talk at the boston cloud foundry meetup june 2015
TRANSCRIPT
Chip Childers - @chipchildersCloud Foundry Foundation
The Making of a
Modern Application Architecture
Chip Childers - @chipchildersCloud Foundry Foundation
The Making of a
Modern Application Architecture
Cloud Native Application
Platform
Carrier Networking
Datacenter Networking
Datacenter Operating Systems
Hardware
Virtual Machines
Operating Systems
Application Platforms
Programming Frameworks
Containers
When IaaS and App Platforms Come Together
• Better SLAs
• Flexibility
• Speed
• Availability
• Faster Time To Market
• Mobile + Data Services
• Agile and Iterative
• Leverage OSS
• Continuous Delivery
• No Downtime
• Instant scaling
• Consistency & Automation
App Dev App OpsIaaS
Unit of Value
IaaS == Virtual Machine
• Opaque to the system
• Orchestration is post-hoc
• System changes are imperative (“launch” stuff)
App Platform == Application
• Containers are transparent
• Lifecycle is fully managed
• System changes are declarative (manifest.yml)
Understanding Cloud Native Application Platforms
.war .jar
dependencies
libraries
service manifest
App App App
LB
DB
Multi-server run time environment(s)
.tar.gz
Turning this: Into this:
Removing Developer and Operational Constraints
BUILD APPLICATION
PUSH FIRST RELEASE
MAINTAIN APPLICATION
UPDATE APPLICATIONS
RETIRE APPLICATIONS
• Auto-detect frameworks• Link to App Platform
• Self-service deploy• Dynamic routing
• A/B versioning• Live upgrades
• Self-service removal
• Elastic scale• Integrated HA• Log aggregation• Policy and Auth
Microservices are great.Per Martin Fowler they lead to specific
requirements:
rapid provisioningbasic monitoring
rapid application deploymentdevops culture
• Use declarative formats for setup automation, to minimize time and cost for new developers joining the project;
• Have a clean contract with the underlying operating system, offering maximum portability between execution environments;
• Are suitable for deployment on modern cloud platforms, obviating the need for servers and systems administration;
• Minimize divergence between development and production, enabling continuous deployment for maximum agility;
• And can scale up without significant changes to tooling, architecture, or development practices.
• Role based access to resources: the right people should be able to do things and the wrong people shouldn’t
• Run specified bits on demand: take code, put it together with all the rest of the things it needs and and get it running
• Coordinate cross service configurations: in a service oriented world, services need to be configured to connect with each other
• Route public requests to running bits: the next big thing needs access to the internet
• Read and write persistent data: data has to live somewhere
• Add and remove resources: scaling is a great problem to have, but still
• Isolate resources and failures without isolation and decoupling, that is one big distributed single point of failure
• Measure performance/health: can’t manage what you don’t measure
• Detect and determine failure: sometimes, things get real… but how do you know
• Recover failures: someone is going to have to clean this mess
• Work tomorrow: when everything you’ve thought to be true has been shown not to
A Cloud Foundry is a place of practice for continuous innovation. noun pragmatic cathedral
We give you the technology to create the place, and we assemble the wisdom of the community to create the
practices.
And now I’ll attempt to impersonate Onsi Fakhouri…
Slides stolen borrowed with permission.
Everybody thank @onsijoe
? DIEGOa distributed system that orchestrates containerized workloads
Cells
Brain
BBS(currently etcd)
?
Cells
Brain
BBS(currently etcd)
scheduler
DIEGOa distributed system that orchestrates containerized workloads
?
Cells
Brain
BBS(currently etcd)
scheduler
DIEGOa distributed system that orchestrates containerized workloads
?
Cells
Brain
BBS(currently etcd)
scheduler
DIEGOa distributed system that orchestrates containerized workloads
?
Cells
Brain
BBS(currently etcd)
scheduler
DIEGOa distributed system that orchestrates containerized workloads
?
Cells
Brain
BBS(currently etcd)
health-monitor
DIEGOa distributed system that orchestrates containerized workloads
?
Cells
Brain
BBS(currently etcd)
health-monitor
DIEGOa distributed system that orchestrates containerized workloads
?
Cells
Brain
BBS(currently etcd)
health-monitor
DIEGOa distributed system that orchestrates containerized workloads
?
Cells
Brain
BBS(currently etcd)
health-monitor
DIEGOa distributed system that orchestrates containerized workloads
?
Cells
Brain
BBS(currently etcd)
health-monitor
DIEGOa distributed system that orchestrates containerized workloads
?
Cells
Brain
BBS(currently etcd)
health-monitor
DIEGOa distributed system that orchestrates containerized workloads
?
Cells
Brain
BBS(currently etcd)
health-monitor
DIEGOa distributed system that orchestrates containerized workloads
?
Cells
Brain
BBS(currently etcd)
health-monitor
DIEGOa distributed system that orchestrates containerized workloads
? DIEGO runs
one-off taskslong running processes
a distributed system that orchestrates containerized workloads
?Taska unit of workruns at most once
DIEGO runsa distributed system that orchestrates containerized workloads
long running processes
?Task LRPa unit of workruns at most once
N long-running instancesdistributed across cells for HAmonitored & restarted
DIEGO runsa distributed system that orchestrates containerized workloads
?
generic, platform independent, abstraction
DIEGO runsa distributed system that orchestrates containerized workloads
Task LRP
?
generic, platform independent, abstraction
DIEGO runsa distributed system that orchestrates containerized workloads
Task LRP
?
working today
DIEGO runsa distributed system that orchestrates containerized workloads
generic, platform independent, abstraction
Task LRP
? DIEGO runsa distributed system that orchestrates containerized workloads
successful abstraction
Task LRP
working today
isolation
shared resources
proc
ess
A
proc
ess
B
proc
ess
C
proc
ess
D
proc
ess
E
proc
ess
F
kernel
tenant 1 tenant 2 tenant 3
??
isolation
shared resources
kernel
resource isolation
namespace isolation
proc
ess
A
proc
ess
B
proc
ess
C
proc
ess
D
proc
ess
E
proc
ess
Ftenant 1 tenant 2 tenant 3
??
isolation
CPU
kernel
resource isolation
namespace isolation
proc
ess
A
proc
ess
B
proc
ess
C
proc
ess
D
proc
ess
E
proc
ess
Ftenant 1 tenant 2 tenant 3
??
isolation
resource isolation
namespace isolation
CPUpr
oces
s A
proc
ess
B
proc
ess
C
proc
ess
D
proc
ess
E
proc
ess
Ftenant 1 tenant 2 tenant 3
??
isolation
resource isolation
namespace isolation
proc
ess
A
proc
ess
B
proc
ess
C
proc
ess
D
proc
ess
E
proc
ess
Ftenant 1 tenant 2 tenant 3
CPU
??
isolation
resource isolation
namespace isolation
proc
ess
A
proc
ess
B
proc
ess
C
proc
ess
D
proc
ess
E
proc
ess
Ftenant 1 tenant 2 tenant 3
CPU
??
isolation
resource isolation
namespace isolation
proc
ess
A
proc
ess
B
proc
ess
C
proc
ess
D
proc
ess
E
proc
ess
Ftenant 1 tenant 2 tenant 3
cgroups
CPU
??
isolation
resource isolation
namespace isolation
proc
ess
A
proc
ess
B
proc
ess
C
proc
ess
D
proc
ess
E
proc
ess
Ftenant 1 tenant 2 tenant 3
cgroupspr
oces
s D
proc
ess
E
proc
ess
F
CPU
??
isolation
shared resources
kernel
resource isolation
namespace isolation
proc
ess
A
proc
ess
B
proc
ess
C
proc
ess
D
proc
ess
E
proc
ess
Ftenant 1 tenant 2 tenant 3
??
isolation
kernel
resource isolation
namespace isolation
proc
ess
A
proc
ess
B
proc
ess
C
proc
ess
D
proc
ess
E
proc
ess
Ftenant 1 tenant 2 tenant 3
ProcessID
??
isolation
resource isolation
namespace isolation
proc
ess
A
proc
ess
B
proc
ess
C
proc
ess
D
proc
ess
E
proc
ess
Ftenant 1 tenant 2 tenant 3
PID 2 3 4 5 6 7
??
isolation
resource isolation
namespace isolation
proc
ess
A
proc
ess
B
proc
ess
C
proc
ess
D
proc
ess
E
proc
ess
Ftenant 1 tenant 2 tenant 3
PID 2 3 4 5 6 7
??
isolation
resource isolation
namespace isolation
proc
ess
A
proc
ess
B
proc
ess
C
proc
ess
D
proc
ess
E
proc
ess
Ftenant 1 tenant 2 tenant 3
PID 2 3 4 5 6 7
??
isolation
resource isolation
namespace isolation
proc
ess
A
proc
ess
B
proc
ess
C
proc
ess
D
proc
ess
E
proc
ess
Ftenant 1 tenant 2 tenant 3
PID 2 3 4 5 6 7
PID namespace
??
isolation
resource isolation
namespace isolation
proc
ess
A
proc
ess
B
proc
ess
C
proc
ess
D
proc
ess
E
proc
ess
Ftenant 1 tenant 2 tenant 3
PID 2 3 4 5 6 7
PID namespace
??
isolation
resource isolation
namespace isolation
proc
ess
A
proc
ess
B
proc
ess
C
proc
ess
D
proc
ess
E
proc
ess
Ftenant 1 tenant 2 tenant 3
PID 2 3 4 2 2 3
PID namespace
??
isolation
resource isolation
namespace isolation
proc
ess
A
proc
ess
B
proc
ess
C
proc
ess
D
proc
ess
E
proc
ess
Ftenant 1 tenant 2 tenant 3
PID
shared resources
kernel
NetworkMountUser
namespaces
??
Garden
allows Diego to programmatically say
“make me a container” “put this in it” “then run this”
via a platform-agnostic API
??
cf push
compiled asset
app + app-specific dependencies
assumes a particular execution context
cflinuxfs2
??
cf push
Droplet LRP{
memory: 128mb,
rootfs: “preloaded:cflinuxfs2”,
setup: <download-droplet>,
run: {metadata}.start-command
}
??
cf push
Droplet LRP{
memory: 128mb,
rootfs: “preloaded:cflinuxfs2”,
setup: <download-droplet>,
run: {metadata}.start-command
}
??
cf push
{memory: 128mb,
rootfs: “preloaded:cflinuxfs2”,
setup: <download-droplet>,
run: {metadata}.start-command
}
Droplet LRP
??
cf push
{memory: 128mb,
rootfs: “preloaded:cflinuxfs2”,
setup: <download-droplet>,
run: {metadata}.start-command
}
Droplet LRP
??
Docker LRP
{memory:128mb,
rootfs: “docker://docker-image”,
run: {docker metadata}.start-command
}
cf push-docker??
Docker LRP
{memory:128mb,
rootfs: “docker://docker-image”,
run: {docker metadata}.start-command
}
cf push-docker??
Docker LRP
{memory:128mb,
rootfs: “docker://docker-image”,
run: {docker metadata}.start-command
}
cf push-docker??
Docker LRP
{memory:128mb,
rootfs: “docker://docker-image”,
run: {docker metadata}.start-command
}
cf push-docker??
Garden-Windows
resource isolationkernel job objectdisk quotas
namespace isolationuser profilesHost Web Core(an isolated IIS instance)
Garden-Linux
resource isolationcgroups
namespace isolationPIDNetworkUserMount
??
Garden-Windows
provides a container experience for Windows 2012that will only get better with Windows 2016
allows us to build a cf push experience
??
.net LRP
{memory: 128mb,
rootfs: “preloaded:windows2012R2”,
setup: <download-application>
run: {metadata}.start-command}
??
.net LRP
{memory: 128mb,
rootfs: “preloaded:windows2012R2”,
setup: <download-application>
run: {metadata}.start-command}
??
.net LRP
{memory: 128mb,
rootfs: “preloaded:windows2012R2”,
setup: <download-application>
run: {metadata}.start-command}
??
.net LRP
{memory: 128mb,
rootfs: “preloaded:windows2012R2”,
setup: <download-application>
run: {metadata}.start-command}
??
.net LRP
{memory: 128mb,
rootfs: “preloaded:windows2012R2”,
setup: <download-application>
run: {metadata}.start-command}
??
CloudController
CCBridge
BrainBBS
generic consumer
other consumers?
? Cells
BrainBBS
Rec
epto
r AP
I
?
…is a useful low-barrier solution to real-world problems
…makes exploring Diego easy
…is a softer onramp to the CF tech stack
…allows us to efficiently prototype new ideas for Diego’s future
Lattice…
Diego is in beta while we
validate performance at O(~100s) of cells
secure Diego’s internal components