1 of 68

1

Advanced Deployment techniques with Kubernetes

@rafabene

http://bit.ly/thedeploymaster

Link

@rafabene

rafael.benevides@oracle.com

2 of 68

rafael.benevides@gmail.com

@rafabene

apiVersion: oracle/v1

kind: PrincipalProductManager

metadata:

name: Rafael Benevides

namespace: Oracle Linux team

annotations:

apache/contributor: Apache DeltaSpike PMC

labels:

developer: Java, NodeJS

hobby: 4x4, drones

spec:

replicas: 1

containers:

image: benevides/rafael:latest

Rafael Benevides

3 of 68

“Now, every company is a software company” — Forbes, 2011.

4 of 68

4

@rafabene

5 of 68

Our IT World Morphs

@rafabene

developers.redhat.com

6 of 68

developers.redhat.com

@rafabene

7 of 68

3 Month

Deployment Cycle

3 Months BEFORE you gain Feedback and Learn

Plan

Dev

QA

UAT

Deploy

@rafabene

8 of 68

Feedback

Loop

9 of 68

9

@rafabene

10 of 68

10

@rafabene

11 of 68

Batch Size

12 of 68

3 Months

Vs

1 Week

@rafabene

13 of 68

January

Time

April

Innovation

Learning

Feedback

February

March

@rafabene

14 of 68

14

Maintenance

Window

@rafabene

15 of 68

Zero Downtime

16 of 68

@rafabene

17 of 68

@rafabene

18 of 68

18

Blue

Green

Deployments

@rafabene

19 of 68

19

Blue

@rafabene

20 of 68

20

Blue

Proxy

@rafabene

21 of 68

21

Blue

Proxy

Green

@rafabene

22 of 68

22

Blue

Proxy

Green

@rafabene

23 of 68

23

Blue

Proxy

Green

@rafabene

24 of 68

24

Blue

Proxy

Green

@rafabene

25 of 68

Demo

26 of 68

26

Rolling

Upgrade

@rafabene

27 of 68

27

Proxy

@rafabene

28 of 68

28

Proxy

@rafabene

29 of 68

29

Proxy

@rafabene

30 of 68

30

Proxy

@rafabene

31 of 68

Demo

32 of 68

32

Canary

Deployments

@rafabene

33 of 68

@rafabene

34 of 68

Canary Resuscitator

http://www.openculture.com/2018/05/the-device-invented-to-resuscitate-canaries-in-coal-mines-circa-1896.html

Thanks to Paolo Antinori!

35 of 68

35

Proxy

@rafabene

36 of 68

36

Proxy

@rafabene

37 of 68

37

Proxy

@rafabene

38 of 68

Canaries with Kubernetes

Pod

Container

JVM

Service A v1

Pod

Container

JVM

Service A v2

Service

Route/

Ingress

50%

50%

39 of 68

Canaries with Istio

Pod

Container

JVM

Service A v1

Pod

Container

JVM

Service A v2

Service

Route/

Ingress

90%

10%

40 of 68

Istio - Sail

@rafabene

41 of 68

Microservices embedding Capabilities

@rafabene

Container

JVM

Service B

Discovery

Load-balancer

Resiliency

Metrics

Tracing

Container

JVM

Service A

Discovery

Load-balancer

Resiliency

Metrics

Tracing

Container

JVM

Service C

Discovery

Load-balancer

Resiliency

Metrics

Tracing

Before Istio

42 of 68

Microservices externalizing Capabilities

@rafabene

Pod

Container

JVM

Service A

Sidecar Container

Pod

Container

JVM

Service C

Sidecar Container

Pod

Container

JVM

Service B

Sidecar Container

After Istio

43 of 68

Microservices externalizing Capabilities

@rafabene

Pod

Container

JVM

Service A

Sidecar Container

Pod

Container

JVM

Service C

Sidecar Container

Pod

Container

JVM

Service B

Sidecar Container

After Istio

The sidecar intercepts all network traffic

44 of 68

Envoy is the current sidecar

@rafabene

Pod

Container

JVM

Service A

Sidecar Container

Pod

Container

JVM

Service C

Sidecar Container

Pod

Container

JVM

Service B

Sidecar Container

45 of 68

Demo

46 of 68

46

A/B Testing

@rafabene

47 of 68

⅓ Positive Value-Add

“Our experience at Microsoft is no different: only about 1/3 of ideas improve the metrics they were designed to improve.”

Ronny Kohavi

Microsoft (formerly Amazon)

http://ai.stanford.edu/~ronnyk/ExPThinkWeek2009Public.pdf

48 of 68

What is your�

Hypothesis?

49 of 68

ACME Laptop 128GB SSD, 8GB RAM

$323.56

Touchscreen

128GB SSD 8GB RAM

Core i3

Windows 10

Add to Cart

In-Store Pickup (15 available)�Raleigh, Central Ave, Store #1123

Recommendations

A

ACME Laptop 128GB SSD, 8GB RAM

$323.56

Touchscreen

128GB SSD 8GB RAM

Core i3

Windows 10

Add to Cart

In-Store Pickup (15 available)�Raleigh, Central Ave, Store #1123

Recommendations

B

@rafabene

50 of 68

ACME Laptop 128GB SSD, 8GB RAM

$323.56

Touchscreen

128GB SSD 8GB RAM

Core i3

Windows 10

Add to Cart

In-Store Pickup (15 available)�Raleigh, Central Ave, Store #1123

Recommendations

A

B

ACME Laptop 128GB SSD, 8GB RAM

$323.56

Touchscreen

128GB SSD 8GB RAM

Core i3

Windows 10

Add to Cart

In-Store Pickup (15 available)�Raleigh, Central Ave, Store #1123

Recommendations

@rafabene

51 of 68

ACME Laptop 128GB SSD, 8GB RAM

$323.56

Touchscreen

128GB SSD 8GB RAM

Core i3

Windows 10

Add to Cart

In-Store Pickup (15 available)�Raleigh, Central Ave, Store #1123

Recommendations

A

B

ACME Laptop 128GB SSD, 8GB RAM

$323.56

Touchscreen

128GB SSD 8GB RAM

Core i3

Windows 10

Add to Cart

In-Store Pickup (15 available)�Raleigh, Central Ave, Store #1123

Recommendations

@rafabene

52 of 68

ACME Laptop 128GB SSD, 8GB RAM

$323.56

Touchscreen

128GB SSD 8GB RAM

Core i3

Windows 10

Add to Cart

In-Store Pickup (15 available)�Raleigh, Central Ave, Store #1123

Recommendations

A

B

ACME Laptop 128GB SSD, 8GB RAM

$323.56

Touchscreen

128GB SSD 8GB RAM

Core i3

Windows 10

Add to Cart

In-Store Pickup (15 available)�Raleigh, Central Ave, Store #1123

iOS Users

In North Carolina

@rafabene

53 of 68

Development

QA

Staging

Production

commit

SCM

Router

Users

A/B Testing

Hypothesis - Experiment - two variants: check-out button placement increase sales conversions for iOS users?

@rafabene

54 of 68

54

Dark

Launch

@rafabene

55 of 68

Dark Launches with Istio

Pod

Container

JVM

Service A v1

Pod

Container

JVM

Service A v2

Service

Route/

Ingress

100%

100%

@rafabene

Mirror requests

56 of 68

Application State during deployments

57 of 68

  • A methodology
  • Manifesto
  • Best practices
  • Principles

Created by

@rafabene

58 of 68

VI. Processes

Execute the app as one or more stateless processes

"Sticky sessions are a violation of twelve-factor and should never be used or relied upon. Session state data is a good candidate for a datastore that offers time-expiration, such as Memcached or Redis."

@rafabene

59 of 68

Demo

60 of 68

CI/CD Pipelines

61 of 68

Jez Humble Continuous Delivery

Continuous Delivery is the ability to get changes of all types—including new features, configuration changes, bug fixes and experiments—into production, or into the hands of users, safely and quickly in a sustainable way.

62 of 68

Purpose Of Pipeline

Jez Humble

“Job of deployment pipeline is to prove that the release candidate is unreleasable”

63 of 68

build

Development

buildbuild

Staging

commit

SCM

Router

Users

CI/CD Pipeline

Starts with a “git commit and git push”

build

build

buildbuild

Choose your deployment pattern

@rafabene

64 of 68

Demo

65 of 68

@RAFABENE

@rafabene

66 of 68

Run them on Linux

Virtual

Physical

Private

Public

Oracle Linux

Node

Node

Node

Master

API Server

Dev

Ops

SCM�(Git/Svn)

CI/CD

Automation

Controllers

- Scheduler

- Replication

- Services

- Builds

- Routes

- Deployment

Kubernetes

Ingress Gateway

67 of 68

67

https://developer.oracle.com

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. |

@rafabene - bit.ly/quarkus

68 of 68

68

https://cloudnative.oracle.com

Copyright © 2019, Oracle and/or its affiliates. All rights reserved. |

@rafabene - bit.ly/quarkus