Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Red Hat OpenShift / GitOps - OpenShift Commons Gathering 2022 02 09 / 15 Feb 2022
Red Hat OpenShift / GitOps - OpenShift Commons Gathering 2022 02 09 / 15 Feb 2022
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: CloudNative Development & Deployment w Kubernetes & GitOps Jaime Magiera UMich OpenShiftCommons 2022

Description

OpenShift Commons Gathering 2022

Speaker: Jaime Magiera (ICPSR at University of Michigan Institute for Social Research)


Full Agenda:
https://commons.openshift.org/gatherings/OpenShift_Commons_Gathering_on_GitOps.html

Learn more at OpenShift Commons https://commons.openshift.org

A

Jamie is one of my um favorite people in the universe.

A

It could, because we managed to get him to talk here about get ops, but I also get him to co-chair the okd working group with me, which is the open source side of openshift, and he is just a wonderful speaker um and today he's going to tell us a little bit about uh get ops at the university of michigan. So um if we can, let you.

B

Introduce yourself and I'm going to.

A

Mute myself and let you go we're a little behind time, but take what you need and we will do um q a in the ama.

B

Awesome, let's see if we can get. um Oh, there is a little bit of echo there. um The uh I'll try to get done like right around 135-ish.

B

So thank you very much folks and um a little bit about myself and about this presentation. We'll start with that. Actually let me share my screen and actually show you the presentation.

B

And okay, the ubiquitous question: can everyone see my presentation.

A

Looks good.

B

All right, excellent, so cloud native development and deployment with kubernetes and git ops. What we're calling icpsr ops- and I am jamie mcgarrett, and um so the agenda for this quick talk- is an introduction and some foundations and where we are at icpsr and then some suggestions for devops engineers and developers and then, as diane mentioned question and answers will be moved uh to the section uh at the end.

B

So an introduction uh about icpsr, the inter university consortium for political and social research provides leadership and training in data access, curation and methods of analysis for social science, research, community, the social science, research community. We provide research data to organizations across the globe via a variety of web services and portals recently we began to transition our application, development and deployment to the cloud native paradigm in particular kubernetes and get ops.

B

We've learned a lot during this process and would like to share that knowledge and experience with others to shed some light on the challenges and advantages of moving to kubernetes. In the cloud and about me, I've worked in education, research technology for 25 years, uh with a focus on higher education.

B

I've worked for the university of michigan for 18 years and uh started working with kubernetes in 2017, as diane mentioned, I'm co-chair of the okd working group and I'm a member of the get ops and fedora core os working groups, contributing as time permits.

B

So a little bit about foundations of this and folks have seen this. uh Just a reminder is probably the third or fourth time you'll see this today so uh get ops is uh this is the definition from open, getups, declarative, versioned and immutable? It's pulled automatically and it's continuously reconciled.

B

And this is important uh because all of those components together, um I think, are necessary to really get the the full advantages of get ops. So all four of those um for to start at the most basic level. I always like to show folks thermostats right so thermostat.

B

You declare what you want the temperature to be in the room or in the house, as the case may be, and then there's a process of monitoring through a sensor, uh the the temperature, the current temperature and it tries to um uh reconcile what you've declared and what the current state is and, of course, this uh harkens back to cybernetics, which is the science of communication control.

B

Theory, that's concerned, especially with the comparative study of automatic control systems such as the nervous system and the brain and mechanical electrical communication systems, that's from merriman webster merriam-webster, and uh it was defined in the early 1900s by norbert weiner in the book of the same name, cybernetics, and it can be applied to systems great and small, and the control mechanisms and feedback loops um defined in cybernetics, align with git ops or vice versa.

B

And so that's the appeal to me of git, ops and so cloud native computing and isr, how we, how we got where we are and and the need for git ops, so the problems, although development was done within git, uh the changes were not accurately synchronized with the cluster continuously.

B

There was drift between what people were submitting and what actually was in the cluster. Microservices were not deployed in unison for applications, uh the promotion of applications through the stages.

B

uh It was not well organized, and so there was a lot of problems with that database schema solar, schema, apache, solar, aws resources and other external resources were not synchronously deployed with the code.

B

So you you get people promoting code, changes developers promoting code changes you'd want to push those up through the stages, but then you'd have to do manual, changes or issue imperative commands with the respective tools, aws, cli, etc, etc, or maybe you'd use like terraform the binary, but all of those things were still being done in a way that wasn't completely synchronized with the code deployment and the clusters themselves were not easily provisioned and restored right.

B

So disaster recovery uh very important, the ability um you know provisioning and disaster recovery, the ability to provision clusters within the state that you want very quickly and efficiently and restore them to the state, keep them in that state over time.

B

So the solutions in a general sense. We separated out our application code from the deployment code. uh We create code to define external dependency, configuration and I'll, be talking more about that. We store the microservice code and cluster configuration in the: u of m's git lab repository and we created helm, charts for the services and for the infrastructure configuration and we automated the process of loading computer code and cluster configuration continuously with argo cd.

B

So a little bit about what we have for infrastructure, we have kubernetes clusters and development is okd, which is the upstream of the commercial openshift product. We use that for development and the quality assurance stages and for production we use ocp for our user acceptance, testing and production stages and in terms of deployment resources. What we've done is we've separated. We've created separate repositories for each microservice deployment.

B

Each repository for the deployment has a helm chart for the respective image and environmental variables and whatnot and the helm charts are packaged and published to registering. This is a step that not everyone does, but we like the uh ability to move things around uh and not be reliant directly on the repository. So we actually do the help chart packages and pull the packages down.

B

We create application level, repos and application helm charts to allow for quickly collecting the microservices into an application and deploying them as a whole, uh and I created a uh helm chart library in icpsr that allows us to um very quickly assemble helm, charts from reusable template components and the deployment repositories also have pipelines and pipeline runs for external dependencies, such as databases, so spinning up databases um in aws, for example, and things of that nature, so that um if as we deploy an application freshly into uh a um a next stage or into a new cluster, uh that the dependent resources are spun up as well, and then this plays into the reconciliation process uh with that uh and whoops.

B

uh So here's the deployment repositories. Here uh we have my um ubiquitous testing uh deployment, helm chart, which is called taco.

B

I always use that for testing, I love tacos and then we have applications, and these are all um helm, charts uh repositories with helm, charts and the associated uh resources and you'll notice that one of them is the app deployment and then the there's other ones that are the api, the ui etc. So these are all in individual helm, charts, but then the application one assembles them and here's an example of the application helm chart.

B

So we have the um on the left side here you can see a typical helm chart a folder with the respective values and testing scripts and and whatnot, and then on. The right side, you can see is a is a zoom in of a reveal of the chart.yaml file.

B

This is the file in a helm, chart that defines your dependencies and, as you can see here, we're pulling in the helm uh packages of the micro services- and um you know christian actually has a name for these um they're, basically empty helm, charts right so there's no.

B

uh There are no templates or very few templates in this top level. uh Helm, chart they're basically used as a reference uh to all of the micro services, and this is the library that I wrote, which basically has um yaml files that um allow us to very quickly assemble some common uh manifests uh in our helm, charts, uh elastic search, credentials, uh database, credentials, data site, um oauth credentials for node applications and then oauth for java applications.

B

You know which has slightly different needs and you can see also in there an s2i build config, utilizing uh openshift's um s2i build technology, so we have actually build configs that are templates as well.

B

And the cluster configuration helm charts contain much of our uh day two configuration or, as I call it hour two because you spin up the cluster and you have these helm charts and you have your argo cd and you just get things running very quickly. um Manifests uh within these helm. Charts are active directory, binding, um backup configuration project templates uh links that go in the in the console.

B

The gui console of of open shift, setting things like session timeouts to meet our security requirements, uh configuring, the cluster monitoring operator and more and these cluster configuration helm, charts, allow us to um configure uh to to have consistent configuration across our clusters and to organize those resources in a way that they can be very easily continuously monitored and then there's the pipelines that make all of this happen right.

B

um The getting the stuff from the repo uh uh and created out uh in the world for the external resources or initial deployments before um argo gets to it.

B

So basically, we have new pipelines uh that we created um with techton, uh which allows for easy pipeline creation, there's the gui tool that allows our developers and all of the devops to be able to very easily create their own pipelines and insert new tests and tools, and these are used for modifying the deployment resources such as the helm, charts like the image tag in a helm chart also um for uh modifying terraform and other uh pipeline components, like other pipelines, components uh and more, uh and we automated the publishing of helm, chart packages so that those packages are up in a helm registry and also uh deploying container images to different projects and registries.

B

uh Icpsr has a lot of security requirements uh that require a lot of redundancy and a lot of sort of siloed uh configurations between different stages and between projects. So we often do a lot of copy of containers to different projects and registries, as opposed to just allowing cross communication and, of course, argo cd to continuously monitor the helm, charts and other resources and reconcile them as needed. Here's an example of a helm chart for managing pipeline resources, uh and it groups pipeline resources based on function and allows for clear version.

B

Management and argo cd can reconcile against the chart for full get ups. This is an example of a tecton pipeline with a a web hook, so you have the binding and the listener, which is basically what um listens for the incoming connections and then maps that and then directs that to a route which then directs that uh to uh a pipeline, and so we actually have this in a help chart and then a values file allows us to tweak on have particular values when this chart gets deployed, and then configuring and managing external resources.

B

uh We have repositories uh that contain external configuration components which are applied via the pipeline for terraform uh for aws email templates for amazon's, ses service uh schema for databases schema for apache, solar and a lot more, and so we're getting to the point where the promotion of a get commit. Hash means not just the code, but the developers are working on the devops engineers are working to make it. So it's all of the resources that git commit hash represents.

B

Everything is ready for all of the resources necessary to go to the next step and we do use customize. uh We use customize uh via pipeline.

B

I found it's best suited for reg for singular resources, things that aren't part of a collection uh that, where there aren't multiple things that need to be collected for this to work, I modify pipeline runs existing in the deployment configuration repositories and I modify files that require only very small changes like one value as it were, and here's an example of a pipeline that we have in our git ups process.

B

So we have a what's called a comment gate and so I'm starting to build sort of a bot, basically uh infrastructure, where using sort of a chat, ops model um commands can be issued from the git repository to trigger um the pipelines, uh and so we have a comment gate. I wrote this to filter comments and you can set what comment you want to look for um and who it should come from and that allows the rest of the pipeline uh to run, and so we've got a git clone.

B

We've got a a um uh to generate a new uh helm chart and then uh uh pack uh package and then publish that package uh up to the registry and so here's our process. Basically, we've got um developers and devops working together with helm, charts, get lab open shift, ocp, argo cd, all of this running on top of aws, and you can sort of see a little bit of the flow there. Obviously there's a lot more nuance going on, but that's the basic uh process and the results of git ops of implementing git apps.

B

The microservices can be reused quickly and efficiently. Speeding up the creation of new web applications, uh configuration for external dependencies is deployed consistently. Developers can spin up new web applications without server admin.

B

Intervention, including building one-off instances to test functionality and the process of promoting applications through development, qa, uat and production stages is efficient and less prone to errors and resource usage can be tracked at a higher rate of resolution um as you're as you're watching things get synchronized and what's needed in this feedback loop to get pooled and what gets modified in the git repository um in terms of deployment.

B

uh You know your pods uh cpu changes have to be made everything. It's all part of this bigger picture of feedback right in a system and clusters themselves can be scaled up quickly uh as well with this get ops model so suggested next steps.

B

If you're interested in getting into this um separate out your deployment from your service code strongly recommended um it, it makes things a lot easier uh in terms of management and allows you to, if necessary, um uh sort of control, access to these things and and separate out the need of developers necessarily to have to worry about learning, helm pipelines, etc. If they don't want to um and or worry about, making changes to that uh create top level application repos in git.

B

I found this is very helpful, create a an application, uh create a group, a git group within that an application level repo, and then your micro service, repos and then references to other resources if necessary, um create top-level application. Helm charts, as I showed you, those sort of um empty helm, charts that just reference. The re respective uh microservices uh clarify delineation of software for an application and software to multiple applications. So start thinking about.

B

What's going to be used once an api or a microservice, or a gui microservice or whatever, uh what's going to be used once in this application or what will be used in multiple applications that will affect some of your design decisions.

B

uh Health checks for all microservices are important to contribute towards sort of this intelligent life cycle of pulling information and then modifying git resources uh and then in turn, argo cd pulling those back up to spin uh spin up changes as needed, and also a mental shift to providing software for consumption um in other applications and um think and communicate in terms of git commit hashes.

B

It's counter-intuitive to some um traditional developers and software uh engineers and sysadmins to think in terms of git hashes. But it's it's uh it's helpful because once you start going into this model of git having everything that hash is the point in time, uh that's all of the resources where you want them to be for deployment and uh avoid using floating tags.

B

If you can um it's, you want a single source of truth in that git commit hash, improve your documentation, such as readme and changes files to better understand um what the automation has done and is happening, and that will help folks embrace the get ops, automation and reconciliation process when it's clearly explained to them, and it's explained how that actually works in terms of their particular software projects.

B

um I've found in a lot of my work um in in leading this transition in icpsr is that it you really have to frame it in reference to um their uh projects, in particular uh here's a list of resources. This will be available in the pdf of the talk.

B

um Thank you very much, and, of course, none of this could be done without the hard work of developers and devops engineers in icpsr and the support of the get ops community, christian and a lot of other folks that are doing the great work to flesh out these ideas, and so that's my presentation. Thank you very much.

A

You.