Container, Kubernetes, Ansible & Co. Zur Workload Automatisierung

Container, Kubernetes, Ansible & Co. zur Workload Automatisierung

Martin Reinke (Marc Schwering) @reinke_m (@m4rcsch)

NUBIT Kiel, 26.Januar 2018 ARCHITECTURAL EVOLUTION

3rd PARTY SERVICES TRADITIONAL APPS MICROSERVICES MONOLITHS FUNCTIONS

2 WHAT ARE CONTAINERS? It Depends Who You Ask

INFRASTRUCTURE APPLICATIONS

● Application processes on a shared kernel ● Package apps with all dependencies ● Simpler, lighter, and denser than VMs ● Deploy to any environment in seconds ● Portable across different environments ● Easily accessed and shared

3 OPENSHIFT TECHNICAL OVERVIEW VIRTUAL MACHINES AND CONTAINERS

VIRTUAL MACHINES CONTAINERS

VM Container Container Container Container

App App App App App App App App

OS Dependencies OS deps OS deps OS deps OS deps

Kernel Container Host (Kernel)

Hypervisor Hardware Hardware

virtual machines are isolated containers are isolated apps are not so are the apps

4 OPENSHIFT TECHNICAL OVERVIEW VIRTUAL MACHINES AND CONTAINERS

Virtual Machine Container

Application Application

OS dependencies OS dependencies

Operating System Container Host

VM Isolation Container Isolation Complete OS Shared Kernel Static Compute Burstable Compute Static Memory Burstable Memory High Resource Usage Low Resource Usage

5 OPENSHIFT TECHNICAL OVERVIEW VIRTUAL MACHINES AND CONTAINERS

Virtual Machine Container

Application Clear ownership boundary Application Dev IT Ops OS dependencies between Dev and IT Ops OS dependencies (and Dev, sort of) drives DevOps adoption Operating System and fosters agility Container Host IT Ops Infrastructure Infrastructure

Optimized for stability Optimized for agility

6 OPENSHIFT TECHNICAL OVERVIEW APPLICATION PORTABILITY WITH VM

Virtual machines are NOT portable across hypervisor and do NOT provide portable packaging for applications

Guest VM VM Type X VM Type Y VM Type Z

Application Application Application Application Application OS dependencies OS dependencies OS dependencies OS dependencies OS dependencies

Operating System Operating System Operating System Operating System Operating System

LAPTOP BARE METAL VIRTUALIZATION PRIVATE CLOUD PUBLIC CLOUD

7 OPENSHIFT TECHNICAL OVERVIEW APPLICATION PORTABILITY WITH CONTAINERS

RHEL Containers + RHEL Host = Guaranteed Portability Across Any Infrastructure

Container Container Container Container Container

Application Application Application Application Application

OS dependencies OS dependencies OS dependencies OS dependencies OS dependencies

RHEL RHEL RHEL RHEL RHEL Guest VM Virtual Machine Virtual Machine Virtual Machine

LAPTOP BARE METAL VIRTUALIZATION PRIVATE CLOUD PUBLIC CLOUD

8 OPENSHIFT TECHNICAL OVERVIEW THE INDUSTRY IS CONVERGING ON KUBERNETES FOR CONTAINER ORCHESTRATION 2 YEARS AGO TODAY Fragmented landscape Kubernetes consolidation

OTHER ORCHESTRATORS OTHER (Cloud Foundry Diego, ORCHESTRATORS Nomad, Blox, etc.)

Red Hat bet early on Kubernetes. It has now become the dominant orchestration ecosystem.

9 KUBERNETES SIGs - ENGINEERING LEADERSHIP

API AUTO AWS APPS ARCHITECTURE AUTH MACHINERY SCALING

BIG CLUSTER CONTRIBUTOR AZURE CLI CLUSTER OPS DATA LIFECYCLE EXPERIENCE

MULTI DOCS INSTRUMENTATION NETWORK NODE ON-PREM CLUSTER

PRODUCT SERVICE OPENSTACK RELEASE SCALABILITY SCHEDULING MANAGEMENT CATALOG

CLUSTER STORAGE TESTING UI WINDOWS APP DEF API

CONTAINER KUBEADM RESOURCE 12 of 33 RED HAT LEAD or CO-LEAD IDENTITY ADOPTION MANAGEMENT GROUPS

10 Kubernetes and OpenShift

CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER

SELF-SERVICE

OPENSHIFT SERVICES SERVICE CATALOG

DEPLOYMENT STRATEGIES OPENSHIFT BUILDS OPENSHIFT DEPLOYMENTS

APPLICATION LIFECYCLE AUTOMATION

ORCHESTRATION CLUSTER SERVICES ORCHESTRATION CLUSTER SERVICES

SECURITY STORAGE NETWORK SECURITY TELEMETRY STORAGE NETWORK REGISTRY

PACKAGING FORMAT

RED HAT ENTERPRISE LINUX ATOMIC HOST

PHYSICAL VIRTUAL PRIVATE PUBLIC

11 * NOTE: Gradated blocks are handled partially by Kubernetes and partially by OpenShift or are being added in Kubernetes upstream. OPENSHIFT = ENTERPRISE KUBERNETES

ROUTING LAYER

SERVICE LAYER

SCM NODE NODE NODE PERSISTENT (GIT) KUBERNETES MASTER STORAGE C Cc API/AUTHENTICATION

C C C CI/CD DATA STORE RHEL RHEL RHEL SCHEDULER NODE NODE NODE CONTAINER REGISTRY HEALTH/SCALING C C C C EXISTING AUTOMATION TOOLSETS RED HAT C ENTERPRISE LINUX RHEL RHEL RHEL

PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID

12 OPENSHIFT CONTAINER PLATFORM

Infrastructure Automation & Cockpit

Enterprise Container Host Container Runtime & Packaging Trusted by Fortune Global 500 (docker) companies Atomic Host Red Hat Enterprise Linux

13 GENERAL DISTRIBUTION OPENSHIFT CONTAINER PLATFORM

OpenShift Application Lifecycle Management

Container Orchestration & Cluster Management (kubernetes) Enterprise Kubernetes++ Logs & Networking Storage Registry Security Metrics container orchestration Infrastructure Automation & Cockpit

Enterprise Container Host Container Runtime & Packaging Trusted by Fortune Global 500 (docker) companies Atomic Host Red Hat Enterprise Linux

14 GENERAL DISTRIBUTION OPENSHIFT CONTAINER PLATFORM

Self-Service Service Catalog (Language Runtimes, Middleware, Databases) Developer Experience Build Automation Deployment Automation

OpenShift Application Lifecycle Management

Container Orchestration & Cluster Management (kubernetes) Enterprise Kubernetes++ Logs & Networking Storage Registry Security Metrics container orchestration Infrastructure Automation & Cockpit

Enterprise Container Host Container Runtime & Packaging Trusted by Fortune Global 500 (docker) companies Atomic Host Red Hat Enterprise Linux

15 GENERAL DISTRIBUTION OPENSHIFT CONTAINER PLATFORM

Business Data & Web & Integration Traditional, stateful, and Automation Storage Mobile Container Container Container Container cloud-native apps

Self-Service Service Catalog (Language Runtimes, Middleware, Databases) Developer Experience Build Automation Deployment Automation

OpenShift Application Lifecycle Management

Container Orchestration & Cluster Management (kubernetes) Enterprise Kubernetes++ Logs & Networking Storage Registry Security Metrics container orchestration Infrastructure Automation & Cockpit

Enterprise Container Host Container Runtime & Packaging Trusted by Fortune Global 500 (docker) companies Atomic Host Red Hat Enterprise Linux

16 GENERAL DISTRIBUTION TRUE POLYGLOT PLATFORM

.NET Third-party PHP Python Java NodeJS Perl Ruby Language Core Runtimes

MySQL PostgreSQL MongoDB Redis ...and virtually Third-party CrunchyData Databases any docker GitLab image Iron.io Apache Phusion Third-party Couchbase HTTP nginx Varnish Passenger Tomcat App out there! Runtimes Server Sonatype

EnterpriseDB JBoss Spring Wildfly JBoss JBoss JBoss Third-party and many more Vert.x Web Boot Swarm EAP A-MQ Fuse Middleware Server

3SCALE JBoss JBoss JBoss JBoss RH Third-party RH SSO API mgmt BRMS BPMS Data Virt Data Grid Mobile Middleware

17 GENERAL DISTRIBUTION FROM STRUCTURED TO COMPOSABLE

CLOUD CUSTOM CLOUD EXISTING NATIVE BUILT NATIVE APPS APPS PATTERNS APPS

PLUG-IN APP TOOLS SERVICE BROKERS

LOGGING MONITORING METRICS PLUG-IN OPS TOOLS

BUILDS FRAMEWORKS BROKERS PLUG-IN STORAGE | NETWORKS

EMBEDDED SCHEDULING SYSTEMS PLUG-IN SCHEDULERS

STANDARD RUNTIMES

APPLICATION PLATFORM CONTAINER APPLICATION PLATFORM

18 ASSEMBLING A LEADING HYBRID SERVICES CATALOG Freedom, flexibility and choice for our customers

Red Hat Portfolio 3rd Party ISVs Cloud Providers Containerized software Containerized software SaaS applications

15 YEARS AGO TODAY Certifying on Certifying on RHEL OpenShift+RHEL *

19 * In progress Example: Open End-to-End IoT Product Architecture Integrating IOT Operating Technology, Data Mgmt, Analytics, and Applications

IOT Connected IOT Integration Hub “Things” Gateways Telemetry Applications Data App

Device Device Integration Management connectivity Management/Registry

OT Data Security Administration Management Middleware App Data Telemetry

Machine Data Learning

Real-Time Data Business logic Data Ingest Processing Storage Containers Orchestration Developers Smart routing Machine Real-Time Data Analytics Security Operating Learning system Enterprise Data Hub

ML Model

Open Source for IoT working group - https://iot.eclipse.org/ 20 IoT Product presentation - https://www.youtube.com/watch?v=OZN8ExFHYC8 OPEN SERVICE BROKERS Expose and Provision Services External Services

OpenShift OPENSHIFT OpenShift Template Templates Broker

OpenShift ANSIBLE Ansible Ansible Playbook Broker Bundles

AWS AMAZON WEB SERVICES Public Service Cloud Broker Services

Other OTHER SERVICES Other Service Services Brokers

OPENSHIFT SERVICE CATALOG SERVICE BROKERS

21 SERVICE EXCHANGE

☑ Open ticket ☑ Wait for allocation ☑ Receive credentials ☑ Add to app WHY A SERVICE☑ Deploy app BROKER? SERVICE SERVICE CONSUMER PROVIDER

Manual, Time-consuming and Inconsistent

22 A multi-vendor project to standardize how services are consumed on cloud-native platforms across service providers

23 WHAT IS A SERVICE BROKER?

SERVICE SERVICE SERVICE SERVICE CONSUMER CATALOG BROKER PROVIDER

Automated, Standard and Consistent

24 Self-Service / UX

Feature(s): Service Catalog Description: How it Works: ● Feature(s): OpenShift Ansible Broker

OpenShift Service Catalog APB services: Supports provisioning Red Hat and binding of both on Container Catalog • MediaWiki (Example) and off-platform • PostgreSQL (RHSCL) (public cloud) Ansible • MariaDB (RHSCL) services! Service Playbook Bundle • MySQL (RHSCL) How it Works:

Consumer Consumers interact with the Service Catalog to provision Ansible OpenShift Provisioned and manage services, the • catalog Ansible Broker Playbook Bundle Service • provision details of broker remains • deprovision largely hidden • bind Service Broker • unbind Service Broker • update Other Service Brokers

Description: ● Implementation of Open Service Broker API enabling users to leverage Ansible for provisioning and managing of services from Service Catalog ● Supports production workloads and multiple service plans ● Secure connectivity now between Service Catalog and Broker

26 Feature(s): Ansible Playbook Bundles (APB)

Description: ● Short-lived, lightweight container image consisting of: Ansible Playbook Bundle (APB) ○ Simple directory structure with named “action” playbooks Definition ○ Metadata: ■ required/optional parameters ■ dependencies (provision vs bind) Minimal Directory of files

○ Ansible runtime environment RHEL Image provision.yaml

● Developer tooling included providing a guided approach to APB deprovision.yaml

creation Ansible bind.yaml Deployment ● Runtime unbind.yaml Support for ‘test’ playbook to allowing for functional testing of Role service (up to APB author) update.yaml ● Two new APB’s introduced for MariaDB (SCL) & MySQL DB test.yaml (SCL) apb.yaml

How it Works: ● When a user provision an application from the Service Catalog, provision.yaml = Install deprovision.yaml = Uninstall the Ansible Service Broker will download the associated APB bind.yaml = Grant image from the registry and run it. unbind.yaml = Revoke update.yaml = Upgrade test.yaml = Test abp.yaml = Metadata

27 CONTAINERS TRANSFORM

Applications Monolith N-Tier Microservices

Datacenter Hosted Hybrid Infrastructure

Processes Waterfall Agile DevOps

28 THE BUSINESS VALUE OF DEVOPS/CONTAINERS WITH OPENSHIFT

Payback on Faster app delivery 8 months investment 66%

Infrastructure IT staff productivity 40% savings 20% improvement

Average annual business ROI 530% $1.3M benefits per 100 developers

29 Source: The Business Value of Red Hat OpenShift, IDC, September 2016. https://www.openshift.com/sites/default/files/idc-business-value-of-openshift.pdf

Questions