Migrate and Modernize with Kubernetes on Azure Government
Hi. This, is Steve Makati of the adjure government engineering, team I'm joined, here today by vishwas, lele CTO, of Applied Information, Sciences welcome vishwas, thank you Steve thank you for having me today, we're gonna talk about migrating. And modernizing. To Azure government, using kubernetes so, we, hear this term a lot migrating. What, they need to migrate my were closed as your government and there's, different motivations, for this what. Are some of the motivations, you're seeing out there with your customers so, Steve, I thought. This was where we were going to start and this is an important, way. To motivate this discussion, here so I have a few bullets here we, are seeing a lot of customers. Wanting. To migrate to, the cloud and I've listed here in the slide you can see so. The key reasons, and first and foremost that I see often, is the time to value yeah they, are under a lot of pressure from. Their customers, to produce. New functionality. To enhance this application, to meet the business needs and this. Time to value argument about, you know taking the requirements, and showing that into production that time needs to be shorter and shorter that's, the pressure and. Of course they are not able to achieve the time to value that they have in mind because, they've collected a lot of technical debt, the. Total, cost of ownership is high they're still worried about patching, the machines making sure the hot fixes are there making sure that applications. Are highly available and of. Course in, some cases and this is not uncommon they're, running on a platform that, is outside, or very quickly going to be outside the support, cycle. If you will and all. Of these together are. Sort of combining, into I'm, a CIO I. Am, running out of capacity in my current data center do I go, to. A new data center or I've been forced, to evacuate my, current data centers, these are some of the common motivations, that we are seeing in people, migrating. And modernizing, their applications, to the cloud absolutely. And it's one, of those situations where it's one thing if you have a brand new Greenfield, app but when you get to some of these older legacy apps you're talking about it becomes more complex, because, more company ok, so, we, hear different, approaches. For doing these modernisations, you hear people throw out these terms like lyft and, they're modernized. So. Why. Don't you talk a little bit about you know what are some of the traditional, approaches. And then how does that compare with what we're talking about here with modernizing, with kubernetes sure sure so. Let. Me just talk about the. Approaches, that we see often, in a, discussion like this so. You, can you can see in the in the slide here that, the. First approach commonly referred to as lift and shift you're taking your existing application. And you. Are essentially. Most. Often and not you're, taking your VMS using things like site recovery and moving that application, to the cloud yeah I think everybody understands, this. The. Other approach of course is the refactor, part where you can opportunistically. Take, parts of your application and sort of has enable, them so, if you have a database maybe you can go to either sequel database, if you have a web application maybe, you can move it to app service so, that's this the refactoring approach, and then, of course if you've decided that you know this is a mission critical application. And you. Have to constantly, keep changing, this application, and you're seeing more requirements. Maybe, it is time for you to reimagine, that application, and start. Taking advantage of, cloud. Native technologies. Like server less and, kubernetes, and things like that so, those are the common approaches, we see as you, said for, our discussion, today we, are going to talk about an approach, which. Is commonly referred to as reap lat 4 or also referred to as lift and reshape, what, I mean by that specifically, is you're still lifting, that application. So the lifting part is the same but. You're essentially, reshaping, it and by. Reshaping I mean you, are container, izing, this application, so you're shaping it in a form of a container and then moving that application, to the cloud so, this, is the other approach that we want to talk about these are some of the common approaches, and you. Know people look at this slide and say this. Is a for R as I have heard somebody talk about a 5 r model, and what I've not shown here which, is equally important, is you. May want to retire an application, completely. And maybe, go to a SAS or a low code environment, like power apps and, even though we're not showed it here but that's important to consider as well ok makes sense so presumably.
There's Pros and of each of these approach so talk, a little bit more in detail about that and where, this free platform, in particular, fits in yeah so that's a that's a great point let's just go into some of the details, here so, I will quickly, compare, the approaches that we talked about so, the first the first approach as I just said here is the, lift and shift approach right, and in. This case you, are not making any code changes you're taking your existing code moving it as is the. Operational costs remain, high because, you have not really changed the application, the, cloud costs, are high as well because essentially are paying for the, VMS even, though your CPU utilization maybe five or ten percent okay. You. Are not able to leverage the, cloud native capabilities because. You've essentially moved your application, your DevOps maturity, may be low, it. Depends on how you're doing DevOps today, the. Scalability. Is all vertical, so if you want to scale the application, you will have to get go by bigger machines that's it the. Cost the code structure, is essentially, unchanged. The. Time to value that we talked about in the previous slide remains high because you still have to go through your, processes, and one. Common, term that we are seeing in the cloud often, and just really an important, factor in if you're successful in the cloud is called the site reliability engineering. And the. Site reliability engineering. Maturity. Is still low because you are not taking advantage of the cloud instrumentation. To. Make, your applications, more available so that's the lift. And shift but, let's. Just very quickly do the same columns. For refactor, I'll just highlight the ones that are impactful, here there. May be some code changes because you are going from from. The, sequel server instance, perhaps to. Our sequel database, and of, course you can take advantage of managed, instances, to rule to reduce the code changes there operational. Costs are reduced because. For some parts you're taking advantage of what the cloud provider like Azure is providing. Cloud. Costs, are lower because, they're not paying for the entire VM, you're only paying for that instance of the service and. The. Code change, is slightly, there. Because, if you are moving to app service, then you have to change it that leaves the configuration, files and what have you so. That's the refactor, part so. Case some, advantages, over lift and shift yes although lift and shift had the advantage of I don't have to change any code I don't have to change any make sense and even, though the chord change may be may, be less right. When. You look at either sequel database it is, largely. The same as your sequel server, but. Where, the real impact, of this approach. Comes in is in the testing aspects, do. You when, you're going to the ishow sequel database do you have the right logic. To retry, are, you handling the transient, errors have, you tested every single scenario so the testing cost is quite high and has to be considered the. Last thing that I want to talk about as, part of the remain reimagine, is here, the code changes are great you are essentially rewriting, the application, the. Cloud costs, have a significant. Impact here because, you're not paying for, a VM in fact you're. Paying for a very interesting model called the dynamic cost where you're only paying, for the times your code is getting executed what we call the server less computing model so that's really high you're, taking advantages, of the cloud native capabilities, you. Have horizontal, scalability, which, is where you want to be, you're. Now, you really. Begin to hone in on the time to value argument. Because. As. Your graph is adding. New capabilities all the time and now. I can tap into those capabilities, I have aligned myself in a position where, I can start taking advantage of those capabilities, and of, course I can do things to improve my sre maturity.
Cosmos. DB for example, gives me a geo replication, that's built in my, site reliability engineering. Maturity, is much higher with, services, that are natively enabled, for G, replicated, scenario, right so this end of the spectrum lots of advantages, technologically. Much. More innovative you're, getting these benefits of the cloud, costs. Are less, but the, of course everything has a downside yes now you you're, rewriting, your app. Ok. If we superimpose our, you. Know lift. And reshape approach which is the focus of our presentation. Here on, this, diagram here and this interest. Into compare and contrast some, things first. And foremost the code is not changing, in this approach you are essentially container, rising this application, we will talk about it more, your operational costs can be lower because, you're not paying for the entire VM, you're paying for the cluster but, this you have this ability of more densely, packing, that cluster, so you can get a higher CPU utilization. You. Can, start to take advantage of some cloud native capabilities, your. S re maturity. Is higher because, if your container dies for some reason the. Orchestrator, as a service, now comes in and starts your application, again so you have not done anything but you are still getting the advantage of authority, maturity, here very, interesting so to two quick points that that I think come out of this I think are hugely important, the, first one that, you mentioned was, container. Izing your app a lot of times when people think of kubernetes they think okay I have to modernize and do all these different micro services all over the place but no you're saying take your existing legacy application, which, might be a monolith, and just, put the whole thing in a container and the. Other two-part. Question yes so. The, other interesting part of that is that, you're saying that even this legacy app this monolith, legacy app can. Suddenly start taking, advantage of these native cloud capabilities, like self-healing, and these sort of things that's. That's exactly right I was, smiling because that's a very common question, that.
People. Often think of kubernetes, as a micro. Services environment, and then, when, we are talking about this approach we. Are taking coarse grained pieces of our application, and then hosting, them in kubernetes, so. You're right we, don't have. Very. Small images, our architecture. Is not micro, services enabled, and you're. Not taking advantages, of all the things you can potentially take ultimately. But. At the same time even this intermediate, step or a first step is an. Important, step in that journey you. Are taking your applications. Essentially. Taking keys coarse-grained, applications, converting, an immutable image, a docker, image and then taking advantage of kubernetes, and we will talk about in, a moment in. This case we are using the orchestrator, is kubernetes, and we are using kubernetes, a service which is what i just kubernetes, services all about and. All. Of the control plane is managed, by our gov, I don't. Have to necessarily. Worried, about, if. My Orchestrator. Goes down even. The patching, is done for me so the underlying OS patching, is done for me so there are incremental benefits, there all right great so is this a good. Time to jump into a demo yes, of course we, have an application here for you Steve that. I want to talk about and. Many. Users or viewers, of this video. Ville will recognize, the music store applications, from many many years ago, probably. Came out in 2010, MVC, application a, standard. Music store application and, as. We were preparing for this this video is saying okay if you're going to show this demo of converting, this music store application container, izing it and running on kubernetes, and this, question kept coming back to me that people. Are going to look at this and say hey this was a very simple ASP, application, asp.net application. I would. Expect it to be converted to into, a container quickly, but, my legacy application, does not like that my legacy, application. Is far more challenging, so, he said ok in, order to make our demo mode realistic, what, we did was we looked at the container. Forums, and saw the, kinds of problems you were running into and deliberately. Took some of the problems, from those forums and injected. Those problems, into. This music, store application so, just, to quickly show you the music store application is based on asp.net, MVC, but. We went and injected, web forms just, to show that you might have this injected. WCS. Injected. A P invoke, so, people are always really worried, about that that. You know this is a container can I make a low-level call so injected, that may. Be a file watcher capability. Which is, often. A concern I'm looking, for an event and if. I'm running in a container can I get that event in a timely manner so we injected. These challenges. Deliberately. Onto, the milk store application and, then converted, it over to okay very interesting so it wasn't like you just said let's go about pick a bunch of random things these are the one the specific. Challenges, that you were seeing people in the forum's actually having when container izing let's say the legacy windows that is this. Is my view of the challenges, and I'm sure, their challenges, and this is a journey you should continue to collaborate on this but these are some of the things that surfaced, for me and I picked those that's why so. Let's take a look at Steve if that's okay well let's look at the architecture, of this application and, then we will show you some code here as well so.
Here. Is the before and after architecture, the before architecture, is quite easy. To understand, it is running in an on-premises, environment, maybe, some hypervisor. Asp.net. Application. And running, sequel server quite easy to understand, let's. Look, on the right-hand side of the screen this. Is where things get interesting so. First and foremost we, are going to take the application convert. That into a bunch of container images so. To, illustrate that we, have essentially. Broken, this image into multiple container images. We. Took the web portion of the application, convert, it into a container image we took the Windows. Service portion of the code, converted, that into an entire image all. Of those container, images could be stored in any kind of container registry I just happen to put it in docker hub that's. Where I'm going to be picking it up from then I created an aqueous cluster, and they. Case cluster essentially. Is where, we go and start these containers, of pods as they call them and then you'll, probably be curious. To see that I also have something called the Eyre container instances, in this picture and there's, a very specific reason for that today. I just, could be at a service does. Not support, Windows. Based, containers, that's because today kubernetes, doesn't support when that is true and, in fact there, is an upstream version where windows because containers, support has been added so you can see you can expect that to come to a case shortly, but. In order to get around that what. We are using is a container instance, project, which is a virtual cubelet, so you can still go to your IKS cluster and ask for a container that, container just happens, to be spawned, inside the container instance, service so, you can see here there are multiple windows, containers, running in container instances, that's. Essentially. The architecture. For. The database portion, I could have done one of many things I chose to do something simple I could have just ran, sequel. Server on a linux. Which is a complete, docker image, in this case since, the database was simple enough I just converted, it over to Azure sequel database or it sounds good okay so, that, this architecture, in mind I'm. Going to come out of the presentation, and just go into. Essentially. A virtual machine where. I have a bunch of things set up here so let's just go over to the virtual machine here and. The. First thing I want to show you is. The. Code so, I've taken the visuals 2010. Code, converted. It over and then added, the projects that I was talking about so. See some WCF bindings there you can see some WPF, bindings, yes and in. Fact, you, can see that this is the music store application right here there's. This WCF, service, and. You. Know the details are not that important, at a high level you can understand, that the music store application the way I injected, WCF was, in.
The Music Store application, when you generate an order it, will call the WCF, service WCF, service will, essentially. Write out a request to the database so that's what's happening and there's a Windows service here as well and then finally there's, a printing, service, which uses a pin book capable so, that's that's, essentially, the code so, you can see that there are four bubbles here and you can think of these four bubbles as translating, into Windows container images so that's at a high level what, this, code structure looks like. So. This was the first part of, adding. These, challenges. If you will to the application, the. Next part was building, these, projects. Getting, all the binaries and the, next part is now creating, docker images, and that's where things get interesting so I want to call that out now just go over to Visual Studio code, and. Then. Let's look at some of the the docker files here and sees, some of things that are that are interesting, so. I want, to show you a very simple docker, file here so, what is interesting here, is when. You're creating a docker file you have to start with the base file, and we are starting off a base file right here and this, is something that the Microsoft, teams, have provided we're, starting with the base image all of the asp.net binaries. Are there I didn't have to configure any of those. Essentially. I copied, all the project, at this portion, and what, is interesting about this and this is something that the. Viewers should look at which, is after. You've copied the files the, kind of challenges, that you run into a permission channel essentially, so you can see the last command here is I am using, the NTFS permissions, and granting. Anti-system. Authority certain, permissions of my knife okay so this isn't just like asp.net, core, this, is actual traditionally. This is that framework right has done that framework on Windows ok so, absolutely. This is this is dotnet, framework full, with. All the dependencies, we. Essentially took all our binaries, and moved. It to the container image and then we are assigning certain number of permissions right so that's one I just want to if you if you don't mind I want, to very, quickly also, show, you one. Other docker file and then, we will be off. To showing you a good demo here in this docker file notice. Here that I, am starting. With a WCF base image so, all the WCS, things are set up for me automatically, and the, only other interesting, part in this docker file is, because. This. Is a Windows service I'm having. To call an install, util command as part of my image creation to install that windows service so when this docker image comes up that, Windows service will automatically, be installed for me so these are actually really standard, docker files of a couple command line things you have to make sure you run but other than that very standard docker files that is true and. These. Are the kinds of things that you have to think about carefully when moving the application, but as you can see this is not hard you just to figure out what permissions you need what, services you need and making sure those are executed, in the right order when creating a door the docker image, so. We. Have the docker images ready the. Next thing we want to do is set. Up our eks cluster, right, so, let's, just go ahead and. Show. You the cluster. Here so. Right now I have a, cluster setup let, me just go over to the cluster, here and. This. Is my, monolith. Demo. Cluster, right here so. This is this is the cluster that I created, and. This, is a separate resource group let me go back to the dashboard and the. Other resource, group that you see here is on the screen right here so way. To think about it is your, I guess cluster is broken up into two resource groups the. Resource group that's managed by Microsoft, the control plane and an infrastructure, resource group that all your resources are so. Here, is where all my VMs and clusters are located, and this, is the place that we will deploy our Windows containers, that we talked about and, get.
Our Application running okay cool and I just want to I feel obligated to point out to the absolute, observer if they notice we're running and at regular, Asscher instead of azure government, I'll speak from the perspective of the azure government, engineering, team we, will have aks and azure government, very. Soon which is why we. Are wanting. To show this demo here in this environment but depending on when you're viewing this video we may already have it depends. On the time depends, of the time so. To. Keep. Things in the logical sequence we, built, the application, we created the container images we. Created the cluster and now. It's time to go and look at the cluster itself, so let's go ahead and do that so. I'm going to go back into this I'm going. To go back to the PowerShell window, and. Because. You are spinning up these container, images inside, the container instance, it can take two or three minutes or four minutes to get it up and running and we didn't, want to wait for that so I started, these container images if you will let, me just the first thing I want to do is I. Just, want to show you all of the boards, and if, you're new to kubernetes, I should just throw. Out this quick definition, pod is one. Or more containers essentially. So, move you're down, just an inch there so it's not blocked yeah, so let's just move this down here so. Let's. Just these. Are all of the containers that are running and it. Worth. Explaining, some things here so, this. Is my first pod this, is our is p.net application. This. Is the second pod which, is the WCF, service, and I, don't want to clutter this picture but you get the idea that, I have four pods, running. So, remember, our application, was four projects, each project got converted into a container image each container, manifesting. Itself as. Bought. Here yep, the one thing I do want to call out is the last board, and this is require some explanation you, can see this is a virtual cubelet. So. Who, the AKS cluster, it just appears, that, ACI, instance, just appears as another node you, don't have a physical VM, or or a VM as part of the cluster but, there's a virtual cubelet, and this is a very interesting project, where you, can say hey I want, to create a Windows image and then. They will route it to the a CIO, automatically. If you alright and if you have a legacy app that's maybe, written a note or Java already, runs on Linux even this part you don't need this, is Sarah Lee just showing, the. Whole way where if you have legacy, windows and then, it's needed exactly. Right exactly right and in fact what.
I Want to do is there's. A very simple cube. CTL, command which can get us the details about one of the pods let's just do that and. I didn't let's, just go out of this and, I just go to the details of. So. Let's just describe this port here and you. Will see does. The screen is slightly. Busy, so. I'm going to just explain this to you here and don't. Don't worry about a lot of stuff on the screen but the most important, part is that I wanted to point out is remember. That we are looking at the details, related to, the. Asp.net. Board, and, notice. Here that there's, something interesting going on here is we are telling kubernetes, that I have this board then. You schedule this board make sure you, schedule it on the ACI instance, so we are saying hey the node selector, happens to be a virtual, cubelet, so that's that's what's happening our, pods are running at this, point Steve, we, should be good to go over to the browser and exercise, our application, would you like to go. See that okay. So let's, just go over to the browser. And. I. Will. Start out with the, non containerized, version of the application. The. Busic and the, beautiful music store. App, and and, you know this. This. Is what you would expect I can go create an album but you know notice here that I'm running on localhost. 81. At this point and of. Course we don't, want to do, this we want, to go back and show. You the other application, here and let me move this out of the way here and. This. Is the application right here which. Is running inside kubernetes. So you can see here the, IP address, this is the load balancer, IP address then the kubernetes, cluster assigned. Us and. Let's. Just take, a look at this application I'm. Going to go to add to the cart check. It out and. Select. John, doe pre-fill, and, i don't want to worry about credit, card in this recording, so i'm going to give myself a free code submit. This order and you can see that. We were able to do this, and. If you're wondering hey you didn't show me that. Foreign, page let me also bring up this is the webform page right here this. Is ugly. My. Rendering, of some of the tracking, details, in fact, you can come in here and, also you, know, the printing of the receipt for. An order is done with the pin book capability, and that's being done inside the windows service container and the last thing I would like to show you here, very quickly is, the. Encryption part that we talked about so, you, can come, in and. Let's. Just just. For the purpose of this just say as, your curves and I, can create this cookie, and and. If i refresh it I'm, able to go back find, music. Store 3 and review, the data so again, this is not very interesting for your viewers but the reason I showed it was, important. Things like this, is an HTTP, module encrypting. The cookie works as you would expect and, we. Will not pick, up the time to run the the next set of demos but I'll just point out that in. This case the logging library happens to be log4net that's. Fine and that works just fine here as well and and, the last thing I want to also call out to us in this case, we. Are using no. A discussion, stands, but a memcache D, and, and. We. Didn't show that docker file but essentially. Once the image got created, we set. Up a scheduled task to. Run memcache, D dot, exe as part of the container image so. Essentially. All of those capability, including, the challenges, just work here as part of this so really is the price of admission really. Is just container, izing your app computerizing, your app exactly. In, fact we. Can, go. Back to the, slides here just want to summarize some of the steps here these, are essentially. The steps Steve, so it's really important, to do an assessment of your application, and then.
Oftentimes A critical, step is understanding the, dependencies, so, I have a Windows service, what dll's, do I have what permissions do I need and this is probably the most critical part the dependency, analysis, once. You've done the dependency, analysis, then. You write your broker files you containerize, your applications. Once, you've continued arised these applications, you want to host them instead of a container registry. Then. You, start, essentially. Go to a kubernetes, like environment and then, start, creating your reports based off of those images and then. Once, you've done this you, can now come in and start doing fault tolerance, and continuous. Modernization. And things like so even without having to change a whole bunch of code i've containerized, my app I've deployed it into Azure government. And now. Suddenly on a legacy app that I I wrote years ago and I have these capabilities, now like self-healing. Efficient. Resource management understanding, how to efficiently, pack the nodes and you get all that just from music. Deploying. Your app on kubernetes, that is correct that's correct the. We don't have the time to show you this but if I went. Into the dashboard, and. It, might be worthwhile to just go into the dashboard I want to run the whole demo for the sake of time here. But let's just go to the to. The portal here for a second, in fact I think I have the command already. Here so, let's just go, over. To. The VM let's go to PowerShell and one, thing I want to do is just bring up the kubernetes, portal, here so. Let's. Just bring this up here and. Once. The kubernetes portal comes up so. Interesting you just brought that with one command in the Imagi CLI. Watch. The portal so. This. Is the portal where. Notice. Here if I go further down on the left, hand side I have all my ports. Remember. These are all the ports that we were talking about this, is the web application this. Is the WCF, service this is the Windows service, and so on and so forth if I came in here and essentially. They just go ahead and do this like just go ahead and delete this talking, about the healing part I'm going to go delete this, part are you sure yes, I'm sure I can delete this part here and you, can see that. You know it takes a few seconds for this pod, to this get, deleted but. Because. We have this resilience, in place kubernetes. Notices. That this, you requested, me to. Have one copy of this pod running, somebody, deleted, this port I'm going to bring this up again this, port will this, is a great example of self-healing, that's going on right here this pod would come back up again in two minutes excellent, excellent, okay great all.
Right So what comes next so, I, guess, what. We should talk about then and maybe go, back to the slide here for a moment what. What comes next is, in, my, view once. You have migrated, the application, and I think I certainly subscribe to the agile, mindset. Like many of the people watching this video, the. Idea is that you can move these applications, quickly containerize, this and move, them to a kubernetes environment, where you get these benefits. But. Then you. Have these coarse-grained. Containers, what, you want to do is now, that you're running these applications, in, the cloud in fact let me just very quickly, bring. Up that slide that I had in mine to, describe this. So. Once you have this coarse-grained. Application. Now. What you want to do is you want to figure out which. Parts. Of the application maybe. Are using too many resources can. Be further broken down so. This gives you a great way to say, okay, I have now my application is running. In the cloud in a kubernetes manner but. Here, are some issues that I'm running into and, this. Application I'm not able to change it I want, to take advantages, for cloud native capability. Perhaps now. I can focus on that one. Coarse-grained. Pod and start, breaking it up and optimizing. It I call. This continuous, modernization. Far. More, effective. Than trying to go to a Big Bang approach of, I just want to rewrite this application, to go to the cloud this, gives you an opportunity to think about the pieces that are causing, the most problem and focus your time and your team's energy, to solving that problem that makes a ton of sense because otherwise what we see a lot of times is a team. Might take a year to try to modernize their out prior, to get deploying. To the cloud this, turns. Out on its head because quickly, get you to the cloud once you're there great now, you can start optimizing, and, modernizing, from there right and we, see this because you. Might want to just. Rewrite this application, and. It may take you a long time six months twelve. Months and by, the time you're ready to deploy that application the, cloud cadence, as we all know the, technology, that you take took a bit on may.
Not Be relevant at that point, versus. This approach hey I want to continue Ryze good go to an a case environment, but, you know this, piece I really, don't want to give. You this much compute capability, and pay for that I would rather take this functionality, which is very. Occasionally. Run I want, to take that capability, and run it as part of server less and only pay as you know run it as functions perhaps and I'm, gonna take this out so, you can start doing those things because functions, is what everybody, wants to do a lot of momentum behind it so. That's, how you can reason about it and constantly, modernize. Your application. That makes a lot of sense okay, great, all right well this has been Steve. McCauley with vishwas lele of Applied Information Sciences, talking about, migrating. And modernizing. To Azure government, with kubernetes, thanks. For watching thank, you.
2019-05-23 01:03