Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Red Hat OpenShift / Santa Clara 2019 | OpenShift Commons Gathering / 18 Mar 2019
Red Hat OpenShift / Santa Clara 2019 | OpenShift Commons Gathering / 18 Mar 2019
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: OpenShift Commons Gathering 2019 Santa Clara OpenShift 4 Operators All the Way Down Ali Mobreem

Description

OpenShift Commons Gathering 2019 Santa Clara
OpenShift 4.0 - Operators All The Way Down!
Ali Mobreem (Red Hat)

A

Hi everyone, my name- is Ollie mo berm I'm, one of the product managers on the OpenShift team here and today's talk. I will be talking about how we actually use operators and open shift for ourselves. So in overshift 4 we have three major work: streams: the day to operations, the immutable infrastructure and operator framework. We bring these three classes of work together to kind of bring you an Orchestrator platform that will be something similar to like eks or aks. But the nice thing about this is this is actually a hybrid cloud experience.

A

You could run this managed communities, experience locally on your on-prem or in any cloud provider, so you're not locked into any vendor. So, let's kind of dive into a little bit about like the day 2 operations. This is all about automation, starting from automation from the Installer. We have a new installer with a one-click. We could install a brand new cluster for you enable AWS it takes about 20 minutes it'll, go provision, everything that you need everything from your creative EPC to your ec2 notes, the load, balancers one click and you'll.

A

Have that then we're then? The next big thing for our day to operation is our automation using operators. So we now have like a machine operator that will give you auto scaling out of the box. You could go ahead and define different types of machine sets.

A

So if you have a special class of worker nodes or routing notes from modernity, notes, you'll be able to go ahead and define those and the API will, or the machine operator will go out and be able to configure those for you and/or scale up and down your cluster as needed.

A

The next big piece of work is the mutable infrastructure. This is the stuff we getting. We got from core OS, so we have a brand new operating system, real core OS. It's designed to give you over. There updates something something that's very important for us, because we're doing this immutable stack, we're actually discouraging people from like SSH into nodes. What happens at that point is if you ssh into node, we will taint it. It's all about trying avoid getting snowflakes or configuration drift.

A

We want the system to be very consistent and we want you to manage all that configuration inside the cluster itself and have that propagated through our operators to all your different nodes.

A

The third big piece of this is the operator framework. We have improved SDK and the testing tools, as Rob just showed you guys, but one of the big things is here is we actually operator ties the cube stack and the fishiest Afghan we're really all in on the operator framework and pattern. Another cool thing we have is the operator hub, which will let you guys discover additional and optional Red Hat services that you could go ahead and bring down and or ISP partners they'll be able provide their manage services as that as well through there.

A

The last component on here that's important, is OLM and that's the operator lifecycle manager and that will allow you to go ahead and, for example, if you have your service there, you can now get over there updates to your services as well. So we're really going for that manage kubernetes experience, including all additional services that go on top of that and between all these three work streams. This is how we're gonna get you there and I kinda want to talk about a little bit about the past.

A

How we used to do things before you had to go ahead, install your OS. You had to go, configure it and then install open shift 3. On top of it. That's a lot of manual steps, there's room for configuration drift, there's! That's how you get snowflakes. We realized quickly that we had to bring bring it together and how important bringing everything from the the OS to openshift. Together this way, you can roll everything out in a very consistent fashion, so you're not going to give you a configuration.

A

Drift, you're gonna have a very stable and reliable system here. So I kinda wanna talk about what immutable infrastructure is. It means it's not repeatable. It means it's now auditable. So now, if you want to just scale up more nodes, it's a couple in the in the system and you could scale five notes very easily. The other nice thing is audible. All that configuration for each of these knows it's actually stored within the system.

A

So you have a very nice way of keeping track of how everything is set up, and it's all cluster, where what immutable? Isn't it's not static clusters and it's not an no config changes. In fact, it's a lot easier to scale up and down your cluster with this system.

A

The machine operator will handle all that, for you, the other nice thing is, it doesn't mean no config changes in fact that the system is aware of all the configuration changes and if you want to go ahead and update security, setting on a type of note, pools that you may have, the system will grab that and you're rolling config change to to all those worker nodes or whatever type of node that you need to get updated.

A

So another important thing here is think about this: isn't a management think about this as day 365 right, your admins gone, new person comes in, they don't have to worry about how am I going to spin up another five notes. It's all within the system and the system will do that, for you all right, so I want to introduce something new here. We have a couple of new cluster API objects. Think of this almost as like deployment replicas set and pods, but now it's machine deployment and machine set and machines.

A

This is for you to define your different types of nodes that you may have. You may have a type called worker. You may have a type called monitoring. You may have a set of nodes. That's for routing! We will manage that via the machine operator now, and that is all automated for you.

A

I mean UI guys so I kinda want to give you guys a couple screenshots of what the new UI it looks like for for dotto, as you notice, there's a new machine section on the left hand, side and currently I'm, showing you guys the list of machines. The nice thing here is: you can see that there's three masters currently and then there's three workers you'll see what region they're in and the availability zone that they're in as well now. Here's a set list of machine sets interesting.

A

Takeaway here is you're not going to see any map. We treat the Masters a special, so you're not allowed to create a machine set for that, because we don't want you to auto scale up and down here. Your master set. Another interesting thing here: you'll see is some of the machines are set to zero and that's because you put the desired state in this in this cluster as I wanted three workers. The machine operator then roll it out to the first available Regents availability zones and put it out there for you automatically alright.

A

So here we got a possible cluster architecture at the top left. You have the control plane, those are m3 extra larges and then you have some high CPU systems for your logging and monitoring, but then you'll notice that both workers and routing have em five larges. Why they separated out well, they could have different configurations: different security settings, for example, the routing is actually accessible by external traffic.

A

So you may want to have additional security configurations set on it, so you could go ahead and find these different types of machine deployment types, I kind of showed. You guys the worker, the login monitoring routing, but you can also create a machine to appointments for special GP. You say you want to run some type of AI or machine learning. You could spin these up and you could use tanks and Toleration to actually move the correct workloads, the correct know, type or machine deployment type.

A

It also says special security special anything, so you could define your word. Machined appointment set some of the nice things about this. Is you could scale each deployment type independently? The desired state is managed by the cluster. You get auto scaling for free now. Also, if you do a configuration, change, you'll get a rolling machine, config updates throughout all those different node types.

A

So now we have over-the-air updates I kind of wanted to show you guys a new screen. We have it's the cluster setting this. This is one of two areas where you could go ahead and update your cluster. You can either do it for our cloud, LP chef, comm or you could do from here. You can see all the available channels.

A

So, for example, if you have a dev environment- and you want to set it to fast and nightly, we could go ahead and automatically update those clusters, for you, I will say, there's a production system, you could set it to a man, you we'll process to upgrade your system and you can wait for a production.

A

Rollout is available, and then, at that point you guys could pick in a good time for yourselves to update your cluster. That way, something else I wanted to show you guys on here is the we now offer you the update history. So you have a history of how your cluster has been modified throughout time. The next tab over is the the global configurations, so we've kind of surfaced all these configurations via the operator and we're showing them. Here. You have everything from authentication, DNS your image registry infrastructure, ingress, ooofff, there's a screen with OAuth there.

A

That shows you how to go ahead and modify the identity provider and add a new one there. This leads to the actual cluster operators, we're all in here. We've moved everything into an operator and you'll see. This is where you'll get the list of all those operators. You'll see the status of each you'll, see any messages coming back from the operator here and you'll see what exactly the version is. So one of the cool things is like.

A

If you go, the the update page, you'll you'll see a live transition here of things getting updated, say as the the operators are getting rolled out. If an error happens, you can see which operator failed, it'll pause the rollout and then it'll roll back to the previous version for you. So we definitely don't want to mess your cluster up and we have a safeguards in there for that.

A

So, as you see, every every part of the stack is going to be right here. So these are. These are all the operators that we currently use ourselves kind of a recap. For the day to our operations we use three different types of operators, really the machine operator to manage and grow your machines and add notes to the system. The cluster operator, which is all the underlying COO and open shift services that we have, and then we also the update order operator that manages your upgrading of the cluster.

A

So essentially, those operators are the core of the system we have something like in Rob talked about earlier is operator hub. We have two versions of operator hub one's going to run locally in your cluster one one is the operator hub do which you could bring down, sir as well. The nice thing here is the admin gets the kind of pick and choose what operators are going to be visible to the the users and developers on the system, and we have several types of operators here as the Red Hat products, ISP partners and community.

A

So this is where you could bring in more manage services into the system, because the operators we now have an operator power to UI extensions right. So, for example, one of the biggest complaints we had was open ship was bloated, so we've actually slimmed it down to the core components. For example, if you want to support virtual machines, you could go ahead and get that CMV operator enable it as Qbert you'll now get a native experience. You'll see all your VMs right there.

A

Next to your pods same with metering and chargeback you'll get a native experience there as well for monitoring you have our Prometheus and your Fonda dashboards. So what we did there was. We actually took some of that experience made it native brought it in natively in Tioga shipped itself, and then it. But if you want to do some more advanced stuff you we gave you links back to the dashboard, so you go further monitoring activities that you may need to do.

A

We also have some external app launcher, so some some products already have really great UI user experiences, for example service mesh, husky ollie. So if you come in and you enable a service mesh, we'll give me an external link to jump into there they're using her face within context. So the last thing I want to show you guys is the developer. Catalog we've kind of combined everything we have so now. You're gonna have a one-stop shop of operators, service, catalogs brokers, source damage. Think of this, as almost kind of like your your app store right.

A

So these are all the items available to your developers that they can access and then take advantage of. So here's a visual of what I consider like the next generation of a enterprise kubernetes right, starting from the bottom of the stack you have the the Red Hat operating system. Then you have layered on its core Nettie's and then you have the automated operations. Essentially, all the operators suffer adding operator framework, the OLM operator hub.

A

We really added this layer of automation to take kubernetes to the next level, and that gives you all these different types of services that go on top of it. For example, in the cluster services, you're gonna get metrics chargeback registry logging.

A

Some some of these items are optional and you could kind of like again pick and choose from up here what you want to bring into the cluster. You got application services. So all the Red Hat middleware is available service mesh functions, Kay native any applications that I use have to offer you'll be able to pull those in as well and then you're gonna have the developer services that I'll give you dev tools, pipeline, CI, CD and IDE functionality there.

A

So we've actually I feel like we've done. The team's did an amazing job of getting up. We shift for where it is. We would love for you guys to come and try it out. If you go to try, be chef, comm you'll be able to get the developer preview and it's flawless to AWS. Today, a couple items I wanted to tell you about that, though you probably don't want to do this on your production, counted as a developer, every preview and then the second is you're. Gonna need a your ad ability.

A

Aws accounts going to need a decent amount of access, so make sure you'll have that because you'll be creating VP sees load, balancers security groups, all that good stuff. Here's the command line that you're going to get from when you go to try that open ship comm I wanted to share this with you because say before you want to create the cluster you'll kind of want to see what it does here.

A

A couple commands that will show you all the configurations and if you kind of look under the hood to see, what's going to actually be deployed to your AWS account, but whenever you're ready, the command is just create cluster and in about 20 minutes or less you'll have a cluster, and if you want to ever clean it up, just run the destroy command and that'll clean it up for you automatically as well, and that's a lot for you guys today. Thank you.