singapore, 16 apr 2019 - cisco · into container workloads ... • app drill down and waterfall...
TRANSCRIPT
Singapore, 16 Apr 2019
Cisco Multicloud: Cloud ConsumeHelps you deploy, monitor, and optimize applications in multicloud and container environments
Shankar SrikantaTechnical Solution Architect, Data Center
Accelerating Innovation
“56% of cloud adopters use cloud services to enable innovation,
50% to improve business agility”
“MicroservicesMomentum Accelerates”
“Digital disruption drives CIOs to double down on innovation”
“The more programmers on a company’s platform, the more
software applications are created, attracting customers and still more developers — a flywheel of growth and profit.”
“Large enterprises increasingly embrace open-source software to attract
developers and keep up with digital-native competitors.”
3
The reality is anything but simple
Multiple public cloud
services
New data protection regulations
Private data centers still
crucial
SaaS adoption
rising
IoT exploding
4
Google trends
Docker
OpenStack
5 years
LTRACI-2967 5
Google trends
5 years
Kubernetes
OpenStackLTRACI-2967 6
Google trends
5 years
Kubernetes
vsphereLTRACI-2967 7
2013
Dev Prod
Dev Ops
I need a resources for a new project Please submit a
help desk ticket
Never mind…
Test
2019
Dev Ops
I need a resourcesfor a new project
Never mind…
Kubernetes Anywhere
Please submit ahelp desk ticket
Dev ProdTest
• Focused on Developer
• Creates a mechanism for developers to operationalize what they work on (DevOps)
On Premises
Blood and Sweat
Cloud
How did we get there?
Web Frontend
App
Backend
DB
Traffic patterns to
monitor
Web Server
Auth
Cart Payment
Search Recommendations
Other Service
Traffic patterns to monitor
Server1
Server2
Server3
Server5
Server4
Data Center 1 Data Center 2 Public Cloud
Microservices: what do I need?
Automation
Visibility
Security
Problems to solve
• Diverse traffic pattern with no context
• Network and Security teams have limited to no visibility into container workloads
• Segmentation and security internal to the cluster can only be done by cluster administrators.
• Missing tools to troubleshoot network issues
Segmentation
• Secure K8s infrastructure:
• network isolation for infrastructure related objects
• Network isolation between namespaces
• Controlling access between Kubernetes services and external services
POD
POD
POD
Frontend-EPG
POD
POD
POD
API-Gateway-EPG
Policy
POD
POD
POD
Backend-EPG
POD
POD
POD
Monitoring-EPG
Policy
Policy Policy
Communications outside of the Cluster
• Non-Cluster endpoints communicating with Cluster:
• Exposing external services, how? NodePort? LoadBalancer?
• Scaling-out ingress controllers, how can you scale?
• Cluster endpoints communicating with non-cluster endpoints:
• POD access to external services and endpoints
Policy
PODPOD
POD
Frontend-EPG
PODPOD
POD
API-Gateway-EPG
Policy
PODPOD
POD
Backend-EPG
PODPOD
POD
Monitoring-EPG
Policy
Policy Policy
Demo:Container Visibility with ACI
In this live demo:
• Control Plane view
➢ K8S node mapping
➢ K8S objects mapping
• Data Plane view
➢ EPG mapping
➢ Namespace annotation
Visibility
ACI makes containers visible and manageable!
• Seamless experience to Kubernetes users
• Visibility at control plane and data plane level
• Consistent policies encompassing baremetal, virtual machine and container domains
• Flexible EPG mapping model, can enable enforcement by annotating deployments
Using Kubernetes
• Time to bring up K8 Clusters
• Day 2 Operation Issues
• Resources used are out of control
• Misuse of public cloud resources
• Where are my corporate policies?
On-premises environment
Management
Security
Monitoring
Networking
Consistent, production-grade environment
Identity
Kubernetes on MultiCloud Environment
Cisco Container Platform StackControl Plane Data Plane
VM VM VM
Control Plane Kubernetes
Auto
mation
Orc
hestr
ation
Opera
tions
HX ConnectCluster/
Machine
Controllers
VM VM VM
Cluster 1 Kubernetes
Clu
ste
r 1
Work
loads
Clu
ste
r 1
Ops
Pod
Pod
Pod
VM VM VM
Cluster 2 Kubernetes
Clu
ste
r 2
Work
loads
Clu
ste
r 2
Ops
Pod
Pod
Pod
Kubernetes Fluentd Prometheus Kibana Hyperflex Contiv
Storage (Hyperflex)
Networking (e.g. Nexus 9K or other)
Compute Hardware (UCS)
Hypervisor Layer (Hyperflex/VMW)
VM
BRKCLD-2676 21
Demo:CCPTenant Cluster Creation
AutomationVisibility
Build Application on Clouds..
CloudAPP
Application ProfileRepresented as Cube
2CPU
4GBMemory
20GBStorage
Containers
Recipes
Scripts
Jar
War
Binaries
nginx_...
apache_...
mysql_...
Simple to Complex with Application Profiles
Demo:CI/CD
• CI/CD workflow demo
• Container services in CloudCenter
• CloudCenter Application Profile
Automation
Silence LB SVC
SilenceAPI Server
K8S Deployment
Fool
Clu
ste
r-IP
S
VC
Jungle LB SVC
JungleWeb Frontend
K8S Deployment
StairwayTraffic/Incidents
K8S Deployment
RainbowMusic Events
K8S Deployment
FoolWeather Service
K8S Deployment
Rain
bow
C
lust
er-
IP
SV
C
Sta
irw
ay
Clu
ster-
IP
SV
C
Tarantula Architecture
Cisco CI/CD for Containers
Tenant AlphaL4/L7 SG
User commit1 Jenkins detects it and
downloadscode
2
Jenkins buildscontainer images and uploads to
registry
3Jenkins requests CCC to deploy the App
4
CCC gets the images and deploys to K8S
5
Services are created in K8S and ACI
6That’s it7
CloudCenter and K8S
• Governance!
• Mixed apps
• Multi/hybrid cloud with single profilemodeling
Multiple Clouds – Multiple Interfaces
DEVNET-1139
Multiple Clouds – With CloudCenter
DEVNET-1139
Problem solved!
• Easy way to create managed, monitored and scalable Kubernetes clusters with CCP
• Support CI/CD chain with:
• Governance
• Multi-tenancy
• Cost control
• Agnostic application modeling
Address the security issues withTetration
• Assess Kubernetes node vulnerability
• Create and monitor flexible policies based on Kubernetes annotations
VisibilitySecurity
Address the performance issuewith AppD
• AppD machine agent
• Server monitor
• App Helicopter view
• App Drill down and waterfall
Visibility
Let’s sum it up
Tetration
AppDynamics
CloudCenter
Putting the pieces together A integrated approach
K8S Master
K8S Workers
Tenant Cluster AlphaCCP Control Plane
Tenant Alpha
Microservices: what we offer
Security
Automation
Visibility
CCP CloudCenter
TetrationAppD
Tetration
ACI CCP