33
OCI部署Services Mesh & Serverless 最佳实践 魏清刚(18601110709) Oracle Appdev team Copyright © 2019, Oracle and/or its affiliates. All rights reserved. |

部署Services Mesh & Serverless 最佳实践 - Oracle...Kubernetes service with Docker containers RAVELLO Migrate VMware or KVM Move VM environments, retaining existing networking,

  • Upload
    others

  • View
    47

  • Download
    0

Embed Size (px)

Citation preview

OCI部署 Services Mesh &

Serverless 最佳实践

魏清刚 (18601110709)

Oracle Appdev team

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. |

Agenda

Oracle Cloud Infrastructure简介

Oracle Kubernetes 策略

OCI上部署 Services Mesh

OCI上部署 Serverless

Q&A

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 2

Oracle 最大程度的帮助企业客户解决各种挑战

交易 提高 创建 理解 孵化 加速金融交易 用户体验 更好产品 数据深度分析 创新 关键流程

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 3

Oracle Cloud Infrastructure: 完整云服务

COMPUTE Bare metal/VM, CPUs/GPUs

Up to 64 CPU cores, 8 GPUs, 768 GB RAM, 51 TB local NVMe SSD, 5M IOPS, AMD and Intel processors

CONTAINERS Containers and Kubernetes

Fully managed, certified Kubernetes service with Docker containers

RAVELLO Migrate VMware or KVM

Move VM environments, retaining existing networking, to the cloud

STORAGE NVMe, Block, File, Object, Archive

Predictable IOPS Block Storage for up to 98% less, storage for whole lifecycle

NETWORKING VCN, LBaaS, FastConnect, VPN

Isolated networks with reserved IPs, security lists, firewalls, lowest cost private connectivity

OCI AT CUSTOMER IaaS, PaaS, Exadata on-premises

Subscription-priced cloud infrastructure, PaaS, and database managed by Oracle

AUTONOMOUS DATABASE Transactions, Data Warehouse

Fast provisioning. Automatic tuning, patching, securing. 99.995% availability.

DATABASE Bare metal, VMs, Exadata

Millions of TPS; Full RAC and Active Data Guard support

DATA MOVEMENT Storage appliance, Data Transfer

Software NAS gateway, data ingest service with full chain of custody (HDD or appliance)

SECURITY IAM, Audit, KMS, CASB

Integrated security services to protect data and to control and monitor access

EDGE DNS, WAF, DDoS, Email

Global DNS, application protection, bot management, DDoS protection, email delivery

GOVERNANCE IAM, Tagging, Cost Analysis

Logical separation and tagging of resources for simplified management

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 4

Copyright © 2018, Oracle and/or its affiliates. All rights reserved. |

• Deep Virtual Cloud Network (VCN) control: – Subnets, route rules, firewalls,

VCN peering, load balancing, DNS

– Console or API-driven

• Secure, reliable connectivity – IPSec VPN

– FastConnect dedicated connectivity with global providers

• Low latency underlying physical network – 25 Gbps with <100 µs one-way

latency within an AD

– <500 µs one-way latency between Availability Domains

– Oracle-managed backbone between regions

高效虚拟网络和连接

ORACLE CLOUD REGION

Provisioned bandwidth

Load Balancing

AVAILABILITY DOMAIN-1

VIRTUAL CLOUD NETWORK

Subnet-A Subnet-n

AVAILABILITY DOMAIN-2

Subnet-B Subnet-n1

AVAILABILITY DOMAIN-3

Subnet-C Subnet-n2

VPN

FastConnect Customer

Datacenter End customers

DNS

OTHER ORACLE CLOUD REGIONS

Backbone

5

Oracle 云服务:支持企业客户核心业务应用

ORACLE ENTERPRISE CUSTOMER & ISV APPS PERFORMANCE INTENSIVE CLOUD NATIVE APPLICATIONS ON ORACLE DATABASE WORKLOADS APPLICATIONS

Third party Custom Applications Applications

Oracle Cloud Infrastructure

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 6

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 7

Database Cloud

Oracle RDBMS, Oracle RAC, Exadata

Cloud Platform

Java, Big Data, Mobile, Integration Services

Hypervisors

Run VMWare / KVM

Cloud Applications

Enterprise Applications

Oracle Cloud Infrastructure 如何服务于微服务

Cloud Native Applications Micro Services, Big Data, AI/ML

Monitoring and Management

Developer Tools

Streaming and Pipelines

DevOps Tools and Services

Container Services

Docker, Kubernetes, Serverless Functions

Application Services

Next Layer Services

Core Services

Cloud Infrastructure 25 GB Network

Bare Metal

VM GPU NVMe

SSD Block

Storage File

Storage Object Storage

7

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 8

Copyright © 2019 Oracle and/or its affiliates. All rights reserved.

Oracle Cloud Native Services

Oracle Cloud Infrastructure

Oracle Cloud Native Services

LA = Limited Availability, customers can request early access to services.

Monitoring Streaming Notifications Events Observability +

Messaging

Container Engine for

Kubernetes (OKE)

Container Pipelines (Wercker)

Functions Resource Manager

Application Development

+ Operations

Cloud Infrastructure Registry (OCIR)

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. 8

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 9

Agenda

Oracle Cloud Infrastructure简介

Oracle Kubernetes 策略

OCI上部署 Services Mesh

OCI上部署 Serverless

Q&A

9

0

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 10

开发和部署的演化应用设施部署和打包应用架构开发流程

Hosted Virtual Servers N-Tier Agile

~ 2000

Plan

Release

Build

Code

Test

Operate

Monito r

Deply

DevOps Microservices Containers Cloud ~ 2010

Now

Waterfall Monolithic Physical Server Datacenter ~ 1980

~ 1990

1

1

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 11 1

Docker & Kubernetes 主导市场

容器 (Docker) 编排 (Kubernetes)

60%

15%

of enterprise companies (500+ hosts) use Docker

of all the hosts at these companies run Docker

40% of Docker users also use orchestrators

of these orchestration users prefer Kubernetes 80%

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 12

3

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 13

任何 CI/CD–比如

Jenkins, Oracle Pipelines 等 .

OCI Registry

AD 1 AD 3

Node Pool

K8S Cluster

Node Pool

BM

VM

VCN

PV

AD 2

Exposed Kubernetes Service

创建

测试

测试

测试

推送

OCI Container Engine for Kubernetes

Pods

LB

Oracle 容器引擎:打造强大的跨可用域分布式集群管理 • 容器原生 : Kubernetes 标准 ;完整生命周期管理;集成镜像仓库注册服务

• 开发友好 : 简单、流水行的用户界面;丰富 API;内置监控面板和 DNS

• 企业就绪 : Oracle 裸金属性能;高可用性;访问控制安全性

业界最强的

裸金属、

GPU

服务集成

1

4

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 14

管理控制台 —高可用性

Oracle Managed Regional Control Plane

AD1 AD2 AD3

Object Store

K8s Master

Etcd

K8s Master

Etcd

K8s Master

Etcd

Backup Restore

Clu

ster

Co

ntr

olle

r A

PI

1

API Server

Kube Scheduler

Controller Mgr

API Server

Kube Scheduler

Controller Mgr

API Server

Kube Scheduler

Controller Mgr

• 跨 Ads 的多 Master & Etcd 服务

• Etcd 正常备份、恢复能力

• Master 升级零宕机服务

• 集群生命周期、节点控制等

集群管理

5

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 15

Oracle 云上 Kubernetes 服务特性对比

快速部署

降低风险

加速创新

Benefits

App Management

Upgrades & Patching

Platform Backup & Recovery

High Availability

Scaling

App Deployment

Power, HVAC

Rack and Stack

Server Provisioning

Software Installation

Oracle Cloud Infrastructure

Customer Managed Oracle Service

App Management

Upgrades & Patching

Platform Backup & Recovery

High Availability

Scaling

App Deployment

Power, HVAC

Rack and Stack

Server Provisioning

Software Installation

Customer

提高可靠性

1

o

Envoy

o

Envoy

o

Envoy

OCI Developer Services Platform for Easy Build, Deploy, and Operate

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |

OKE Cluster

CI/CD

OCI Registry

P d P d

Marketplace

Service Brokers P d

OCI Cloud Services

ATP/ADW

Events

Streaming

Telemetry

Notifications

Cache

Container Pipelines, Jenkins X,

API Gateway

Compliance/Governance/Auditing/Policy Mgmt/Scanning/Atz

Istio Pilot Mixer Auth Telemetry Adapter

FluentD

Kibana/Grafana

Prometheus

Jaeger

16

Pod

Envoy

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |

Agenda

Oracle Cloud Infrastructure简介

Oracle Kubernetes 策略

OCI上部署 Services Mesh

OCI上部署 Serverless

Q&A

17

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 18

设计目标宗旨

最大化透明度

可扩展性

可移植性

策略一致性

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 19

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 20

wget https://github.com/istio/istio/releases/download/1.1.2/istio-1.1.2-linux.tar.gz

tar xvf istio-1.1.2-linux.tar.gz

cd istio-1.1.2

sudo cp bin/istioctl /usr/local/bin

kubectl create clusterrolebinding istio-cluster-admin-binding --clusterrole=cluster-admin -­

user=ocid1.user.oc1..XXXXXXXXXXXXX

helm init --service-account tiller

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 21

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 22

helm install install/kubernetes/helm/istio-init --name istio-init --namespace istio-system

#Verify that all 53 Istio CRDs were committed to the Kubernetes api-server using the following command: #If cert-manager is enabled, then the CRD count will be 58 instead. kubectl get crds | grep 'istio.io\|certmanager.k8s.io' | wc -l 53

helm install install/kubernetes/helm/istio --name istio --namespace istio-system \ --set ingress.enabled=true \ --set grafana.enabled=true \ --set servicegraph.enabled=true \ --set tracing.enabled=true \ --set kiali.enabled=true

kubectl get all -n istio-system

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 23

====Deploy Bookinfo Sample =======

kubectl label namespace default istio-injection=enabled

kubectl apply -f ./samples/bookinfo/platform/kube/bookinfo.yaml

kubectl apply -f ./samples/bookinfo/networking/bookinfo-gateway.yaml

http://129.146.158.123/productpage

Sample App

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 24

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 25

Oracle Functions—无服务器计算

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 26

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |

什么是 FaaS (Functions-as-a-Service)?

Functions 开发者 • 向平台提供功能代码 • 不用担心服务器

Functions 平台 • 抽象服务器的概念 • 确保函数在调用时可用 • 部署、触发、自动缩放函数 • 仅对于执行时间计费,不用于空闲时间

Functions

FaaS Platform

27

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 28

Fn—一个理想的无服务器平台 ?

• 开源 —没有厂商锁定

• 平台独立 —笔记本、服务器、云

• 易使用 —易于被新用户使用、对高级用户提供低层可控

• 基于 Docker—充分利用 Docker 环境

• Docker 调度独立 —支持 Kubernetes 、 Swarm 、 Mesos 等

http://fnproject.io

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |

主要特性

Function Dev Kits Open Source Engine

Oracle Cloud Triggers

Events

HTTP

Timer Streams

Container Native

Advanced Diagnostics Fine-grained Billing

29

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |

Serverless 使用场景:集成、扩展 Oracle Cloud

Functions

Analytics

ERP

Data

HCM

CX

Supply Chain

Storage Compute Network

Integration

Mobile

Business Insight Collaboration

Custom Apps Data Mgmt

Cloud Applications (SaaS) Cloud Platform (PaaS)

Cloud Infrastructure (IaaS) Audit Events

30

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. |

Serverless demo based OKE https://github.com/oracle/learning-library/blob/master/workshops/container-native-development-with-oke

31

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. 32

Oracle第二代云:轻松构建和运行 Cloud Native 应用支持裸金属、 GPU、无人驾驶数据库、数据实时同步技术等等

高性能计算、高速网络、存储等

OKE + OCI完美结合、缺省集群管理 *

提供多租户、 500G容器镜像库

支持 wrecker、 Jenkins、 JenkinsX、 Spinnaker等各种 CI/CD工具

提供 EventHub、 Data Cache Cloud Services

Oracle 提供完整的 Data Solution(Exadata、 Oracle DB、 OGG、 ADW..)

Infrastructure as code(Terraform、 Ansible、 API and 3rd Mgt Tools)

Q&A

Copyright © 2017, Oracle and/or its affiliates. All rights reserved. |