Building a Sovereign DBaaS on K8s OpenInfra Summit Asia 2024.pdf
0 likes•94 views
The document outlines the creation of a sovereign Database as a Service (DBaaS) on Kubernetes that integrates with OpenStack, addressing the needs of an Indonesian cloud provider facing competition and data sovereignty issues. It details the architecture, operational methods for lifecycle management, and automated processes for database management, emphasizing observability and error handling. The solution utilizes Severalnines CCX with Lintasarta Cloudeka infrastructure, supporting multiple database types and ensuring seamless scaling and failover capabilities.
![1
Building a Sovereign
DBaaS [on K8s]
supporting OpenStack
Johan Andersson Reski Rukmantio](https://image.slidesharecdn.com/buildingasovereigndbaasonk8sopeninfrasummitasia2024-240917084601-74fbceeb/85/Building-a-Sovereign-DBaaS-on-K8s-OpenInfra-Summit-Asia-2024-pdf-1-320.jpg)
Building a Sovereign DBaaS on K8s OpenInfra Summit Asia 2024.pdf
- 1. 1 Building a Sovereign DBaaS [on K8s] supporting OpenStack Johan Andersson Reski Rukmantio
- 2. 2 1. Introduction 2. Architecture 3. OpenStack integration 4. Day 2 Operations
- 3. 3 3 Business problem ● Indonesian Cloud provider ● Competition from hyperscalers ● Data sovereignty / data privacy ● Data gravity ● Needs to broaden beyond IaaS ● DBaaS is foundational service
- 4. 4 4 DBaaS Options ● Trove ● Custom / DIY e.g Ansible/TF/OpenTofu ● Work with a DBaaS provider
- 5. 5 5 Solution ● Leverage Severalnines CCX DBaaS with Lintasarta Cloudeka infra ● Controlplane in K8s ● Dataplane in Openstack VMs ● Supporting multiple databases ○ MySQL, MariaDB, Postgres, Redis, MS SQL Server
- 7. 7 Stack 7 Observability Prometheus AlertManager Loki/ElasticSearch Fluentbit Grafana DNS ExternalDNS RBAC Keycloak Security At rest (LUKS) In-transit (TLS) Message queue NATS Database Postgres (zalando patroni operator) MySQL (mysql innodb cluster operator)
- 8. 8 Helm install CCX Installation steps Setup OpenStack credentials and config Specify flavors and volumes that should be exposed 3 2 1 https://artifacthub.io/packages/helm/clustercontrol/ccx
- 9. 9 OpenStack integration options 9 White-label the CCX frontend Full API integration Your branding here
- 10. 10 Integration options JWT (White label UI) Service Account (Full API Integration) CCX DBaaS Controlplane User auth (Web UI)
- 12. 12 JWT Login request Create JWT - PROJECTID - USERID - ORGID - EMAIL Sign with private key Receive JWT Public Key User exists? Provision user Control Plane CSP Create Session Load UI
- 13. 13 Now what?! 13 Our DBaaS is up and running
- 14. 14 Now what?! 14 Our DBaaS is up and running Create infra and databases
- 15. 15 Now what?! 15 Lifecycle management Our DBaaS is up and running Create infra and databases
- 16. 16 16 Day 2 Operations ● State handing ● Database Configuration management ● Backup and Restore ● Scaling ● Failover ● Automatic Failure Handling ● Upgrades
- 17. 17 17 Day 2 Operations ● State handing ● Database Configuration management ● Backup and Restore ● Scaling ● Failover ● Automatic Failure Handling ● Upgrades … while operating at scale … while requiring no human interaction
- 18. 18 Controller Control loop Controlplane Dataplane datastore state FAILED STARTED etc. PRIMARY 1.1.2.4 REPLICA 1.1.2.5 OpenStack VM OpenStack VM datastore State handling
- 19. 19 DNS - Application Failover ExternalDNS Controlplane Dataplane End-user Apps replica.datastore.example.com 1.1.2.4 datastore.example.com 1.1.2.5 replica.datastore.example.com REPLICA 1.1.2.5 OpenStack VM PRIMAR Y 1.1.2.4 OpenStack VM datastore.example.com
- 20. 20 DNS - Application Failover ExternalDNS Controlplane Dataplane End-user Apps replica.datastore.example.com 1.1.2.4 datastore.example.com 1.1.2.5 replica.datastore.example.com REPLICA 1.1.2.5 OpenStack VM PRIMAR Y 1.1.2.4 OpenStack VM datastore.example.com
- 21. 21 DNS - Application Failover: Failover and update DNS ExternalDNS Controlplane Dataplane End-user Apps datastore.example.com replica.datastore.example.com 1.1.2.4 datastore.example.com 1.1.2.5 replica.datastore.example.com 1.1.2.5 datastore.example.com PRIMAR Y 1.1.2.5 OpenStack VM PRIMAR Y 1.1.2.4 OpenStack VM
- 22. 22 22 Immutable infrastructure principle ● Error handling ● Do not attempt to login to the servers and fix things. No SSH. ● No agent that intelligently tries to do things on the datastore → Rely on simple procedures.
- 23. 23 How does CCX resolve this? ExternalDNS Controlplane Dataplane End-user Apps datastore.example.com replica.datastore.example.com 1.1.2.4 datastore.example.com 1.1.2.5 replica.datastore.example.com 1.1.2.5 datastore.example.com PRIMAR Y 1.1.2.5 OpenStack VM PRIMAR Y 1.1.2.4 OpenStack VM
- 24. 24 Add new infrastructure ExternalDNS Controlplane Dataplane End-user Apps datastore.example.com replica.datastore.example.com 1.1.2.4 datastore.example.com 1.1.2.6 replica.datastore.example.com 1.1.2.5 datastore.example.com REPLICA 1.1.2.6 OpenStack VM PRIMAR Y 1.1.2.5 OpenStack VM PRIMAR Y 1.1.2.4 OpenStack VM
- 25. 25 Remove broken infrastructure & clean up ExternalDNS Controlplane Dataplane End-user Apps datastore.example.com 1.1.2.6 replica.datastore.example.com 1.1.2.5 datastore.example.com REPLICA 1.1.2.6 OpenStack VM PRIMAR Y 1.1.2.5 OpenStack VM replica.datastore.example.com
- 26. 26 26 Observability/logging is key for troubleshooting Deployment of datastores is easy Day 2 operations needs to be completely automated Immutable infrastructure Keep it simple Summary https://artifacthub.io/packages/helm/clustercontrol/ccx
- 28. 28 Johan Andersson CTO at Severalnines @severalnines Reski Rukmantiyo Vice President of Cloud Solutions Lintasarta Cloudeka