Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
1© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
Kubernetes Master Class:
What you need to know to successfully run databases in production on Kubernetes
2© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
Michael Ferranti,VP, Product & Market Strategy
STATEFUL CONTAINERS SINCE BEFORE IT WAS COOL
CLOUD/SAAS PRODUCT & MARKETING BACKGROUND
PASSIONATE ABOUT DISTRIBUTED SYSTEMS
EX-CLUSTERHQ (FLOCKER), MAILGUN, RACKSPACE
3© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
4© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
5© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
An (incomplete) timeline of stateful containers
Flocker launches
Docker 1.8 w/
volume plugins
July 2014
Aug 2015
Docker launches
March2013
K8s launches
June 2014
K8s CSI GA
Dec2018
K8s CSI Alpha
Jan2018
K8s in-tree volume drivers
April 2016
CNS DayKubeCon
Dec2018
6© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
Containers are differentthan VMs
DYNAMIC
You’ve outsourced ops to K8s. Your pets WILL be lost.
MACHINES ARE NO LONGER UNIT OF ANALYSIS
You can’t count on machine based processes for security, backup, DR, HA, etc
HEAVILY MULTI-TENANT ENVIRONMENTS
It’s not just your cloud that is multi-tenant, it is your cluster.
WITH GREAT POWER….
Individual devs empowered for speed...and increased risk.
7© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
So why is it so hard to run databases in containers?
8© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
So why is it so hard to run databases in containers?
‣ Persistence, PVs. PVCs, etc
Storage for containers
9© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
So why is it so hard to run databases in containers?
‣ Persistence, PVs. PVCs, etc
Storage for containers
‣ Security‣ DR‣ App consistency
Data management for apps
10© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
So why is it so hard to run databases in containers?
‣ Persistence, PVs. PVCs, etc
Storage for containers
‣ Security‣ DR‣ App consistency
Data management for apps
Mos t oc be re
11© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
So why is it so hard to run databases in containers?
‣ Persistence, PVs. PVCs, etc
Storage for containers
‣ Security‣ DR‣ App consistency
Data management for apps
Whi m bu s eq e n g i n
12© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
You are building an app runtime platform with Kubernetes
APP 1 APP 2 APP 3 APP 4
AWS AZURE ON-PREM
YOUR GOALS
► DevOps Agility
► Automation
► Infrastructure Optimization
► Innovate Faster
► Low Touch Ops
13© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
But Kubernetes alone cannot meet your business requirements
► Sensitive user data
► Apps with strict SLAs
► Business transactions
► Strict compliance requirements
► Revenue generating apps
► Strict DR protocols
APP 1 APP 2 APP 3 APP 4
AWS AZURE ON-PREM
14© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
80% of enterprises list data management, persistent storage and disaster recovery as top barriers limiting container adoption
* The New Stack, Multicloud Now a Chief Driver for Containers, 12/2018
15© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
Many traditional storage products lack container native data services, are not closely tethered to orchestrators and are expensive on a total cost of ownership (TCO) basis. Many continue to use complex LUN/volume management. Mounting of block devices is time-consuming.
An I&O Leader's Guide to Storage for Containerized Workloads, Gartner, Jan 29, 2019
16© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
Choose storage solutions aligned with microservices architecture principles and adhere to the requirements of container-native data services
Select products closely aligned with the dev workflow tools that can be directly integrated with the application layer for portability, scaling and data protection.
Gartner’s take
Download at: https://portworx.com/gartner
Select vendors that have closer integration with Kubernetes and support standard interfaces
17© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
Why can’t you simply do this?
APP 1 APP 2 APP 3 APP 4
Connectors to legacy storage
18© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
How do you allocate infrastructure to your users?
APP 1 APP 100
SERVER 1 SERVER 2 SERVER 5
APP 2
Statically assign resources?
19© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
How do you scale your infrastructure for your users?
APP 1 APP 1000’s
SERVER 1 SERVER 2 SERVER N
APP 2
Have IT provision more hardware?
Dedicate many admin hours?
20© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
How do you handle Day 2 failures at scale?
APP 1 APP 1000’s
SERVER 1 SERVER 2 SERVER N
APP 2
HOW WILL YOU RECOVER FROM
► storage failures
► server or software failures
► upgrades
21© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
Snapshot one Consistency Group
What about application consistency?
APP 1 APP 1 APP 1 APP 4
Server 1 Server 2 Server 5
Have your users work it out with IT?
22© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
How do you ensure high availability across zones?
AWS AZ 1 AWS AZ 2
APP 1 APP 1
23© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
How do you manage application performance?
APP 1 APP 1 APP 1 APP 4
Server 1 Server 2 Server 5
What if one prod deployment interferes with another production deployment?
Production 2 Deployment
Prod 1 Deployment
24© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
Namespace A Namespace B
PVC1 PVC2 PVC3
Vol 1 Vol 2 Vol 3
How do you secure your customer’s data?
What is the best way?
User A User B
25© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
PX-Store
PX-Central
PX-Security PX-Data Mgmt PX-DR
The Portworx Platform
Solving the critical problems of running data-rich apps on k8s
26© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
PX-Store
PX-Central
PX-Security PX-Data Mgmt PX-DR
The Portworx Platform
Container-granular
Scalable
Tuneable
HA
PX-Store
27© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
PX-Store
PX-Central
PX-Security PX-Data Mgmt PX-DR
The Portworx Platform
User interface
Monitoring
Metrics
PX-Central
28© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
PX-Store
PX-Central
PX-Security PX-Data Mgmt PX-DR
The Portworx Platform
PX-Security
Authentication
Authorization
Encryption
Ownership
29© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
PX-Store
PX-Central
PX-Security PX-Data Mgmt PX-DR
The Portworx Platform
PX-Data Mgmt
Migrate App & Data
App consistent snaps
Backup to cloud
Copy-data-mgmt
30© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
PX-Store
PX-Central
PX-Security PX-Data Mgmt PX-DR
The Portworx Platform
PX-DR
Zero RPO failover
Failover across WAN
App & Data DR
Container granular
31© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
DEMO
https://www.youtube.com/watch?v=-7pVC6ocF3k
32© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
Portworx brings a unique mix of cloud native expertise
STORAGE &DATA SERVICES
Years of expertise in enterprise storage
Invented storage orchestration for K8s
APPLICATION & ORCHESTRATION
INTEGRATION
Deep and early Kubernetes expertise
Co-led the founding of CSI
MULTI-CLOUD DNA
1st to offer multi-cloud Kubernetes storage
1st to offer migration across environments
THIS IS A PARTNERSHIP AND WE ARE HERE TO ENSURE YOUR SUCCESS
33© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
APP 1 APP 2 APP 3 APP 4
AWS AZURE ON-PREM
Focus on the right problem
Run application and data management from within Kubernetes
ON-DEMAND APPLICATION DATA MANAGEMENT SERVICES
Portworx is the market leading cloud native storage and data
management software solution that is fully managed from within Kubernetes
and also gives you the security, reliability and performance you’d expect
from enterprise class traditional infrastructure
34© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
Portworx is part of a modern cloud native stack
Portworx allows you to move this stack across various infrastructure types
NETWORK COMPUTE STORAGE (EBS)
AWS
NETWORK COMPUTE STORAGE (MD)
AZURE
NETWORK COMPUTE STORAGE (G-PD)
NETWORK COMPUTE STORAGE (V-SAN)
BARE METALVMWARE
YOUR PORTABLE CLOUD STACK
Runs on any interchangeable infrastructure
Multi Cloud
...
Cloud Native Scheduling
OCI - Cloud Native Execution Runtime (ex. )
CSI CNI
Cloud native networking vendor
Pro
met
heus
35© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
PORTWORX: MOST BATTLE-TESTED
Enterprise-ready Application Data Management
Extremely high application density
Bare metal performance, on-demand
Massive scale beyond SAN or cloud block devices
Multi-faceted data security
“Portworx provides infrastructure-agnostic features — such as volume persistence, high availability, data security and automation — that are valuable to a business like GE Digital.”
36© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
“We chose Portworx because it is a stable, mature, container-native storage option with one of the most responsive engineering and support organizations I’ve ever worked with.”
PORTWORX 100% CLOUD NATIVE
Application-aware data orchestration, Kubernetes style
HA of Kubernetes: Failover in seconds
Seamless backup & recovery w/RPO zero
Run data and storage operations from Kubernetes
DevOps native workflows auto-scaling & blue-green releases
37© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
ONLY FROM PORTWORX
Complete automation for multi-cloud operations
Automate everything, even mission critical data
Non-disruptive upgrades - deploy 10x a day
Easily run your apps on any environment(s)
Migrate 100% in minutes across multiple clouds, zones, & DCs
“We looked for a partner that would provide us a stable performing environment for critical data on Kubernetes and Portworx checked all those boxes. ”
38© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
Multi Cluster Workflows
Application Aware, Kubernetes Aware
39© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
Cluster Migration and Burst
x86 x86 x86 x86
CLUSTER 1 CLUSTER 2
Cloud
40© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
Multi Cloud Workflows
Built for a Multi Cloud World
41© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
PX-DR - Metro area Stretch Cluster
x86 x86 x86
DC1 DC2
x86 x86 x86
OPENSHIFT CLUSTER 1 OPENSHIFT CLUSTER 2
1 2 3
TWO SEPARATE OPENSHIFT CLUSTERS
SINGLE STRETCHED PX OVERLAY
42© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
PX-DR- Metro area Stretch Cluster
x86 x86 x86 x86
DC1 DC2
Cloud
► Separate k8s Clusters with contiguous PX cluster
► Common Data Underlay
► PVCs available immediately
MODULE REPLICATION TYPE RPO/RTO
▶ Kubernetes ▶ Manual ▶ User Triggered
▶ Portworx ▶ A single multi cloud PX cluster ▶ Current Data, Seconds
▶ Replication Strategy ▶ Continual Synchronous Replication
43© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
Feature Details
44© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
Install Data Automation thru Kubernetes
Fingerprints, aggregates, tiers, and monitors storage media
(elastic)
Any Scheduler
Kubernetes
Mesos
Swarm
Integrates provisioning, control, and cluster scale (up to 1000’s of servers)
SSD
HDDEBS SAN
x86 x86 x86
AND ENABLES SELF-SERVICE IT FOR
STATEFUL CONTAINERS
Dynamically creates volumes with schedulers, resizes,
encrypts, and moves across clouds
STATEFUL + STATELESS
PORTWORX TAKES EXISTING
INFRASTRUCTURE
INTEGRATES WITH ANY
SCHEDULERS
SSD EBS SAN
VOLUMES
45© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
Data orchestration for K8’s
► Placement(ensures optimal compute scheduling with storage)
► Scalability(1000’s Nodes or $100,00+ volumes)
(dat
a pl
acem
ent,
rac
k in
fo, m
edia
hea
lth)
x86 x86 x86 x86
46© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
High Availability
FEATURES
► HA in seconds, cross-AZ
► Auto-backup, quick restore
► BYOK encryption …
BENEFITS
► Increase app density, lower TCO
► Reduce risk of data loss/leakage
► Flexibly resize compute/storage
► Faster app turnaround … x86 x86 x86 x86
Rack 1 / Availability Zone 1 Rack 2 / Availability Zone 2
Object Storage
CloudSnap Backup
47© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
Multi-Writer Availability
x86 x86 x86 x86
Object Storage
FEATURES
► Multi-writer storage volumes
► Microsvc app-consistency groups
► Storage-less servers support
BENEFITS
► Enables file workloads (applies to ML)
► Scale compute/storage independently
► Repack, migrate apps without DBAs
48© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
App Consistent Snapshot and Restore
CURRENT TIME
TIME - 1
ID1
ID2
ID1
ID2
CURRENT TIME
TIME - 1
Triggeredsnapshot
FEATURES
► Example 1
► Example 2
► Example 3
► Example 4
BENEFITS
► Example 1
► Example 2
► Example 3
► Example 4
49© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
SECURITY
Potworx offers RBAC + Quotas + BYOK Encryption
K8 RBAC + Quota Enforcement
Namespace A Namespace B
PVC1 PVC2 PVC3Quota DefinitionUser A: 2TBUser B: 1TB
Vol 1 Vol 2 Vol 3
KMS
50© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
and manages the full data lifecycle.
x86 x86 x86 x86
Object Store
BACKUP
RESTORE
► Synchronous & Asynchronous Replication – Protected
► Snapshots - Protected
► CloudSnap for Backup – Protected
51© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
Multi-Cloud Portability
x86 x86 x86 x86
ON-PREM DATACENTER
x86 x86 x86
PUBLIC CLOUD
AVOID VENDOR-LOCK-IN
► Monitoring trigger move
► Augment capacity to any datacenter
52© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
Non-disruptive Infrastructure Upgrades
x86 x86 x86
PortworxOperator
RESCHEDULE APP THEN UPGRADE PORTWORX
KEY IDEAS
► Portworx Upgrade in-place
► Speeds-up operations at scale
53© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
Monitoring Full Stack from Application down to Storage
Elasticsearchinstance 9
Cluster-wide view
Drill into offending volume
54© 2019 PORTWORX | CONFIDENTIAL: DO NOT DISTRIBUTE
Learn more about how to run databases on RKE
MongoDB MySQL Postgres