Oracle Container Engine for Kubernetes Level 100
Total Page:16
File Type:pdf, Size:1020Kb
Oracle Container Engine for Kubernetes Level 100 Jamal Arif Oracle Cloud Infrastructure October, 2019 1 © 2019 Oracle Safe harbor statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, timing, and pricing of any features or functionality described for Oracle’s products may change and remains at the sole discretion of Oracle Corporation. 2 © 2019 Oracle Objectives After completing this lesson, you should be able to understand: • Containers, Docker container engine • Orchestration systems and Kubernetes • Oracle Container Engine for Kubernetes • Creating a K8s cluster in OCI using ‘quickstart’ Key Containers / Orchestration Use Cases Share Container Use Cases Orchestration Use Cases Development Developer productivity; Consistent Automated deploys to accelerate 65% appstacks in Dev, Test & Production application release cadence CI/CD/DevOps Containerized dependencies; Rolling updates and reversals 48% Container registries; Operations Standardized environments for dev, Resilient, self-healing systems; High 41% testing and operations Availability; Elastic Scalability Refactor Legacy Apps Refactor from N-tier to portable Run distributed, stateful apps on scale- 34% containerized applications out infrastructure Migrate to Cloud Move entire appstacks and see them Cloud bursting; Reduce infrastructure 33% run identically in the cloud costs by avoiding over-provisioning New Microservice Apps 32% Create small purpose-built services Dynamically manage large-scale that can be assembled to scalable microservices infrastructure custom applications SOURCE: THE EVOLUTION OF THE MODERN SOFTWARE SUPPLY CHAIN, DOCKER SURVEY 2016 Docker and Kubernetes Docker Containers Kubernetes Orchestration • Popular, easy to use tooling targeting developer • Production grade container productivity management targeting DevOps and operations, • De facto standard container runtime and image with widespread adoption format • Complex but powerful toolset supporting cloud • Used for developer on-boarding and 1st scale applications generation application management • Rich operations feature set, autoscaling, rolling upgrades, stateful apps and more. 5 Docker & Kubernetes Lead the Market Containers (Docker) Orchestration (Kubernetes) of enterprise companies of Docker users also 60% (500+ hosts) use Docker 40% use orchestrators of all the hosts at these of these orchestration 15% companies run Docker 80% users prefer Kubernetes 6 Container Orchestration And Containers as a Service (CaaS) • Multi-container apps • Orchestration as a service • Scheduling • Hosted Container Runtime • Service Discovery • Minimize operational overhead • Maintaining Desired State Not subject to restriction. Container Engine for Kubernetes - OKE Introducing Container Engine for Kubernetes - OKE • Managed Kubernetes container service to deploy and run your own container based apps What is It? • Tooling to create, scale, manage & control your own standard Kubernetes clusters instantly • Too complex, costly and time consuming to build & maintain environments What Problems • Too hard to integrate Kubernetes with a registry and build process for container lifecycle management Does it Solve? • Too difficult to manage and control team access to production clusters • Enables developers to get started and deploy containers quickly. Gives Key Benefits DevOps teams visibility and control for Kubernetes management. • Combines production grade container orchestration of open Kubernetes, with control, security, IAM, and high predictable performance of Oracle’s next generation cloud infrastructure 9 Kubernetes Challenges • Managing Kubernetes Infrastructure, upgrading, Security security Networking Complexity • Container networking & persistent storage Storage Monitoring • Managing Teams & Access Logging Reliability • CI/CD Integration, Scaling Based on Load automated testing, conditional release Choosing solution Vendor Support 0 10 20 30 40 50 60 Percentages reported by companies with >1,000 containers (Source: CNCF Survey, The New Stack, 22 Mar 2018) Working with OKE and OCIR on OCI OCI Registry (OCIR) OCI Container Engine Customer’s OCI for Kubernetes (OKE) Account/Tenancy Cluster Management VM based Clusters and Nodes HA - 3 Masters/etcd In-flight and at rest data across 3 ADs encryption Bare Metal Clusters and Nodes Container Engine Dashboard Oracle Cloud Infrastructure Oracle Managed Customer Managed 11 OKE/OCIR Pricing and Packaging OCI Registry OCI Container Engine Customer’s OCI for Kubernetes Account/Tenancy Cluster Management Pay only for the OCIVM based Clusters and Nodes resources used HA - 3 Masters/etcd across 3 ADs In-flight and at rest data Free Free to runBare Metal Clusters and Nodes your K8s clusters encryption Container Engine Dashboard (VM’s, Storage, LB, etc.) Oracle Cloud Infrastructure Oracle Managed Customer Managed 12 Oracle Container Engine (OKE) and Registry Container Native Developer Friendly Enterprise Ready • Standard Docker & Kubernetes • Streamlined Workflow • Simplified Cluster Operations Ø Deploy standard & open upstream Ø Use your favorite CI to push Ø Fully managed, highly available Docker and Kubernetes versions containers to the registry, then registry, master nodes and control for compatibility across Kubernetes to deploy to clusters plane environments and manage operations Ø One-click Quick Create for secure • Registry Integration • Full REST API Private Worker Nodes/Subnets Ø Full Docker v2 compatible private Ø Automate the workflow, create • Full Bare Metal Performance registry to store and manage and scale clusters through full and Highly AVailable IaaS images REST API Ø Combine Kubernetes with bare • Container Engine • Built In Cluster Add-Ons metal shapes for raw performance Ø Deploy and operate containers Ø Kubernetes Dashboard, DNS & Ø Deploy Kubernetes clusters across and clusters Helm multiple Availability Domains for resilient applications • Full integration to cloud • Open Standards • Team Based Access Controls networking and storage Ø Docker Based Runtime Ø Control team access and Ø Leverage the enterprise class Ø Worker Node SSH Access permissions to clusters networking, load balancing and persistent storage of Oracle Cloud Ø Standard Kubernetes Infrastructure 13 Containers Use Case: Lift & Shift WebLogic Application WebLogic Pull WebLogic Application Build Push Docker and Operator image to images from WebLogic Server Define build Test Registry for CI/CD Registry toolchain Container Push Cloud Container Dockerfile Pipelines, Infrastructure Engine for Jenkins, etc. Registry Kubernetes Containerize WebLogic Deploy images to production WebLogic Application WebLogic WebLogic Operator Application managing WebLogic WebLogic Server + Server Domains Migrate data WebLogic store Autonomous Kubernetes Transaction worker nodes Processing Data Store (ex. Oracle Database) ORACLE CLOUD INFRASTRUCTURE 14 Containers Use Case: Refactor an Existing Application Push Docker Build images to Pull images User Interface Test Registry from Registry Push Code App Server + Push Container Data Access to CI/CD Container Cloud toolchain Pipelines, Infrastructure Engine for Kubernetes Data Store Jenkins, etc. Registry Microservices Deploy images Containers running to production Re-factor app microservices Kubernetes User Interface worker nodes App Server + Data Access Monolith Application ORACLE CLOUD INFRASTRUCTURE Data Store Copyright © 2018, Oracle and/or its affiliates. All rights reserved. 15 Creating an OKE Cluster in OCI Pre-requisites for creating a K8s Cluster via Quickstart • Monthly universal Credits have limit of 3 clusters per OCI region with 1000 nodes in a cluster and Pay-as- you-go or Promo accounts have a limit for One Cluster (by default) • Must also have compute Instance Quota (Required) – to launch k8s worker nodes in an AD or across ADs for HA • Required Policy in the root compartment of your tenancy allow service OKE to manage all-resources in tenancy • To launch a K8s cluster, user must be either part of the Admin group or a group to which a policy grants the appropriate Container Engine for Kubernetes permissions. • Policies can be created for users which are not part of the admin group • For Example: To enable users in group ’dev-team’ to perform any operation on cluster-related resources à allow group dev-team to manage cluster-family in tenancy Note: Polices must also grant the group ‘dev-team’ Networking permissions of VCN_READ and VCN_CREATE, SUBNET_READ and SUBNET_CREATE, COMPARTMENT_INSPECT, INTERNET_GATEWAY_CREATE, NAT_GATEWAY_CREATE, ROUTE_TABLE_UPDATE, SECURITY_LIST_CREATE: Details here OKE Quickstart Step 1: Navigate to Menu à Developer Services à Container Clusters (OKE) à Create Cluster OKE Quickstart Step 2: Cluster Creation Name of the Cluster The version of Kubernetes to run on the master nodes and worker nodes of the cluster. Either accept the default version or select a version of your choice. Amongst other things, the Kubernetes version you select determines the default set of admission controllers that are turned on in the created cluster (the set follows the recommendation given in the Kubernetes documentation for that version). OKE Quickstart (contd…) Step 2: Cluster Creation New network resources for the cluster are created automatically, the worker nodes in