Taking off with the Google Cloud Platform and Kubernetes - Wabion
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Taking off with the Google Cloud Platform and Kubernetes
Agenda An Introduction to Google Cloud
Kubernetes - The OS for the Public and
Private Clouds
How to build an enterprise grade
environment
Networking, Coffee, Snacks
2
Valeria Agnolotti (Partner Manager)
Daniel Messer (Partner Engineer)
An introduction
to Google Cloud )
es of
in trac
conta
(may
Seven products with over
one billion users each,
all powered by the cloud
Google Android Google Gmail
Search Maps
Google YouTube Chrome
Play
Google Cloud
$30.9 billion
investment in the last 3 years
Over 1 billion
unique IP addresses served daily
Global Scale
15 regions currently with 6 more coming soon,
new servers added every 3 seconds
High reliability
uncommon across industry
Better global network infrastructure
Hundreds of thousands of miles of fiber optic cable connecting all of our
datacenter regions and 100+ points of presence
3
FASTER (US, JP, TW) 2016
Havfrue (US,IE, DK) 2019
3 3
3 3
3 3 3
4
3 3 3
3 3
3
3
3 3 SJC (JP, HK, SG) 2013
HK-G (HK, GU) 2019
Unity (US, JP) 2010
Curie (CL, US) 2019
2 PLCN (HK, LA) 2019
Current region and number of zones
3 Monet (US, BR) 2017
3 Future region and number of zones
Junior (Rio, Santos) 2017
Network
Tannat (BR, UY, AR) 2017
Edge points of presence >100
Indigo (SG, ID, AU) 2019 Edge node locations >1000
Security: defense in depth
Titan
Google’s purpose-built chip to
establish hardware root of trust for
both machines and peripherals on
cloud infrastructure
Confidential & Proprietary
...no perceptible impact in our cloud and required no customer downtime in part due to Google Cloud Platform’s Live Migration technology. Ben Treynor-Sloss, Vice President, 24x7
Demis Hassabis
CEO DeepMind
Confidential + ProprietaryAI: fastest growing
cloud workload
AI solution deployed
AI investment
AI is changing the world around us
$
Revenue / Cost Google has deep expertiseTwo Flavors of Machine Learning
Custom ML models Pre-trained ML models
Vision API Speech API Jobs API
TensorFlow Machine Learning
Engine
Natural Translation Video
Language API API Intelligence API
Confidential + ProprietaryIt’s a multi-cloud world
Maturity of Availability of Availability of Time to
SLAs Security
SaaS offerings resellers system integrators deployment
Public Hybrid Private
Geographic Viability of Integration Compliance /
Performance Data size
reach alternate services complexity regulatory
Open source is criticalThe incredible Kubernetes ecosystem
442 Years of effort* 5,000+ Contributors 30k+ GitHub stars
*Sources: COCOMO Model, CNCF.io Certified ProvidersWhat is Kubernetes?
● A portable, open-source, container-centric
management platform
● Built-in primitives for deployments, rolling
upgrades, scaling, monitoring, and more
● Inspired by Google’s internal systems
● Get true workload portability and increased
infrastructure efficiency
15But getting
started can be
challenging
16And don’t ●
●
Managing components
Encrypting and securing etcd
forget ● Configuring HA
“Day 2” ops ●
●
Rolling out security patches
Backups and disaster recovery
● Bootstrapping TLS
● Managing users and policies
17Kubernetes
the Easy Way
Start a cluster with one-click
View your clusters and workloads in a
single pane of glass
Google keeps your cluster up and running
18Google
Kubernetes Engine
19Production Get Started
Quickly
Reliable and
Available
Integrated with
GCP
Ready Use the Cloud
Console to
GKE
automatically
Take advantage
of the deep
Kubernetes easily create a
cluster and view
repairs,
upgrades, and
integration with
Google Cloud
your workloads scales your Platform
cluster with a features and
high-availability services
control plane
20Running Kubernetes at 50% cost
Architecture: Run Workloads preferrably on Preemptible GKE Nodes
Cost example (europe-west3):
n1-standard-1
K8S Cluster
Cloud
DNS
Name
Standard Price: $0.0612
Node Pool A
Kubernetes Engine Preemptible Price: $0.01230
Compute Engine
Regular VMs
Stateful Service n1-highem-2
Cloud Load Stateful Service Standard Price: $0.1523
Balancing
Preemptible Price: $0.03050
Stateless Service
Node Pool B
Compute Engine
Stateless Service
Preemptible VMs
Batch Job
Clients
21Integrating Kubernetes in CI/CD
Cloud Source Container Kubernetes
Developer Cloud Build Registry Engine
Repositories
Developer commits Commit triggers new Build runs unit tests New image is scanned Run canary tests and Deploy canaries and
changes build and creates image & triggers deployment canary analysis prod version with
binary authorization
22Machine Learning with Kubernetes
Kubernetes
Engine
● Hardware abstraction
● Framework / Tooling encapsulation
● Model portability / Repeatable workflows
Nvidia Tesla K80 Nvidia Tesla P4 Nvidia Tesla V100
● Consistent Developer Experience
23GKE on premise*
Orchestrate and manage
on-prem containers just like
GKE in the cloud
Cluster environments are
consistent (k8s version, OS
image, plug-ins, components
configuration)
Single-pane-of-glass for
multiple Kubernetes clusters,
no matter where
* Generally beginning of next 24
yearServerless with GKE GKE serverless add-on*
1-step deploy Run serverless Auto-scale
workloads
1-step install add-on Auto-scale your
on GKE Go from source to stateless container
URL based workloads
Deploy with less
config/code Automatically deploys Scale down to zero
containers and
provision ingress
* Generally available later Developed open source 25
this year under the Knative projectThank you
That’s a wrap.
Kubernetes
The OS for the Public and Private Clouds
thomas@endocode.comHI!
Thomas Fricke
thomas@endocode.com
CTO Endocode
● System Automation
● DevOps
● Cloud, Database and Software
Architect
● K8S since September 2015ENDOCODE
● Berlin, Germany based Company
● Focus
○ Open Source
○ Compliance
○ Automation
○ Kubernetes
○ Google Cloud
● Development
● Implementation ProcessesKubernetes Greek for “Helmsman”; also the root of the words “governor” and “cybernetic” ● Runs and manages containers ● Inspired and informed by Google’s experiences and internal systems ● Supports multiple cloud and bare-metal environments ● Supports multiple container runtimes ● 100% Open source, written in Go Manage applications, not machines
The 10000 foot view
kubelet
API
apiserver
etcd
CLI kubelet
scheduler
UI
controllers
kubelet
users master nodesAll you really care about
Container
API Cluster
UIKUBERNETES PODS
● Core Concept the Kubernetes Microservice apiVersion: v1
● Bunch of Containers with the same kind: Pod
○ Lifecycle: live together, die together metadata:
name: nginx
○ Network: same ip address,
labels:
same 127.0.0.0/8 env: test
○ Volumes: can share data spec:
○ One common task containers:
- name: nginx
○ Init Tasks
image: nginx
○ Live and Readiness ChecksPODS SHOULD NEVER BE DEPLOYED ALONE
apiVersion: apps/v1 #since 1.9
kind: Deployment
metadata:
name: nginx-deployment
labels:
● Deployments app: nginx
spec:
○ replicasets replicas: 3
selector:
■ pods matchLabels:
● containers app: nginx
template:
● Jobs: pods that terminate metadata:
● Replicationcontrollers, Replicasets, labels:
(don’t use directly) app: nginx
● Daemonset: one per node spec:
● StatefulSets (aka PetSets): predictable names containers:
- name: nginx
○ volumes
image: nginx:1.7.9
○ database clusters ports:
- containerPort: 80Deployment
Replicaset Replicaset
v1.7.9 v1.7.9 v1.7.9 v1.10.2 v1.10.2 v1.10.2POD in K8S Pod Centric View from Roland Huss https://github.com/ro14nd-talks/kubernetes-patterns
CALICO Network
Kubernetes Layer
Calico
CNI
Plugin
Pods Pods
BIRD Pods Pods
Felix Pods Pods
BGP Pods Pods
Compute Node
Pods Pods
RR Route
RR Route
Reflector
RR Route
Reflector
IP Routes IP Tables
Kernel
Reflector
eth0 eth1
Physical fabric (L2, L3, MPLS)KUBERNETES SERVICES
● Connecting Pods to the
outside world kind: Service
apiVersion: v1
● identified by the selector metadata:
name: nginx-service
○ key value pair
spec:
○ app name selector:
app: nginx
● ports type: Loadbalancer
○ pod ports:
○ node - protocol: TCP
port: 80
○ loadbalancer targetPort: 80
needs external support● strict tiered
stateless
Network
architecture
○ separation of Networking Endpoints
stateless
Frontend
stateless
○ and persistent data Webportal
Webportal
Webportal
● inside the pods
○ developers are free
Frontend
stateless
Cache
to use what they
want
○ contract is binding
stateless
Backend
Services
to the outside Webportal
Web Main
Webportal Webportal
Webportal Webportal
Webportal
Notification User Profile
App
Dataflow
SQL
Persistent
Storage
services
stateful
Bigquery Pub Sub
DatastoreUSE. MANAGED. SERVICES.
BUSINESS VALUE
- faster deployments:
- faster time to market
- more and faster testing
- more teams
- faster deployments
- better quality
- less maintenance in operations
- less load
- simpler deploymentsDev Test > Scale Testing with Kubernetes+Locust
Architecture: Dev Test > Scale Testing with Kubernetes+Locust
Load Testing Namespace Application Under Test Namespace
Frontend
Kubernetes Engine 4
Test
Operator
2
6
Locust Master Locust Workers Frontend Backend
3
Container Engine Container Engine Service Service
1
5
Backend
Kubernetes Engine
1 Tester starts test 4 FE pods talk to BE service
2 Master starts load 5 Worker report results
3 Workers send request to FE service 6 Tester views results
The Products logos contained in this icon library may be used freely and without permission to accurately reference Google's technology and tools, for instance in books or architecture diagrams. 45KUBERNETES AUDIT LOGS
Architecture: Kubernetes Audit Logs to BiqQuery
Kubernetes Cluster
Stackdriver Cloud Storage Big Query
https://cloud.google.com/solutions/pci-dss-compliance-in-gcpPUBSUB MESSAGES TO KUBERNETES
Architecture: Pubsub to Kubernetes
Pub Sub to Kubernetes
Pub Sub Kubernetes Cluster
https://github.com/GoogleCloudPlatform/kubernetes-engine-samples/tree/master/cloud-pubsubQUESTIONS?
Taking off with the Google Cloud Platform and Kubernetes
How to build an enterprise grade environment
Michael Gomez, Co-Manager, Wabion AG
www.wabion.ch 50Wabion – Your Google Premier Partner
Leading Google Cloud Premier Partner
in DACH with local offices and staff in
Switzerland and Germany.
We help our customers to achieve true Digital Transformation.
We trust Google. And Google trusts us.
We are a certified Google Cloud Premier Partner.
www.wabion.ch 51Wabion – Your Google Premier Partner
Your Google Cloud Service Partner Your Google Cloud Reseller Your AI Expert
● Leading Google Cloud services ● Certified for all Google Cloud ● Machine Learning Partners as
provider in D-A-CH products center of excellence
● Consulting, Integration, ● License advisory and optimization ● Machine learning, data
SW Development, Operations ● Unique customer specific billing & engineering and analytics
● 35+ certified & trained employees reporting capabilities ● Leveraging 20+ years of Google
● Proven track record with large and ● Your local contracting partner research in Artificial Intelligence
small customers for your projects
● Sometimes making the impossible
● Broad network of local and possible
international IT matter experts
www.wabion.ch 52Many more services to use...
Compute Storage and Databases Networking
Compute App Container Cloud Cloud Cloud Virtual Private Cloud Load Cloud Cloud External
Engine Engine Engine Storage Bigtable Datastore Cloud Balancing CDN Router IP
Container Cloud Cloud Cloud Persistent Cloud
Registry Functions Cloud DNS Networking VPN
SQL Spanner Disk Interconnect
Big Data Machine Learning Identity & Security
Cloud Cloud Cloud Machine Cloud Cloud Cloud Resource Cloud Security Key
BigQuery Cloud IAM Management Firewall
Dataflow Dataproc Learning Vision API Speech API Manager Scanner
Service
Cloud Cloud Cloud Natural Cloud Cloud Data Loss Identity-Aware Security Key
Genomics BeyondCorp
Datalab Pub/Sub Language API Translation Jobs API Prevention Proxy Enforcement
API
www.wabion.chMany more services to use...
Management Tools Developer Tools
Error Cloud Cloud Source Cloud Cloud Tools
Stackdriver Monitoring Logging Trace Cloud SDK
Reporting Deployment Repositories Tools for for IntelliJ
Manager Android Studio
Cloud Cloud Cloud Cloud Cloud Cloud Google Plug-in Cloud Test
Debugger
Deployment Endpoints Console Shell Tools for Tools for for Eclipse Lab
Manager PowerShell Visual Studio
Cloud Mobile Cloud
Cloud APIs
App Billing API
www.wabion.chEnterprise Application Stack
Internal or external facing Apps
Specific to business area Technology stack
Start here
Centrally managed Enterprise Foundation
www.wabion.chEnterprise Application Stack
Internal or external facing Apps
Specific to business area Technology stack
Start here
Centrally managed Enterprise Foundation
www.wabion.chEnterprise Application Stack
App
Applications
Machine
Compute Storage Data Analytics Containers
Learning
Technology Stack
Cloud Identity Cloud IAM Billing Support Networking Monitoring
Enterprise Foundation
www.wabion.ch 57The Project
Resource container
IAM construct
Totally separated from one another
Resources are part of a project
www.wabion.ch 58General Hierarchy
Organization
Folders (4)
Top-down
inheritance:
additive only
Projects
Resources
www.wabion.ch 59Identities, roles and resources
Identity
User Account Service Account Group
IAM Role
Resources
www.wabion.ch 60Users and Groups
User Account
Group
*Cloud Identity
www.wabion.ch 61Sync from your Directory
LDAP Directory GCDS
LDAP / One-way sync
Users, aliases, LDAP + SSL Delta sync HTTPS
profiles, Scheduled or manual Google
groups, OUs, On/off boarding
and contacts Uses Google APIs
Multiple auth methods
www.wabion.ch 62Service Accounts are Identities AND Resources
Identity IAM Role Resource
Service Account instanceAdmin Role Compute Instances
Identity IAM Role Resource
User/Group ServiceAccountActor Role Service Account
www.wabion.ch 63Billing
Partner Billing
Organization Billing Group Account
Invoices
according to
customers
needs
Project Project Project
Customer
specific
billing rules
Project-level bill Project-level bill Project-level bill
Bills itemised by resource type
www.wabion.ch 64Role based support
Role Price Response Time For Whom
For those who need read-only access to the
Basic $0 n.a.
support cases of the account.
$100 per
For those who develop the solution; focus is on
Development user per 4-8 business hours
depth of investigation, and thorough response.
month
$250 per
For those who manage the solutions that are
Production user per 1 hour for Priority 1
launched and live. Fast, but thorough responses.
month
www.wabion.ch 65Role based support - Why?
1 Customizability - choose the right levels of support to meet your needs
2 Flexibility - month-to-month, change support configurations as your needs evolve
3 Predictability - flat monthly pricing, no surprises
www.wabion.ch 66Networking - Regions and Zones
www.wabion.ch 67Networking - Internal Principles
Project
Network
Region Region
Zone Zone Zone
Subnet Subnet Subnet
192.168.0.0/
10.0.0.0/8 16
172.16.0.0/12
www.wabion.ch 68Networking - Connectivity
Dedicated
Public Internet Direct Peering Carrier Interconnect
Interconnect
Simple Utilize existing BGP Offers benefits of Lower GCP egress cost
route selection and peering when
Resilient internet routing requirements cannot be Dedicated Bandwidth and
met SLA
Use Google’s
existing edge Greater control of
network peering facilities Service provider Private space RFC-1918
partners can provide addressing
Requirements for SLA
peering Control of circuit location
www.wabion.ch 69Networking - Google Edge Nodes CH
as of Nov 2018
www.wabion.ch 70Monitoring - Stackdriver - BYOM
Monitoring Logging Performance Multi-Cloud
Endpoint checks to Filter, search, and view Built on the same Google Cloud Platform
internet-facing services systems that power Amazon Web Services
Define metrics, Google’s global Hybrid configuration
Uptime checks for URLs, dashboards, and alerts infrastructure
groups, or resources Combines metrics, logs,
Export to BigQuery, Unprecedented scale, and metadata
Plugins for many major Google Cloud Storage, performance, and
stacks (Apache, MySQL, and Pub/Sub resiliency
CouchDB etc.)
www.wabion.ch 71www.wabion.ch 72
Join us @ Google Cloud Summit
goo.gl/GXMffb
www.wabion.ch 73Q&A
Today’s speakers
Valeria Agnolotti valea@google.com
Daniel Messer danielmesser@google.com
Thomas Fricke thomas@endocode.com
Michael Gomez michael.gomez@wabion.ch
www.wabion.ch 74You can also read
