singapore, 16 apr 2019 - cisco · into container workloads ... • app drill down and waterfall...

Singapore, 16 Apr 2019

Cisco Multicloud: Cloud ConsumeHelps you deploy, monitor, and optimize applications in multicloud and container environments

Shankar SrikantaTechnical Solution Architect, Data Center

Accelerating Innovation

“56% of cloud adopters use cloud services to enable innovation,

50% to improve business agility”

“MicroservicesMomentum Accelerates”

“Digital disruption drives CIOs to double down on innovation”

“The more programmers on a company’s platform, the more

software applications are created, attracting customers and still more developers — a flywheel of growth and profit.”

“Large enterprises increasingly embrace open-source software to attract

developers and keep up with digital-native competitors.”

3

The reality is anything but simple

Multiple public cloud

services

New data protection regulations

Private data centers still

crucial

SaaS adoption

rising

IoT exploding

4

Google trends

Docker

OpenStack

5 years

LTRACI-2967 5

Google trends

5 years

Kubernetes

OpenStackLTRACI-2967 6

Google trends

5 years

Kubernetes

vsphereLTRACI-2967 7

2013

Dev Prod

Dev Ops

I need a resources for a new project Please submit a

help desk ticket

Never mind…

Test

2019

Dev Ops

I need a resourcesfor a new project

Never mind…

Kubernetes Anywhere

Please submit ahelp desk ticket

Dev ProdTest

• Focused on Developer

• Creates a mechanism for developers to operationalize what they work on (DevOps)

On Premises

Blood and Sweat

Cloud

How did we get there?

Web Frontend

App

Backend

DB

Traffic patterns to

monitor

Web Server

Auth

Cart Payment

Search Recommendations

Other Service

Traffic patterns to monitor

Server1

Server2

Server3

Server5

Server4

Data Center 1 Data Center 2 Public Cloud

Microservices: what do I need?

Automation

Visibility

Security

Problems to solve

• Diverse traffic pattern with no context

• Network and Security teams have limited to no visibility into container workloads

• Segmentation and security internal to the cluster can only be done by cluster administrators.

• Missing tools to troubleshoot network issues

Segmentation

• Secure K8s infrastructure:

• network isolation for infrastructure related objects

• Network isolation between namespaces

• Controlling access between Kubernetes services and external services

POD

POD

POD

Frontend-EPG

POD

POD

POD

API-Gateway-EPG

Policy

POD

POD

POD

Backend-EPG

POD

POD

POD

Monitoring-EPG

Policy

Policy Policy

Communications outside of the Cluster

• Non-Cluster endpoints communicating with Cluster:

• Exposing external services, how? NodePort? LoadBalancer?

• Scaling-out ingress controllers, how can you scale?

• Cluster endpoints communicating with non-cluster endpoints:

• POD access to external services and endpoints

Policy

PODPOD

POD

Frontend-EPG

PODPOD

POD

API-Gateway-EPG

Policy

PODPOD

POD

Backend-EPG

PODPOD

POD

Monitoring-EPG

Policy

Policy Policy

Demo:Container Visibility with ACI

In this live demo:

• Control Plane view

➢ K8S node mapping

➢ K8S objects mapping

• Data Plane view

➢ EPG mapping

➢ Namespace annotation

Visibility

ACI makes containers visible and manageable!

• Seamless experience to Kubernetes users

• Visibility at control plane and data plane level

• Consistent policies encompassing baremetal, virtual machine and container domains

• Flexible EPG mapping model, can enable enforcement by annotating deployments

Using Kubernetes

• Time to bring up K8 Clusters

• Day 2 Operation Issues

• Resources used are out of control

• Misuse of public cloud resources

• Where are my corporate policies?

On-premises environment

Management

Security

Monitoring

Networking

Consistent, production-grade environment

Identity

Kubernetes on MultiCloud Environment

Cisco Container Platform StackControl Plane Data Plane

VM VM VM

Control Plane Kubernetes

Auto

mation

Orc

hestr

ation

Opera

tions

HX ConnectCluster/

Machine

Controllers

VM VM VM

Cluster 1 Kubernetes

Clu

ste

r 1

Work

loads

Clu

ste

r 1

Ops

Pod

Pod

Pod

VM VM VM

Cluster 2 Kubernetes

Clu

ste

r 2

Work

loads

Clu

ste

r 2

Ops

Pod

Pod

Pod

Kubernetes Fluentd Prometheus Kibana Hyperflex Contiv

Storage (Hyperflex)

Networking (e.g. Nexus 9K or other)

Compute Hardware (UCS)

Hypervisor Layer (Hyperflex/VMW)

VM

BRKCLD-2676 21

Demo:CCPTenant Cluster Creation

AutomationVisibility

Build Application on Clouds..

CloudAPP

Application ProfileRepresented as Cube

2CPU

4GBMemory

20GBStorage

Containers

Recipes

Scripts

Jar

War

Binaries

nginx_...

apache_...

mysql_...

Simple to Complex with Application Profiles

Demo:CI/CD

• CI/CD workflow demo

• Container services in CloudCenter

• CloudCenter Application Profile

Automation

Silence LB SVC

SilenceAPI Server

K8S Deployment

Fool

Clu

ste

r-IP

S

VC

Jungle LB SVC

JungleWeb Frontend

K8S Deployment

StairwayTraffic/Incidents

K8S Deployment

RainbowMusic Events

K8S Deployment

FoolWeather Service

K8S Deployment

Rain

bow

C

lust

er-

IP

SV

C

Sta

irw

ay

Clu

ster-

IP

SV

C

Tarantula Architecture

Cisco CI/CD for Containers

Tenant AlphaL4/L7 SG

User commit1 Jenkins detects it and

downloadscode

2

Jenkins buildscontainer images and uploads to

registry

3Jenkins requests CCC to deploy the App

4

CCC gets the images and deploys to K8S

5

Services are created in K8S and ACI

6That’s it7

CloudCenter and K8S

• Governance!

• Mixed apps

• Multi/hybrid cloud with single profilemodeling

Multiple Clouds – Multiple Interfaces

DEVNET-1139

Multiple Clouds – With CloudCenter

DEVNET-1139

Problem solved!

• Easy way to create managed, monitored and scalable Kubernetes clusters with CCP

• Support CI/CD chain with:

• Governance

• Multi-tenancy

• Cost control

• Agnostic application modeling

Address the security issues withTetration

• Assess Kubernetes node vulnerability

• Create and monitor flexible policies based on Kubernetes annotations

VisibilitySecurity

Address the performance issuewith AppD

• AppD machine agent

• Server monitor

• App Helicopter view

• App Drill down and waterfall

Visibility

Let’s sum it up

Tetration

AppDynamics

CloudCenter

Putting the pieces together A integrated approach

K8S Master

K8S Workers

Tenant Cluster AlphaCCP Control Plane

Tenant Alpha

Microservices: what we offer

Security

Automation

Visibility

CCP CloudCenter

TetrationAppD

Tetration

ACI CCP