SlideShare ist ein Scribd-Unternehmen logo

DevOpsDays 2018 - Migrating a Cloud Native App to k8s

Als PPTX, PDF herunterladen
Gökhan Şengün
Gökhan Şengün

Video record is on https://youtu.be/1qOuK4UwTvc

Technologie
1 von 35
@gokhansengun Migrating a Cloud Native App Running on AWS to k8s Gökhan Şengün DevOpsDays İstanbul - Sep 2018
DEVOPS Zirvesi 2017 me • Full-Stack Developer with 12 years of experience • Blogging every Monday on Medium • In Turkish and mostly about DevOps related concepts @gokhansengun • Currently working for • Sending random tweets @gokhansengun
@gokhansengun 1. What is this talk about? Replatforming a cloud native app running on Aws to k8s
@gokhansengun 2. How does application look like?
DEVOPS Zirvesi 2017 @gokhansengun • Runs on • 15 services all written with • Heavily using Aws services like • In 3 different Aws regions • Complex integrations with 3rd parties • Not a simple mobile application :-) How does application look like?
@gokhansengun 3. What were customer’s requirements?
DEVOPS Zirvesi 2017 @gokhansengun • Be cloud agnostic • Run on bare metal • Create a new installation by clicking of a button • Improve developer experience • Improve operational experience • Prevent SPOF on vital system components • Make it cost effective • Improve observability and operational measurements • Run hand-to-hand with legacy system to ease migration • Have zero-downtime deployments • Have auto-scale in infrastructure level What were customer’s requirements?
@gokhansengun 4. How did we approach it?
DEVOPS Zirvesi 2017 @gokhansengun • Abstract away creation of compute, network, storage resources • to support becoming cloud agnostic • Apply Immutable Infrastructure and Infrastructure as Code (IaC) • to automate and ease new installations • Containerize and orchestrate services • to create parity between dev, test, prod environments • to build health checks, observability and prevent SPOF • Leave stateful parts out of the first phase’s scope • to run hand-to-hand with legacy system How did we approach it?
@gokhansengun 5. How did we do it actually?
@gokhansengun 5.1. Creation of Cloud Resources
DEVOPS Zirvesi 2017 @gokhansengun • Used HashiCorp Packer to bake cloud images (ex: ami for Aws) • Packer’s Ansible provisioner is used • This is to use the same Ansible playbooks in on-prem case • Used HashiCorp Terraform to create/provision cloud resources Creation of Cloud Resources
DEVOPS Zirvesi 2017 @gokhansengun Creation of Cloud Resources Cloud Images Ansible Playbooks On-prem Servers 172.27.44.10 172.27.44.11 172.27.44.20 172.27.44.21
@gokhansengun 5.2. Containerization and Orchestration
DEVOPS Zirvesi 2017 @gokhansengun • Docker was used as the container runtime • Main stream, everybody knows it • People familiar with its CLI • Apps were quickly containerized • Kubernetes is selected as the Container Orchestrator • There are not many choices these days • It is the de facto standard • Preparing k8s definition files were easy too • App already had health check endpoints • Handling signals correctly • Harbor is used for container registry Containerization and Orchestration
@gokhansengun 5.3. Configuration and Secret Mgmt
DEVOPS Zirvesi 2017 @gokhansengun • etcd is used as K/V store • Configuration files are templated • Confd was used to render them • We found konfd not usable/flexible • Configuration values kept installation-based • Same template used for dev, test, staging and every installation • Configuration change • Triggers re-render of the template • Triggers re-deploy of the app w/ no downtime Configuration Management
DEVOPS Zirvesi 2017 @gokhansengun • HashiCorp Vault is used as storage for secrets • Confd renders secrets from template to config • k8s-Vault Integration used for seamless integration • Secrets are visible only inside the container • Used Vault as CA (Certificate Authority) for X.509 Certificates • k8s component certificates generated with it • Used Vault to generate Aws keys for short period of time • Will use Vault to manage SSH access to machines • Except to k8s workers where containers run Secret Management
@gokhansengun 5.4. k8s Cluster Setup
DEVOPS Zirvesi 2017 @gokhansengun • Used kubeadm initially but replaced after a custom setup • Kops and other solutions not possible due to cloud + on-prem support • Control plane services run with systemd • Supports both HA (production) or non-HA (test, staging) mode • Terraform provisioners used to bootstrap the cluster for cloud case • HashiCorp Vault is used for creating and renewing certificates • Allowed easily creating/destroying worker nodes in auto-scaling scenario • cfssl is used for developer box k8s certificates k8s Cluster Setup
@gokhansengun 5.5. CI/CD Pipeline
DEVOPS Zirvesi 2017 @gokhansengun • Jenkins is used to initiate all processes • It is the single point of contact to whole infra • Docker images for services auto-built, tagged and pushed • Tagging scheme selected for the need, details irrelevant • Spinnaker is used to manage the k8s deployments • Workflows and accountability were the reasons of selection • Infrastructure creation/modification is also done through Jenkins • Called GitOps these days • Change on the Terraform source code applied on infra CI/CD Pipeline
@gokhansengun 5.6. Logging, Monitoring, Alarming
DEVOPS Zirvesi 2017 @gokhansengun • Our Motto: “Do not search issues in log files, look into alarms” • If there is a problem but no alarm, think of creating an alarm • Prometheus used to infra and application collect metrics • Still need to generate more operational metrics • Still need to create more alarms based on OM data • Grafana used to visualize collected metrics • Container logs collected on each worker node with syslogd • Logs then collected by existing ELK infrastructure Logging, Monitoring, Alarming
@gokhansengun 5.7. Overall Architectural Look
DEVOPS Zirvesi 2017 @gokhansengun Overall Architectural Look Coordination Environment eu-west installation ap-southeast-2 installation
@gokhansengun 5.8. Developer Box
DEVOPS Zirvesi 2017 @gokhansengun • Every developer has her/his separate environment locally • Including Jenkins/Grafana/Prometheus/ELK • HashiCorp Vagrant is used to orchestrate and provision developer box • Developer may configure any test/staging environments on Aws for stateful parts for his local machine • Best of all – real magic: developer may develop/debug any of the 15 services on her/his host machine with IDE :-) Developer Box
DEVOPS Zirvesi 2017 @gokhansengun Developer Box – Developing Locally Dev Host Box Virtual Box Stateful Components in the Cloud App containers run by k8s Apps running on the host directly Routing Point
DEVOPS Zirvesi 2017 @gokhansengun • GameChanger move: It is possible to change mobile app’s endpoint to route traffic to selected developer box from public internet Developer Box – Connect Mobile App Installation in the Cloud Proxy Tunnel Server Tunnel Client App running locally Tunnel between dev-box and the cloud Mobile App Isolated Network w Firewall/NAT Dev Box
DEVOPS Zirvesi 2017 @gokhansengun • Performance move: Developer box has lots of Docker images, a registry mirror VM is used to cache and speed bootstraping up Developer Box – Registry Mirror Harbor – Private RegistryDev Box Registry Mirror Box Docker Hub gcr.io quay.io etc
@gokhansengun Immutability and Infrastructure as Code (IaC) Tips and Benefits
DEVOPS Zirvesi 2017 @gokhansengun • Not everything is container but everything is immutable • Spinnaker and Harbor have its own VMs and but not containers • Jenkins has its own VM but container • All dependencies are included with version no latest tag • Example: FROM jenkins/jenkins:2.121.1 • Every non-stateful system component is mortal • May be recreated at any time without any data loss • Even the whole cluster (k8s et all) is mortal • Any time a new one could be created and traffic moved over Immutability and IaC - Tips and Benefits
DEVOPS Zirvesi 2017 @gokhansengun • Everything including infrastructure is coded • It allows full-automation • All system component (Harbor, Spinnaker, Jenkins) configurations are also coded • Example: Jenkins is a container • Plugins coded • Job definitions coded and kept in git • Job configurations coded • Job configurations baked into Jenkins during Docker build • When run, Jenkins container becomes ready immediately Immutability and IaC - Tips and Benefits
@gokhansengun Thanks

Empfohlen

An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...
An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...
An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...VMware Tanzu
 
Containers & Cloud Native Ops Cloud Foundry Approach
Containers & Cloud Native Ops Cloud Foundry ApproachContainers & Cloud Native Ops Cloud Foundry Approach
Containers & Cloud Native Ops Cloud Foundry ApproachCodeOps Technologies LLP
 
How to contribute to cloud native computing foundation (CNCF)
How to contribute to cloud native computing foundation (CNCF)How to contribute to cloud native computing foundation (CNCF)
How to contribute to cloud native computing foundation (CNCF)Krishna-Kumar
 
An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...
An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...
An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...VMware Tanzu
 
Serverless Functions: Accelerating DevOps Adoption
Serverless Functions: Accelerating DevOps AdoptionServerless Functions: Accelerating DevOps Adoption
Serverless Functions: Accelerating DevOps AdoptionAll Things Open
 
Building and Running Workloads the Knative Way
Building and Running Workloads the Knative WayBuilding and Running Workloads the Knative Way
Building and Running Workloads the Knative WayQAware GmbH
 
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...Daniel Bryant
 
Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...
Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...
Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...Docker, Inc.
 

Empfohlen

An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...
An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...
An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...VMware Tanzu
 
Containers & Cloud Native Ops Cloud Foundry Approach
Containers & Cloud Native Ops Cloud Foundry ApproachContainers & Cloud Native Ops Cloud Foundry Approach
Containers & Cloud Native Ops Cloud Foundry ApproachCodeOps Technologies LLP
 
How to contribute to cloud native computing foundation (CNCF)
How to contribute to cloud native computing foundation (CNCF)How to contribute to cloud native computing foundation (CNCF)
How to contribute to cloud native computing foundation (CNCF)Krishna-Kumar
 
An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...
An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...
An Integrated Pipeline for Private and Public Clouds with Jenkins, Artifactor...VMware Tanzu
 
Serverless Functions: Accelerating DevOps Adoption
Serverless Functions: Accelerating DevOps AdoptionServerless Functions: Accelerating DevOps Adoption
Serverless Functions: Accelerating DevOps AdoptionAll Things Open
 
Building and Running Workloads the Knative Way
Building and Running Workloads the Knative WayBuilding and Running Workloads the Knative Way
Building and Running Workloads the Knative WayQAware GmbH
 
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...Daniel Bryant
 
Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...
Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...
Learning the Alphabet: A/B, CD and [E-Z] in the Docker Datacenter by Brett Ti...Docker, Inc.
 
Docker Enterprise Workshop - Intro
Docker Enterprise Workshop - IntroDocker Enterprise Workshop - Intro
Docker Enterprise Workshop - IntroPatrick Chanezon
 
Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...
Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...
Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...Bitnami
 
India Serverless Summit 2017 - Sponsorship Deck
India Serverless Summit 2017 - Sponsorship DeckIndia Serverless Summit 2017 - Sponsorship Deck
India Serverless Summit 2017 - Sponsorship DeckCodeOps Technologies LLP
 
Devops CI-CD pipeline with Containers
Devops CI-CD pipeline with ContainersDevops CI-CD pipeline with Containers
Devops CI-CD pipeline with ContainersNuSpace
 
Going Serverless with Kubeless In Google Container Engine (GKE)
Going Serverless with Kubeless In Google Container Engine (GKE)Going Serverless with Kubeless In Google Container Engine (GKE)
Going Serverless with Kubeless In Google Container Engine (GKE)Bitnami
 
Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19marketingsyone
 
DevOps as a Service - Kuberiter
DevOps as a Service - KuberiterDevOps as a Service - Kuberiter
DevOps as a Service - Kuberiterlawrence143
 
Using Rancher and Docker with RightScale at Industrie IT
Using Rancher and Docker with RightScale at Industrie IT Using Rancher and Docker with RightScale at Industrie IT
Using Rancher and Docker with RightScale at Industrie IT RightScale
 
Why kubernetes matters
Why kubernetes mattersWhy kubernetes matters
Why kubernetes mattersPlatform9
 
Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...
Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...
Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...Docker, Inc.
 
Docker and Devops
Docker and DevopsDocker and Devops
Docker and DevopsDocker, Inc.
 
Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...
Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...
Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...Red Hat Developers
 
The what, why and how of knative
The what, why and how of knativeThe what, why and how of knative
The what, why and how of knativeMofizur Rahman
 
DockerCon SF 2015: From Months to Minutes
DockerCon SF 2015: From Months to MinutesDockerCon SF 2015: From Months to Minutes
DockerCon SF 2015: From Months to MinutesDocker, Inc.
 
DCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any InfrastructureDCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any InfrastructureDocker, Inc.
 
DockerCon SF 2015: How to Build a Secure DevOps Environment for the Government
DockerCon SF 2015: How to Build a Secure DevOps Environment for the GovernmentDockerCon SF 2015: How to Build a Secure DevOps Environment for the Government
DockerCon SF 2015: How to Build a Secure DevOps Environment for the GovernmentDocker, Inc.
 
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Docker, Inc.
 
KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...
KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...
KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...Patrick Chanezon
 
Kubernetes and the Rise of Application-centric Computing
Kubernetes and the Rise of Application-centric ComputingKubernetes and the Rise of Application-centric Computing
Kubernetes and the Rise of Application-centric ComputingBitnami
 
Knative, Serverless on Kubernetes, and Openshift
Knative, Serverless on Kubernetes, and OpenshiftKnative, Serverless on Kubernetes, and Openshift
Knative, Serverless on Kubernetes, and OpenshiftChris Suszyński
 
Containers, microservices and serverless for realists
Containers, microservices and serverless for realistsContainers, microservices and serverless for realists
Containers, microservices and serverless for realistsKarthik Gaekwad
 
Docker Birthday #5 Meetup Cluj - Presentation
Docker Birthday #5 Meetup Cluj - PresentationDocker Birthday #5 Meetup Cluj - Presentation
Docker Birthday #5 Meetup Cluj - PresentationAlex Vranceanu
 

Weitere ähnliche Inhalte

Was ist angesagt?

Docker Enterprise Workshop - Intro
Docker Enterprise Workshop - IntroDocker Enterprise Workshop - Intro
Docker Enterprise Workshop - IntroPatrick Chanezon
 
Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...
Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...
Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...Bitnami
 
India Serverless Summit 2017 - Sponsorship Deck
India Serverless Summit 2017 - Sponsorship DeckIndia Serverless Summit 2017 - Sponsorship Deck
India Serverless Summit 2017 - Sponsorship DeckCodeOps Technologies LLP
 
Devops CI-CD pipeline with Containers
Devops CI-CD pipeline with ContainersDevops CI-CD pipeline with Containers
Devops CI-CD pipeline with ContainersNuSpace
 
Going Serverless with Kubeless In Google Container Engine (GKE)
Going Serverless with Kubeless In Google Container Engine (GKE)Going Serverless with Kubeless In Google Container Engine (GKE)
Going Serverless with Kubeless In Google Container Engine (GKE)Bitnami
 
Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19marketingsyone
 
DevOps as a Service - Kuberiter
DevOps as a Service - KuberiterDevOps as a Service - Kuberiter
DevOps as a Service - Kuberiterlawrence143
 
Using Rancher and Docker with RightScale at Industrie IT
Using Rancher and Docker with RightScale at Industrie IT Using Rancher and Docker with RightScale at Industrie IT
Using Rancher and Docker with RightScale at Industrie IT RightScale
 
Why kubernetes matters
Why kubernetes mattersWhy kubernetes matters
Why kubernetes mattersPlatform9
 
Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...
Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...
Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...Docker, Inc.
 
Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...
Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...
Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...Red Hat Developers
 
The what, why and how of knative
The what, why and how of knativeThe what, why and how of knative
The what, why and how of knativeMofizur Rahman
 
DockerCon SF 2015: From Months to Minutes
DockerCon SF 2015: From Months to MinutesDockerCon SF 2015: From Months to Minutes
DockerCon SF 2015: From Months to MinutesDocker, Inc.
 
DCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any InfrastructureDCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any InfrastructureDocker, Inc.
 
DockerCon SF 2015: How to Build a Secure DevOps Environment for the Government
DockerCon SF 2015: How to Build a Secure DevOps Environment for the GovernmentDockerCon SF 2015: How to Build a Secure DevOps Environment for the Government
DockerCon SF 2015: How to Build a Secure DevOps Environment for the GovernmentDocker, Inc.
 
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Docker, Inc.
 
KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...
KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...
KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...Patrick Chanezon
 
Kubernetes and the Rise of Application-centric Computing
Kubernetes and the Rise of Application-centric ComputingKubernetes and the Rise of Application-centric Computing
Kubernetes and the Rise of Application-centric ComputingBitnami
 
Knative, Serverless on Kubernetes, and Openshift
Knative, Serverless on Kubernetes, and OpenshiftKnative, Serverless on Kubernetes, and Openshift
Knative, Serverless on Kubernetes, and OpenshiftChris Suszyński
 

Was ist angesagt? (20)

Docker Enterprise Workshop - Intro
Docker Enterprise Workshop - IntroDocker Enterprise Workshop - Intro
Docker Enterprise Workshop - Intro
 
Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...
Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...
Take the Fastest Path to Node.Js Application Development with Bitnami & AWS L...
 
India Serverless Summit 2017 - Sponsorship Deck
India Serverless Summit 2017 - Sponsorship DeckIndia Serverless Summit 2017 - Sponsorship Deck
India Serverless Summit 2017 - Sponsorship Deck
 
Devops CI-CD pipeline with Containers
Devops CI-CD pipeline with ContainersDevops CI-CD pipeline with Containers
Devops CI-CD pipeline with Containers
 
Going Serverless with Kubeless In Google Container Engine (GKE)
Going Serverless with Kubeless In Google Container Engine (GKE)Going Serverless with Kubeless In Google Container Engine (GKE)
Going Serverless with Kubeless In Google Container Engine (GKE)
 
Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19Ricardo Fiel - Microsoft - OSL19
Ricardo Fiel - Microsoft - OSL19
 
DevOps as a Service - Kuberiter
DevOps as a Service - KuberiterDevOps as a Service - Kuberiter
DevOps as a Service - Kuberiter
 
Using Rancher and Docker with RightScale at Industrie IT
Using Rancher and Docker with RightScale at Industrie IT Using Rancher and Docker with RightScale at Industrie IT
Using Rancher and Docker with RightScale at Industrie IT
 
Why kubernetes matters
Why kubernetes mattersWhy kubernetes matters
Why kubernetes matters
 
Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...
Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...
Digital Transformation with Docker, Cloud, and DevOps: How JCPenney Handles B...
 
Docker and Devops
Docker and DevopsDocker and Devops
Docker and Devops
 
Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...
Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...
Ultimate DevOps: OpenShift Dedicated With CloudBees Jenkins Platform (Andy Pe...
 
The what, why and how of knative
The what, why and how of knativeThe what, why and how of knative
The what, why and how of knative
 
DockerCon SF 2015: From Months to Minutes
DockerCon SF 2015: From Months to MinutesDockerCon SF 2015: From Months to Minutes
DockerCon SF 2015: From Months to Minutes
 
DCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any InfrastructureDCSF 19 Microservices API: Routing Across Any Infrastructure
DCSF 19 Microservices API: Routing Across Any Infrastructure
 
DockerCon SF 2015: How to Build a Secure DevOps Environment for the Government
DockerCon SF 2015: How to Build a Secure DevOps Environment for the GovernmentDockerCon SF 2015: How to Build a Secure DevOps Environment for the Government
DockerCon SF 2015: How to Build a Secure DevOps Environment for the Government
 
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
 
KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...
KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...
KubeCon China 2019 - Building Apps with Containers, Functions and Managed Ser...
 
Kubernetes and the Rise of Application-centric Computing
Kubernetes and the Rise of Application-centric ComputingKubernetes and the Rise of Application-centric Computing
Kubernetes and the Rise of Application-centric Computing
 
Knative, Serverless on Kubernetes, and Openshift
Knative, Serverless on Kubernetes, and OpenshiftKnative, Serverless on Kubernetes, and Openshift
Knative, Serverless on Kubernetes, and Openshift
 

Ähnlich wie DevOpsDays 2018 - Migrating a Cloud Native App to k8s

Containers, microservices and serverless for realists
Containers, microservices and serverless for realistsContainers, microservices and serverless for realists
Containers, microservices and serverless for realistsKarthik Gaekwad
 
Docker Birthday #5 Meetup Cluj - Presentation
Docker Birthday #5 Meetup Cluj - PresentationDocker Birthday #5 Meetup Cluj - Presentation
Docker Birthday #5 Meetup Cluj - PresentationAlex Vranceanu
 
Developing Microservices Directly in AKS/Kubernetes
Developing Microservices Directly in AKS/KubernetesDeveloping Microservices Directly in AKS/Kubernetes
Developing Microservices Directly in AKS/KubernetesChakradhar Rao Jonagam
 
Containers and Microservices for Realists
Containers and Microservices for RealistsContainers and Microservices for Realists
Containers and Microservices for RealistsOracle Developers
 
Containers and microservices for realists
Containers and microservices for realistsContainers and microservices for realists
Containers and microservices for realistsKarthik Gaekwad
 
GCP Meetup #3 - Approaches to Cloud Native Architectures
GCP Meetup #3 - Approaches to Cloud Native ArchitecturesGCP Meetup #3 - Approaches to Cloud Native Architectures
GCP Meetup #3 - Approaches to Cloud Native Architecturesnine
 
Stop Caring About Kubernetes
Stop Caring About KubernetesStop Caring About Kubernetes
Stop Caring About KubernetesDavid Lewis
 
Google Tech Talk with Dr. Eric Brewer in Korea Apr.27.2015
Google Tech Talk with Dr. Eric Brewer in Korea Apr.27.2015Google Tech Talk with Dr. Eric Brewer in Korea Apr.27.2015
Google Tech Talk with Dr. Eric Brewer in Korea Apr.27.2015Chris Jang
 
The path to a serverless-native era with Kubernetes
The path to a serverless-native era with KubernetesThe path to a serverless-native era with Kubernetes
The path to a serverless-native era with Kubernetessparkfabrik
 
Google Cloud Fundamentals by CloudZone
Google Cloud Fundamentals by CloudZoneGoogle Cloud Fundamentals by CloudZone
Google Cloud Fundamentals by CloudZoneIdan Tohami
 
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems Integration
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems IntegrationJenkins Pipeline @ Scale. Building Automation Frameworks for Systems Integration
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems IntegrationOleg Nenashev
 
The App Developer's Kubernetes Toolbox
The App Developer's Kubernetes ToolboxThe App Developer's Kubernetes Toolbox
The App Developer's Kubernetes ToolboxNebulaworks
 
A Hitchhiker's Guide to the Cloud Native Stack
A Hitchhiker's Guide to the Cloud Native StackA Hitchhiker's Guide to the Cloud Native Stack
A Hitchhiker's Guide to the Cloud Native StackQAware GmbH
 
A Hitchhiker’s Guide to the Cloud Native Stack. #DevoxxPL
A Hitchhiker’s Guide to the Cloud Native Stack. #DevoxxPLA Hitchhiker’s Guide to the Cloud Native Stack. #DevoxxPL
A Hitchhiker’s Guide to the Cloud Native Stack. #DevoxxPLMario-Leander Reimer
 
CI/CD on Google Cloud Platform
CI/CD on Google Cloud PlatformCI/CD on Google Cloud Platform
CI/CD on Google Cloud PlatformDevOps Indonesia
 
OpenFaaS 2019 Project Update
OpenFaaS 2019 Project UpdateOpenFaaS 2019 Project Update
OpenFaaS 2019 Project UpdateAlex Ellis
 
DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2Docker, Inc.
 
DevOps and BigData Analytics
DevOps and BigData Analytics DevOps and BigData Analytics
DevOps and BigData Analytics sbbabu
 

Ähnlich wie DevOpsDays 2018 - Migrating a Cloud Native App to k8s (20)

Containers, microservices and serverless for realists
Containers, microservices and serverless for realistsContainers, microservices and serverless for realists
Containers, microservices and serverless for realists
 
Docker Birthday #5 Meetup Cluj - Presentation
Docker Birthday #5 Meetup Cluj - PresentationDocker Birthday #5 Meetup Cluj - Presentation
Docker Birthday #5 Meetup Cluj - Presentation
 
Developing Microservices Directly in AKS/Kubernetes
Developing Microservices Directly in AKS/KubernetesDeveloping Microservices Directly in AKS/Kubernetes
Developing Microservices Directly in AKS/Kubernetes
 
Containers and Microservices for Realists
Containers and Microservices for RealistsContainers and Microservices for Realists
Containers and Microservices for Realists
 
Containers and microservices for realists
Containers and microservices for realistsContainers and microservices for realists
Containers and microservices for realists
 
GCP Meetup #3 - Approaches to Cloud Native Architectures
GCP Meetup #3 - Approaches to Cloud Native ArchitecturesGCP Meetup #3 - Approaches to Cloud Native Architectures
GCP Meetup #3 - Approaches to Cloud Native Architectures
 
2 万林涛
2 万林涛2 万林涛
2 万林涛
 
Stop Caring About Kubernetes
Stop Caring About KubernetesStop Caring About Kubernetes
Stop Caring About Kubernetes
 
Google Tech Talk with Dr. Eric Brewer in Korea Apr.27.2015
Google Tech Talk with Dr. Eric Brewer in Korea Apr.27.2015Google Tech Talk with Dr. Eric Brewer in Korea Apr.27.2015
Google Tech Talk with Dr. Eric Brewer in Korea Apr.27.2015
 
The path to a serverless-native era with Kubernetes
The path to a serverless-native era with KubernetesThe path to a serverless-native era with Kubernetes
The path to a serverless-native era with Kubernetes
 
Google Cloud Fundamentals by CloudZone
Google Cloud Fundamentals by CloudZoneGoogle Cloud Fundamentals by CloudZone
Google Cloud Fundamentals by CloudZone
 
56k.cloud training
56k.cloud training56k.cloud training
56k.cloud training
 
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems Integration
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems IntegrationJenkins Pipeline @ Scale. Building Automation Frameworks for Systems Integration
Jenkins Pipeline @ Scale. Building Automation Frameworks for Systems Integration
 
The App Developer's Kubernetes Toolbox
The App Developer's Kubernetes ToolboxThe App Developer's Kubernetes Toolbox
The App Developer's Kubernetes Toolbox
 
A Hitchhiker's Guide to the Cloud Native Stack
A Hitchhiker's Guide to the Cloud Native StackA Hitchhiker's Guide to the Cloud Native Stack
A Hitchhiker's Guide to the Cloud Native Stack
 
A Hitchhiker’s Guide to the Cloud Native Stack. #DevoxxPL
A Hitchhiker’s Guide to the Cloud Native Stack. #DevoxxPLA Hitchhiker’s Guide to the Cloud Native Stack. #DevoxxPL
A Hitchhiker’s Guide to the Cloud Native Stack. #DevoxxPL
 
CI/CD on Google Cloud Platform
CI/CD on Google Cloud PlatformCI/CD on Google Cloud Platform
CI/CD on Google Cloud Platform
 
OpenFaaS 2019 Project Update
OpenFaaS 2019 Project UpdateOpenFaaS 2019 Project Update
OpenFaaS 2019 Project Update
 
DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2
 
DevOps and BigData Analytics
DevOps and BigData Analytics DevOps and BigData Analytics
DevOps and BigData Analytics
 

Kürzlich hochgeladen

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 

Kürzlich hochgeladen (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 

DevOpsDays 2018 - Migrating a Cloud Native App to k8s

  • 1. @gokhansengun Migrating a Cloud Native App Running on AWS to k8s Gökhan Şengün DevOpsDays İstanbul - Sep 2018
  • 2. DEVOPS Zirvesi 2017 me • Full-Stack Developer with 12 years of experience • Blogging every Monday on Medium • In Turkish and mostly about DevOps related concepts @gokhansengun • Currently working for • Sending random tweets @gokhansengun
  • 3. @gokhansengun 1. What is this talk about? Replatforming a cloud native app running on Aws to k8s
  • 4. @gokhansengun 2. How does application look like?
  • 5. DEVOPS Zirvesi 2017 @gokhansengun • Runs on • 15 services all written with • Heavily using Aws services like • In 3 different Aws regions • Complex integrations with 3rd parties • Not a simple mobile application :-) How does application look like?
  • 6. @gokhansengun 3. What were customer’s requirements?
  • 7. DEVOPS Zirvesi 2017 @gokhansengun • Be cloud agnostic • Run on bare metal • Create a new installation by clicking of a button • Improve developer experience • Improve operational experience • Prevent SPOF on vital system components • Make it cost effective • Improve observability and operational measurements • Run hand-to-hand with legacy system to ease migration • Have zero-downtime deployments • Have auto-scale in infrastructure level What were customer’s requirements?
  • 8. @gokhansengun 4. How did we approach it?
  • 9. DEVOPS Zirvesi 2017 @gokhansengun • Abstract away creation of compute, network, storage resources • to support becoming cloud agnostic • Apply Immutable Infrastructure and Infrastructure as Code (IaC) • to automate and ease new installations • Containerize and orchestrate services • to create parity between dev, test, prod environments • to build health checks, observability and prevent SPOF • Leave stateful parts out of the first phase’s scope • to run hand-to-hand with legacy system How did we approach it?
  • 10. @gokhansengun 5. How did we do it actually?
  • 12. DEVOPS Zirvesi 2017 @gokhansengun • Used HashiCorp Packer to bake cloud images (ex: ami for Aws) • Packer’s Ansible provisioner is used • This is to use the same Ansible playbooks in on-prem case • Used HashiCorp Terraform to create/provision cloud resources Creation of Cloud Resources
  • 13. DEVOPS Zirvesi 2017 @gokhansengun Creation of Cloud Resources Cloud Images Ansible Playbooks On-prem Servers 172.27.44.10 172.27.44.11 172.27.44.20 172.27.44.21
  • 15. DEVOPS Zirvesi 2017 @gokhansengun • Docker was used as the container runtime • Main stream, everybody knows it • People familiar with its CLI • Apps were quickly containerized • Kubernetes is selected as the Container Orchestrator • There are not many choices these days • It is the de facto standard • Preparing k8s definition files were easy too • App already had health check endpoints • Handling signals correctly • Harbor is used for container registry Containerization and Orchestration
  • 17. DEVOPS Zirvesi 2017 @gokhansengun • etcd is used as K/V store • Configuration files are templated • Confd was used to render them • We found konfd not usable/flexible • Configuration values kept installation-based • Same template used for dev, test, staging and every installation • Configuration change • Triggers re-render of the template • Triggers re-deploy of the app w/ no downtime Configuration Management
  • 18. DEVOPS Zirvesi 2017 @gokhansengun • HashiCorp Vault is used as storage for secrets • Confd renders secrets from template to config • k8s-Vault Integration used for seamless integration • Secrets are visible only inside the container • Used Vault as CA (Certificate Authority) for X.509 Certificates • k8s component certificates generated with it • Used Vault to generate Aws keys for short period of time • Will use Vault to manage SSH access to machines • Except to k8s workers where containers run Secret Management
  • 20. DEVOPS Zirvesi 2017 @gokhansengun • Used kubeadm initially but replaced after a custom setup • Kops and other solutions not possible due to cloud + on-prem support • Control plane services run with systemd • Supports both HA (production) or non-HA (test, staging) mode • Terraform provisioners used to bootstrap the cluster for cloud case • HashiCorp Vault is used for creating and renewing certificates • Allowed easily creating/destroying worker nodes in auto-scaling scenario • cfssl is used for developer box k8s certificates k8s Cluster Setup
  • 22. DEVOPS Zirvesi 2017 @gokhansengun • Jenkins is used to initiate all processes • It is the single point of contact to whole infra • Docker images for services auto-built, tagged and pushed • Tagging scheme selected for the need, details irrelevant • Spinnaker is used to manage the k8s deployments • Workflows and accountability were the reasons of selection • Infrastructure creation/modification is also done through Jenkins • Called GitOps these days • Change on the Terraform source code applied on infra CI/CD Pipeline
  • 24. DEVOPS Zirvesi 2017 @gokhansengun • Our Motto: “Do not search issues in log files, look into alarms” • If there is a problem but no alarm, think of creating an alarm • Prometheus used to infra and application collect metrics • Still need to generate more operational metrics • Still need to create more alarms based on OM data • Grafana used to visualize collected metrics • Container logs collected on each worker node with syslogd • Logs then collected by existing ELK infrastructure Logging, Monitoring, Alarming
  • 26. DEVOPS Zirvesi 2017 @gokhansengun Overall Architectural Look Coordination Environment eu-west installation ap-southeast-2 installation
  • 28. DEVOPS Zirvesi 2017 @gokhansengun • Every developer has her/his separate environment locally • Including Jenkins/Grafana/Prometheus/ELK • HashiCorp Vagrant is used to orchestrate and provision developer box • Developer may configure any test/staging environments on Aws for stateful parts for his local machine • Best of all – real magic: developer may develop/debug any of the 15 services on her/his host machine with IDE :-) Developer Box
  • 29. DEVOPS Zirvesi 2017 @gokhansengun Developer Box – Developing Locally Dev Host Box Virtual Box Stateful Components in the Cloud App containers run by k8s Apps running on the host directly Routing Point
  • 30. DEVOPS Zirvesi 2017 @gokhansengun • GameChanger move: It is possible to change mobile app’s endpoint to route traffic to selected developer box from public internet Developer Box – Connect Mobile App Installation in the Cloud Proxy Tunnel Server Tunnel Client App running locally Tunnel between dev-box and the cloud Mobile App Isolated Network w Firewall/NAT Dev Box
  • 31. DEVOPS Zirvesi 2017 @gokhansengun • Performance move: Developer box has lots of Docker images, a registry mirror VM is used to cache and speed bootstraping up Developer Box – Registry Mirror Harbor – Private RegistryDev Box Registry Mirror Box Docker Hub gcr.io quay.io etc
  • 33. DEVOPS Zirvesi 2017 @gokhansengun • Not everything is container but everything is immutable • Spinnaker and Harbor have its own VMs and but not containers • Jenkins has its own VM but container • All dependencies are included with version no latest tag • Example: FROM jenkins/jenkins:2.121.1 • Every non-stateful system component is mortal • May be recreated at any time without any data loss • Even the whole cluster (k8s et all) is mortal • Any time a new one could be created and traffic moved over Immutability and IaC - Tips and Benefits
  • 34. DEVOPS Zirvesi 2017 @gokhansengun • Everything including infrastructure is coded • It allows full-automation • All system component (Harbor, Spinnaker, Jenkins) configurations are also coded • Example: Jenkins is a container • Plugins coded • Job definitions coded and kept in git • Job configurations coded • Job configurations baked into Jenkins during Docker build • When run, Jenkins container becomes ready immediately Immutability and IaC - Tips and Benefits