Upload
others
View
20
Download
0
Embed Size (px)
Citation preview
What is CERN?
15/01/2020 Antonio Nappi 4
Member States:Austria, Belgium, Bulgaria, CzechRepublic, Denmark, Finland, France, Germany,Greece, Hungary, Israel, Italy, Netherlands, Norway,Poland, Portugal, Romania, Serbia, Slovakia, Spain, Sweden,Switzerland and United Kingdom
Associate Members in the Pre-Stage to Membership:Cyprus, Slovenia
Associate Members:India, Pakistan, Turkey, Ukraine
Observers to Council:Japan, Russia, United States ofAmerica, the European Commission, Joint Institute forNuclear Research and UNESCO
What is CERN?
15/01/2020 Antonio Nappi 5
Member States:Austria, Belgium, Bulgaria, CzechRepublic, Denmark, Finland, France, Germany,Greece, Hungary, Israel, Italy, Netherlands, Norway,Poland, Portugal, Romania, Serbia, Slovakia, Spain, Sweden,Switzerland and United Kingdom
Associate Members in the Pre-Stage to Membership:Cyprus, Slovenia
Associate Members:India, Pakistan, Turkey, Ukraine
Observers to Council:Japan, Russia, United States ofAmerica, the European Commission, Joint Institute forNuclear Research and UNESCO
What is CERN?
15/01/2020 Antonio Nappi 6
Member States:Austria, Belgium, Bulgaria, CzechRepublic, Denmark, Finland, France, Germany,Greece, Hungary, Israel, Italy, Netherlands, Norway,Poland, Portugal, Romania, Serbia, Slovakia, Spain, Sweden,Switzerland and United Kingdom
Associate Members in the Pre-Stage to Membership:Cyprus, Slovenia
Associate Members:India, Pakistan, Turkey, Ukraine
Observers to Council:Japan, Russia, United States ofAmerica, the European Commission, Joint Institute forNuclear Research and UNESCO
~ 3 000 members of personnelUsers from 100 different countries
Budget ~ 1 100 MCHF per year
CERN: a unique environment
15/01/2020 Antonio Nappi 8
Study fundamental particlesHow they interactUnderstand the fundamental laws of nature
Large Hadron Collider ( LHC )Largest particle collider in the world27 km in circumferenceThousand of magnets
CERN: a unique environment
15/01/2020 Antonio Nappi 9
Study fundamental particlesHow they interactUnderstand the fundamental laws of nature
Large Hadron Collider ( LHC )Largest particle collider in the world27 km in circumferenceThousand of magnets
Place where the Web was born
Science for peaceMelting pot
WebLogic at CERN
15/01/2020 Antonio Nappi 11
WebLogic on VMs (12.1.3)~ 358 Clusters~ 100 Applications
DEV / TEST / PREPROD / PROD
Web Profile application StatefulNo Java Message ServiceNo Enterprise JavaBeans
DevelopersEngineersAdministrationIT
WebLogic at CERN
15/01/2020 Antonio Nappi 12
WebLogic on VMs (12.1.3)~ 358 Clusters~ 100 Applications
DEV / TEST / PREPROD / PROD
Web Profile application StatefulNo Java Message ServiceNo Enterprise JavaBeans
DevelopersEngineersAdministrationIT
WebLogic on KubernetesDifferent versions
12.1.312.2.1
~ 60 deployment18 DEV18 TEST 12 PREPROD12 PROD
15/01/2020 Antonio Nappi 13
Why KubernetesImmutable
• Versioning• Easier to track
Portable
• On Premise• Public Cloud• Disaster Recovery Plan easier
High Availability
• Self-Healing
Fast Provisioning
• Increase productivity
15/01/2020 Antonio Nappi 15
ConstraintsTransparent for developers
Replicate VM modelLoggingMonitoring
15/01/2020 Antonio Nappi 16
ConstraintsTransparent for developers
Replicate VM modelLoggingMonitoring
CERN InfrastructureOpenStack Private Cloud
Built for physics workloads
15/01/2020 Antonio Nappi 17
ConstraintsTransparent for developers
Replicate VM modelLoggingMonitoring
CERN InfrastructureOpenStack Private Cloud
Built for physics workloads
Current architecture
15/01/2020 Antonio Nappi 18
Kubernetes provisioningPrivate Cloud/OpenStack Magnum
Current architecture
15/01/2020 Antonio Nappi 19
Kubernetes provisioningPrivate Cloud/OpenStack Magnum
Current architecture
15/01/2020 Antonio Nappi 20
Kubernetes provisioningPrivate Cloud/OpenStack Magnum
HA Production scenarioApplication spread across 3 AZS
Weighted Round RobinCanary deployments
Current architecture
15/01/2020 Antonio Nappi 21
Kubernetes provisioningPrivate Cloud/OpenStack Magnum
HA Production scenarioApplication spread across 3 AZS
Weighted Round RobinCanary deployments
Current architecture
15/01/2020 Antonio Nappi 22
Kubernetes provisioningPrivate Cloud/OpenStack Magnum
HA Production scenarioApplication spread across 3 AZS
Weighted Round RobinCanary deployments
Everything ephemeral
Current architecture
15/01/2020 Antonio Nappi 23
Kubernetes provisioningPrivate Cloud/OpenStack Magnum
HA Production scenarioApplication spread across 3 AZS
Weighted Round RobinCanary deployments
Everything ephemeral
Current architecture
15/01/2020 Antonio Nappi 24
Kubernetes provisioningPrivate Cloud/OpenStack Magnum
HA Production scenarioApplication spread across 3 AZS
Weighted Round RobinCanary deployments
Everything ephemeral
One application per K8S namespace
Current architecture
15/01/2020 Antonio Nappi 25
Kubernetes provisioningPrivate Cloud/OpenStack Magnum
HA Production scenarioApplication spread across 3 AZS
Weighted Round RobinCanary deployments
Everything ephemeral
One application per K8S namespace
Namespace Application
Load balancer
15/01/2020 Antonio Nappi
HA External Load BalancerPacemaker & CorosyncDiscriminate traffic based on url
27
Load balancer
15/01/2020 Antonio Nappi
HA External Load BalancerPacemaker & CorosyncDiscriminate traffic based on url
28
Load balancer
15/01/2020 Antonio Nappi
HA External Load BalancerPacemaker & CorosyncDiscriminate traffic based on url
Ingress HAProxyThe only point of accessNo LoadBalancer service type
29
Load balancer
15/01/2020 Antonio Nappi
HA External Load BalancerPacemaker & CorosyncDiscriminate traffic based on url
Ingress HAProxyThe only point of accessNo LoadBalancer service type
30
KubernetesCluster
Load balancer
15/01/2020 Antonio Nappi
HA External Load BalancerPacemaker & CorosyncDiscriminate traffic based on url
Ingress HAProxyThe only point of accessNo LoadBalancer service type
Prevent unauthorized access Firewall no customizableShare a secret
31
KubernetesCluster
Load balancer
15/01/2020 Antonio Nappi
HA External Load BalancerPacemaker & CorosyncDiscriminate traffic based on url
Ingress HAProxyThe only point of accessNo LoadBalancer service type
Prevent unauthorized access Firewall no customizableShare a secret
32
GET / HTTP/1.1 Host: k8s-anappi-test.cern.ch Connection: keep-alive User-Agent: Mozilla/5.0 Accept: text/htmlX-Jeedy-Secret: our_secret
KubernetesCluster
Logging
15/01/2020 Antonio Nappi 39
Pod PodShip, add custom fields
Filter, parse and ship
3P
Developers
Logging
15/01/2020 Antonio Nappi 40
Pod PodShip, add custom fields
Filter, parse and ship
3P
Developers
Logging
15/01/2020 Antonio Nappi 41
Pod PodShip, add custom fields
Filter, parse and ship
3P
3PDevelopers
Logging
15/01/2020 Antonio Nappi 42
Pod PodShip, add custom fields
Filter, parse and ship
3P
3P
Visualize
Developers
Collaboration with Oracle
15/01/2020 Antonio Nappi 56
Testing different opensource productsWebLogic Kubernetes OperatorWebLogic Deploy ToolingWebLogic Image Tool
WebLogic Deploy Tooling
15/01/2020 Antonio Nappi 57
FasterDecreases sensitively our configuration time
Domain config in YAML file.Configuration at runtime
Don’t need to store the domain in a Docker imageWorks with different WebLogic versions
12.1.3Problem related to Single Sign On configuration
Bug in WLST
WebLogic Image Tool
15/01/2020 Antonio Nappi 58
FasterAvoid to build our own packages (RPMs)
EasierExecution of two commands
Possibility to base WLS images on custom onesIntegration will happen in Q2
Credit: Lukas Gedvilas
WebLogic Kubernetes Operator
15/01/2020 Antonio Nappi 59
Opensource!!Way to do it
OperatorCustom Resource Definition
Use of deploy toolingExtremely fast Simpler
Currently not used at CERNNo support for old version (12.1.3)
Evaluate again during 2020
Next Steps : Part 1
15/01/2020 Antonio Nappi 60
Complete the migration of environments to Kubernetes (ongoing)12.2.1.3 WebLogic only in Kubernetes
PrometheusWebLogic Exporter
Replace Logstash and Filebeat with FluentdDisaster Recovery on the Cloud ( OCI )
Container Engine for Kubernetes
Lessons learned
15/01/2020 Antonio Nappi 62
Production environments can run on containersKubernetes standard de facto
Huge support from communityIncreased portability and dynamicity of the system
Open new doorsLet us focus on developers needsNo vendor lock-in
Infrastructure flexibilityEach piece can be changed with one of same logic
Security is trickyIt isn’t painlessAll that glitters is not gold
Everyday new toolsNot jump too fast on them
Images credits
15/01/2020 Antonio Nappi 63
https://plus.maths.org/content/round-peg-square-hole-or-square-peg-round-holehttps://giphy.com/gifs/aumanimation-8BkrxepXlKaWMbt5pK