多雲一體就是現在 google cloud 的 - vmware vforum · google cloud platform single-pane of...
TRANSCRIPT
多雲一體就是現在: GOOGLE CLOUD 的KUBERNETES混合雲戰略
安玟宇 Wayne AnCustomer Engineer, Google Cloud
安玟宇Wayne An
Customer Engineer, Google Cloud
多雲一體就是現在: Google Cloud 的Kubernetes混合雲戰略
分散一切的世界即將來臨
#容器化 / #分散式 / #微服務
#混合雲 / #新世代開發監控工具
# Cloud Native
使命Meet customers where they are and partner with them in their transformation to cloud native
RigidManualExpensive
Infrastructure /IaaS
Public Cloud
“Serverless”/ FaaS
On-premise
Middleware / PaaS
●
●
Cloud NativeHybrid
●●
●
Up
AgilePortableElastic
Transform
EfficientSecurePay for use
Out ●
●
Migrate
Move up, out or both?
Google is a recognized leader in Open Source Cloud
Kubernetes
Istio
Apache Beam
TensorFlow
ServiceCommunicationManagement
ContainerOrchestration
Data Processing Pipelines
Data Flow Graphs for Machine Intelligence
Kubernetes Contributors
opensource.google.com
A strong community with corporate and independent support.
Independent
Red Hat
Huawei
ZTE Corp
FathomDB
IBM
Microsoft
HP
others
在地高可靠度資料中心
內建Redundancy客製化高擴展性硬體設計Live migration背景更新全球機房備援設計台灣區已經備有三個容錯區域
高效能代管式服務
涵蓋Web/App/DB皆有多樣化代管服務可以組合出最適架構
自動化部署
與開放平台以及開發環境整合,加速應用上線
Google Cloud Taiwan 優勢
Google Infrastructure
event driven functions
web apps & APIs
orchestrate containers
infrastructure
使用多層次的架構重塑雲端佈署
應用佈建於 IaaS / PaaS 的思考方向
高
應用模組化程度
低
低 自動化成熟度 高
VMs (GCE)
Kubernetes (GKE)
PaaS (GAE)
Serverless (GCF)
App Engine
以原始碼為基礎佈署
Kubernetes Engine
以容器為基礎佈隨選生成的K8S叢集
Compute Engine
隨選生成的虛擬機
IaaS and PaaS at Scale
Google App Engine
#全代管服務
#以容器為基礎
#適合Web應用
#適合Api
#全自動擴展+強大的負載平衡
#整合能同步擴展的NoSQL DB
Kubernetes
● Kubernetes 是用於自動部署,擴展和管理容器化應用
程序的開源系統
○ 根據資源需求和其他約束自動放置容器
○ 自我修復,重新啟動失敗的容器
○ 橫向縮放,自動調整應用程序副本數
○ 自動部署和回滾,逐漸部署對應用程序或其配置的更改,在出現
問題時恢復更改
Google Kubernetes Engine
● Google Kubernetes Engine GKE
○ 在 Google Cloud 提供技術的 Kubernetes
上部署、管理容器化應用程式及調整資源
為何Google GKE 是佈署 K8S 的首選
全球佈署業界最多的佈署地區選擇
多重版本支援最多的GKE發佈版本,自動升級
高可用性支援跨資料中心自動配置叢集
網路安全毋須額外套件過濾容器到容器流量防護
自動擴展隨需動態擴展
負載平衡整合無流量上限的Google
Cloud Load
Balancer
Demo: Create Your First Service in 10 Mins
Run your cluster the way Google does
GKE On-Prem
● Turn-key, production-grade, conformant Kubernetes
with best-practice configuration
● Easy upgrade path to the latest Kubernetes releases
that have been validated and tested by Google
● Access to Container services on GCP such as Cloud
Build, Container Registry, Audit Logging, and more.
● Integration with Istio, Knative, Marketplace Solutions
ALPHA IN FALL
Run your cluster the way Google does
● The same tools are used to install,
configure, and manage clusters in GKE and
GKE On-Prem
● Cluster environments are consistent (k8s
version, OS image, plug-ins, components
configuration)
Orchestrate and manage on-prem containers just like GKE in the cloud
Consistent operating model with access to GCP services across hybrid environments
Single-pane-of-glass for multiple Kubernetes clusters, no matter where
Single Pane of Glass across GCP & On-Prem
● vSphere 6.5 for Alpha● Simple CLI installation● Online and Offline installation● Private container registry support● Latest 3 versions of k8s● High-availability control plane● Auto-repair
Installation and Configuration
$ gke-on-prem create cluster --dry-runWelcome! This command will take you through the installation of a cluster. --dry-run saves your configuration to a YAML file.
Please enter the path of a directory where this configuration will be saved? [/Users/karangoel/my-test-cluster/]:
Where do you want to install your cluster?[1] vSphere v6.5
Please enter your numeric choice [1]: 1
What version of GKE On-Prem do you want to install?[1] 1.10.3 (Uses k8s v1.10.3)[2] 1.9.2-rc2 (Uses K8s 1.9.2)[3] 1.8.3 (Uses K8s 1.8.3)
Please enter your numeric choice [1]: 1
Pulling gke-on-prem-vsphere-1.10.3... DONE
Path to kubeconfig for the GKE On-Prem Admin Control Plane (leave empty to create it):
A GKE On-Prem Control Plane will be created.
Would you like to use existing CA?[1] I'll provide CA certificate and key[2] Generate CA certificate and key
Please enter your numeric choice [2]: 2
Enter the path to the SSH private key to use (leave empty to generate): /Users/karangoel/.ssh/vsphere
Enter proxy without "http://" or "https://" (leave blank if none): username:[email protected]:5413/Enter Docker registry to use [gcr.io/k8s-cluster-api]:
CLI (Installation)
Register with Google Cloud Console
On-Prem/Public Cloud Provider
Any K8s Cluster
GCP
Connection Proxy
K8s API ServerConnection
Agent
End-User
Single-Pane of Glass
Market-place & Service-Catalog
Container Registry &
Builder
Stackdriver
GCP Services
Securing Your Connection to GCP
● GKE Connect Agent installs in
your cluster
● Encrypted connection from the
K8s cluster to GCP
● No public IP required for your
cluster
● Can traverse NATs & egress
firewalls
Google Cloud Platform
Single-Pane of Glass
Marketplace & Service-
Catalog
Container Registry &
Builder
Stackdriver Logmon
GCP Services
Google Kubernetes Engine
Node
Control Plane
Node
“Bring-your-own” Kubernetes
Node
Control Plane
Node
GKE On-Prem
Node
Control Plane
Node
Hybrid Use Cases
Legacy Software Local Execution
Edge / IoT Cloud bursting
Ecommerce site Catalog, ERP
Warehouse
Factory
Branch
Augmented Services
On-PremCloud
Cloud
Storage
Cloud
ML
Big
Query
Jurisdictional / PII
Europe
Secure records
US
IT policy
Interconnect Connect
Peering + VPN
Fully and partially-managed offerings extend to non-GCP clouds and on-prem
Cluster health, master repair, node repair as a service
Manage your clusters with help from Google
● Pre-built dashboard in-cluster dashboards based on Prometheus + Grafana + EFK
● Ingest metrics and logs into Stackdriver without any instrumentation changes
● Aggregate logs from many clusters --whether GKE or GKE On-Prem
Logging and Monitoring
Cloud Services Platform