I am an experienced product manager who has worked on groundbreaking enterprise software in several different industries.View the profile
I'm an engineer and Google Cloud developer advocate, Docker Captain, certified Docker associate, and Go programmer who is fanatical about cloud computing, container technology, microservices, service mesh, serverless, and distributed systems.View the profile
About the talk
This second of two sessions is a technical deep dive on the components of Anthos. Learn from demos which illustrate the value of each component in the context of an enterprise customer’s environment and organization. The value of the components are seen through the lens of three primary personas: operators, security engineers, and developers. Join this session for a deeper technical understanding of Anthos overall and the components that make it up, as well as an understanding of how the platform maps to enterprise customers’ modernization needs.
Speakers: Dan Ciruli, Tony Pujals
Google Cloud Next ’20: OnAir → https://goo.gle/next2020
Subscribe to the GCP Channel → https://goo.gle/GCP
product: Anthos; fullname: Dan Ciruli, Tony Pujals;
event: Google Cloud Next 2020; re_ty: Publish;
And welcome to the end of Deep dive session. Part to My Name Is Dance, really. And I'm a product manager at Google Cloud. And we're going to walk you through the second part of the Deep, dive on antos. I'm going to start with a little bit of a level set to make sure that you're clear on what the different components are within an toes and why they exist. And then I'm going to spend some time with diving on Anto. Service mesh, and Tony is going to spend some time on cloud, run for Anthem but first, and those itself and those is an application
modernization. Platform is a platform to let you write applications and run them anywhere on Google cloud in your own premises or on other clouds. Even at the edge in places, like retail facilities or warehouses, it's a software-based solution that is aimed. At solving the problem of how difficult it is to run things in different places right now. It's there to give you consistency across the different locations are going to have to deploy in order to make your developers in your operators. More efficient. Fair jobs. One of the key things that antos enables
you to do is to modernize in placed into the cloud can be hard. Moving from old monolithic architectures two. New ones can be hard and it's hard to do both of those things. At the same time, that's doubly hard on with an. So if you can modernize your application where you are still in your, in your data center, that's where you are and move to the cloud later. As a, the Second Step, it's much easier process to follow when you do start running applications in multiple locations and those gives you consistency it, lets you do things like right policy about security and have that
policy in effect, regardless of where the application is running, this gives your developers your operators, your security people all consistency to run the application, the same way, no matter where it's running. When key factors for answers is that it is a 100% software-based Solutions. You don't need to invest in new hardware friend though. So it runs on your existing hardware and at its core, it's based on a trio of Open Source. Projects, would you container management using antos gke? Which is, of course, based on the popular kubernetes deployment system.
The service mesh component is an tow service in which is based on you steal the popular open-source Sarah Smith and the top giving your developers a great development, experience is cloud, run Francis. We also have a great Marketplace for the other things that you might want to run other software databases etcetera, and around this whole thing. We've got a very good policy management system that lets you manage policy across all the different locations and good operations to us. So that the people who are running the software have the same experience real This is where it's
running on Google cloud in your own premises on other clouds, or at the edge. Now, let me talk a little bit about my favorite component in any of those anthos service mesh. And it's not about answering service mesh. I want to talk about it as an industry of moving away from monolithic application of. Why did we decide to move away from Aunt, monolith? Actually that second bullet to me a Mindless. Make it slowed, it going to be when you have a hundred developers working on an application, you're probably the point that application, maybe once a quarter. Maybe once every
6 months is a very difficult to test and and release when you're when you're deploying, huge applications. They're also very expensive descale because mama has 10 to run on Don, specialized very expensive hardware and buy multiple instances of that can be very expensive and operation is is, is typically very difficult process. The move to Microsoft billing address is a lot of these problems. And again, starting with Innovation with microservices, you have small teams of developers who are each deploying, small units of code because they can deploy. And apparently they can. A
lot faster, they can ship features, much much more frequently. That means you end up shipping features to your customer a lot more often and you can scale them. All independently, microservices are typically deployed in containers are running on commodity hardware, and they scale independently. And finally, you got a great ecosystem of Tools around operations that make operating these easy. So, what is a service mesh? Well at service, mesh helps you solve some of those issues, you'll have, if you decompose your application, as a service, mesh transparently, and in a language independent way
ads functionality into your network calls, so that your developers don't have to write a new bunch of new infrastructure to handle this. It's a core component of anthos. We offer Anto service mesh, as I said before, this is based on East. You the most popular service mesh application in open source today. And what does it do? Specifically, what are three main things that you get from a service message first to understand the traffic between your services? Now that your mom is broken up into microservices, you got a lot of components communicating with each other and a
service that mesh can make sure that you are monitoring logging and tracing all of that traffic. So you can understand your application. Second a service mesh gives you Advanced networking functionality to make it so you can have operational agility make it so you can safely. Roll out, new components, do locality base load balancing. If you're running in multiple clusters and finally a service mesh, let's use to cure all of that traffic and ensure that everything is encrypted in transit. And you can write policy to dictate who's allowed to communicate. Today I'm going to focus on two
key areas here in understanding your application and the ability to use some of these Advanced networking capabilities. And to do that, we're going to use some chaos engineering and inject a little chaos in your application. Let you test the resiliency of your application by seeing what happens when a different components brake and a service mesh, in addition to a lot of other things it can do can allow you to inject chaos. And what I'm going to demonstrate now, is how we can inject some chaos to see how our application behave as if one of the components
starts running more slowly or if one of the components starts failing, For this demonstration. I'll be using an e-commerce application. It was developed using microservices so we can deploy frequently and independent. As you can see, it's a nice modern application with a bunch of services underneath. Let's look and see what and those service Mass can do to help us understand this application and how failures might contribute to it. A serviceman is gathering all kinds of information about our
application, not just the Telemetry that it's been gathered. But the actual topology of the application, which services are communicating with which other services. I can see every service in my application as well as how they relate to every others, including how much traffic there. Setting the others, this is some powerful information. And for any of these Services, I can dive in and I can understand them even more deeply here. I'm getting tons of information about my front end of the application. This is the one that users actually hit. So it's the one I care the most
about it. As with every other services deployed in the mesh, I get great Telemetry on it. I can see how much traffic this is serving. I can see things like what is error rates are and how they changed over time, as well as what it's late fees are. I can do this on many one of many times bands. I can zoom out a little bit and see how it's been performing during the day. What are the great features about inter-service measure the ability to set service-level objectives. As I said, this is really important, especially on the front end for me to assess the health of
my application. I can see that this application is currently healthy and I've got an objective here that says a certain percentage, 95% of my request, should be fulfilled within 200 milliseconds. However, earlier today, you can see where I injected a little chaos in the system and imma show you how I did that. Anthos service mesh and its use of the istio apis to inject a delay in my service. I've got a recommendation service in here, and recommends, new products to customers. And I
said, 10% of the time, I want you to add a one, one second delay to see what the effect of that would be on the system, be a pretty well, but let's look closely again at that service level check 2 I can see that I started feeling that objective some of the time when I when I injected that chaos and if I look at my air budget, over this timeframe actually see it's going down relatively rapidly. Now the system isn't telling me that I'm going to run out today. In fact I think I'm going to make it through the day but this does tell me is a
person running the service. I got a dependency that I'm really are that is very critical for me. If the recommendations of us were to actually start performing like this. I would be close to and maybe even would exceed my SLO and run out of here. So what am I going to do about first? I would tell the recommendations team you should be sitting your own. I need you to be returning faster after you catch around here. But second and told me that I should make sure that the front end is resilient and in fact, may be in timeout, if we recommendation service takes too
long and Christmas could help with that as well. Now, I'm going to talk about a different sort of chaos. We can inject and not his failures. As we said before the series. Mash is telling me exactly how my system is related to how many services comprise it and how they relate to each other. Here, you can see my front end to talk to a service call the cart service. Now, the cart service is an important service in my application. People can't see what they're buying, if they, if they can't put things in the car, however, is that should fail
at some point, I still want the system to be resilient, so I'm going to use an Tow Service met to inject some chaos. I've got a file here, called cart are, again it's using the open-source API and it's saying, hey in the car service, I want you 100% of the time to throw a 500 and not going to have to redeploy. The application that are not going to have to recoat the app. I'm just going to tell the service Miss to start returning these parents. I've already made this change and I have made a commitment.
And I can see all I need to do is push this and it will just push it and it will take effect. So Call you in Jackson chaos here. And then I'm going to push this. Now my system of record which is the the source code repository has the new policy. And those config management is taking that policy and pushing it into my questions. And it seems they do, I can see the effects of that policy. So my application is still here and running and wow, is that a catastrophic failure? Now
I got my shopping cart service is important but this is not acceptable. This is telling me that I need to be more resilient. So now I'm going to have to go to the front end application team and make sure that they are resilient to a failure from the shopping cart application. Now, I do want to say, you saw that injecting chaos, put some serious brake issues in our application. I don't recommend you do this in your production clusters at least its first, I'd like to turn it over to Tony. He's going to talk about Cloud, Ron
Francis. So then just did a really great job of explaining the benefits of microservice architecture and what an tha's does to help you manage these applications that you deployed. But what can we do to improve that experience for developers? So the metaphor here is I want to be productive in my space. I want to enjoy my space but I don't have to do all the work to create the space. So how can Cloud Run For answers? Help us with that. What we see here is that for anthos is right here at the top of this stack, meaning that it is focused on the developer experience
and what can we do to prove? That develop experience, we're going to get to that. Why would you choose Cloud? Run for antos in a nutshell. The idea is that you going to get all the benefits of containerization of your microservice applications, but without the overhead, a Banjee infrastructure and dealing with some of the complexity that kubernetes introduces, when you work at the cougar, ladies level for your applications, So looking here, what we see is a spectrum where you can deploy applications directly on cram as a VM. Primer in the cloud and on the far right. We have a fully managed
service experience. But whatever reason that your Oregon has chosen anthos, it's because likely because you need to run certain applications that don't fit the service model, you got infrastructure that you do have to manage but for those applications that can benefit from the Cerberus approach. You can leverage Cloud run for antos without having to worry about the infrastructure for those applications that you deploy called run for antos, leverages K native, which is built on top of kubernetes and therefore your operators and everybody never varmint familiar with Buble's already gets to
leverage that, but from the developer experience, you're going to be able to deploy your applications using a much more suitable find model. How many demonstrate exactly what that means. Because I'm going to take us a map that Dan was demonstrating and I'm going to migrated to call run for anthis. Alright, let's dive in. This is the RICO for the microservices demo app that's launched as part of the anther. Sample employment that Dan used. It's a fairly High Fidelity example of a sophisticated microservices applications built. For a fictional Enterprise is published as an e-commerce website
called online boutique and Architectural, e is composed of 10 microservices. That can you get over grpc and it's got a data store that we've simulated with reddest and also we've added a load generator so that we can simulate a bunch of user sending traffic to the public front end. It's typically deployed as a kubernetes. Plus it's Gio application as Dan previously, demonstrated. So what I'm going to show you is how with just some configuration changes. You can take advantage of the simplify service model and
seamlessly integrate. This with existing work clothes running on your kubernetes clusters and that's the main point of going to be driving here today. So another words his demo isn't going to be about all the benefits of a service per se is already kind of content about that more. Importantly I want to show you how Cloud run for an tha's. Makes it easy for your options or provide you with the benefits of serverless coexisting seamlessly into kubernetes environments. Average, your operators. Along with the benefits of using anthos, our application modernization platform.
And so with Cloud, run for anthis, you're going to get to exploit the best developer deployment model, that makes the most sense for each service that you build and deploy. and just to take a look at it, here are Here are the kubernetes manifests. How do you spell manifest? And so what we're going to do? Is what you want to do, is for my repo here, car, run, Francis labs and and go to this sample right here. And here all the instructions are provided to everything that I'm going to show you can be found in this repo including a script that you're going to need
a wall that you can use for creating a kubernetes cluster with g k e, e. And if you want to create a, if you want to create a cluster using the web console just met, remember to make sure that you check the box enable Cloud Run For answers for the cluster. This, this line here basically he is the part that ensures that our cluster is going to be is going to have the full Cloud, run for Anthem support enabled. Now, I have already done this to say sometime. So let's go to our kubernetes. Engine dashboard.
Confirm, I got cluster one here. It's just this is just a just a kubernetes cluster running on gke. And this is what was installed with the cluster with the car run support enabled. The only service is running on it right now. We still were here by namespace. So within the GK, connect namespace, what we're going to see his support for cloud. Run are reporting and logging to stock driver control plane component. For configuring are colossal local Gateway for all the traffic in me. Yo
microservices microservice, internal traffic as well as our public Ingress to the cluster and these last four services are all Are all required to provide that service foundation on top of kubernetes that makes Cloud run. Francis work Now that we've got a cluster or going to one of the player application, let's take a look. At the configuration changes that we need to make this work with Cloud run for an tha's, a quick refresher. Here's the architecture of our application. Once again, I want to point out that the load generator is a long-running service that is
intended to send traffic as long as the service is running in until it's terminated. So as a long-running service, this is not a good candidate for running under running as a service app and therefore this is going to be deployed as a standard community service credits which is also not a good candidate for service because it requires an attached volume and and this isn't consistent with the goals of running as a teenager service under the under the hood for Augustine purposes.
Service model. So this is a lot of running service and this is a stateful service. These are both going to be deployed as normal as normal kubernetes deployment. The rest of these will be deployed as this apps. So what we're going to look at is the Delta between the original kubernetes manifest in this repo, and the Manifest that I have added for you in this repo. Under the key native directory. I want to go to do actually, as I'm going to switch over to my editor. Because I want to give you a little bit of an overview about what
changes before I actually drove into the details. Except for one thing that can Aid of offers, a simplified configuration abstraction. There's a single service here compared to the need for two different configurations, a service and a deployment utter kubernetes. And because of that, you don't need all of the selectors and and labels to correlate the two configuration. You also don't need to pee determine the the number of a replicas you're going to need an in anticipation of of loading and availability requirements
to take advantage of the fact that she needed for lies out of out of the box. You can still configure minimum and maximum limits if you want to but you don't again. You don't have to anticipate that load. And if you only have a single container in your service, you don't even need to give the container name minor simplifications. But when you look at all of these and aggregate, you what you'll find is actually made of offers a very nice simplified configuration abstraction for your service resources.
So now let's dive into the actual configuration in more detail here under the age of 51 directory US, Open up to Services, he will file it. Actually the first one that I want to start with start with the front end, since that's the logical. Entry point for the application anyway. What we see here is that the police service has exposed, the internet is true as the web user interface and it communicates with various back-end services will be here. Obviously. First realize that declaring that this is a
a service resource using the UK native serving API. We we be provided a name and metadata that name needs to be unique within the name space. There's no name space that we specified here. So the default is default. There's only one container. Provided here. We only need one container for this service, so there is no name for the front-end service expects environment. Variables with a DNS name. I use be set for each of the back-end services that it will send a request to. So note also that all of the services are in the default name
space, as well as indicated by their last names. Please decrease compute resource requirements for the container I specify here and at least 10% of a v CPU, limited to 20% at least 64GB bites to start with and a limit of double. Since the front end service listens. Are the port identified at runtime with important environment variable, that is automatically set bike a native. There's no need to specify a container Port value here. As some of the other services will be the default for the port is 8080. It's a good practice for a cane a disservice
to get the value of that. Poor environment variable anyway, which this app does. So now now that we've covered, that must must must move on. Let's go to the ad service. So the front end fetches, short text advertisements to display from a service by send me a list of important key words from the current page describing context. There's important things. No, dear, I just two things in addition to the name there is meditating that is used to configure the services visibility
as Custer local and this means that there's no public access to the answer, but it's a private cost for local only service that is accessible from within the cluster. Container Port is set to 80 80 and and although that's actually the default because we need to provide this and I'll explain this in a moment. We got to provide the full configuration so we do have to specify containerport. The reason why we're providing name is this is a specific name that indicates that we're going to be communicating with igr
PC or technically, this is TCP. That's what the HTC stands for provided that the HTTP 1. Mercy, movie on car service. Okay, so this provides a shopping cart functionality for the app the configuration should start looking pretty to only a couple things, we need to know hear the app does take a port option to this - p and we get the value from the port, environment variable that stuff by Canada. It's listening on 80 80. And again this is a grpc service H-E-B 2/2 ACP
couple of other environment variables, getting it here. And And basically, that's it. Check out service. Check out service is used to purchase items that the customer is added to their cart and like the front end. And the car service that we just saw the checkout services, check out service uses environment variables to get the addresses to use for its back in back instead of communicate with. And that's not sit here. Currency Service is used to convert. Currency to display price and here we can see that it actually listens on a
specific sport 7000 so this would need to be specified. Anyway, even if we weren't using grpc, which we are Email service sends ordering, and payment and Confirmation after purchase. And it's already been mentioned. But the only reason again for this specific Port even though, sit, if all this BS, again, this is a grpc. These are all of the services are going to be grpc, except for the front end. Cover the front end. Payment service says used to make purchases at checkout and there's nothing really new to explain about. This
product. Catalog service is used to convert currencies, explain price. And again, she look familiar. Nothing to explain here. Recommendation Services used to make similar product recommendations while browsing and nothing. You'd explain here and the shipping service Which is used to purchase products that witches use to ship your purchase products and is nothing new to explain that. This is all we had to do to take our manifest. It was basically about we stripped out did have to add some things.
We had to add the labels that that constrained our visibility + 2. Provide these Lisa hints as to the type of traffic that we want. That's it. Now, this is so take a look at the point the app, I'll go ahead and start up a couple of watches for our kubernetes deployment and also around the case service resources that just gives us another perspective on the pointy Services. I'll want to deploy. Our back end for reddest. Let me that this was a state full service with a volume at a church. So this is just
a normal kubernetes employment and then I'm going to deploy the app itself. For now, I'm going to deploy the second version of the app. Go to the repo, check out the lab to see what it means to have scaling to zero. Configured and what it means for auto scaling up in the v34 version. But this will just be the B2 version where I set minimum scale to 1. So the service has never actually skilled zero because for the services for the website, when I don't expect a response to the user interface so it's this is a nice
thing to be able to do is normally the default. That's also great for services that don't need to run all the time and consume a computer resources for what you're getting built. now that the app is running, I can Saucy to do that. I'm going to need to know the Gateway IP any system namespace for, is your Ingress in there, zip, I'll also need to know the The DNS name for the, for the, for the front end. LOL, we'll see here is actually by default. The domain would have been example.com. I already provided a custom mapping just another configuration that you
apply. I took this basic a tablet. And I configured it for Domaine that I control Tony for jobs.com. So that's what we're seeing right there. By curl it. This request is going to go to the Ingress Gateway. Anna needs to know which to which service to send it. And so, with curl, I will do that by providing a homesteader. Car front end service and the default namespace. It would buy the faulty to apple.com. But in this case is I provided a custom domain. It's calm.
And here is the IP that we're going to send that to you. I got, we can see that apiece responded again. All those also do this in the browser. Now, if I send it to the IP address, obviously, I can send it to example.com since that's not my domain. I can't come to your record before I send it to the IP address. I need to do something similar. Like we just did down here, one week, roll it. I need to Supply Baton I'm stuttering. So you can use the mod header Chrome extension, specify your Hostetter,
apply some filter pattern so it doesn't apply to every other a website that you got it. I know you got this great for local testing until you go through the trouble of actually configuring that custom domain by you can test. I can also, since I did configure for my domain, I can also take advantage of the automatic certificate for https support and then you go on at the top level. Tell me $3 out, here's the application. You never seen it before. It's a simple. Online shopping experience, for each one of these items I can drill in. I can see that the
recommendation service is providing other products that are similar. I can see if I refresh this page some stuff. Date. Add stuff to the cart. Place your order. Coffee go. Last thing I want to do real quick is I want to go over to the cloud One dashboard. Tera console. There's all the service is running for each one of these Services you can Get access to his performance and resources is consuming. Take a look at logs. even though I go over directly to the
stock driver page in console, and get access to a ton of information about, How things are doing? So I'll take a look again at the logs but with control over them how you want to filter what you want to know. Let's see my container logs. Which are in the default names. For my main containers. And maybe I want to. Watching streaming. Okay. So let's go back here. TV repo. This is where you want to go. There's a loud. Is all the steps to be able to get through this lab including a checking out all the out of stealing stuff that I didn't demonstrate this feeling to
zero and scaling up and and I'm finally cleaning up when you're all done. I hope what I did them straight though is that with Cloud run for an so's, you can definitely take advantage of your kubernetes knowledge and Busters and seamlessly coexist with your kubernetes workloads. And Anthony is the biggest value proposition of cloud run for antos. In the fact that your developers get to exploit this herbalist programming model that will accelerate their development. So, I'm thanks a lot and I'm back to you, Dan. Thanks, Tony,
that was amazing. I bet after watching two of these deep Dives, you're ready to try and those for yourself. Great news, we're ready for you to try that. Just go to goo. G l e. / triantis that's due. Go try out those and we've got a fully hosted a Hands-On try, a little spin up, a cluster where you can experiment with all of these features yourself. Thanks very much for your time.
Buy this talk
Buy this video
With ConferenceCast.tv, you get access to our library of the world's best conference talks.