[email protected] linkedin.com/in ... - andrena azure devops deliver value to your...
TRANSCRIPT
linkedin.com/in/sebastian-spross
Innovation after one decision
Culture and org charts
http
://w
ww
.bon
kers
wor
ld.n
et/im
ages
/201
1.06
.27_
orga
niza
tiona
l_ch
arts
.png
http
://w
ww
.bon
kers
wor
ld.n
et/im
ages
/201
1.06
.27_
orga
niza
tiona
l_ch
arts
.png
2016
.NET Core 1.0
PowerShell Core
Windows Subsystem for Linux in Windows 10
Microsoft joins Linux foundation
GitHub recognizes Microsoft as a top open source contributor
2017
Microsoft Azure Kubernetes Service launched
Draft, Brigade, Kashti projects submitted to Kubernetes community
Microsoft joins Cloud Native Computing & Cloud Foundry Foundations
SQL 2017 on Linux
Windows source code moved to Git
Azure Databricks (Apache Spark) announced
2012
Microsoft Open Source
2018
Azure DevOps
Azure DevOps
Deliver value to your users faster
using proven agile tools to plan,
track, and discuss work across
your teams.
Build, test, and deploy with CI/CD that
works with any language, platform,
and cloud. Connect to GitHub or any
other Git provider and deploy
continuously.
Get unlimited, cloud-hosted
private Git repos and collaborate
to build better code with pull
requests and advanced file
management.
Test and ship with confidence
using manual and exploratory
testing tools.
Create, host, and share packages with
your team, and add artifacts to your
CI/CD pipelines with a single click.
Azure Boards Azure Repos Azure Pipelines
Azure Test Plans Azure Artifacts
https://azure.com/devops
Broadening the Azure Ecosystem
People. Process. Products.
What is DevOps?
DevOps is the union of people,
process, and technology to
enable continuous delivery of
value to your end users.
Build&
Test
Continuous Delivery
Deploy
Operate
Monitor &
Learn
Plan &
Track
Develop
Innovation after one decision
If you have a preferred container platform
Pivotal Cloud Foundry Kubernetes Docker Enterprise Edition
Red Hat OpenShift Mesosphere DC/OS
Lets help you bring that platform to Azure
Kubernetes: the industry leading orchestrator
Portable
Public, private, hybrid,
multi-cloud
Extensible
Modular, pluggable,
hookable, composable
Self-healing
Auto-placement, auto-restart,
auto-replication, auto-scaling
#2 overall
individual
contributor to
Kubernetes
(Brendan Burns)
#4 overall individual
contributor to Docker
(John Howard)
#1-3 overall
individual
contributors to
Helm
70 Microsoft
employees have
made
contributions to
Kubernetes
Microsoft contributes open source containers
Microsoft leads open source communities
Two members of the
Kubernetes
steering committee
Member of the
technical board of the
Cloud Native
Compute Foundation
Board member of the
Linux Foundation
Several leads or co-
leads of Kubernetes
SIGs (special
interest groups)
Helm – The de-facto
package manager for
kubernetes (https://helm.sh),
Top level CNCF project
Draft – A rapid-
development
environment for new
kubernetes
developers
(https://draft.sh)
Brigade – Easy to use
javascript based
workflow definition for
kubernetes
(https://brigade.sh)
Kubernetes + VS-Code
(https://github.com/Az
ure/vscode-
kubernetes-tools )
open source
App1 App2
Orchestrator
App Type Packages Service Fabric Cluster VMs
App1 App2
Handling Machine Failures
#FAIL
App Type Packages Service Fabric Cluster VMs
App1 App2
Orchestration Basics - Capacity
App Type Packages Service Fabric Cluster VMs
App1 App2
Orchestration Basics - Balancing
App Type Packages Service Fabric Cluster VMs
App1 App2
Orchestration Basics – Scaleout Service
App Type Packages Service Fabric Cluster VMs
App1 App2
Orchestration Basics – Scaleout Cluster
App Type Packages
UD3
UD2
UD1
App1 App2
Orchestration Basics - Upgrade
App2.1
App Type Packages Service Fabric Cluster VMs
Kubernetes Architecture
Scale Up & Down
CPU Load
Bursting with the ACI Connector
Kubernetes control plane
Application
architect
Infrastructure
architect
Azure Container Instances (ACI)
AC
I C
on
necto
r
Pod
Pod Pod
Pod
Pod Pod
Pod
Pod Pod
Pod
Pod Pod
VM VM
VM VM
Deployment/
tasks
Pod Pod Pod Pod Pod
Pod Pod Pod Pod Pod
Pod Pod Pod Pod Pod
Pod Pod Pod Pod Pod
Pod Pod Pod Pod Pod
Azure Container Instances (ACI) PREVIEW
Azure Container Instances (ACI)
Open Service Broker API (OSBA)
Release Automation Tools
Waste Waste
Waste Waste Pod Pod
Pod Pod
Azure Container Registry (ACR)
ACS Engine
Azure Container Registry Manage a Docker private registry as a first-class Azure resource
Use familiar, open-
source Docker CLI tools
Azure Container Registry
geo-replication
Manage images for all
types of containers
Authenticate using Azure
Active Directory Identity Integrated OS &
Framework Patching
Secure images by default
with quarantine pattern
Built-in
Azure Container Instances (ACI)
Azure Container Registry (ACR)
Release Automation Tools
ACS Engine
Open Service Broker for Azure (OSBA)
Build/CI,
Integrate,
Test
Run, Manage,
Integrate
Container Service
Service Fabric
Batch
App Services
…
Azure
Container
Registry
Code
Run
Validate
Debug
CD, Deploy Source Code
Control (SCC)
Functions
Analyze, Understand, Improve
ACI
Helm The best way to find, share, and use software
built for Kubernetes
Manage complexity
Charts can describe complex
apps; provide repeatable
app installs, and serve as a
single point of authority
Easy updates
Take the pain out
of updates with in-
place upgrades and
custom hooks
Simple sharing
Charts are easy to
version, share, and host
on public or private
servers
Rollbacks
Use helm rollout to
roll back to an older
version of a release
with ease
Helm Helm Charts helps you define, install, and upgrade
even the most complex Kubernetes application
custom
services
Chart.yml
db load balancer
ci
…
Azure Dev Spaces
https://docs.microsoft.com/en-gb/azure/dev-spaces/azure-dev-spaces
Kubectl
1. API Server
Security
AKS Object ARM API
Networking
Compute
Storage
AKS RP
Admins
User
Kube Event
Dev
Pull images
Azure resources in MC_* Resource Group 6. Pod Security
4. Secrets to access external resources
5. Network isolation of pods and app
resources
2. Securing ingress and egress traffic towards users and services
3. Securing images
Motivation for Network Policy
Kubernetes Network Policy
Kubernetes Network Policy Example apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: my-network-policy
namespace: my-namespace
spec:
podSelector:
matchLabels:
role: db
ingress:
- from:
- podSelector:
matchLabels:
role: frontend
ports:
- protocol: TCP
port: 6379
Role: db Role: db
role: db
role: frontend
role: helper
TCP 6379
role: frontend
Kubernetes Network Policy Example apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: my-network-policy
namespace: my-namespace
spec:
podSelector:
matchLabels:
role: db
ingress:
- from:
- podSelector:
matchLabels:
role: frontend
ports:
- protocol: TCP
port: 6379
Role: db Role: db
role: db
role: frontend
role: helper
TCP 6379
role: frontend
Kubernetes Network Policy Example apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: my-network-policy
namespace: my-namespace
spec:
podSelector:
matchLabels:
role: db
ingress:
- from:
- podSelector:
matchLabels:
role: frontend
ports:
- protocol: TCP
port: 6379
Role: db Role: db
role: db
role: frontend
role: helper
TCP 6379
role: frontend
Kubernetes Network Policy Example apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: my-network-policy
namespace: my-namespace
spec:
podSelector:
matchLabels:
role: db
ingress:
- from:
- podSelector:
matchLabels:
role: frontend
ports:
- protocol: TCP
port: 6379
Role: db Role: db
role: db
role: frontend
role: helper
TCP 6379
role: frontend
Kubernetes Network Policy Example apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: my-network-policy
namespace: my-namespace
spec:
podSelector:
matchLabels:
role: db
ingress:
- from:
- podSelector:
matchLabels:
role: frontend
ports:
- protocol: TCP
port: 6379
Role: db Role: db
role: db
role: frontend
role: helper
TCP 6379
role: frontend
Work how you want with opensource tools and APIs
LinkerD
Stats
Deployed Cluster
on Azure
ARM template file
ACS-engine cluster
definition file
Running AKS on Azure stack
Hotel Staff
Android
Hotel Staff
iOS
Hotel Guest
Android Hotel Guest
iOS
Hotel Guest
Web
Visual Studio App Center
HockeyApp iOS, Android, UWP
Visual Studio App Center
Visual Studio App Center
Inp
uts
Outp
uts
CODE
https://docs.microsoft.com/en-us/azure/azure-functions/supported-languages
Lig
ht B
lue
R0 G
188 B
242
Gre
en
R16 G
124 B
16
Red
R232 G
17 B
35
Mag
en
taR
180 G
0 B
158
Pu
rple
R92 G
45 B
145
Blu
eR
0 G
120 B
215
Teal
R0 G
130 B
114
Yello
wR
255 G
185 B
0
Ora
ng
eR
216 G
59 B
1
Lig
ht Y
ello
wR
255 G
241 B
0Lig
ht O
ran
ge
R255 G
140 B
0Lig
ht M
ag
en
taR
227 G
0 B
140
Lig
ht P
urp
leR
180 G
160 B
255
Lig
ht T
eal
R0 G
178 B
148
Lig
ht G
reen
R186 G
216 B
10
Dark
Red
R168 G
0 B
0D
ark
Mag
en
ta
R92 G
0 B
92
Dark
Pu
rple
R50 G
20 B
90
Mid
Blu
eR
0 G
24 B
143
Dark
Teal
R0 G
75 B
80
Dark
Gre
en
R0 G
75 B
28
Dark
Blu
eR
0 G
32 B
80
Mid
Gra
yR
115 G
115 B
115
Dark
Gra
yR
80 G
80 B
80
Ric
h B
lack
R0 G
0 B
0
Wh
iteR
255 G
255 B
255
Gra
yR
210 G
210 B
210
Lig
ht G
ray
R230 G
230 B
230
Azure Functions is an open-source project Functions runtime and all extensions are fully open source
https://github.com/Azure/Azure-Functions
IoT Devices
Storage
Resource Groups
Cloud Subscriptions
Streaming Data
Tables
Discovering events is expensive
Application
1st party events
IoT Devices
Storage
Resource Groups
Cloud Subscriptions
Streaming Data
Tables
Processing events is cumbersome
Application
Code
</>
Infrastructure
1st party events
IoT Devices
Storage
Resource Groups
Cloud Subscriptions
Streaming Data
Tables
Communication between app components is complicated
Service 1
Code
</>
Service 2
Code
</>
Custom app specific events
Infrastructure Infrastructure
1st party events
IoT Hub
Blob Storage
Resource Groups
Azure Subscriptions
Event Hubs
Storage (GPv2)
What if it could be simpler?
Serverless
Function 1
Code
</>
Custom app specific events
1st party events
Code
</>
Serverless
Function 2
Event Grid Event Grid Functions Functions
IoT Hub
Blob Storage
Resource Groups
Azure Subscriptions
Event Hubs
Custom Topics
Storage (GPv2)
Azure Functions
Logic Apps
Azure Automation
WebHooks
Event Hubs
….and more!
Façade and front door
Developer portal
Azure portal
Gateway
Publish, Operate & Monitor
Mediate
Consume
Versions and revisions in API Management
/v1
/v2
;rev=1
;rev=2
;rev=3
;rev=4
;rev=1
;rev=2
/speakers
/sessions
/days
https://example.org/ foo
Policy scopes
global
product
api
operation
to backend
from backend
from caller
to caller
GET /foo/bar HTTP/1.1
Host: api.constoso.com
Key: 0123456789
0123456789
/foo
/bar
Policy expressions • C# “snippets” embedded in policies
• Have read-only access to the request context
• Can only use whitelisted .NET types
• Are used to dynamically configure or conditionally execute policies