Scribd Logo
Upload

Welcome to Scribd!

  • 52 views

    Integrating With Google Kubernetes Engine: Pavan S Kaushik

    Uploaded by

    Dodo winy
    avitechcorner7gke webinarapril42019-190404162515

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Integrating With Google Kubernetes Engine: Pavan S Kaushik

    Uploaded by

    Dodo winy
    52 views22 pages
    avitechcorner7gke webinarapril42019-190404162515

    Original Title

    avitechcorner7gkewebinarapril42019-190404162515

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    avitechcorner7gke webinarapril42019-190404162515

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    52 views22 pages

    Integrating With Google Kubernetes Engine: Pavan S Kaushik

    Uploaded by

    Dodo winy
    avitechcorner7gke webinarapril42019-190404162515

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 22

    Integrating with Google

    Kubernetes Engine
    Pavan S Kaushik
    Technical Product Manager
    Avi Networks
    • Introduction
    • Challenges with Operationalizing Kubernetes

    Agenda • Overview of Avi Vantage Architecture


    • Avi Container Services for Kubernetes
    • Demo with Google Kubernetes Engine

    Copyright © 2019 Avi Networks


    Evolution of Microservice Architectures
    Rapid Move from Monolithic to Distributed Application Architectures

    Users

    Users
    “Loosely coupled service oriented North-South
    architecture with bounded contexts” Traffic

    – Adrian Cockcroft
    Secure Discover

    Scale Monitor

    Web App UI

    ?
    Firewall Secure Discover DNS/IPAM East-West
    Services
    Load NPM/
    Balancer Scale Monitor APM Secure Discover

    Order Mgmt Account Scale Monitor


    Catalog UI Checkout UI
    Web Application App Architecture UI Mgmt UI

    UI Storefront Evolution

    Catalog Customer Microservices Containers


    Order Mgmt
    Service Service
    Catalog Review Order Customer
    Login Service
    Product Order Customer Service Service Service Service
    Application Services Requirements for Container-Based Microservices

    IPAM (Service IP) Multi-cloud support (GSLB)


    DNS (Service Naming) Canary / Traffic Limit (Blue/Green Deployment)
    Load Balancing Rapid Deployment / Automation

    Real-time Telemetry Multi-Tenancy / RBAC / Policy Management


    Actionable Metrics Web Application Firewall
    Application Analytics Encryption (SSL / TLS)
    Challenges with Operationalizing
    Kubernetes
    Challenges with Operationalizing Kubernetes

    Load Balancing

    IPAM DNS

    Visibility - Dashboard
    Security

    Visibility - Monitoring Visibility - Metrics


    Logs, Alerts,
    End-to-End timing

    Copyright © 2019 Avi Networks


    Challenges of Running Kubernetes in GCP/GKE
    Manual, Complex and Fragmented Single, Universal and Automated

    • LB Native LB
    Opensource LB

    • DNS Google Cloud DNS CONSISTENCY

    • Metrics Prometheus SIMPLICITY

    Grafana VISIBILITY
    • Dashboard

    • Traffic tracing

    • Logs & Alerts

    Copyright © 2019 Avi Networks


    Overview of Avi Vantage
    Architecture
    Modern, Scalable, Multi-Cloud Architecture

    MULTI-CLOUD INTELLIGENCE AUTOMATION

    CONTROLLER
    (SaaS / Customer-Managed)

    SEPARATE CONTROL ELASTICITY


    & DATA PLANE
    SERVICE ENGINE

    ON PREMISES BARE METAL VIRTUALIZED CONTAINERS VIRTUALIZED CONTAINERS PUBLIC CLOUD

    Copyright © 2019 Avi Networks


    Consistent Application Services Across a Multi-Cloud Fabric
    • Built-in ecosystem integration
    • Native cloud connectors
    • SaaS or customer-managed

    Software Load Balancers

    Scale Set,
    IAM, VNET VPC, EC2
    resource Route53
    groups

    EPG

    APIC CONTROLLER Ingress


    Proxy
    Intelligent
    Web Application Firewall
    Security group
    vCenter group Rest API Istio
    NSX manager

    Istio

    Nova,
    Neutron Automatic
    Keystone deployment
    LBaas

    Universal Service Mesh


    Avi Container Services for
    Kubernetes
    Kubernetes Application Services Requirements
    Address real-world needs for enterprise applications

    Service Global / Local Application Application Security /


    Discovery Load Balancing Maps Perf. Monitoring iWAF
    Application Services in Kubernetes with Avi Vantage

    ● Step 1: Configure Kubernetes Cloud on Avi


    Controller

    ● Step 2: Avi Controller brings up Avi SEs as


    Docker containers on every K8s Node

    ● Step 3: Create a deployment app1 in


    Kubernetes

    ● Step 4: Avi automatically creates


    corresponding services on Avi; allocates VIPs
    and creates an A record in DNS for app1.os
    Considerations for Avi with
    Google Kubernetes Engine (GKE)
    Avi Vantage - Kubernetes Integration in GKE

    Integration with Google Kubernetes Engine

    IAM
    Service accounts
    GKE Cluster Master
    IPAM
    VPC Network
    Routes

    Project/Region

    Google Cloud Resources


    NodePool Instances
    Avi Integration with Google Kubernetes Engine

    Kubernetes Engine Routes


    Avi Vantage Functions:

    • Full-Featured Service and Ingress Load Balancing


    Availability Availability (Distributed Load Balancing: L4-7 for both North-
    zone a zone b South and East-West Applications)
    Avi Controller
    • Service Discovery (DNS, IPAM)
    VIP1-a VIP1-b • App Maps, Service Performance Monitoring,
    Connection log search and analytics
    K8S Node
    K8S Node
    • Security Rules, Web App Firewall, and Traffic
    Encryption
    • Auto-Scaling
    K8S Node K8S Node
    • Global Server Load Balancing (GSLB)
    Pod 2 Pod 3 Pod 4 Pod 5

    Copyright © 2019 Avi Networks


    Avi Vantage - Kubernetes Integration in GKE

    IAM
    Service accounts Google Cloud Service Accounts

    IPAM
    VPC Network Kubernetes Service Account
    Routes

    Cluster User RBAC role


    Kubernetes Engine Admin
    Project/Region

    Google Cloud Resources


    Avi Vantage - Kubernetes Integration in GKE

    IAM
    Service accounts
    VPC network - Subnet

    IPAM
    VPC Network Routes
    Routes

    Project/Region XPN

    Google Cloud Resources


    Avi Vantage - Kubernetes Integration in Azure

    IAM
    Service accounts

    IPAM
    VPC Network GCP Region
    Routes

    GKE NodePool Project


    Project/Region

    VPC Network Project (XPN)

    Google Cloud Resources


    Demo: Avi Integration with GKE
    1 - Deploying an East-West Service
    2 - Deploying an Ingress
    Next Steps
    https://avinetworks.com/webinars-avi-tech-corner/

    Container Application Services Azure Kubernetes Services (AKS) Kubernetes on AWS EC2
    Thank You !

    You might also like