platform and kubernetes taking off with the google cloud · production ready kubernetes get started...
Post on 22-May-2020
8 Views
Preview:
TRANSCRIPT
Taking off with the Google Cloud Platform and Kubernetes
2
Agenda An Introduction to Google Cloud
Kubernetes - The OS for the Public and Private Clouds
How to build an enterprise grade environment
Networking, Coffee, Snacks
An introduction to Google Cloud
Valeria Agnolotti (Partner Manager) Daniel Messer (Partner Engineer)
(may contain traces of
)
4
Seven products with over one billion users each,all powered by the cloud
Google Search
Android Google Maps
Gmail
Google Play
YouTube Chrome
5
$30.9 billioninvestment in the last 3 years
Over 1 billionunique IP addresses served daily
Global Scale15 regions currently with 6 more coming soon, new servers added every 3 seconds
High reliability uncommon across industry
Google Cloud
6
Indigo (SG, ID, AU) 2019
Unity (US, JP) 2010
Monet (US, BR) 2017
Tannat (BR, UY, AR) 2017
Junior (Rio, Santos) 2017
FASTER (US, JP, TW) 2016
PLCN (HK, LA) 2019
Indigo (SG, ID, AU) 2019
Curie (CL, US) 2019
Havfrue (US,IE, DK) 2019
SJC (JP, HK, SG) 2013
HK-G (HK, GU) 2019
Edge points of presence >100
Network
Future region and number of zones
Current region and number of zones
3
22
33
3
3
3
3
3
3
3
4 3
333
333 3
3
Edge node locations >1000
Better global network infrastructureHundreds of thousands of miles of fiber optic cable connecting all of our datacenter regions and 100+ points of presence
7
Security:defense in depth
Confidential & Proprietary
TitanGoogle’s purpose-built chip to establish hardware root of trust for both machines and peripherals on cloud infrastructure
9
...no perceptible impact in our cloud and required no customer downtime in part due to Google Cloud Platform’s Live Migration technology.
Ben Treynor-Sloss,Vice President, 24x7
Confidential + Proprietary
Demis HassabisCEO DeepMind
11
AI: fastest growingcloud workload
$
AI investment
AI solution deployed
Revenue / Cost
AI is changing the world around us
Google has deep expertise
Confidential + Proprietary
Two Flavors of Machine Learning
Custom ML models Pre-trained ML models
Machine Learning Engine
TensorFlow
Vision API
Translation API
Natural Language API
Speech API Jobs API
Video Intelligence API
13
It’s a multi-cloud world
Hybrid PrivatePublic
Maturity ofSaaS offerings
Availability ofresellers
Availability ofsystem integrators Security Time to
deploymentSLAs
Geographicreach
Open source is critical
Viability ofalternate services
Integrationcomplexity Data size Compliance /
regulatoryPerformance
14
The incredible Kubernetes ecosystem
*Sources: COCOMO Model, CNCF.io Certified Providers
442 Years of effort* 5,000+ Contributors 30k+ GitHub stars
15
● A portable, open-source, container-centric management platform
● Built-in primitives for deployments, rolling upgrades, scaling, monitoring, and more
● Inspired by Google’s internal systems
● Get true workload portability and increased infrastructure efficiency
What is Kubernetes?
16
But getting started can be challenging
17
And don’t forget“Day 2” ops
● Managing components
● Encrypting and securing etcd
● Configuring HA
● Rolling out security patches
● Backups and disaster recovery
● Bootstrapping TLS
● Managing users and policies
18
Kubernetes the Easy WayStart a cluster with one-click
View your clusters and workloads in a single pane of glass
Google keeps your cluster up and running
19
GoogleKubernetes Engine
20
ProductionReadyKubernetes
Get Started Quickly
Use the Cloud Console to easily create a cluster and view your workloads
Reliable and Available
GKE automatically repairs, upgrades, and scales your cluster with a high-availability control plane
Integrated with GCP
Take advantage of the deep integration with Google Cloud Platform features and services
21
Running Kubernetes at 50% cost
K8S Cluster
Clients
Cloud LoadBalancing
CloudDNS
Architecture: Run Workloads preferrably on Preemptible GKE Nodes
NameKubernetes Engine
Stateful Service
Stateful Service
Stateless Service
Stateless Service
Batch Job
Node Pool ACompute Engine
Regular VMs
Node Pool BCompute Engine
Preemptible VMs
Cost example (europe-west3):
n1-standard-1
Standard Price: $0.0612Preemptible Price: $0.01230
n1-highem-2
Standard Price: $0.1523Preemptible Price: $0.03050
22
Integrating Kubernetes in CI/CD
Cloud Build
Developer commits changes
Cloud Source Repositories
Container Registry
Kubernetes EngineDeveloper
Commit triggers new build
Build runs unit tests and creates image
New image is scanned & triggers deployment
Run canary tests and canary analysis
Deploy canaries and prod version with binary authorization
23
Machine Learning with Kubernetes
Kubernetes Engine
Nvidia Tesla K80 Nvidia Tesla P4 Nvidia Tesla V100
● Hardware abstraction
● Framework / Tooling encapsulation
● Model portability / Repeatable workflows
● Consistent Developer Experience
24
GKE on premise*Orchestrate and manage on-prem containers just like GKE in the cloud
Cluster environments are consistent (k8s version, OS image, plug-ins, components configuration)
Single-pane-of-glass for multiple Kubernetes clusters, no matter where
* Generally beginning of next year
25
Serverless with GKE GKE serverless add-on*
1-step deploy
1-step install add-on on GKE
Deploy with less config/code
Run serverless workloads
Go from source to URL
Automatically deploys containers and
provision ingress
Auto-scale
Auto-scale your stateless container based workloads
Scale down to zero
Developed open source under the Knative project
* Generally available later this year
26
Thank you
27
That’s a wrap.
Kubernetes The OS for the Public and Private Clouds
thomas@endocode.com
HI!
Thomas Fricke
thomas@endocode.com
CTO Endocode
● System Automation● DevOps ● Cloud, Database and Software
Architect● K8S since September 2015
ENDOCODE
● Berlin, Germany based Company● Focus
○ Open Source○ Compliance○ Automation○ Kubernetes○ Google Cloud
● Development● Implementation Processes
Greek for “Helmsman”; also the root of the words “governor” and “cybernetic”
● Runs and manages containers● Inspired and informed by Google’s
experiences and internal systems● Supports multiple cloud and bare-metal
environments● Supports multiple container runtimes● 100% Open source, written in Go
Manage applications, not machines
Kubernetes
kubelet
UI
kubelet CLI
API
users master nodes
The 10000 foot view
etcd
kubelet
scheduler
controllers
apiserver
UI
All you really care about
APIContainer
Cluster
KUBERNETES PODS
● Core Concept the Kubernetes Microservice● Bunch of Containers with the same
○ Lifecycle: live together, die together○ Network: same ip address,
same 127.0.0.0/8○ Volumes: can share data○ One common task○ Init Tasks○ Live and Readiness Checks
apiVersion: v1kind: Podmetadata: name: nginx labels: env: testspec: containers: - name: nginx image: nginx
PODS SHOULD NEVER BE DEPLOYED ALONE
● Deployments○ replicasets
■ pods● containers
● Jobs: pods that terminate● Replicationcontrollers, Replicasets,
(don’t use directly)● Daemonset: one per node● StatefulSets (aka PetSets): predictable names
○ volumes○ database clusters
apiVersion: apps/v1 #since 1.9kind: Deploymentmetadata: name: nginx-deployment labels: app: nginxspec: replicas: 3 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.7.9 ports: - containerPort: 80
Deployment
Replicaset
v1.7.9 v1.7.9 v1.7.9
Replicaset
v1.10.2 v1.10.2 v1.10.2
POD in K8S
Pod Centric View
from Roland Huss https://github.com/ro14nd-talks/kubernetes-patterns
Compute Node
Kubernetes LayerCalicoCNIPlugin
KernelIP TablesIP Routes
RR Route Reflector
BIRDBGP Felix
RR Route ReflectorRR Route
Reflector
eth0 eth1
Physical fabric (L2, L3, MPLS)
PodsPods
PodsPods
PodsPods
Pods
PodsPods
Pods
CALICO Network
KUBERNETES SERVICES
● Connecting Pods to the outside world
● identified by the selector○ key value pair○ app name
● ports ○ pod○ node○ loadbalancer
needs external support
kind: ServiceapiVersion: v1metadata: name: nginx-servicespec: selector: app: nginx type: Loadbalancer ports: - protocol: TCP port: 80 targetPort: 80
● strict tieredarchitecture○ separation of
stateless○ and persistent data
● inside the pods○ developers are free
to use what they want
○ contract is binding to the outside
Net
wor
k
sta
tele
ss
Fron
tend
stat
eles
s
WebportalWebportalWebportal
Fron
tend
C
ache
stat
eles
s
Bac
kend
S
ervi
ces
stat
eles
s
WebportalWebportalWeb Main App
WebportalWebportalNotificationWebportalWebportalUser Profile
Per
sist
ent
serv
ices
stat
eful
Networking Endpoints
Dataflow
Bigquery
Storage
Datastore
SQL
Pub Sub
USE.MANAGED.SERVICES.
BUSINESS VALUE
- faster deployments:- faster time to market
- more and faster testing- more teams - faster deployments- better quality
- less maintenance in operations- less load- simpler deployments
45The Products logos contained in this icon library may be used freely and without permission to accurately reference Google's technology and tools, for instance in books or architecture diagrams.
Load Testing Namespace Application Under Test Namespace
Dev Test > Scale Testing with Kubernetes+Locust
Test
Operator
Locust MasterContainer Engine
Locust WorkersContainer Engine
1 Tester starts test
2 Master starts load
3 Workers send request to FE service
4 FE pods talk to BE service
5 Worker report results
6 Tester views results
FrontendService
BackendService
1
2
3
4
5
6
Architecture: Dev Test > Scale Testing with Kubernetes+Locust
FrontendKubernetes Engine
BackendKubernetes Engine
KUBERNETES AUDIT LOGS
Kubernetes ClusterStackdriver
Architecture: Kubernetes Audit Logs to BiqQuery
Cloud Storage Big Query
https://cloud.google.com/solutions/pci-dss-compliance-in-gcp
PUBSUB MESSAGES TO KUBERNETES
Kubernetes Cluster
Architecture: Pubsub to Kubernetes
https://github.com/GoogleCloudPlatform/kubernetes-engine-samples/tree/master/cloud-pubsub
Pub Sub to Kubernetes
Pub Sub
QUESTIONS?
www.wabion.ch
Taking off with the Google Cloud Platform and Kubernetes
50
Michael Gomez, Co-Manager, Wabion AG
How to build an enterprise grade environment
www.wabion.ch
Wabion – Your Google Premier Partner
51
Leading Google Cloud Premier Partnerin DACH with local offices and staff in Switzerland and Germany.
We help our customers to achieve true Digital Transformation.
We trust Google. And Google trusts us.We are a certified Google Cloud Premier Partner.
www.wabion.ch
Wabion – Your Google Premier Partner
52
Your Google Cloud Service Partner
● Leading Google Cloud services provider in D-A-CH
● Consulting, Integration, SW Development, Operations
● 35+ certified & trained employees● Proven track record with large and
small customers● Broad network of local and
international IT matter experts
Your Google Cloud Reseller
● Certified for all Google Cloud products
● License advisory and optimization● Unique customer specific billing &
reporting capabilities● Your local contracting partner● Sometimes making the impossible
possible
Your AI Expert
● Machine Learning Partners as center of excellence
● Machine learning, data engineering and analytics
● Leveraging 20+ years of Google research in Artificial Intelligence for your projects
www.wabion.ch
Many more services to use...Compute
App Engine
Compute Engine
Container Engine
Container Registry
Cloud Functions
Networking
Cloud DNS
Virtual Private Cloud
Cloud Load Balancing
Cloud CDN
Cloud Interconnect
Big Data
BigQuery Cloud Dataflow
Cloud Dataproc
Cloud Datalab
Cloud Pub/Sub Genomics
Storage and Databases
Cloud Bigtable
Cloud Storage
Cloud Datastore
Cloud SQL
Cloud Spanner
Identity & Security
Cloud IAM Cloud Resource Manager
Cloud Security Scanner
BeyondCorp Data Loss Prevention
Identity-Aware Proxy
Security Key Enforcement
Persistent Disk
Machine Learning
Cloud Machine Learning
Cloud Vision API
Cloud Speech API
Cloud Natural Language API
Cloud Translation
API
CloudJobs API
Networking
KeyManagement
Service
Cloud Router
VPN
Firewall
External IP
www.wabion.ch
Many more services to use...Management Tools
Stackdriver Monitoring Logging Error Reporting Trace
Debugger Cloud Deployment
Manager
Cloud Endpoints
Cloud Console
Developer Tools
Cloud SDK Cloud Deployment
Manager
Cloud Source Repositories
Cloud Tools for
Android Studio
Cloud Tools for IntelliJ
Cloud Tools for
PowerShell
CloudTools for
Visual Studio
Google Plug-in for Eclipse
Cloud Test Lab
Cloud Shell
Cloud Mobile App
Cloud Billing API Cloud APIs
www.wabion.ch
Enterprise Application Stack
Apps
Technology stack
Enterprise FoundationCentrally managed
Specific to business area
Internal or external facing
Start here
www.wabion.ch
Enterprise Application Stack
Apps
Technology stack
Enterprise FoundationCentrally managed
Specific to business area
Internal or external facing
Start here
www.wabion.ch
Enterprise Application Stack
57
Enterprise Foundation
Storage Data Analytics Machine Learning ContainersCompute
Technology Stack
App
Applications
MonitoringNetworkingCloud IAM BillingCloud Identity Support
www.wabion.ch
The Project
58
Resource container
IAM construct
Totally separated from one another
Resources are part of a project
www.wabion.ch
General Hierarchy
59
Fold
ers
(4)
Org
aniz
atio
nPr
ojec
tsRe
sour
ces
Top-down inheritance: additive only
www.wabion.ch
Identities, roles and resources
60
Service Account GroupUser Account
IAM
Rol
eId
entit
yRe
sour
ces
www.wabion.ch
Users and Groups
61
Group
User Account
*Cloud Identity
www.wabion.ch
Sync from your Directory
62
GCDSLDAP Directory
Users, aliases, profiles,
groups, OUs, and contacts
LDAP / LDAP + SSL HTTPS
One-way syncDelta sync
Scheduled or manualOn/off boarding
Uses Google APIsMultiple auth methods
www.wabion.ch
Service Accounts are Identities AND Resources
63
Service Account instanceAdmin Role Compute Instances
Identity IAM Role Resource
Service AccountUser/Group ServiceAccountActor Role
Identity IAM Role Resource
www.wabion.ch
Billing
64
ProjectProjectProject
Partner Billing Account
Project-level bill Project-level bill Project-level bill
Bills itemised by resource type
Invoices according tocustomers needs
Organization Billing Group
Customer specific billing rules
www.wabion.ch
Role based support
65
Role Price Response Time For Whom
Basic $0 n.a.For those who need read-only access to the
support cases of the account.
Development$100 per
user per
month
4-8 business hoursFor those who develop the solution; focus is on
depth of investigation, and thorough response.
Production$250 per
user per
month
1 hour for Priority 1For those who manage the solutions that are
launched and live. Fast, but thorough responses.
www.wabion.ch
Role based support - Why?
66
Customizability - choose the right levels of support to meet your needs1
Flexibility - month-to-month, change support configurations as your needs evolve2
3 Predictability - flat monthly pricing, no surprises
www.wabion.ch
Networking - Regions and Zones
67
www.wabion.ch
Networking - Internal Principles
68
Network
Region
Zone Zone
10.0.0.0/8
Subnet
192.168.0.0/16
Subnet
Project
Region
Zone
172.16.0.0/12
Subnet
www.wabion.ch
Networking - Connectivity
69
Simple
Resilient
Use Google’s existing edge network
Public Internet
Utilize existing BGP route selection and internet routing
Greater control of peering facilities
Requirements for peering
Direct Peering
Offers benefits of peering when requirements cannot be met
Service provider partners can provide SLA
Carrier Interconnect
Lower GCP egress cost
Dedicated Bandwidth and SLA
Private space RFC-1918 addressing
Control of circuit location
Dedicated Interconnect
www.wabion.ch
Networking - Google Edge Nodes CH
70
as of Nov 2018
www.wabion.ch
Monitoring - Stackdriver - BYOM
71
Endpoint checks to internet-facing services
Uptime checks for URLs, groups, or resources
Plugins for many major stacks (Apache, MySQL, CouchDB etc.)
Monitoring
Google Cloud PlatformAmazon Web ServicesHybrid configuration
Combines metrics, logs, and metadata
Multi-Cloud
Filter, search, and view
Define metrics, dashboards, and alerts
Export to BigQuery, Google Cloud Storage, and Pub/Sub
Logging
Built on the same systems that power Google’s global infrastructure
Unprecedented scale, performance, and resiliency
Performance
www.wabion.ch 72
www.wabion.ch
Join us @ Google Cloud Summit
73
goo.gl/GXMffb
www.wabion.ch
Q & A
74
Today’s speakers
Valeria Agnolotti valea@google.com
Daniel Messer danielmesser@google.com
Thomas Fricke thomas@endocode.com
Michael Gomez michael.gomez@wabion.ch
top related