AWS in SW ProjectIndustry case: Microservices Deployment into AWS

Anna Ruokonen / anna.ruokonen@gofore.com / 11.10.2019

11.10.2019

We change the world for the be1er through digitalisa5on and by renewing ways of working

Gofore OyjEstablished 2001

Strongly growing company:• Turnover 2018 n. 50 M€ (+49%)• 558 professioanls (6/2019)• 170+ clients• Four acquisition (Leadin, Solinor,

Silver Planet, Mangodesign)• Listed in First North 2017

2007-2014

We build the change with you

C L O U D

– ensure agile

development and light

maintenance.

L E A D

the digital change.

D E S I G N

new, user-oriented

digital services.

B U I L D

digital services and

service architecture of

the future .

Gofore infrastucture

Helsinki, Jyväskylä, Munchen, Swansea, Tampere, Turku, Tallinn

Javascript/Node.js29%

Java23 %

C#13 %

Python13 %

O ther9 %

PH P6 %

Scala4 %

Kotlin3 %

Clo jure1 %

BACKEND

React46%

O ther24 %

A ngular13 %

Vue.js8 %

A ngular js4 %

React N ative

3 %jQ uery3 %

React.js1 %

JSP1 %

FRONTEND

USED TECHNOLOGIES MOBILE DEVELOPMENT PROJECT LENGTH

44% 33% 22% 11%

11%

React NaPve PWA Android Flutter iOS

DEVELOPERS PER TEAM

13%

52%

19%

16%

<3months

3 – 12m onths

1 – 3years

> 3years

27%

10%

46%18%

LOCATION OF WORK

At G ofore’s office & rem otely

At client prem ises Com bination ofboth

61% 19% 20%

LANGUAGE USED IN PROJECT

FI EN

Finnish68%

English32%

CI / CD PLATFORMS IN PROJECTS ABSTRACTION LEVEL FOR INFRASTRUCTURE ORCHESTRATION TECHNOLOGIES IN PROJECTS

DEPLOYMENT FREQUENCY

44%

29%

13%

14%3 – 12months > 3years

41% 33% 17% 9%

NO OF PROJECTS PER DEVELOPER

47% 25%

Jenkins VSTSCircle

13%15% 3%

Travis

Bamboo

LOCATION OF INFRA IN PROJECTS

46% 33%

AWS Datacenter

Azure

4%23% 1%

Googlecloud

Heroku

54%

50%

22%

8%

V i r t u a l M a c h i n e s

C o n t a i n e r s

S e r v e r l e s s

P h y s i c a l h a r d w a r e

Infrequently

Every few w eeks

W eekly

D aily

29% 16%

Customscripts ECSKubernetes

11% 3%

Marathon

Dockerswarm

3%

Agenda● AWS Cloud infrastructure and core services

● Microservices

● How to manage your cloud infrastructure?

● Industry case: Microservices Deployment into AWS

Regions and availability zones

The AWS Cloud spans 69 Availability Zones within 22 geographic Regions around the

world

● Performance

● Availability

● Security

● Reliability

● Scalability

● Low-Cost

hEps://aws.amazon.com/about-aws/global-infrastructure/

Simple Storage Service - S3

● Object storage● Amazon S3 automatically scales to high request rates.● Used to store and retrieve any amount of data (files)● Data is stored as objects within resources called “buckets”, and a single object can

be up to 5 terabytes in size.● Static website hosting

Other storages EBS, databases,..

Elas%c Compute Cloud - EC2● Virtual machines● Prizing: On-Demand, Reserved, and Spot● Host type: Shared HW, Dedicated Host, and Dedicated Instance ● Amazon Machine Image● Security Groups act as instance level firewall

Elastic Load Balancer - ELB

Application Load Balancer

● HTTP and HTTP● Distributes incoming application traffic multiple targets

○ EC2 instance, container, IP, and Lambda● Path-based routing ● SSL termination● Authentication● AWS WAF

Network Load Balancer

● TCP

Virtual Private Cloud - VPC● Enables you to launch AWS resources into a virtual network that you've defined. Your

data center in the cloud.● A subnet is a range of IP addresses in your VPC● You define internet connecCvity: Private or Public subnet● Network Access Control Lists (ACLs)

Use cases:

● Separate dev/test/prod: mulCple VPCs● N-Cer architecture (mulCple subnets)

Databases● Relational Databases

○ RDS - (MySQL, MariaDB, PostgreSQL, Oracle, and Microsoft SQL Server DB)○ Aurora - serverless

● NoSQL○ DynamoDB - serverless○ DocumentDB

Microservices● Applications composed of independent services that communicate over well-defined

APIs● Autonomous● Specialized

Containers

● Repeatable● Self-contained execution environments● Lightweight

Elastic Container Service (ECS)● Orchestrates the execution of containers● Maintains and scales the fleet of nodes running your containers● Removes the complexity of standing up the infrastructure

Fargate● Fully managed container service● Provisioning and managing clusters● Management of runtime environment● Scaling

Elas%c Container Service (ECS)

Elas%c Kubernetes Service (EKS)● Kubernetes is an open-source system for automa%ng deployment, scaling, and

management of containerized applica%ons

● Makes it easy to deploy, manage, and scale containerized applica%ons

● Amazon EKS runs the Kubernetes management infrastructure for you

● Amazon ECR for container images

● Elas%c Load Balancing for load distribu%on

Elastic Kubernetes Service (EKS)

Lambda

● Fully managed compute service ● Runs stateless code ● Supports Node.js, Java, Python, C# , Go, and Ruby● Runs your code on a schedule or in response to events● You are charged based on the number of requests for your functions and the

duration

● You can build Serverless microservices with Lambda● Integrated with API Gateway: Serverless APIs● Integrated with ALB

Infrastructure as a Code (IaaC)Versioning, Code review

Cloudformation

● AWS solution● manages the state for you● JSON or YAML

Terraform

● 3rd party● complex logic● flexible

IaaC: Cloudforma-on exampleResources:Ec2Instance:Type: 'AWS::EC2::Instance'Properties:SecurityGroups:- !Ref InstanceSecurityGroup- MyExistingSecurityGroup

KeyName: mykeyImageId: ami-7a11e213

InstanceSecurityGroup:Type: 'AWS::EC2::SecurityGroup'Properties:GroupDescription: Enable SSH access via port 22SecurityGroupIngress:- IpProtocol: tcpFromPort: '22'ToPort: '22'CidrIp: 0.0.0.0/0

CI/CD pipelinesAWS Tools

● Code Commit● Code Build● Code Deploy● Elastic Container Registry (ECR)

Other tools

● GitLab CI/CD (https://docs.gitlab.com/ee/ci/README.html)

● Jenkins

Case: IIoT pla,orm - (Apps and Microservices)

API Gateway

MonitoringAnalytics Process

/devices /metadata

/processes

/performance

/customers

AWS Application Load Balancer

/users

/signalData

Case: IIoT pla,orm - (Apps and Microservices) ● GitLab CI/CD pipelines

● Microservices are deployed as Docker containers into Kubernetes cluster (EKS + EC2)

● Front-end applicaHons are deployed into S3 bucket

● Build pipeline and Deploy pipeline

● Dev/test deployment is automaHc

● ProducHon deployment needs manual trigger

● DownHme close to zero

Build

Review

Dev

Staging

Production

Deploy

GitlabGitlab CI/CD

S3/k8s

git push

npmregistry (nexus)

Docker registry (Gitlab)

automatic

manual

Pipeline Overview

GitLab CI/CD● GitLab CI/CD is configured by a file called .gitlab-ci.yml placed at the

repository’s root

● The scripts set in this file are executed by the GitLab Runner

● GitLab CI/CD builds, tests, and deploys your applications to any AWS infrastructure whether you are using EC2, ECS, or EKS.

CI/CD Pipeline Structure

CI/CD Pipeline Structure

analytics deploy_analytics

Front-end applica/ons - Serverless● React and Angular applica/ons are deployed into S3 bucket● Copy compiled bundle in S3 bucket● Kubernetes handles incoming traffic

variables:S3_BUCKET_NAME: "yourbucket"

build:..

deploy:image: python:latestscript:- pip install awscli- aws s3 cp ./dist s3://$S3_BUCKET_NAME/ --recursiveonly:- master

Microservices - EKS● Microservices are deployed on EKS cluster● Gitlab Pipeline: Build - Publish - Deploy● Deployment.yaml

○ Replicas○ Strategy (e.g. rolling, recreate, blue/green, canary)○ Containers○ Probes: readiness, healthy

● kubectl: kubectl apply -f deployment.yaml

apiVersion: apps/v1kind: Deploymentmetadata:name: hello-world

spec:replicas: 3strategy:type: RollingUpdaterollingUpdate:maxSurge: 1maxUnavailable: 33%

deployment.yaml

template:spec:containers:- name: helloimage: hello-world:<VERSION>ports:- containerPort: 8080

readinessProbe:httpGet:path: /healthyport: 8080

initialDelaySeconds: 2periodSeconds: 2

build:...publish:...deploy:stage: deployimage: helm-kubectlscript:- kubectl config set-cluster k8s --server="${SERVER}"- kubectl config set clusters.k8s.certificate-authority-data ${CERTIFICATE_AUTHORITY_DATA}- kubectl config set-credentials gitlab --token="${USER_TOKEN}"- kubectl config set-context default --cluster=k8s --user=gitlab- kubectl config use-context default- sed -i "s/<VERSION>/${CI_COMMIT_SHORT_SHA}/g" deployment.yaml- kubectl apply -f deployment.yaml

.gitlab-ci.yml

Pipeline Philosophy

● Separation of concerns (build, deploy)● Reusability (shared pipeline code)● Build/Generate only once● Aim for "internal open-source model" (e.g. shared npm packages)● Aim for best practices and standard conventions used by open-source communities

(Javascript/Typescript)

(Aki Mäkinen, Gofore)

Thank You

Anna Ruokonen anna.ruokonen@gofore.com