A summary of the session from Cloud Native Summit 2019

1. Post
Cloud Native Summit

2. Introductions

3. CNS is an international tech conference where you will learn in a friendly and inclusive environment
about the latest innovations and best practices in
o Cloud Native Transformation
o software development
o DevOps principles
o Microservices
o Service Mesh
o Continuous Delivery
o Container technologies
o automating IT operations
o Testing
o Security and more
https://www.cloudnativesummit.co/nz/
Cloud Native Summit

4. o Cloud-Native is an approach to building and running applications that exploits the advantages of the
cloud computing delivery model.
o It is about how applications are created and deployed, not where
o Apps are loosely coupled, meaning the code is not hard-wired to any of the infrastructure
components, so that the app can scale up and down on demand and embrace the concepts of
immutable infrastructure.
o Not only that, but it even has its own foundation: the Cloud Native Computing Foundation (CNCF),
launched in 2015 by the Linux Foundation.
o https://www.cncf.io/
Cloud Native

5. Summaries

6. Distributed Tracing and Zipkin
Adrian Cole (Pivotal)
Benefits
o See your architecture with live dependency
diagrams built from traces
o Allows for faster identification and isolation of
bugs and performance problems in the dist sys
o Distributed tracing lets you see the path that a
request takes as it travels through a distributed
system.
o Helps gather timing data needed to troubleshoot
latency problems in service architectures, reduce
triage time, visualise latency and understand
complexity
o Includes both the collection and lookup of this
data and one can setup the tracing system from
scratch using Docker
o Zipkin is distributed tracing system created by
Twitter. Compatible with 3rd party libraries,
proxies, etc
For More Info
o https://zipkin.io/
1

7. o Catalyst Cloud based in NZ is a cloud provider that builds private cloud for customers using the same
technology used by their public cloud.
o OpenStack Magnum is a container orchestration engine provisioning service that make it easy to
deploy, manage, and scale Kubernetes clusters to run containerised applications
Benefits
o Strong Security: Rolling upgrades and patching,
new policies, authentication, etc.
o High Availability/Resiliency
o Performance escalation
For More Info
o https://catalystcloud.nz/services/paas/kubernetes/
Production Ready Kubernetes Clusters
Bruno Lago and Fei Long Wang (Catalyst Cloud)2

8. o Serverless simply means that you don’t have to manage the servers on which your application runs
o No worry about scaling your application as the load increases, it is handled automatically!
o However when at scale, concurrency problems with bottleneck when spinning up autoscalers that
take 10-15 minutes to spin up
o Lambdas reading from Kinesis streams and SQS
Benefits
o Auto-scaling high demand applications
(millions of requests) without bottleneck
Building Serverless Applications at Scale
Vanessa Thornton (Xero)3
For More Info
o Practice proactive performance testing
o Serverless Artillery (Testing Suite) -
https://github.com/Nordstrom/serverless-artillery
o Jtest
o Roll your own
Problem with many API calls Solution using Kinesis

9. o IT shift to a modern distributed architecture has left enterprises
unable to monitor, connect, manage, & secure their services in
a consistent way.
o Pilot - Control plane to configure and push service
communication policies.
o Envoy - Network proxy to intercept communication and apply
policies.
o Mixer - Policy enforcement with a flexible plugin model for
providers for a policy.
o Citadel - Service-to-service auth using mutual TLS, with built-in
identity and credential management.
o Galley - Configuration validation, distribution
Benefits
o Service mesh moves these facets out of the
application for better division of labour and...
o Consistency across the fleet
o Centralized control
For More Info
o http://bit.ly/cns-2019
Practical Istio
Zack Butcher (Tetrate)4

10. o GitOps is a paradigm or a set of practices
that empowers developers to perform tasks
which typically fall under the purview of IT
operations Consistency (Via Versioning)
o The flow
1. Users
2. Git
3. Pipelines
4. Environment
Benefits
o Consistency (Via Versioning)
o Self-service (Via Git)
o Flexibility
For More Info
o https://platform.deloitte.com.au/articles/gitops-
driven-deployments-on-openshift
GitOps Driven Deployments on OpenShift
Everett Toews and Heather Cumberworth-Lane (Deloitte/Education Payroll Ltd)5

11. o System Quality Attributes:
1. Coding Standards/Design Patterns
2. Templates ( e.g Spring boot actuator template)
3. Client Library (e.g AWS SDK client library)
4. Platform Library
5. Mesh (Istio)
6. Container Orchestration ( Kubernetes and ECS)
Mastering Consistency in Microservices Architectures
Andy Marks (ThoughtWorks)6
21/26 21/30 12/24 16/22 13/30 26/29
Coding Standard Template
Services
Client Library Platform Library Mesh Container
Orchestration
? 75% using
Spring boots
? ? 70% using
Istio
60% Kubernetes
26% Amazon ECS
Survey Results from 30 Tech teams
o Autonomy vs Consistency
o Scaling vs Logging
o Coupling vs Security
o Speed vs Resiliency

12. o Dev Ops responsibility split
o Event driven architecture
o Event stream to replace logging and metrics
for meaningful reporting
o Instrument everything
o Data platform to allow for more accessibility
to query – allow for data teams, security
teams, networking teams etc.
o Eg. Haystack from Expedia
Observability for Everyone
Inny So and Andrew Jones (Thoughtworks)7

13. The Nature and Characteristics of Adopting Hybrid Cloud
Mandi Buswell (RedHat)8
Hybrid cloud is a combination of public and private clouds
o The interconnection is multi-layered
o Burstable/elastic compute
o Network interconnectivity
o Storage and data
o The considerations at all levels need to be aligned
o Abstraction
o Orchestration/Automation/Operational Control
o Visibility/Connectivity
o Portability/Sustainability/Scalability
o Security/Reliability
o Open or closed?
o Principles of reference for hybrid cloud
o Infrastructure software across all footprints and intelligent
routing
o Cloud-native app platforms
o Management and automation
o Open/standards based
o Security first
Four Core Scenarios of
Hybrid Cloud Deployments

14. o Portable open source serverless Kubernetes
o Build
o Easy-to-use, simple source-to-container builds
o Focus on writing code
o Serving
o Run serverless containers on Kubernetes
o Takes care of networking, scaling (even to zero) and revision tracking
o Focus on core logic
o Eventing
o Universal description, delivery and management of events
o Build modern apps by attaching compute to data stream
with declarative event connectivity and developer-friendly object model
o Middleware tools that allow for extending Kubernetes to run anywhere
o Knative
o OpenFaaS
o Keda
Serverless runtimes on top of Kubernetes: a developer guide
Scott Coulton (Microsoft)9

15. o Asynchronous. Resilience, flexibility, replay
o What is an event? A fact with no expectation of future consequences.
o Immutable, grows over time, cannot be retracted
o Embrace eventual consistency
o Allows you to have your data ready for future forecasting and queries
Preparing for the event-driven world
Kiru Samapathy (Thoughtworks)10

16. o Containers are just processes, have their own filesystem and network but share a kernel
o Workload or cluster compromise
o Defence - Minimise container image attack surface
o Supply chain (deps, images, git),
o Pipeline controls (Secrets Mgmt, Gitops)
o Infrastructure
o Linux security (Apparmor)
o Cluster (RBAC)
o Network (network policy)
o Use recommended controllers and restrictions
o Think of security at the design process
o Perform threat modelling
o Document data flow and attack trees
o Make security everyone’s job and part of your org’s culture (DevSecOps)
o Slides - tiny.cc/iyfsaz
Kubernetes Security Low-Hanging Fruit
Luke Bond (Control Plane)11

17. o The complexity is real. Innovate.
o Subtraction. Remove yourself. Let others take over.
o Cropping. Move yourself from one team to another.
o Adopted observability strategy
o Alerting strategy
o Getting Insights into your application right from code commit and the impact of each code change
o Identifying Patterns and trends across your digital footprint
o Establishing reasonable thresholds and minimising alerting fatigue
o Ingest-store-visualise to break down system of systems - embrace controlled vs chaos engineering
o Accountability and Responsibility - Gaining full visibility into your applications, dependencies and
containers and the relationships between them
Escaping Enterprise Complexity
Diana Omuoyo & Nik Jain (New Relic)12

18. o Metrics. Sequence of data points, measuring the same thing over time
o Histograms and tracing
o 3D Observability to understand the system and removing bottlenecks
o Being able to identify and isolate the bug easily allows for BeachOps
o All for customer happiness
Metrics, Histograms, Traces
Annie Lin (VMWare)13

19. Will open-source (Kubernetes) be able to compete with enterprise?
o Kubernetes is the new Linux – however not always the right choice
o Open source awesome but way too many options
o Tie it to business value and solving customer problems
o Technical debt – security, compliance etc but especially adoption
o Open standard and open cloud for open source - enterprise offers support
o Commercial model wraps around open source to make it possible through vendors
o Open source drives maturity of features that drives feature dev and adoption
o Kubernetes made it more secure or made attack surface bigger by being more complex?
- larger adoption means larger risk, however more eyes to spot vulnerabilities
o Need more maturity on standards like the electricity industry
Panel
Kelly Griffin (Ranchers Labs), Mandi Buswell (RedHat),
Roman Tarnavski (VMWare), Bruno Lago (Catalyst Cloud)14

20. Thank you