部署Services Mesh & Serverless 最佳实践Docker, Kubernetes, Serverless Functions . Application...
Transcript of 部署Services Mesh & Serverless 最佳实践Docker, Kubernetes, Serverless Functions . Application...
OCI部署 Services Mesh &
Serverless 最佳实践
魏清刚 (18601110709)
Oracle Appdev team
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. |
Agenda
Oracle Cloud Infrastructure简介
Oracle Kubernetes 策略
OCI上部署 Services Mesh
OCI上部署 Serverless
Q&A
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 2
Oracle 最大程度的帮助企业客户解决各种挑战
交易 提高 创建 理解 孵化 加速金融交易 用户体验 更好产品 数据深度分析 创新 关键流程
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 3
Oracle Cloud Infrastructure: 完整云服务
COMPUTE Bare metal/VM, CPUs/GPUs
Up to 64 CPU cores, 8 GPUs, 768 GB RAM, 51 TB local NVMe SSD, 5M IOPS, AMD and Intel processors
CONTAINERS Containers and Kubernetes
Fully managed, certified Kubernetes service with Docker containers
RAVELLO Migrate VMware or KVM
Move VM environments, retaining existing networking, to the cloud
STORAGE NVMe, Block, File, Object, Archive
Predictable IOPS Block Storage for up to 98% less, storage for whole lifecycle
NETWORKING VCN, LBaaS, FastConnect, VPN
Isolated networks with reserved IPs, security lists, firewalls, lowest cost private connectivity
OCI AT CUSTOMER IaaS, PaaS, Exadata on-premises
Subscription-priced cloud infrastructure, PaaS, and database managed by Oracle
AUTONOMOUS DATABASE Transactions, Data Warehouse
Fast provisioning. Automatic tuning, patching, securing. 99.995% availability.
DATABASE Bare metal, VMs, Exadata
Millions of TPS; Full RAC and Active Data Guard support
DATA MOVEMENT Storage appliance, Data Transfer
Software NAS gateway, data ingest service with full chain of custody (HDD or appliance)
SECURITY IAM, Audit, KMS, CASB
Integrated security services to protect data and to control and monitor access
EDGE DNS, WAF, DDoS, Email
Global DNS, application protection, bot management, DDoS protection, email delivery
GOVERNANCE IAM, Tagging, Cost Analysis
Logical separation and tagging of resources for simplified management
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 4
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |
• Deep Virtual Cloud Network (VCN) control: – Subnets, route rules, firewalls,
VCN peering, load balancing, DNS
– Console or API-driven
• Secure, reliable connectivity – IPSec VPN
– FastConnect dedicated connectivity with global providers
• Low latency underlying physical network – 25 Gbps with <100 µs one-way
latency within an AD
– <500 µs one-way latency between Availability Domains
– Oracle-managed backbone between regions
高效虚拟网络和连接
ORACLE CLOUD REGION
Provisioned bandwidth
Load Balancing
AVAILABILITY DOMAIN-1
VIRTUAL CLOUD NETWORK
Subnet-A Subnet-n
AVAILABILITY DOMAIN-2
Subnet-B Subnet-n1
AVAILABILITY DOMAIN-3
Subnet-C Subnet-n2
VPN
FastConnect Customer
Datacenter End customers
DNS
OTHER ORACLE CLOUD REGIONS
Backbone
5
Oracle 云服务:支持企业客户核心业务应用
ORACLE ENTERPRISE CUSTOMER & ISV APPS PERFORMANCE INTENSIVE CLOUD NATIVE APPLICATIONS ON ORACLE DATABASE WORKLOADS APPLICATIONS
Third party Custom Applications Applications
Oracle Cloud Infrastructure
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 6
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 7
Database Cloud
Oracle RDBMS, Oracle RAC, Exadata
Cloud Platform
Java, Big Data, Mobile, Integration Services
Hypervisors
Run VMWare / KVM
Cloud Applications
Enterprise Applications
Oracle Cloud Infrastructure 如何服务于微服务
Cloud Native Applications Micro Services, Big Data, AI/ML
Monitoring and Management
Developer Tools
Streaming and Pipelines
DevOps Tools and Services
Container Services
Docker, Kubernetes, Serverless Functions
Application Services
Next Layer Services
Core Services
Cloud Infrastructure 25 GB Network
Bare Metal
VM GPU NVMe
SSD Block
Storage File
Storage Object Storage
7
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 8
Copyright © 2019 Oracle and/or its affiliates. All rights reserved.
Oracle Cloud Native Services
Oracle Cloud Infrastructure
Oracle Cloud Native Services
LA = Limited Availability, customers can request early access to services.
Monitoring Streaming Notifications Events Observability +
Messaging
Container Engine for
Kubernetes (OKE)
Container Pipelines (Wercker)
Functions Resource Manager
Application Development
+ Operations
Cloud Infrastructure Registry (OCIR)
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. 8
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 9
Agenda
Oracle Cloud Infrastructure简介
Oracle Kubernetes 策略
OCI上部署 Services Mesh
OCI上部署 Serverless
Q&A
9
0
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 10
开发和部署的演化应用设施部署和打包应用架构开发流程
Hosted Virtual Servers N-Tier Agile
~ 2000
Plan
Release
Build
Code
Test
Operate
Monito r
Deply
DevOps Microservices Containers Cloud ~ 2010
Now
Waterfall Monolithic Physical Server Datacenter ~ 1980
~ 1990
1
1
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 11 1
Docker & Kubernetes 主导市场
容器 (Docker) 编排 (Kubernetes)
60%
15%
of enterprise companies (500+ hosts) use Docker
of all the hosts at these companies run Docker
40% of Docker users also use orchestrators
of these orchestration users prefer Kubernetes 80%
3
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 13
任何 CI/CD–比如
Jenkins, Oracle Pipelines 等 .
OCI Registry
AD 1 AD 3
Node Pool
K8S Cluster
Node Pool
BM
VM
VCN
PV
AD 2
Exposed Kubernetes Service
创建
测试
测试
测试
推送
OCI Container Engine for Kubernetes
Pods
LB
Oracle 容器引擎:打造强大的跨可用域分布式集群管理 • 容器原生 : Kubernetes 标准 ;完整生命周期管理;集成镜像仓库注册服务
• 开发友好 : 简单、流水行的用户界面;丰富 API;内置监控面板和 DNS
• 企业就绪 : Oracle 裸金属性能;高可用性;访问控制安全性
业界最强的
裸金属、
GPU
服务集成
1
4
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 14
管理控制台 —高可用性
Oracle Managed Regional Control Plane
AD1 AD2 AD3
Object Store
K8s Master
Etcd
K8s Master
Etcd
K8s Master
Etcd
Backup Restore
Clu
ster
Co
ntr
olle
r A
PI
1
API Server
Kube Scheduler
Controller Mgr
API Server
Kube Scheduler
Controller Mgr
API Server
Kube Scheduler
Controller Mgr
• 跨 Ads 的多 Master & Etcd 服务
• Etcd 正常备份、恢复能力
• Master 升级零宕机服务
• 集群生命周期、节点控制等
集群管理
5
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 15
Oracle 云上 Kubernetes 服务特性对比
快速部署
降低风险
加速创新
Benefits
App Management
Upgrades & Patching
Platform Backup & Recovery
High Availability
Scaling
App Deployment
Power, HVAC
Rack and Stack
Server Provisioning
Software Installation
Oracle Cloud Infrastructure
Customer Managed Oracle Service
App Management
Upgrades & Patching
Platform Backup & Recovery
High Availability
Scaling
App Deployment
Power, HVAC
Rack and Stack
Server Provisioning
Software Installation
Customer
提高可靠性
1
o
Envoy
o
Envoy
o
Envoy
OCI Developer Services Platform for Easy Build, Deploy, and Operate
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
OKE Cluster
CI/CD
OCI Registry
P d P d
Marketplace
Service Brokers P d
OCI Cloud Services
ATP/ADW
Events
Streaming
Telemetry
Notifications
Cache
Container Pipelines, Jenkins X,
…
API Gateway
Compliance/Governance/Auditing/Policy Mgmt/Scanning/Atz
Istio Pilot Mixer Auth Telemetry Adapter
FluentD
Kibana/Grafana
Prometheus
Jaeger
16
Pod
Envoy
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Agenda
Oracle Cloud Infrastructure简介
Oracle Kubernetes 策略
OCI上部署 Services Mesh
OCI上部署 Serverless
Q&A
17
设计目标宗旨
最大化透明度
可扩展性
可移植性
策略一致性
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 19
wget https://github.com/istio/istio/releases/download/1.1.2/istio-1.1.2-linux.tar.gz
tar xvf istio-1.1.2-linux.tar.gz
cd istio-1.1.2
sudo cp bin/istioctl /usr/local/bin
kubectl create clusterrolebinding istio-cluster-admin-binding --clusterrole=cluster-admin -
user=ocid1.user.oc1..XXXXXXXXXXXXX
helm init --service-account tiller
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 21
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 22
helm install install/kubernetes/helm/istio-init --name istio-init --namespace istio-system
#Verify that all 53 Istio CRDs were committed to the Kubernetes api-server using the following command: #If cert-manager is enabled, then the CRD count will be 58 instead. kubectl get crds | grep 'istio.io\|certmanager.k8s.io' | wc -l 53
helm install install/kubernetes/helm/istio --name istio --namespace istio-system \ --set ingress.enabled=true \ --set grafana.enabled=true \ --set servicegraph.enabled=true \ --set tracing.enabled=true \ --set kiali.enabled=true
kubectl get all -n istio-system
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 23
====Deploy Bookinfo Sample =======
kubectl label namespace default istio-injection=enabled
kubectl apply -f ./samples/bookinfo/platform/kube/bookinfo.yaml
kubectl apply -f ./samples/bookinfo/networking/bookinfo-gateway.yaml
http://129.146.158.123/productpage
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
什么是 FaaS (Functions-as-a-Service)?
Functions 开发者 • 向平台提供功能代码 • 不用担心服务器
Functions 平台 • 抽象服务器的概念 • 确保函数在调用时可用 • 部署、触发、自动缩放函数 • 仅对于执行时间计费,不用于空闲时间
Functions
FaaS Platform
27
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 28
Fn—一个理想的无服务器平台 ?
• 开源 —没有厂商锁定
• 平台独立 —笔记本、服务器、云
• 易使用 —易于被新用户使用、对高级用户提供低层可控
• 基于 Docker—充分利用 Docker 环境
• Docker 调度独立 —支持 Kubernetes 、 Swarm 、 Mesos 等
http://fnproject.io
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
主要特性
Function Dev Kits Open Source Engine
Oracle Cloud Triggers
Events
HTTP
Timer Streams
Container Native
Advanced Diagnostics Fine-grained Billing
29
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |
Serverless 使用场景:集成、扩展 Oracle Cloud
Functions
Analytics
ERP
Data
HCM
CX
Supply Chain
Storage Compute Network
Integration
Mobile
Business Insight Collaboration
Custom Apps Data Mgmt
Cloud Applications (SaaS) Cloud Platform (PaaS)
Cloud Infrastructure (IaaS) Audit Events
30
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. |
Serverless demo based OKE https://github.com/oracle/learning-library/blob/master/workshops/container-native-development-with-oke
31
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 32
Oracle第二代云:轻松构建和运行 Cloud Native 应用支持裸金属、 GPU、无人驾驶数据库、数据实时同步技术等等
高性能计算、高速网络、存储等
OKE + OCI完美结合、缺省集群管理 *
提供多租户、 500G容器镜像库
支持 wrecker、 Jenkins、 JenkinsX、 Spinnaker等各种 CI/CD工具
提供 EventHub、 Data Cache Cloud Services
Oracle 提供完整的 Data Solution(Exadata、 Oracle DB、 OGG、 ADW..)
Infrastructure as code(Terraform、 Ansible、 API and 3rd Mgt Tools)