Platform as a Service Kubernetes/Mesos + Openstack Miguel Zuniga about.me/miguelzuniga Freenode miguelzuniga
Platform as a Service
Kubernetes/Mesos + Openstack
Miguel Zunigaabout.me/miguelzunigaFreenode miguelzuniga
Agenda
• Design your Platform
• Architecture
• Managing Resources
• Managing Containers
• High Availability
• Security
• Design your Platform Services
• Rolling out new services
• Questions
Copyright © 2014 Symantec Corporation 3
Design your Platform
Copyright © 2014 Symantec Corporation4
Design your Platform
• Who will be your users/customers?– Developers / Architects / Ops – Customers
• Identify workloads and applications– CPU / Memory / IO – Stateful or Stateless
• How secure do you need to be?– Multi-tenant– Network Isolation
• Multi Cloud? Multi Datacenter? Hybrid?
Copyright © 2014 Symantec Corporation 5
Architecture
Copyright © 2014 Symantec Corporation6
Architecture – Mesos + Openstack
Copyright © 2014 Symantec Corporation7
Architecture – Kubernetes + Openstack
Copyright © 2014 Symantec Corporation8
Architecture – Kubernetes/Mesos + Openstack
Copyright © 2014 Symantec Corporation 9
Managing your Resources
Copyright © 2014 Symantec Corporation10
Managing your Resources
• Resource management is done by mesos framework.
• All the kubernetes components run as marathon tasks.
• All the pods/containers are run as mesos tasks.
• Mesos can manage either VM or Physical Servers.
Copyright © 2014 Symantec Corporation 11
Managing your Containers
Copyright © 2014 Symantec Corporation12
Managing your Containers
• Kubernetes takes care of Pod / Replica and Service Orchestration.
• Each pod and its respective containers are created by the mesos KM executor.
• Users can interact with Kubernetes either by CLI or API.
• Kubernetes maintains containers in replica controllers running constantly.
Copyright © 2014 Symantec Corporation 13
High Availability
Copyright © 2014 Symantec Corporation14
High Availability
Mesos Kubernetes Kubernetes / Mesos
• Use Marathon to keep containers up and running
• Requires external LB (hardware or software) to balance across containers.
• HA for kubernetes componentes is out of scope.
• Replicas controllers to keep pods and containers up and running
• Kube Proxy takes care of load balancing
• HA for kubernetes components is managed by mesos and marathon.
• HA for pods is handle by replicas.
• Load balancing can be done with External LB (i.e. haproxy) or kube-proxy.
Copyright © 2014 Symantec Corporation 15
Security
Copyright © 2014 Symantec Corporation16
Security
• Network Security is provided by SDN isolation.
• Provision mesos-kubernetes cluster by project or user.
• Run docker with SE Linux enabled (RHEL based).
• Enable Iptables Drop policy by default on each mesos slave.
Copyright © 2014 Symantec Corporation 17
Design your Platform Services
Copyright © 2014 Symantec Corporation18
Design your Platform Services
• Think of cattle.
• Think of processes not VMs.
• VM or Container?
• Complexity of access… To many jumps?
• You have Marathon… Use it.
• Use a private docker registry.
• Microservices? What is that?
• Your PaaS, even when is generic enough, is not a silver bullet.
Copyright © 2014 Symantec Corporation 19
Rolling out new services
Copyright © 2014 Symantec Corporation20
Rolling out new services
• Use a private docker registry to track the container images required for each application/process stack.
• Create a level of abstraction (UI) easy to use for your users.
• Manage clustered services with Marathon.
• Remember containers are processes… not condensed VM’s.
• Use CICD to create new versions of your containers.
• OSS – Continuous + Strategos
Copyright © 2014 Symantec Corporation21
Rolling out new services
Copyright © 2014 Symantec Corporation22
Links and References
• Continuous http://github.com/symantec/continuous
• Strategos available June 30 http://strategos.io
• Kubernetes http://kubernetes.io
• Mesos http://mesos.apache.org/
• Marathon https://mesosphere.github.io/marathon/
Thank you!
Copyright © 2014 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Miguel ZunigaTwitter @mikezuniga Freenode miguelzunigaGoogle plus +MiguelZuniga
23
Questions?