Container, Kubernetes, Ansible & Co. zur Workload Automatisierung
Martin Reinke (Marc Schwering) @reinke_m (@m4rcsch)
NUBIT Kiel, 26.Januar 2018 ARCHITECTURAL EVOLUTION
3rd PARTY SERVICES TRADITIONAL APPS MICROSERVICES MONOLITHS FUNCTIONS
2 WHAT ARE CONTAINERS? It Depends Who You Ask
INFRASTRUCTURE APPLICATIONS
● Application processes on a shared kernel ● Package apps with all dependencies ● Simpler, lighter, and denser than VMs ● Deploy to any environment in seconds ● Portable across different environments ● Easily accessed and shared
3 OPENSHIFT TECHNICAL OVERVIEW VIRTUAL MACHINES AND CONTAINERS
VIRTUAL MACHINES CONTAINERS
VM Container Container Container Container
App App App App App App App App
OS Dependencies OS deps OS deps OS deps OS deps
Kernel Container Host (Kernel)
Hypervisor Hardware Hardware
virtual machines are isolated containers are isolated apps are not so are the apps
4 OPENSHIFT TECHNICAL OVERVIEW VIRTUAL MACHINES AND CONTAINERS
Virtual Machine Container
Application Application
OS dependencies OS dependencies
Operating System Container Host
VM Isolation Container Isolation Complete OS Shared Kernel Static Compute Burstable Compute Static Memory Burstable Memory High Resource Usage Low Resource Usage
5 OPENSHIFT TECHNICAL OVERVIEW VIRTUAL MACHINES AND CONTAINERS
Virtual Machine Container
Application Clear ownership boundary Application Dev IT Ops OS dependencies between Dev and IT Ops OS dependencies (and Dev, sort of) drives DevOps adoption Operating System and fosters agility Container Host IT Ops Infrastructure Infrastructure
Optimized for stability Optimized for agility
6 OPENSHIFT TECHNICAL OVERVIEW APPLICATION PORTABILITY WITH VM
Virtual machines are NOT portable across hypervisor and do NOT provide portable packaging for applications
Guest VM VM Type X VM Type Y VM Type Z
Application Application Application Application Application OS dependencies OS dependencies OS dependencies OS dependencies OS dependencies
Operating System Operating System Operating System Operating System Operating System
LAPTOP BARE METAL VIRTUALIZATION PRIVATE CLOUD PUBLIC CLOUD
7 OPENSHIFT TECHNICAL OVERVIEW APPLICATION PORTABILITY WITH CONTAINERS
RHEL Containers + RHEL Host = Guaranteed Portability Across Any Infrastructure
Container Container Container Container Container
Application Application Application Application Application
OS dependencies OS dependencies OS dependencies OS dependencies OS dependencies
RHEL RHEL RHEL RHEL RHEL Guest VM Virtual Machine Virtual Machine Virtual Machine
LAPTOP BARE METAL VIRTUALIZATION PRIVATE CLOUD PUBLIC CLOUD
8 OPENSHIFT TECHNICAL OVERVIEW THE INDUSTRY IS CONVERGING ON KUBERNETES FOR CONTAINER ORCHESTRATION 2 YEARS AGO TODAY Fragmented landscape Kubernetes consolidation
OTHER ORCHESTRATORS OTHER (Cloud Foundry Diego, ORCHESTRATORS Nomad, Blox, etc.)
Red Hat bet early on Kubernetes. It has now become the dominant orchestration ecosystem.
9 KUBERNETES SIGs - ENGINEERING LEADERSHIP
API AUTO AWS APPS ARCHITECTURE AUTH MACHINERY SCALING
BIG CLUSTER CONTRIBUTOR AZURE CLI CLUSTER OPS DATA LIFECYCLE EXPERIENCE
MULTI DOCS INSTRUMENTATION NETWORK NODE ON-PREM CLUSTER
PRODUCT SERVICE OPENSTACK RELEASE SCALABILITY SCHEDULING MANAGEMENT CATALOG
CLUSTER STORAGE TESTING UI WINDOWS APP DEF API
CONTAINER KUBEADM RESOURCE 12 of 33 RED HAT LEAD or CO-LEAD IDENTITY ADOPTION MANAGEMENT GROUPS
10 Kubernetes and OpenShift
CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER
SELF-SERVICE
OPENSHIFT SERVICES SERVICE CATALOG
DEPLOYMENT STRATEGIES OPENSHIFT BUILDS OPENSHIFT DEPLOYMENTS
APPLICATION LIFECYCLE AUTOMATION
ORCHESTRATION CLUSTER SERVICES ORCHESTRATION CLUSTER SERVICES
SECURITY STORAGE NETWORK SECURITY TELEMETRY STORAGE NETWORK REGISTRY
PACKAGING FORMAT
RED HAT ENTERPRISE LINUX ATOMIC HOST
PHYSICAL VIRTUAL PRIVATE PUBLIC
11 * NOTE: Gradated blocks are handled partially by Kubernetes and partially by OpenShift or are being added in Kubernetes upstream. OPENSHIFT = ENTERPRISE KUBERNETES
ROUTING LAYER
SERVICE LAYER
SCM NODE NODE NODE PERSISTENT (GIT) KUBERNETES MASTER STORAGE C Cc API/AUTHENTICATION
C C C CI/CD DATA STORE RHEL RHEL RHEL SCHEDULER NODE NODE NODE CONTAINER REGISTRY HEALTH/SCALING C C C C EXISTING AUTOMATION TOOLSETS RED HAT C ENTERPRISE LINUX RHEL RHEL RHEL
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
12 OPENSHIFT CONTAINER PLATFORM
Infrastructure Automation & Cockpit
Enterprise Container Host Container Runtime & Packaging Trusted by Fortune Global 500 (docker) companies Atomic Host Red Hat Enterprise Linux
13 GENERAL DISTRIBUTION OPENSHIFT CONTAINER PLATFORM
OpenShift Application Lifecycle Management
Container Orchestration & Cluster Management (kubernetes) Enterprise Kubernetes++ Logs & Networking Storage Registry Security Metrics container orchestration Infrastructure Automation & Cockpit
Enterprise Container Host Container Runtime & Packaging Trusted by Fortune Global 500 (docker) companies Atomic Host Red Hat Enterprise Linux
14 GENERAL DISTRIBUTION OPENSHIFT CONTAINER PLATFORM
Self-Service Service Catalog (Language Runtimes, Middleware, Databases) Developer Experience Build Automation Deployment Automation
OpenShift Application Lifecycle Management
Container Orchestration & Cluster Management (kubernetes) Enterprise Kubernetes++ Logs & Networking Storage Registry Security Metrics container orchestration Infrastructure Automation & Cockpit
Enterprise Container Host Container Runtime & Packaging Trusted by Fortune Global 500 (docker) companies Atomic Host Red Hat Enterprise Linux
15 GENERAL DISTRIBUTION OPENSHIFT CONTAINER PLATFORM
Business Data & Web & Integration Traditional, stateful, and Automation Storage Mobile Container Container Container Container cloud-native apps
Self-Service Service Catalog (Language Runtimes, Middleware, Databases) Developer Experience Build Automation Deployment Automation
OpenShift Application Lifecycle Management
Container Orchestration & Cluster Management (kubernetes) Enterprise Kubernetes++ Logs & Networking Storage Registry Security Metrics container orchestration Infrastructure Automation & Cockpit
Enterprise Container Host Container Runtime & Packaging Trusted by Fortune Global 500 (docker) companies Atomic Host Red Hat Enterprise Linux
16 GENERAL DISTRIBUTION TRUE POLYGLOT PLATFORM
.NET Third-party PHP Python Java NodeJS Perl Ruby Language Core Runtimes
MySQL PostgreSQL MongoDB Redis ...and virtually Third-party CrunchyData Databases any docker GitLab image Iron.io Apache Phusion Third-party Couchbase HTTP nginx Varnish Passenger Tomcat App out there! Runtimes Server Sonatype
EnterpriseDB JBoss Spring Wildfly JBoss JBoss JBoss Third-party and many more Vert.x Web Boot Swarm EAP A-MQ Fuse Middleware Server
3SCALE JBoss JBoss JBoss JBoss RH Third-party RH SSO API mgmt BRMS BPMS Data Virt Data Grid Mobile Middleware
17 GENERAL DISTRIBUTION FROM STRUCTURED TO COMPOSABLE
CLOUD CUSTOM CLOUD EXISTING NATIVE BUILT NATIVE APPS APPS PATTERNS APPS
PLUG-IN APP TOOLS SERVICE BROKERS
LOGGING MONITORING METRICS PLUG-IN OPS TOOLS
BUILDS FRAMEWORKS BROKERS PLUG-IN STORAGE | NETWORKS
EMBEDDED SCHEDULING SYSTEMS PLUG-IN SCHEDULERS
STANDARD RUNTIMES
APPLICATION PLATFORM CONTAINER APPLICATION PLATFORM
18 ASSEMBLING A LEADING HYBRID SERVICES CATALOG Freedom, flexibility and choice for our customers
Red Hat Portfolio 3rd Party ISVs Cloud Providers Containerized software Containerized software SaaS applications
15 YEARS AGO TODAY Certifying on Certifying on RHEL OpenShift+RHEL *
19 * In progress Example: Open End-to-End IoT Product Architecture Integrating IOT Operating Technology, Data Mgmt, Analytics, and Applications
IOT Connected IOT Integration Hub “Things” Gateways Telemetry Applications Data App
Device Device Integration Management connectivity Management/Registry
OT Data Security Administration Management Middleware App Data Telemetry
Machine Data Learning
Real-Time Data Business logic Data Ingest Processing Storage Containers Orchestration Developers Smart routing Machine Real-Time Data Analytics Security Operating Learning system Enterprise Data Hub
ML Model
Open Source for IoT working group - https://iot.eclipse.org/ 20 IoT Product presentation - https://www.youtube.com/watch?v=OZN8ExFHYC8 OPEN SERVICE BROKERS Expose and Provision Services External Services
OpenShift OPENSHIFT OpenShift Template Templates Broker
OpenShift ANSIBLE Ansible Ansible Playbook Broker Bundles
AWS AMAZON WEB SERVICES Public Service Cloud Broker Services
Other OTHER SERVICES Other Service Services Brokers
OPENSHIFT SERVICE CATALOG SERVICE BROKERS
21 SERVICE EXCHANGE
☑ Open ticket ☑ Wait for allocation ☑ Receive credentials ☑ Add to app WHY A SERVICE☑ Deploy app BROKER? SERVICE SERVICE CONSUMER PROVIDER
Manual, Time-consuming and Inconsistent
22 A multi-vendor project to standardize how services are consumed on cloud-native platforms across service providers
23 WHAT IS A SERVICE BROKER?
SERVICE SERVICE SERVICE SERVICE CONSUMER CATALOG BROKER PROVIDER
Automated, Standard and Consistent
24 Self-Service / UX
Feature(s): Service Catalog Description: How it Works: ● Feature(s): OpenShift Ansible Broker
OpenShift Service Catalog APB services: Supports provisioning Red Hat and binding of both on Container Catalog • MediaWiki (Example) and off-platform • PostgreSQL (RHSCL) (public cloud) Ansible • MariaDB (RHSCL) services! Service Playbook Bundle • MySQL (RHSCL) How it Works:
Consumer Consumers interact with the Service Catalog to provision Ansible OpenShift Provisioned and manage services, the • catalog Ansible Broker Playbook Bundle Service • provision details of broker remains • deprovision largely hidden • bind Service Broker • unbind Service Broker • update Other Service Brokers
Description: ● Implementation of Open Service Broker API enabling users to leverage Ansible for provisioning and managing of services from Service Catalog ● Supports production workloads and multiple service plans ● Secure connectivity now between Service Catalog and Broker
26 Feature(s): Ansible Playbook Bundles (APB)
Description: ● Short-lived, lightweight container image consisting of: Ansible Playbook Bundle (APB) ○ Simple directory structure with named “action” playbooks Definition ○ Metadata: ■ required/optional parameters ■ dependencies (provision vs bind) Minimal Directory of files
○ Ansible runtime environment RHEL Image provision.yaml
● Developer tooling included providing a guided approach to APB deprovision.yaml
creation Ansible bind.yaml Deployment ● Runtime unbind.yaml Support for ‘test’ playbook to allowing for functional testing of Role service (up to APB author) update.yaml ● Two new APB’s introduced for MariaDB (SCL) & MySQL DB test.yaml (SCL) apb.yaml
How it Works: ● When a user provision an application from the Service Catalog, provision.yaml = Install deprovision.yaml = Uninstall the Ansible Service Broker will download the associated APB bind.yaml = Grant image from the registry and run it. unbind.yaml = Revoke update.yaml = Upgrade test.yaml = Test abp.yaml = Metadata
27 CONTAINERS TRANSFORM
Applications Monolith N-Tier Microservices
Datacenter Hosted Hybrid Infrastructure
Processes Waterfall Agile DevOps
28 THE BUSINESS VALUE OF DEVOPS/CONTAINERS WITH OPENSHIFT
Payback on Faster app delivery 8 months investment 66%
Infrastructure IT staff productivity 40% savings 20% improvement
Average annual business ROI 530% $1.3M benefits per 100 developers
29 Source: The Business Value of Red Hat OpenShift, IDC, September 2016. https://www.openshift.com/sites/default/files/idc-business-value-of-openshift.pdf
Questions