oracle,

Oracle Cloud Infrastructure Developer 2020 Associate (1Z0-1084-20)

Follow · 9 mins read
Share this

Cloud Native Fundamentals

Cloud Native vs Traditional Arch

  • Stateful vs Statelsss
  • Service Orchestration vs Service Chroreography
  • Dealing with failures

CAP Theorem

Distributed Database system

  • reliable network
  • zero latency
  • infinite bandwidth
  • secure network
  • no change in topology
  • one admin
  • zero transport cost
  • homogenrous network

Cloud Native Building Blocks

  1. Microservices
    1. service oriented arch
    2. Loosly coupled services
    3. organized around business capabilties

Defence in Depth Approach

  • source code - track, audit, in repo
  • Container image - include only bare minimum needed
  • Container Registry - use private registry, vulnerability scanning (twistlock)
  • pods - image from approved registry, use pod security policies, host ports, networking
  • Cluster/Orchestrator - secure access, Enable RBAC, Enable Audit logs
  1. Containers
  2. Functions

Service Communication Patterns

  • External Communication - to/from external services
  • Internal Communication - service to service (within cluster)

  • Sync vs Async Comm Protocols

  • HTTP, HTTPv2, WebSocket, gRPC

Messaing Protcols

  • MQTT (Message Que Telemetry Transport)
  • AMQP (Advance Message Queuing Protocol)

  • Pub/Sub
  • Idempotency - multiple lines but single effect. message can process more than once

  • Serialization
    • JSON - readable, large memory footprint
    • Protobuf - binary format, schema defined in .proto files

Oracle Functions Overview

fnproject.io

  • Function as a Service
  • Oracle Cloud integrated
  • Container Native
  • Opensource Engine
  • Multi tenant
  • Secure

  • run only when triggered
  • pay for code execution only

  • Function Development kit - FDK - Python, Java,Go, node.js, ruby

Oracle Functions Core Concept

  • grouped into applications
  • built as a docker image and pushed to a specified docker registry

  • invoke on cli, SDK, HTTP Req, other OCI services
  • docker will be pulled and run; after some idle perioed container will be removed.
  • Also time based functions
  • define policy for permissions

Function Metrics

  • FunctionExecutionDuration
  • FunctionInvocationCount
  • FunctionResponseCount

Oracle Functions - Use cases, References

  • Glue Cloud Services, Event Driven
  • Web, Mobile, IoT backends
  • Realtime file, stream process
  • DevOps, Batch process

API Gateway

  • single gateway to multiple API services
  • Routing
  • Rate limiting
  • Cross region resource sharing (CORS)
  • Metrics

Use cases

  • RESTful API for functions
  • Custom Development
  • SaaS services

Resource Manager Overview

  • Terraform as a service
  • Stack - a set of OCI resources you want to create in a compartment
  • job - a request to take a terraform action on a stack (plan, apply, destroy)

Advanced Terraform

  • stores the state of managed ifnra from the last time terraform was run
  • use this state to create plans and make changes to your infra terraform.tfstate

Terraform Local State File

  • stored locally on local machine in JSON format
  • small and individual team
  • not to scale for large teams
  • require a more mono-repo pattern

Terraform Remote State File

  • write state to remote data store
  • can manage by large team

  • use target flag to create only that resource

Terraform Modules

Terraform provisioners

  • ansible, che, puppet, shell

Instance Principal Config

OCI Streaming Services

  • logs, web/IoT/mobile data
  • 99.95% SLA
  • message - 64 bit encoded record or array of bytes
  • key - and identifier
  • stream - an append only log of messages
  • topic - message category
  • partitions - topic broken into partitions
  • producer - create message
  • consumer - subscribe and read
  • consumer group - a group

Design Considerations

  • retention max 7 days
  • max message size 1 MB
  • each partition 1000Emit API call per second, 5 Read API call per second
  • each partition max total write rate 1 MB per second, read rate 2 MB per second
  • each tenancy has a limit of 5 partitions

Oracle Kubernetes Engine (OKE)

  • your own/DIY
  • pre-built but managed by user
  • managed service

Terraform Kubernetes Installation for OCI

Creating OKE Cluster

  • monthly 3 cluster oer OCI regions, with 1000 nodes
  • pay as you go model got only 1 cluster

Accessing OKE Cluster using kubectl

  • need oci cli
  • then setup kubeconfig in oci cli
  • create serviceaccount with clusteradmin role to access dashboard
  • use token to login

OCI Service Broker

  • software to implement the Open service broker API
  • enable cloud service lifecycle through devops tools (provision,bind,deprovision)
  • specific to cloud vendor
  • CI/CD -> OCI Registry -> OKE CLuster <- Service broker <- OCI Cloud services

OCI API, SDK, CLI

Diff ways to access OCI

  • GUI Console
  • REST API - References and end points
  • Terraform
  • SDK- custom solutions based on java, python, ruby, go; need OCI account, user ID, key paid
  • ANsible
  • CLI - required keys and OCID. oci setup to configure, bash or pip install oci
  • Resource Manager

Key Management Overview

  • managed service to encrypt data
  • FIPS 140-2, Security level 3
  • create keys, disable keys, re-enable keys with key vault
  • rotate keys to meet your security governance and regulatory compliance needs; store in version
  • with IAM users and groups

  • vaults - logical entities to store keys
  • seperate compartment for keys
  • users/groups need access to keys

Design Considerations

  • regional service, repicate keys across 3 AD
  • block volumes and object storage are integrated with key managedment
  • rotaing key will not re-encrypt data that was previously encrypted with old key version; only when customer modify data
  • no import or export of keys
  • cannot delete keys, bud disabe. delete key vault
  • schedule vault deletion - 7-30 days
  • cannot recover once deleted

pricing on vault - per hour

IAM Overview

OCID - Oracle Cloud ID

Instance principal - for instance to make api calls

Authentication

  • authenticate principal by
    • username /password
    • API Signining Key
    • Auth Tokens - no expire

Autherization

  • specified various actions an authenticated

IAM Mangement - Compartments

  • sub compartments upto six level deep
  • atleast one policy to access it
  • subcompartments inherits access permisions from compartments higher up its hierarchy

Compartment Quotas

  • similar to service limit but set by administrator using policies
  • set, unset, zero

IAM Mangement - Policies

Verbs

  • inspect - ability to list
  • read - inspect + get user specified metadata
  • use - read + ability to work with existing resources
  • manage - include all permission for resource

Aggregated - all-resource, database-family, instance-family etc Individual - individual resource

Permissions

  • VOLUME_INSPECT, READ, VOLUME_WRITE,

API Operation

  • ListVolume, GetVolume,CreateVolume

Common Policies

IAM Mangement - Tags

Tag Namespace - a container for set of tag keys with tag key definitions

Testing Cloud Native Applications

  • mock - for testing
  • fake - with working implementation
  • stub - some data returns

Building block of testing

  • unit tests
  • service test/component level
  • user interface tests

OCI Registry Service

Oracle Cloud Infrastructure Registry - OCIR

  • Fully managed
  • HA Docker v2 registry
  • private or public repo
  • full integration with OKE

  • OCI Registry is FREE
  • Only charges for OCI resources

Managing Repos in OCIR

  • need proper permissions by policies
  • users need username and auth token beore being able to push/pull image
  • docker login .ocir.io

Pulling an image from OCIR for Kubernetes

  • create a secret and use it as imagePullSecret

Image Retention Policies

  • not tagged for a certain period
  • not pulled for a certain period
  • not given particular tag

  • Hourly process to reomve image
  • policies to retain/remove images

Monitoring Service Overview

  • monitor cloud resources
  • supports metrics and alarms
  • compite, VCN, LB, block, object storage, notification, streaming
  • health, capacity, performance

  • email or pagerduty
  • metric query language (MQL)

  • metric is a measurement related to health, capacity or performance of a given resource

  • metric stream - aggregated data of multiple metric data

  • internval 01,5,60 min etc
  • dimension - name-value pairs
  • Grouping - groupBy() aggregates results by groups
  • statistics - count, max, mean, rat, min, sum , percetile

Alarms & States

  • Firing - alarm triggered
  • Reset - alarm not detecting the metric firing, metric no longer being emitted
  • Suppress - avoid publishing messages during the specified time range eg maintenance

metric + alarm + topic

Events - Overview and Key Features

  • fully managed event-routing platform
  • using CNCF’s cloudevent (opensource) standard

  • integration with oracle functons, streaming, notification

  • Events - a structured and schematized message that denotes a change in resource
  • Rule - the object where a user defines which event they care about and trgigger an actions an actions if it occurs
  • Actions - the user-defined response to when an event occurs eg: triggering a functions or wrtingin to a stream, send notificaiton etc

Events - Core concepts

name & compartment -> trigger condition -> Action

  • max rules limit 50 / tenancy (can request more)

  • user defined response to a rule being matched
  • multiple actions can

Events - Use cases, Reference Arch

oci

Latest Stories

How to Pass CKA & CKAD Exams ? 10 Tips for Kubernetes Exams

Here see the best tips for Kubernetes Exams - Certified Kubernetes Administrator (CKA) & Certified Kubernetes Application Developer (CKAD).

In kubernetes, Jul 08, 2020
CKA & CKAD - Kubernetes Exam Tips, Learning Path and Certification

Since kubernetes is getting wide acceptance, Kubernetes Certification is the most trending one in IT circle now. I have completed both recently (March – April 2020) and I started gett...

In kubernetes, May 03, 2020
Start Your OpenShift Journey with these Free Red Hat Training Programs

Red Hat OpenShift Container Platform is one of the best kubernetes platform for enterprises. As we know kubernetes and OpenShift are multi-component stack and not easy to learn withou...

In openshift, Mar 09, 2020
Installing oVirt 4 with Self-Hosted Engine on Enterprise Linux

oVirt is one of the best free and open-source virtualization solution with enterprise level features. Installing oVirt cluster is simple and straight forward and you can refer the ins...

In oVirt, Mar 05, 2020

Featured