BOSH: running platforms so you can run platforms on your platforms
Paul Czarkowski / @pczarkowski Principal Technologist Pivotal software
© Copyright 2018 Pivotal Software, Inc. All rights Reserved. Version 1.0
Sucessful Patterns for Deploying [and Operating] Platforms.
Paul Czarkowski / @pczarkowski Principal Technologist Pivotal software
© Copyright 2018 Pivotal Software, Inc. All rights Reserved. Version 1.0 Do you know Cloud Foundry? Do you know Kubernetes ? Do you know BOSH ? What is a platform ?
https://en.wikipedia.org/wiki/Computing_platform A modern software platform provides API driven compute resources. “Every IT team is a Platform Team.” http://slides.eightypercent.net/platform-platform/index.html#1 https://twitter.com/kelseyhightower/status/935252923721793536 Generic Platform
Users
API
Artifacts Database Storage Compute Network Access Enterprise IT
Users
API
Storage Systems Network DBA Security QA Admin Admin Engineer
“You don’t have a platform problem, you have a culture problem.” Evolve your IT teams!
Take business requirements and turn Application App1 App2 App3 Team them into features
Messaging Creds/Certs Middleware Platform App ML ELK DBaaS Build common services Team Platform Container Services Container Hosts | Kubernetes for App Teams ? ? ?
Infrastructure Team
Abstract infrastructure complexity with easy IaaS consumption Infra Services Virtual Infrastructure
Physical Infrastructure People build Platforms People are the most People build Apps important component Apps run on Platforms of any platform. What Abstraction is the Right One for You ?
More Control Less Complexity
Build App Build App App → to the Artifact Container(s) Platform
Traditional Build Config CF API Application Ticket Management
Based Dependencies PaaS PaaS Human Application Platform Infrastructure K8s API Toil As Code CaaS ContainerCaaS Orchestrator IaaS API
Container Runtime PXE boot ? ContainerIaaS Hosts
HardwareIaaS
18 FaaS
PaaS
Higher flexibility and Lower development less enforcement of complexity and higher CaaS standards operational efficiency
IaaS
Hardware
Strategic goal: Push as many workloads as technically feasible to the top of the platform hierarchy Consumers of the abstraction
App Team Platform Team FaaS Infrastructure Team App Team PaaS Platform Team
Platform Team Infrastructure Team CaaS App Team
Infrastructure Team IaaS Platform Team
Infrastructure Team Hardware “In general, taking something that’s already working somewhere and expanding its usage (capabilities) is far more likely to succeed than building these capabilities from scratch” WE build the container YOU build the container
Continuous Application Code & Frameworks delivery Buildpacks | Spring Boot | Spring Cloud | Steeltoe
Github
Public Cloud Pivotal Services Network Pivotal Application Pivotal Container Pivotal Services Customer Marketplace Managed Concourse Service (PAS) Service (PKS) Services
>cf push >kubectl run Pivotal and Open Service Broker API v1 Partner Products CVEs Java | .NET | NodeJS Elastic | Packaged Software | Spark Product Updates
v2 “3Rs”
v3 Embedded OS Repair Repave Rotate ... NSX-T — CVEs — Credhub (Windows & Linux)
Concourse
CPI (15 methods)
Azure & vSphere Openstack AWS Google Cloud Azure Stack
The Google Problem
x 1,000,000
K8s Contr Master Etcd oller Kube Mana Scheduler ger API Server
K8s K8s K8s Worker Worker Worker Kubelet Kubelet Kubelet Pod Pod Pod Pod Pod Pod Docker C Pod Docker Pod Docker Pod Kube-pro Kube-pro Kube-pro xy xy xy CNI CNI CNI
K8s Master Etcd Controller Kube Scheduler Google Compute Engine Manager (hidden from user) API Server
Google Compute Engine
K8s Worker K8s Worker K8s Worker
Kubelet Kubelet Kubelet Pod Pod Pod Pod Pod Pod Docker C Pod Docker Pod Docker Pod
Kube-proxy Kube-proxy Kube-proxy
CNI CNI CNI
What Abstraction is the Right One for You ?
More Control Less Complexity
Build App Build App App → to the Artifact Container(s) Platform
Traditional Build Config CF API Application Ticket Management
Based Dependencies PaaS PaaS Human Application Platform Infrastructure K8s API Toil As Code CaaS ContainerCaaS Orchestrator IaaS API
Container Runtime PXE boot ? ContainerIaaS Hosts
HardwareIaaS
32
BOSH - Component Architecture
IaaS Cloud Provider CLI IaaS Interface API
Registry
Health BOSH provides the means to go Monitor Director from deployment configuration to Agent VM creation and management. It NATS Agent includes interfaces for Azure, vSphere, AWS, GCP, and Agent Postgres Blob Agent OpenStack. Additional CPI can be DB Store written for alternative IaaS providers. BOSH - Service Deployment
Deployment
Manifest
Release
w Stemcell BOSH - Stemcell
▪ Secured, Hardened, and Versioned Operating System image wrapped with IaaS specific packaging ▪ ▪ Contains a bare minimum OS skeleton with a few common utilities pre-installed, a BOSH Agent, and a few configuration files to securely configure the OS by default. Stemcell ▪ ▪ Images come in two flavors Ubuntu 14.04 and CentOS 7 for all IaaS’ supported ▪ ▪ Maintained by BOSH team and available at http://bosh.io/stemcells BOSH - Release
Elements: Organization: Dependency Tree:
Jobs - Pieces of the service or application you are releasing, Job(s) including how to compile & run them Monit
Packages - Provide source code and dependencies to jobs Spec
Src - Non-binary files which is provided to packages Blobs Blobs - Provide binary files (other than those checked into a source code repository) to packages Package(s)
Monit - Script utilized to start/stop/restart the job Packaging Spec Packaging - Script utilized to compile the source needed by a job Src Spec - Key/Value file which stores all configuration properties which can be set externally
Green - Script (erb or bash) Orange - Properties (yml) BOSH - Manifest
Provides the ability to customize BOSH releases (your service)
YAML - Primer found at end of presentation
Required Blocks:
▪ Deployment Identification: A name for the deployment and the UUID of the Director managing the deployment
▪ Releases Block: Name and version of each release in a deployment
▪ Stemcells Block: Name and version of each stemcell in a deployment
▪ Update Block: Defines how BOSH updates instances during deployment
▪ Instance Groups Block: Configuration and resource information for instance groups (Jobs)
▪ Properties Block: Describes global properties and generalized configuration information
▪ BOSH - Service Deployment
Cloud Provider CLI IaaS Interface API Stemcell Registry
Manifest Config Health Monitor Release Director Agent NATS Agent
Postgres Blob Agent DB Store Agent
* * BOSH - Process High Availability
IaaS
Alert Sent!
Proc-1 Health Restart! Monitor Agent Director Proc-1 NATS Agent BOSH - VM High Availability
Manifest - Desired State Cloud IaaS Provider IaaS Interface API Proc-1
Alert Sent! Agent
Proc-1 Health Proc-1 Monitor Agent Agent Director Proc-1 = NATS Agent
Proc-1
Agent BOSH - Canary Upgrades
Any update error causes the deployment to stop. Since only canaries are affected before an update stops, problem jobs Manifest - and packages are prevented from taking over all instances.
Code Update 4.04! Agent
Agent
Agent
Agent BOSH - Day 2 Ops
Consistent, Reliable, Scalable, Secure
Deploy Provision and ▪ Checks against “desired state to return Configure consistency ▪ No ad hoc automation burden ▪ Manage services, not servers Current State ▪ 4 layers of Self Healing Desired State
Monitor Re-mediate and Detect
PKS “How it Works” #pks# pks create-cluster create-cluster K8s-1K8s-2K8s-3 --plan -n small3 Cluster3 The value of BOSH
API Node V API M Kubernetes PKS Control Plane Node V Cluster Services M PKS includes: Node V Cluster1 M • PKS Control Plane, CFCR
• NSX-T, Harbor, GCP Broker Kubernetes Node V CNI API M (As a Bosh Release) NSX-T • BOSH Release for Kubernetes Kubernetes Node V Cluster Services M • Configures Day 1 of - CFCR BOSH CPI vSphereIaaS Node V Cluster2 M - vSphere (Deploys/Manages VMs) - NSX Integration API Node V - Harbor M Kubernetes • Manages Day 2 of Kubo CFCR Cluster Services Node V Cluster Services M Kubernetes Clusters V Node V - Scaling Cluster3 Node M Harbor GCP M - Patching Private Container Service Node V - Upgrades Registry Broker M - Failures Node V M
AWS Lambda, Azure Functions, OpenWhisk, FaaS kubeless, PFS PCF, Azure App PaaS Service, Heroku, Deis PKS, GKE, OpenShift, AWS CaaS Fargate, Kubernetes AWS, Azure, IaaS GCP, Openstack, VMWare HPE, Dell, Hardware IBM, Lenovo
http://www.bsielearning.com.au/keep-simple-stupid/ Full Opensource DIY
● ??? pxe ● Openstack Ansible ● Kubespray ● Ansible Hardening
https://github.com/openstack/openstack-ansible https://github.com/openstack/ansible-hardening https://github.com/kubernetes-incubator/kubespray !!! How We Think about the Business Case
40-60%* 25-50%*
More Projects With Fewer Support $ Same Staff Incidents REPLATFORM > MODERNIZE > OPTIMIZE
40%*
Faster Patching SPEED & AGILITY STABILITY % Delivery @ Zero
Downtime
$ ESTABLISH, MEASURE AND UPDATE SECURITY Millions -90%* Annual Savings on KEY OBJECTIVES AND RESULTS (OKRs) Time to Scale $ HW, SW and Support
SCALABILITY SAVINGS
PLATFORM VALUE STREAM AND METRICS THE END Questions ?