-centric Computing
Kubernetes and the Rise of Application-centric ComputingKubernetes and the Rise of Application-centric Computing
Kubernetes and the Rise of Application-centric Computing
 
Knative, Serverless on Kubernetes, and Openshift
Knative, Serverless on Kubernetes, and OpenshiftKnative, Serverless on Kubernetes, and Openshift
Knative, Serverless on Kubernetes, and Openshift
 

Similaire à DevOpsDays 2018 - Migrating a Cloud Native App to k8s

Containers, microservices and serverless for realists
Containers, microservices and serverless for realistsContainers, microservices and serverless for realists
Containers, microservices and serverless for realistsKarthik Gaekwad
 
Docker Birthday #5 Meetup Cluj - Presentation
Docker Birthday #5 Meetup Cluj - PresentationDocker Birthday #5 Meetup Cluj - Presentation
Docker Birthday #5 Meetup Cluj - PresentationAlex Vranceanu
 
Developing Microservices Directly in AKS/Kubernetes
Developing Microservices Directly in AKS/KubernetesDeveloping Microservices Directly in AKS/Kubernetes
Developing Microservices Directly in AKS/KubernetesChakradhar Rao Jonagam
 
Containers and Microservices for Realists
Containers and Microservices for RealistsContainers and Microservices for Realists
Containers and Microservices for RealistsOracle Developers
 
Containers and microservices for realists
Containers and microservices for realistsContainers and microservices for realists
Containers and microservices for realistsKarthik Gaekwad
 
GCP Meetup #3 - Approaches to Cloud Native Architectures
GCP Meetup #3 - Approaches to Cloud Native ArchitecturesGCP Meetup #3 - Approaches to Cloud Native Architectures
GCP Meetup #3 - Approaches to Cloud Native Architecturesnine
 
Stop Caring About Kubernetes
Stop Caring About KubernetesStop Caring About Kubernetes
Stop Caring About KubernetesDavid Lewis
 
Google Tech Talk with Dr. Eric Brewer in Korea Apr.27.2015
Google Tech Talk with Dr. Eric Brewer in Korea Apr.27.2015Google Tech Talk with Dr. Eric Brewer in Korea Apr.27.2015
Google Tech Talk with Dr. Eric Brewer in Korea Apr.27.2015Chris Jang
 
The path to a serverless-native era with Kubernetes
The path to a serverless-native era with KubernetesThe path to a serverless-native era with Kubernetes
The path to a serverless-native era with Kubernetessparkfabrik
 
Google Cloud Fundamentals by CloudZone
Google Cloud Fundamentals by CloudZoneGoogle Cloud Fundamentals by CloudZone
Google Cloud Fundamentals by CloudZoneIdan Tohami
 
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems Integration
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems IntegrationJenkins Pipeline @ Scale. Building Automation Frameworks for Systems Integration
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems IntegrationOleg Nenashev
 
The App Developer's Kubernetes Toolbox
The App Developer's Kubernetes ToolboxThe App Developer's Kubernetes Toolbox
The App Developer's Kubernetes ToolboxNebulaworks
 
A Hitchhiker's Guide to the Cloud Native Stack
A Hitchhiker's Guide to the Cloud Native StackA Hitchhiker's Guide to the Cloud Native Stack
A Hitchhiker's Guide to the Cloud Native StackQAware GmbH
 
A Hitchhiker’s Guide to the Cloud Native Stack. #DevoxxPL
A Hitchhiker’s Guide to the Cloud Native Stack. #DevoxxPLA Hitchhiker’s Guide to the Cloud Native Stack. #DevoxxPL
A Hitchhiker’s Guide to the Cloud Native Stack. #DevoxxPLMario-Leander Reimer
 
CI/CD on Google Cloud Platform
CI/CD on Google Cloud PlatformCI/CD on Google Cloud Platform
CI/CD on Google Cloud PlatformDevOps Indonesia
 
OpenFaaS 2019 Project Update
OpenFaaS 2019 Project UpdateOpenFaaS 2019 Project Update
OpenFaaS 2019 Project UpdateAlex Ellis
 
DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2Docker, Inc.
 
DevOps and BigData Analytics
DevOps and BigData Analytics DevOps and BigData Analytics
DevOps and BigData Analytics sbbabu
 

Similaire à DevOpsDays 2018 - Migrating a Cloud Native App to k8s (20)

Containers, microservices and serverless for realists
Containers, microservices and serverless for realistsContainers, microservices and serverless for realists
Containers, microservices and serverless for realists
 
Docker Birthday #5 Meetup Cluj - Presentation
Docker Birthday #5 Meetup Cluj - PresentationDocker Birthday #5 Meetup Cluj - Presentation
Docker Birthday #5 Meetup Cluj - Presentation
 
Developing Microservices Directly in AKS/Kubernetes
Developing Microservices Directly in AKS/KubernetesDeveloping Microservices Directly in AKS/Kubernetes
Developing Microservices Directly in AKS/Kubernetes
 
Containers and Microservices for Realists
Containers and Microservices for RealistsContainers and Microservices for Realists
Containers and Microservices for Realists
 
Containers and microservices for realists
Containers and microservices for realistsContainers and microservices for realists
Containers and microservices for realists
 
GCP Meetup #3 - Approaches to Cloud Native Architectures
GCP Meetup #3 - Approaches to Cloud Native ArchitecturesGCP Meetup #3 - Approaches to Cloud Native Architectures
GCP Meetup #3 - Approaches to Cloud Native Architectures
 
2 万林涛
2 万林涛2 万林涛
2 万林涛
 
Stop Caring About Kubernetes
Stop Caring About KubernetesStop Caring About Kubernetes
Stop Caring About Kubernetes
 
Google Tech Talk with Dr. Eric Brewer in Korea Apr.27.2015
Google Tech Talk with Dr. Eric Brewer in Korea Apr.27.2015Google Tech Talk with Dr. Eric Brewer in Korea Apr.27.2015
Google Tech Talk with Dr. Eric Brewer in Korea Apr.27.2015
 
The path to a serverless-native era with Kubernetes
The path to a serverless-native era with KubernetesThe path to a serverless-native era with Kubernetes
The path to a serverless-native era with Kubernetes
 
Google Cloud Fundamentals by CloudZone
Google Cloud Fundamentals by CloudZoneGoogle Cloud Fundamentals by CloudZone
Google Cloud Fundamentals by CloudZone
 
56k.cloud training
56k.cloud training56k.cloud training
56k.cloud training
 
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems Integration
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems IntegrationJenkins Pipeline @ Scale. Building Automation Frameworks for Systems Integration
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems Integration
 
The App Developer's Kubernetes Toolbox
The App Developer's Kubernetes ToolboxThe App Developer's Kubernetes Toolbox
The App Developer's Kubernetes Toolbox
 
A Hitchhiker's Guide to the Cloud Native Stack
A Hitchhiker's Guide to the Cloud Native StackA Hitchhiker's Guide to the Cloud Native Stack
A Hitchhiker's Guide to the Cloud Native Stack
 
A Hitchhiker’s Guide to the Cloud Native Stack. #DevoxxPL
A Hitchhiker’s Guide to the Cloud Native Stack. #DevoxxPLA Hitchhiker’s Guide to the Cloud Native Stack. #DevoxxPL
A Hitchhiker’s Guide to the Cloud Native Stack. #DevoxxPL
 
CI/CD on Google Cloud Platform
CI/CD on Google Cloud PlatformCI/CD on Google Cloud Platform
CI/CD on Google Cloud Platform
 
OpenFaaS 2019 Project Update
OpenFaaS 2019 Project UpdateOpenFaaS 2019 Project Update
OpenFaaS 2019 Project Update
 
DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2
 
DevOps and BigData Analytics
DevOps and BigData Analytics DevOps and BigData Analytics
DevOps and BigData Analytics
 

Dernier

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 

Dernier (20)

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 

DevOpsDays 2018 - Migrating a Cloud Native App to k8s

  • 1. @gokhansengun Migrating a Cloud Native App Running on AWS to k8s Gökhan Şengün DevOpsDays İstanbul - Sep 2018
  • 2. DEVOPS Zirvesi 2017 me • Full-Stack Developer with 12 years of experience • Blogging every Monday on Medium • In Turkish and mostly about DevOps related concepts @gokhansengun • Currently working for • Sending random tweets @gokhansengun
  • 3. @gokhansengun 1. What is this talk about? Replatforming a cloud native app running on Aws to k8s
  • 4. @gokhansengun 2. How does application look like?
  • 5. DEVOPS Zirvesi 2017 @gokhansengun • Runs on • 15 services all written with • Heavily using Aws services like • In 3 different Aws regions • Complex integrations with 3rd parties • Not a simple mobile application :-) How does application look like?
  • 6. @gokhansengun 3. What were customer’s requirements?
  • 7. DEVOPS Zirvesi 2017 @gokhansengun • Be cloud agnostic • Run on bare metal • Create a new installation by clicking of a button • Improve developer experience • Improve operational experience • Prevent SPOF on vital system components • Make it cost effective • Improve observability and operational measurements • Run hand-to-hand with legacy system to ease migration • Have zero-downtime deployments • Have auto-scale in infrastructure level What were customer’s requirements?
  • 8. @gokhansengun 4. How did we approach it?
  • 9. DEVOPS Zirvesi 2017 @gokhansengun • Abstract away creation of compute, network, storage resources • to support becoming cloud agnostic • Apply Immutable Infrastructure and Infrastructure as Code (IaC) • to automate and ease new installations • Containerize and orchestrate services • to create parity between dev, test, prod environments • to build health checks, observability and prevent SPOF • Leave stateful parts out of the first phase’s scope • to run hand-to-hand with legacy system How did we approach it?
  • 10. @gokhansengun 5. How did we do it actually?
  • 12. DEVOPS Zirvesi 2017 @gokhansengun • Used HashiCorp Packer to bake cloud images (ex: ami for Aws) • Packer’s Ansible provisioner is used • This is to use the same Ansible playbooks in on-prem case • Used HashiCorp Terraform to create/provision cloud resources Creation of Cloud Resources
  • 13. DEVOPS Zirvesi 2017 @gokhansengun Creation of Cloud Resources Cloud Images Ansible Playbooks On-prem Servers 172.27.44.10 172.27.44.11 172.27.44.20 172.27.44.21
  • 15. DEVOPS Zirvesi 2017 @gokhansengun • Docker was used as the container runtime • Main stream, everybody knows it • People familiar with its CLI • Apps were quickly containerized • Kubernetes is selected as the Container Orchestrator • There are not many choices these days • It is the de facto standard • Preparing k8s definition files were easy too • App already had health check endpoints • Handling signals correctly • Harbor is used for container registry Containerization and Orchestration
  • 17. DEVOPS Zirvesi 2017 @gokhansengun • etcd is used as K/V store • Configuration files are templated • Confd was used to render them • We found konfd not usable/flexible • Configuration values kept installation-based • Same template used for dev, test, staging and every installation • Configuration change • Triggers re-render of the template • Triggers re-deploy of the app w/ no downtime Configuration Management
  • 18. DEVOPS Zirvesi 2017 @gokhansengun • HashiCorp Vault is used as storage for secrets • Confd renders secrets from template to config • k8s-Vault Integration used for seamless integration • Secrets are visible only inside the container • Used Vault as CA (Certificate Authority) for X.509 Certificates • k8s component certificates generated with it • Used Vault to generate Aws keys for short period of time • Will use Vault to manage SSH access to machines • Except to k8s workers where containers run Secret Management
  • 20. DEVOPS Zirvesi 2017 @gokhansengun • Used kubeadm initially but replaced after a custom setup • Kops and other solutions not possible due to cloud + on-prem support • Control plane services run with systemd • Supports both HA (production) or non-HA (test, staging) mode • Terraform provisioners used to bootstrap the cluster for cloud case • HashiCorp Vault is used for creating and renewing certificates • Allowed easily creating/destroying worker nodes in auto-scaling scenario • cfssl is used for developer box k8s certificates k8s Cluster Setup
  • 22. DEVOPS Zirvesi 2017 @gokhansengun • Jenkins is used to initiate all processes • It is the single point of contact to whole infra • Docker images for services auto-built, tagged and pushed • Tagging scheme selected for the need, details irrelevant • Spinnaker is used to manage the k8s deployments • Workflows and accountability were the reasons of selection • Infrastructure creation/modification is also done through Jenkins • Called GitOps these days • Change on the Terraform source code applied on infra CI/CD Pipeline
  • 24. DEVOPS Zirvesi 2017 @gokhansengun • Our Motto: “Do not search issues in log files, look into alarms” • If there is a problem but no alarm, think of creating an alarm • Prometheus used to infra and application collect metrics • Still need to generate more operational metrics • Still need to create more alarms based on OM data • Grafana used to visualize collected metrics • Container logs collected on each worker node with syslogd • Logs then collected by existing ELK infrastructure Logging, Monitoring, Alarming
  • 26. DEVOPS Zirvesi 2017 @gokhansengun Overall Architectural Look Coordination Environment eu-west installation ap-southeast-2 installation
  • 28. DEVOPS Zirvesi 2017 @gokhansengun • Every developer has her/his separate environment locally • Including Jenkins/Grafana/Prometheus/ELK • HashiCorp Vagrant is used to orchestrate and provision developer box • Developer may configure any test/staging environments on Aws for stateful parts for his local machine • Best of all – real magic: developer may develop/debug any of the 15 services on her/his host machine with IDE :-) Developer Box
  • 29. DEVOPS Zirvesi 2017 @gokhansengun Developer Box – Developing Locally Dev Host Box Virtual Box Stateful Components in the Cloud App containers run by k8s Apps running on the host directly Routing Point
  • 30. DEVOPS Zirvesi 2017 @gokhansengun • GameChanger move: It is possible to change mobile app’s endpoint to route traffic to selected developer box from public internet Developer Box – Connect Mobile App Installation in the Cloud Proxy Tunnel Server Tunnel Client App running locally Tunnel between dev-box and the cloud Mobile App Isolated Network w Firewall/NAT Dev Box
  • 31. DEVOPS Zirvesi 2017 @gokhansengun • Performance move: Developer box has lots of Docker images, a registry mirror VM is used to cache and speed bootstraping up Developer Box – Registry Mirror Harbor – Private RegistryDev Box Registry Mirror Box Docker Hub gcr.io quay.io etc
  • 33. DEVOPS Zirvesi 2017 @gokhansengun • Not everything is container but everything is immutable • Spinnaker and Harbor have its own VMs and but not containers • Jenkins has its own VM but container • All dependencies are included with version no latest tag • Example: FROM jenkins/jenkins:2.121.1 • Every non-stateful system component is mortal • May be recreated at any time without any data loss • Even the whole cluster (k8s et all) is mortal • Any time a new one could be created and traffic moved over Immutability and IaC - Tips and Benefits
  • 34. DEVOPS Zirvesi 2017 @gokhansengun • Everything including infrastructure is coded • It allows full-automation • All system component (Harbor, Spinnaker, Jenkins) configurations are also coded • Example: Jenkins is a container • Plugins coded • Job definitions coded and kept in git • Job configurations coded • Job configurations baked into Jenkins during Docker build • When run, Jenkins container becomes ready immediately Immutability and IaC - Tips and Benefits