Please enable JavaScript.
Coggle requires JavaScript to display documents.
Cloud Native Fundamentals - Coggle Diagram
Cloud Native Fundamentals
Cloud Native
natively utilises services and infrastructure
from cloud native providers
services running on different machines
Building paradigms
Pets
treat infrastructure like pets
give them names
care for them
scale vertically
Cattle
numbered, clustered
if one is sick, replace it
one down, nobody notices
scale horizontally
Distributed Systems
Fallacies
reliable network
zero latency
infinite bandwidth
secure network
topology does not change
one admin
zero transport cost
homogeneous network
CAP theorem
Only 2 of:
Consistency
availability
partition tolerance
Building blocks
Microservices
segment of an application
independently deployable
service oriented architecture
loosely coupled
organised around business capability
managed by independent teams
communicate through APIs
own tests, builds, data, deployment
able to scale at different rates
easier to measure specific services
CHALLENGES:
complexity
decentralised data = transactions difficult
performance (network overhead)
versioning, back/forward compatibility
service dependency management
service availability
Security
Defense-in-depth approach
source code
secure repository
track/audit access
vulnerability checks
as part of CI
container image
contains bare minimum
container registry
private registry
vulnerability scanning (twistlock)
Pods
images pulled from approved registries
pod security policies: control volume,
privileged containers, host ports,
networking
Cluster/orchetrator
secure access to cluster
enable rule based access
enable audit logs
containers
serverless functions
Operating Cloud native Apps
Continuous Integration
build
test
source code repository
branching strategies
GIT FLOW STRATEGY
designed around releases
master & develop branches
feature/release/hotfix branches
merge to develop
merge to master:
increase release number
Continuous Deployment
release stage
swap state & production deployment slots
redirect % of prod workload to deployed services
monitor and observe released versions
integrate with alarm system
rollback to previous version OR
keep increasing till 100%
Deploy stage
no added source code
automatically triggered by
successful CI
place artifact in staging env
run tests / monitor services
post release
continuous service monitoring
investigating incidents/errors
alerting/monitoring systems
chaos testing