Net core, mssql, container und kubernetes

36
Google Cloud Platform .NET Core, MSSQL, Container und Kubernetes [email protected] .NET User Group Berlin-Brandenburg, March 2nd, 2017

Transcript of Net core, mssql, container und kubernetes

Google Cloud Platform

.NET Core, MSSQL, Container und Kubernetes

[email protected]

.NET User Group Berlin-Brandenburg, March 2nd, 2017

Google Cloud Platform

HI!

Thomas [email protected] Endocode• System Automation• DevOps • Cloud, Database and Software

Architect

Google Cloud Platform

MORE BUGFIX EXAMPLES

• Application breaks• systemd problem• NO! journald problem• analysis: application writes a log line

longer than the kernel buffer used by journald• FIX: enlarge the kernel buffer• Push fix to the upstream kernel

Google Cloud Platform

ENDOCODE

• high-quality software solutions • best software engineering practices: test driven• well known open source projects: https://github.com/endocode• diverse range of technologies • decades of experience

• software development, • team management • 100000s of server years in public and private clouds

• Be it web, mobile, server or desktop we use:open source meet any challenge

Google Cloud Platform

WHY AM I HERE?

• FSFE recommendation• .NET is going to be Open Source• Microsoft has announced a Linux first policy• Containers everywhere• Kubernetes now available on Azure• Large legacy code base in .NET• Security• Protecting Infrastructure• Industry 4.0 Buzz• ...

Google Cloud Platform

AGENDA

• Container• Kubernetes• CoreOS• Create and Run an Example .NET Application

• Clean! Docker Image• Registry

• Local Kubernetes Setup• Minikube• Pod• Service

Google Cloud Platform

LAYOUT

Google Cloud Platform

CONTAINER OR VIRTUALIZATIONTopic Container Virtualisation

Isolation OS Level, OS namespaces

CPU Level: Ring 0/Ring 3

foreign CPU no yes, with emulation

foreign kernels, OS no yes kernel is common

emulated devices no yes security

host devices direct virtio driver security

CPU performance 100% 95%

IO performance 100% <<100%

root isolation yes yes USER directive

CPU cache attacks easy possible PoC ?

Google Cloud Platform

Greek for “Helmsman”; also the root of the words “governor” and “cybernetic”

• Runs and manages containers• Inspired and informed by Google’s

experiences and internal systems• Supports multiple cloud and bare-metal

environments• Supports multiple container runtimes• 100% Open source, written in GoManage applications, not machines

Kubernetes

Google Cloud Platform

kubelet

UI

kubelet CLI

API

users master nodes

The 10000 foot view

etcd

kubelet

scheduler

controllers

apiserver

Google Cloud Platform

UI

All you really care about

APIContainer

Cluster

Google Cloud Platform

Deployment

Replicaset

v1.7.9 v1.7.9 v1.7.9

Replicaset

v1.10.2 v1.10.2 v1.10.2

Google Cloud Platform

CoreOS

Google Cloud Platform

CoreOS trusted computing

Kubernetes

rkt

CoreOS Linux

Firmware TPM TPM

Cluster access

Container Integrity

OS Integrity

Hardware

Google Cloud Platform

ECOSYSTEM

Torus

Google Cloud Platform

SECURITY BUGS IN IMAGES

• Heartbleed: CVE-2014-0160• Bug in SSL/TLS exposing the private key of a server• present in 80% of containers still 18 months after disclosure

• GHOST: CVE-2015-0235• glibc vulnerability in gethostbyname• exploitable in some conservative distributions

https://www.banyanops.com/blog/analyzing-docker-hub/https://coreos.com/blog/vulnerability-analysis-for-containers/

Google Cloud Platform

STATISTICS FROM BANYAN OPS (May, 26, 2015)

Google Cloud Platform

REGISTRIES: SCANNING FOR VULNERBILITIES

Google Cloud Platform

STARTING POINT - ARCHITECTURE

Google Cloud Platform

WE NEVER START FROM SCRATCH

- Almost no project starts from a green field- Technical debt- environments not made for microservices

Google Cloud Platform

● strict layered architecture○ separation of

stateless○ and persistent data

● inside the pods○ developers are free

to use what they want

○ contract is binding to the outside

Google Cloud Platform

EXISTING HETEROGENEOUS ENVIRONMENT

- Programming languages and their runtimes- Various databases from various generations

- SQL- NoSQL

- Local and sessions storage- Message queueing

Google Cloud Platform

SEMI-AUTOMATED DEPLOYMENT

- Deployment chain automation - Knowledge about staging and release processes typically implicit and critical

Google Cloud Platform

VM CLUSTER BASED ARCHITECTURES

- Assumes complete OS- Package management - Configuration management (at runtime)

Google Cloud Platform

MIGRATION

Google Cloud Platform

FROM VMs TO PODS

OS instances microservices in Pods- pods are containers sharing the same fate

- created together- running on same node- terminationg together- one network address- shared volumes

Google Cloud Platform

FROM VMs TO PODS

VM cluster Pods running on Kubernetes

- cattle: stateless containers- pets: databasesconfiguration management separation of build time and run time

Google Cloud Platform

CASE STUDY

Google Cloud Platform

immmr - one number for every need

immmr combines the best of Internet base communication with the advantages of mobile communication

immmr makes it possible to use a single mobile number from any device

Google Cloud Platform

.NET Kexel Webserver

• Typical Hello World• Setup a Clean Container • Ubuntu 16.04.2 TLS• Microsoft .NET Version

DEMO TIME

Google Cloud Platform

Google Cloud Platform

MORE FROM ENDOCODE

- https://endocode.com- https://endocode.com/blog/- https://endocode.com/trainings-overview/- Visit us on GitHub

https://github.com/endocode-

Google Cloud Platform

Google Cloud Platform

Dive into Kubernetes!

Watch our Webinar ‘Dive into Kubernetes’ on our YouTube Channelhttps://youtu.be/8694GGJlpZ8Register for a free Google Cloud Platform Trial with $300 Google Cloud Platform Credits https://goo.gl/dUzDWiUse another $200 partner creditshttps://goo.gl/eYldnT

Google Cloud Platform

Endoctus Academy

Next Trainings:

INTRODUCTION TO KUBERNETES

April 27thMay 4thMay 18th

https://endoctus.com/course/introduction-to-kubernetes

Google Cloud Platform

QUESTIONS?

- https://endocode.com- https://endocode.com/blog/- https://endocode.com/trainings-overview/- Visit us on GitHub

https://github.com/endocode-