sebastian.spross@microsoft.com

linkedin.com/in/sebastian-spross

Innovation after one decision

Culture and org charts

http

://w

ww

.bon

kers

wor

ld.n

et/im

ages

/201

1.06

.27_

orga

niza

tiona

l_ch

arts

.png

http

://w

ww

.bon

kers

wor

ld.n

et/im

ages

/201

1.06

.27_

orga

niza

tiona

l_ch

arts

.png

2016

.NET Core 1.0

PowerShell Core

Windows Subsystem for Linux in Windows 10

Microsoft joins Linux foundation

GitHub recognizes Microsoft as a top open source contributor

2017

Microsoft Azure Kubernetes Service launched

Draft, Brigade, Kashti projects submitted to Kubernetes community

Microsoft joins Cloud Native Computing & Cloud Foundry Foundations

SQL 2017 on Linux

Windows source code moved to Git

Azure Databricks (Apache Spark) announced

2012

Microsoft Open Source

2018

Azure DevOps

Azure DevOps

Deliver value to your users faster

using proven agile tools to plan,

track, and discuss work across

your teams.

Build, test, and deploy with CI/CD that

works with any language, platform,

and cloud. Connect to GitHub or any

other Git provider and deploy

continuously.

Get unlimited, cloud-hosted

private Git repos and collaborate

to build better code with pull

requests and advanced file

management.

Test and ship with confidence

using manual and exploratory

testing tools.

Create, host, and share packages with

your team, and add artifacts to your

CI/CD pipelines with a single click.

Azure Boards Azure Repos Azure Pipelines

Azure Test Plans Azure Artifacts

https://azure.com/devops

Broadening the Azure Ecosystem

People. Process. Products.

What is DevOps?

DevOps is the union of people,

process, and technology to

enable continuous delivery of

value to your end users.

Build&

Test

Continuous Delivery

Deploy

Operate

Monitor &

Learn

Plan &

Track

Develop

Innovation after one decision

If you have a preferred container platform

Pivotal Cloud Foundry Kubernetes Docker Enterprise Edition

Red Hat OpenShift Mesosphere DC/OS

Lets help you bring that platform to Azure

Kubernetes: the industry leading orchestrator

Portable

Public, private, hybrid,

multi-cloud

Extensible

Modular, pluggable,

hookable, composable

Self-healing

Auto-placement, auto-restart,

auto-replication, auto-scaling

#2 overall

individual

contributor to

Kubernetes

(Brendan Burns)

#4 overall individual

contributor to Docker

(John Howard)

#1-3 overall

individual

contributors to

Helm

70 Microsoft

employees have

made

contributions to

Kubernetes

Microsoft contributes open source containers

Microsoft leads open source communities

Two members of the

Kubernetes

steering committee

Member of the

technical board of the

Cloud Native

Compute Foundation

Board member of the

Linux Foundation

Several leads or co-

leads of Kubernetes

SIGs (special

interest groups)

Helm – The de-facto

package manager for

kubernetes (https://helm.sh),

Top level CNCF project

Draft – A rapid-

development

environment for new

kubernetes

developers

(https://draft.sh)

Brigade – Easy to use

javascript based

workflow definition for

kubernetes

(https://brigade.sh)

Kubernetes + VS-Code

(https://github.com/Az

ure/vscode-

kubernetes-tools )

open source

App1 App2

Orchestrator

App Type Packages Service Fabric Cluster VMs

App1 App2

Handling Machine Failures

#FAIL

App Type Packages Service Fabric Cluster VMs

App1 App2

Orchestration Basics - Capacity

App Type Packages Service Fabric Cluster VMs

App1 App2

Orchestration Basics - Balancing

App Type Packages Service Fabric Cluster VMs

App1 App2

Orchestration Basics – Scaleout Service

App Type Packages Service Fabric Cluster VMs

App1 App2

Orchestration Basics – Scaleout Cluster

App Type Packages

UD3

UD2

UD1

App1 App2

Orchestration Basics - Upgrade

App2.1

App Type Packages Service Fabric Cluster VMs

Kubernetes Architecture

Scale Up & Down

CPU Load

Bursting with the ACI Connector

Kubernetes control plane

Application

architect

Infrastructure

architect

Azure Container Instances (ACI)

AC

I C

on

necto

r

Pod

Pod Pod

Pod

Pod Pod

Pod

Pod Pod

Pod

Pod Pod

VM VM

VM VM

Deployment/

tasks

Pod Pod Pod Pod Pod

Pod Pod Pod Pod Pod

Pod Pod Pod Pod Pod

Pod Pod Pod Pod Pod

Pod Pod Pod Pod Pod

Azure Container Instances (ACI) PREVIEW

Azure Container Instances (ACI)

Open Service Broker API (OSBA)

Release Automation Tools

Waste Waste

Waste Waste Pod Pod

Pod Pod

Azure Container Registry (ACR)

ACS Engine

Azure Container Registry Manage a Docker private registry as a first-class Azure resource

Use familiar, open-

source Docker CLI tools

Azure Container Registry

geo-replication

Manage images for all

types of containers

Authenticate using Azure

Active Directory Identity Integrated OS &

Framework Patching

Secure images by default

with quarantine pattern

Built-in

Azure Container Instances (ACI)

Azure Container Registry (ACR)

Release Automation Tools

ACS Engine

Open Service Broker for Azure (OSBA)

Build/CI,

Integrate,

Test

Run, Manage,

Integrate

Container Service

Service Fabric

Batch

App Services

…

Azure

Container

Registry

Code

Run

Validate

Debug

CD, Deploy Source Code

Control (SCC)

Functions

Analyze, Understand, Improve

ACI

Helm The best way to find, share, and use software

built for Kubernetes

Manage complexity

Charts can describe complex

apps; provide repeatable

app installs, and serve as a

single point of authority

Easy updates

Take the pain out

of updates with in-

place upgrades and

custom hooks

Simple sharing

Charts are easy to

version, share, and host

on public or private

servers

Rollbacks

Use helm rollout to

roll back to an older

version of a release

with ease

Helm Helm Charts helps you define, install, and upgrade

even the most complex Kubernetes application

custom

services

Chart.yml

db load balancer

ci

…

Azure Dev Spaces

https://docs.microsoft.com/en-gb/azure/dev-spaces/azure-dev-spaces

https://github.com/Azure/application-gateway-kubernetes-ingress/blob/master/docs/images/architecture.png

Kubectl

1. API Server

Security

AKS Object ARM API

Networking

Compute

Storage

AKS RP

Admins

User

Kube Event

Dev

Pull images

Azure resources in MC_* Resource Group 6. Pod Security

4. Secrets to access external resources

5. Network isolation of pods and app

resources

2. Securing ingress and egress traffic towards users and services

3. Securing images

Motivation for Network Policy

Kubernetes Network Policy

Kubernetes Network Policy Example apiVersion: networking.k8s.io/v1

kind: NetworkPolicy

metadata:

name: my-network-policy

namespace: my-namespace

spec:

podSelector:

matchLabels:

role: db

ingress:

- from:

- podSelector:

matchLabels:

role: frontend

ports:

- protocol: TCP

port: 6379

Role: db Role: db

role: db

role: frontend

role: helper

TCP 6379

role: frontend

Kubernetes Network Policy Example apiVersion: networking.k8s.io/v1

kind: NetworkPolicy

metadata:

name: my-network-policy

namespace: my-namespace

spec:

podSelector:

matchLabels:

role: db

ingress:

- from:

- podSelector:

matchLabels:

role: frontend

ports:

- protocol: TCP

port: 6379

Role: db Role: db

role: db

role: frontend

role: helper

TCP 6379

role: frontend

Kubernetes Network Policy Example apiVersion: networking.k8s.io/v1

kind: NetworkPolicy

metadata:

name: my-network-policy

namespace: my-namespace

spec:

podSelector:

matchLabels:

role: db

ingress:

- from:

- podSelector:

matchLabels:

role: frontend

ports:

- protocol: TCP

port: 6379

Role: db Role: db

role: db

role: frontend

role: helper

TCP 6379

role: frontend

Kubernetes Network Policy Example apiVersion: networking.k8s.io/v1

kind: NetworkPolicy

metadata:

name: my-network-policy

namespace: my-namespace

spec:

podSelector:

matchLabels:

role: db

ingress:

- from:

- podSelector:

matchLabels:

role: frontend

ports:

- protocol: TCP

port: 6379

Role: db Role: db

role: db

role: frontend

role: helper

TCP 6379

role: frontend

Kubernetes Network Policy Example apiVersion: networking.k8s.io/v1

kind: NetworkPolicy

metadata:

name: my-network-policy

namespace: my-namespace

spec:

podSelector:

matchLabels:

role: db

ingress:

- from:

- podSelector:

matchLabels:

role: frontend

ports:

- protocol: TCP

port: 6379

Role: db Role: db

role: db

role: frontend

role: helper

TCP 6379

role: frontend

Work how you want with opensource tools and APIs

LinkerD

Stats

Deployed Cluster

on Azure

ARM template file

ACS-engine cluster

definition file

Running AKS on Azure stack

Hotel Staff

Android

Hotel Staff

iOS

Hotel Guest

Android Hotel Guest

iOS

Hotel Guest

Web

Visual Studio App Center

HockeyApp iOS, Android, UWP

Visual Studio App Center

Visual Studio App Center

Inp

uts

Outp

uts

CODE

https://docs.microsoft.com/en-us/azure/azure-functions/supported-languages

Lig

ht B

lue

R0 G

188 B

242

Gre

en

R16 G

124 B

16

Red

R232 G

17 B

35

Mag

en

taR

180 G

0 B

158

Pu

rple

R92 G

45 B

145

Blu

eR

0 G

120 B

215

Teal

R0 G

130 B

114

Yello

wR

255 G

185 B

0

Ora

ng

eR

216 G

59 B

1

Lig

ht Y

ello

wR

255 G

241 B

0Lig

ht O

ran

ge

R255 G

140 B

0Lig

ht M

ag

en

taR

227 G

0 B

140

Lig

ht P

urp

leR

180 G

160 B

255

Lig

ht T

eal

R0 G

178 B

148

Lig

ht G

reen

R186 G

216 B

10

Dark

Red

R168 G

0 B

0D

ark

Mag

en

ta

R92 G

0 B

92

Dark

Pu

rple

R50 G

20 B

90

Mid

Blu

eR

0 G

24 B

143

Dark

Teal

R0 G

75 B

80

Dark

Gre

en

R0 G

75 B

28

Dark

Blu

eR

0 G

32 B

80

Mid

Gra

yR

115 G

115 B

115

Dark

Gra

yR

80 G

80 B

80

Ric

h B

lack

R0 G

0 B

0

Wh

iteR

255 G

255 B

255

Gra

yR

210 G

210 B

210

Lig

ht G

ray

R230 G

230 B

230

Azure Functions is an open-source project Functions runtime and all extensions are fully open source

https://github.com/Azure/Azure-Functions

IoT Devices

Storage

Resource Groups

Cloud Subscriptions

Streaming Data

Tables

Discovering events is expensive

Application

1st party events

IoT Devices

Storage

Resource Groups

Cloud Subscriptions

Streaming Data

Tables

Processing events is cumbersome

Application

Code

</>

Infrastructure

1st party events

IoT Devices

Storage

Resource Groups

Cloud Subscriptions

Streaming Data

Tables

Communication between app components is complicated

Service 1

Code

</>

Service 2

Code

</>

Custom app specific events

Infrastructure Infrastructure

1st party events

IoT Hub

Blob Storage

Resource Groups

Azure Subscriptions

Event Hubs

Storage (GPv2)

What if it could be simpler?

Serverless

Function 1

Code

</>

Custom app specific events

1st party events

Code

</>

Serverless

Function 2

Event Grid Event Grid Functions Functions

IoT Hub

Blob Storage

Resource Groups

Azure Subscriptions

Event Hubs

Custom Topics

Storage (GPv2)

Azure Functions

Logic Apps

Azure Automation

WebHooks

Event Hubs

….and more!

Façade and front door

Developer portal

Azure portal

Gateway

Publish, Operate & Monitor

Mediate

Consume

Versions and revisions in API Management

/v1

/v2

;rev=1

;rev=2

;rev=3

;rev=4

;rev=1

;rev=2

/speakers

/sessions

/days

https://example.org/ foo

Policy scopes

global

product

api

operation

to backend

from backend

from caller

to caller

GET /foo/bar HTTP/1.1

Host: api.constoso.com

Key: 0123456789

0123456789

/foo

/bar

Policy expressions • C# “snippets” embedded in policies

• Have read-only access to the request context

• Can only use whitelisted .NET types

• Are used to dynamically configure or conditionally execute policies