The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
Cloud Native Applications on Kubernetes: a DevOps Approach
1. Nicola Ferraro - Voxxed Days Ticino 2017
Cloud Native Applications on Kubernetes:
a DevOps Approach
Nicola Ferraro
@ni_ferraro
2. Nicola Ferraro - Voxxed Days Ticino 2017
About Me
Nicola Ferraro
Software Engineer at Red Hat
Working on Apache Camel,
Fabric8.io, JBoss Fuse, Fuse
Integration Services for Openshift,
Syndesis.io
Follow me on twitter:
@ni_ferraro
3. Nicola Ferraro - Voxxed Days Ticino 2017
Agenda
● Technological Overview
○ Docker
○ Kubernetes
○ Development Tools
● Demo: deploying a microservice
● Buzzwords Explained
○ Cloud Native
○ Microservices
○ DevOps
○ IaC, CI & CD
● Demo: IaC, CI & CD
4. Nicola Ferraro - Voxxed Days Ticino 2017
Containers
Docker is revolutionizing the way
we build software today.
● Lightweight virtualization
○ Ever tried to run docker
containers on a RaspberryPI?
● Full runtime isolation
○ Using linux namespaces
● Language-independent packaging
and distribution
○ The new JAR? The new EAR?
● Run 10x more apps in a single
host than with VMs
● Composability ...
$ docker run -d myuser/myapp
5. Nicola Ferraro - Voxxed Days Ticino 2017
Containers: how to build them
There are multiple ways of building
containers:
● Dockerfile (classic)
● Rockerfile
○ Supports e.g. templating
● Ansible
● Docker-Maven-Plugin (for Java
apps, from fabric8)
● See ro14nd talk for 10+ ways:
https://github.com/ro14nd-talks/docker-conta
iner-loading/blob/master/docker-container-lo
ading.pdf
FROM ubuntu:16.04
…
RUN apt-get update && apt-get
install -y mongodb-org
RUN mkdir -p /data/db
EXPOSE 27017
…
ENTRYPOINT ["/usr/bin/mongod"]
… a Dockerfile
6. Nicola Ferraro - Voxxed Days Ticino 2017
Containers: distribution
● Build locally
● Push to a registry
● Run public and private
images
7. Nicola Ferraro - Voxxed Days Ticino 2017
Java EAR vs. Docker Image
Java EAR:
● Complete runnable description
of a Java EE application
● To be deployed on a Java EE
application server providing:
○ Availability
○ Scalability
○ Fault tolerance
○ Load balancing
○ Rolling upgrades
○ Monitoring
○ Logging
○ …
Docker Image:
● Complete runnable description
of a generic application
● To be run with “docker run” ???
There should be something else!
8. Nicola Ferraro - Voxxed Days Ticino 2017
Introducing Kubernetes
Cloud platform (also for private cloud), to
Orchestrate (Docker) containers:
● Born at Google
● Production ready
● Provides:
○ Availability
○ Scalability (auto and manual)
○ Fault tolerance
○ Load balancing
○ Deployment (canary, blue-green, …)
○ Monitoring
○ Logging
○ …
○ Service discovery
Kubernetes
Openshift Origin
(Kubernetes on steroids)
Open source
(like anything else in Red Hat)
9. Nicola Ferraro - Voxxed Days Ticino 2017
Kubernetes: Architecture
● kubectl / oc: client tools
● Master:
○ There can be multiple ones!
○ Rest API Server, Scheduler,
Controller Manager
○ Configuration in etcd v3
● Nodes:
○ Workers: run containers
○ Kubelet, Proxy
Can scale up to 4000 nodes!
And you can create smaller
federated clusters (v 1.6)
Master
kubectl / oc / ...
Node
Node
Node
Node
10. Nicola Ferraro - Voxxed Days Ticino 2017
Kubernetes Concepts: Namespace
The same physical cluster can host multiple virtual
environments called namespaces (or projects in Openshift).
Node Node
Private networks
Master
N1 N2
kubectl / oc / ...
RBAC
● Openshift Origin
● New in Kubernetes (beta v. 1.6+)
11. Nicola Ferraro - Voxxed Days Ticino 2017
Kubernetes Concepts: POD
The deployment unit in Kubernetes is not the container, but
the pod (group of related containers).
Containers inside pods are automatically restarted in case
of failure (configurable policy), but they don’t survive
node crash.
Node
Pod Pod
Pod
Pods:
● Are groups of related containers
● Share (virtual) network interfaces
● Usually 1 pod contains 1 container
● Are treated as a single unit by
Kubernetes (in replication controllers,
services, etc.)
12. Nicola Ferraro - Voxxed Days Ticino 2017
Kubernetes Concepts: Deployment
Allows to specify the target condition of our application:
e.g. 3 replicas of a given pod.
Node Node Node Node
replicas = 3
Master
Ctrl Manager
Node choice:
● Affinity
● Anti-affinity
● ...
(using labels)
Kubernetes 1.6+
Openshift
Just change the
number of replicas to
scale up/down! Scheduler
Deployment
13. Nicola Ferraro - Voxxed Days Ticino 2017
Kubernetes Concepts: Deployment
Allows software upgrades.
Two modes:
● Rolling update: e.g. for microservices
○ Gradual process
○ Configurable: max surge, max unav. (25%)
● Recreate: e.g. for databases
● Canary or Blue-green:
○ Not oob
○ Can be done using
Multiple deployments
Node
v1 v2
Node
v1 v2
Node
v1 v2
Deployment
14. Nicola Ferraro - Voxxed Days Ticino 2017
Kubernetes Concepts: Service
Services provide named (dns) access to pod’s network
endpoints (level 4).
Kubernetes Namespace
Service
Load balancing
Route /
Ingress
myservice
http://myservice/api
http://myservice-ns.mycluster.io
L7
15. Nicola Ferraro - Voxxed Days Ticino 2017
Kubernetes Concepts: Other “Objects”
● Volume, VolumeClaim: to attach storage to containers
● ConfigMap: key value map to inject configuration
● Secret: like a config map, with more access restrictions
● CronJob, StatefulSet, DaemonSet: other “deployment” options
Openshift:
● BuildConfig, Build: build automatically containers from source
and deploy (or run custom Jenkins pipelines).
Free!
17. Nicola Ferraro - Voxxed Days Ticino 2017
Demo
Deploying a microservice
(in Openshift)
18. Nicola Ferraro - Voxxed Days Ticino 2017
Demo: Deploying a microservice
A demo showing how to create a spring-boot microservice
using the fabric8-maven-plugin.
Features of Kubernetes/Openshift are shown:
● Scaling
● Load Balancing
● Rolling Deployment
https://github.com/nicolaferraro/voxxed-ticino-demo
19. Nicola Ferraro - Voxxed Days Ticino 2017
Agenda
● Technological Overview
○ Docker
○ Kubernetes
○ Development Tools
● Demo: deploying a microservice
● Buzzwords Explained
○ Cloud Native
○ Microservices
○ DevOps
○ IaC, CI & CD
● Demo: IaC, CI & CD
20. Nicola Ferraro - Voxxed Days Ticino 2017
Cloud Native
It just means.. applications built for the cloud!
● Developed for a cloud platform (e.g. Kubernetes)
● Not bound to physical servers, networks, storage …
● Packaged and ready to run (e.g. Docker container)
● Supporting load balancing, auto-scaling, relocation …
● Communicating (directly or indirectly) with the platform:
○ Health checks
○ Configuration (e.g. with configmaps)
○ Service discovery
○ Logging
○ Tracing, circuit breaking (especially for microservices)
https://www.cncf.io/projects/
21. Nicola Ferraro - Voxxed Days Ticino 2017
Microservices
Design applications as a set of independently
deployable services.
The Java EE
Monolith
Microservices !
i.e. “why are you
using Struts v 1
in 2017 ?”
NodeJS on
MongoDB
Vert.x with
PostgreSQL
Spring-Boot with
PostgreSQL
22. Nicola Ferraro - Voxxed Days Ticino 2017
Microservices: How and why?
How:
● Develop a service around a “bounded context”
● Make a team responsible for the service
● Define a strict API to communicate with other services
Why:
● Optimize the service for speed (e.g. scaling)
● Evolve the service periodically
○ Even change technology!
● Release early and often:
○ To fix bugs
○ To patch security vulnerabilities
○ To meet business requirements
○ … there is more to say here …
Free!
23. Nicola Ferraro - Voxxed Days Ticino 2017
DevOps: the first way
Why should we release earlier?
● DevOps = Dev + Ops = Make everyone work together towards the same goal:
deliver value to the end user.
Manufacturing Software
Not so easy …
Automation is
just the first
way!
Dev OpsBusiness User
QA
And do not pass problems
downstream (fail fast) !
→ Increase the capacity of this flow →
24. Nicola Ferraro - Voxxed Days Ticino 2017
DevOps: the second way
Why should we release often?
● To create short feedback loops between business people, developers,
operation guys, quality assessment people and the end user.
● Feedback loops are the receipt for optimizing and correcting work
continuously towards the same goal.
● Short agile iterations are the key for continuous improvement.
● Automation is fundamental for the second way.
Business Dev QA Ops User
Learning paths
25. Nicola Ferraro - Voxxed Days Ticino 2017
DevOps: the third way
Experimenting and learning from failures is the way to improve!
● Cultural change:
○ Do not fear the change
○ Taking risks should be the norm
● Mastery (experience) makes sure that risks are controlled
● Change the process to improve it continuously.
Business Dev QA Ops User
26. Nicola Ferraro - Voxxed Days Ticino 2017
DevOps practices
Technically, the fundamental DevOps practices are:
● Infrastructure as Code
○ Write your entire system into “source code” (including configuration)
○ Your system must be “runnable”
● Continuous Integration (CI)
○ Continuously test if your modules (or “services”) can work together
● Continuous Delivery (CD)
○ Deliver software to users quickly with (very) limited intervention
○ Deliver software into “mirrors” of the production environment
27. Nicola Ferraro - Voxxed Days Ticino 2017
Infrastructure as Code
The main enabler for DevOps:
● Code everything that constitute you application:
○ The application itself
○ Network configuration
○ Operating systems (and JVM)
○ Physical (or better virtual) Machines
○ Configuration (application settings, certificates, endpoints, …)
● Your whole infrastructure becomes “runnable”
Tools used for automation: Ansible, Chef, Puppet.
28. Nicola Ferraro - Voxxed Days Ticino 2017
“Cloud Native” Infrastructure as Code
What’s the “infrastructure” for a cloud-native application?
In Kubernetes it’s more or less:
● a Deployment: containers (OS, JVM), health checks, pods,
replicas, network endpoints, load balancers, upgrade
process, placement strategy
● ConfigMap and Secrets: define the application
configuration
Ok, I put everything in my SCM. Now what?
29. Nicola Ferraro - Voxxed Days Ticino 2017
CI-CD
Microservices are independently deployable…
Build
Deploy
to dev
Deploy
to stg
Deploy
to prod
Build
Deploy
to dev
Deploy
to stg
Deploy
to prod
Microservice 1
Microservice 2
conditional
conditional
Test
Test
The same software deployed here!!!
30. Nicola Ferraro - Voxxed Days Ticino 2017
CI-CD: Testing
Testing is a crucial aspect of DevOps:
● Unit tests (in isolation)
● End-to-end functional tests
○ E.g. inject a Selenium pod
● Load tests
○ E.g. inject a (highly replicated!)
JMeter pod
● System tests
○ E.g. inject a chaos monkey
Testing pod (optional)
Production-like
environment
Create virtual
environments on the fly,
for testing!
You can run tests as part of the delivery
pipeline, in a production-like environment!
31. Nicola Ferraro - Voxxed Days Ticino 2017
CI-CD: How
Openshift
Jenkins pipelines integrated into
the platform.
Kubernetes
Fabric8 (https://fabric8.io/)
Integrated development platform for
Kubernetes. Includes:
● Jenkins
● Gogs
● Nexus
● Hubot (chat ops)
● Quickstarts
● Maven Plugin
● …
32. Nicola Ferraro - Voxxed Days Ticino 2017
Demo
IaC, CI & CD
(in Openshift)
33. Nicola Ferraro - Voxxed Days Ticino 2017
Demo: IaC, CI & CD
Deploy a set of applications on Openshift and configure CI-CD.
Spring-Boot microservice, communicating with an Apache Spark recommender
system using a Kafka broker.
Source code:
● https://github.com/nicolaferraro/voxxed-bigdata-kafka
● https://github.com/nicolaferraro/voxxed-bigdata-web
● https://github.com/nicolaferraro/voxxed-bigdata-spark
● https://github.com/nicolaferraro/voxxed-bigdata-pipeline
34. Nicola Ferraro - Voxxed Days Ticino 2017
Spark on Kubernetes: Oshinko
Oshinko is a project for running Apache Spark cloud native
applications on Openshift.
Spark Driver Cluster
Manager
Spark Workers
http://radanalytics.io
User “main”
code
Oshinko
“magic”
35. Nicola Ferraro - Voxxed Days Ticino 2017
Future from Red Hat: Openshift.io
Preview announced few days ago. Cloud development platform
from the experience of Fabric8.
● SCM
● CI-CD
● Artifact Repository
● Planning
● Collaboration
● IDE (Eclipse Che)
Everything on the cloud! No need to install anything, just open a browser!
36. Nicola Ferraro - Voxxed Days Ticino 2017
Future from Red Hat: syndesis.io
A new community for devs and non-devs for cloud integration.
● Deploy integration services on Openshift
● No need to write code!
● Connectors based on Apache Camel
Follow us on twitter!
@syndesisio
37. Nicola Ferraro - Voxxed Days Ticino 2017
@ni_ferraro
That’s all folks!