"Kubernetes as Driver of Generic IT Automation"
0 likes87 views
This document presents a comprehensive overview of how Kubernetes acts as a driver for IT automation, highlighting shifts from traditional automation methods to an operator-based model within Kubernetes. It explores the benefits, challenges, and strategies for merging classic IT automation with Kubernetes, emphasizing the need for a unified approach. The conclusion stresses the importance of blending the old and new worlds of automation technologies to enhance efficiency and usability.
"Kubernetes as Driver of Generic IT Automation"
- 1. Kubernetes as driver of generic IT automation Oliver Weise Principal DevOps/Software Engineer 2.12.2021
- 2. Kubernetes as driver of IT automation Slide 2 about:speaker Oliver Weise DevOps/SRE/Software Engineer Cloud native Automation first Kubernetes CI/CD SITE RELIABILITY ENGINEERING DevOps Infrastructure as code Java Immutable Infrastructure GitOps OpenShift
- 3. Kubernetes as driver of IT automation Slide 3 Agenda • Primer IT Automation (so we’re on the same page) • The „old“ world: Classic IT and its automation • The „new“ world: Kubernetes and its automation • Strategies to merge both worlds
- 4. Kubernetes as driver of IT automation Slide 4 IT Automation Primer IT-Automation (so we are on the same page) create Ops Systems ONCE: NOW: Ops writes Automation Definition creates Systems
- 5. Kubernetes as driver of IT automation Slide 5 Primer IT-Automation (so we are on the same page) ONCE: NOW: Business Concerns Business IT-Systems IT-Systems Management More Meta
- 6. Kubernetes as driver of IT automation Slide 6 Benefits Instant Replay Write once Execute repeatedly without effort Parallelize Perform tasks for multiple systems at the same time Improve Quality Done the same everytime means results don't differ = Reuse Know-How Enable junior ops Use turnkey-ready automation modules from vendors
- 7. Kubernetes as driver of IT automation Slide 13 The „old“ world more imperative Ansible Puppet Terraform more declarative Pulumi Packer Saltstack Systems management Automate Helpdesk Jobs Install and update Retail Software Provision Cloud Infrastructure Deploy Applications Adapt Infrastructure
- 8. Kubernetes as driver of IT automation Slide 14 The „old“ world: What is needed Task Execution State Management Scheduling • Create infrastructure, run scripts, access remote servers, build images …. • Combine end tasks to „jobs“ • Provide configuration • Persist state or run in idempotent manner • Diff desired with current state • Run jobs on events or schedules • Organize workload executors • Job History • Job Auditing • Access Control
- 9. Kubernetes as driver of IT automation Slide 15 The „old“ world: What is provided Task Execution State Management Scheduling Ansible Puppet Terraform Pulumi Packer Ansible Tower Jenkins Terraform Pulumi Saltstack Saltstack Pulumi
- 10. Kubernetes as driver of IT automation Slide 16 The „old“ world: What is provided by Ansible Task Execution State Management Scheduling Ansible Engine Ansible Tower Ansible Idempotent Modules
- 11. Kubernetes as driver of IT automation Slide 17 The „old“ world: A use cases picture with Ansible Systems management DevOps Engineers Ansible Tower Strategical Automation Stack (Classic IT) Ansible Engine IT Ops Helpdesk Jobs IT Helpdesk Install and update Retail Software Jenkins Provision Cloud Infrastructure Deploy Custom Application Adapt Infrastructure For Deployments decentralized centralized
- 12. Enter Kubernetes The de-factor standard of container orchestration becomes even more inevitable in 2021. ● A top-to-bottom concept how to separate what to run from where to run it ● Low effort high availability operations ● Built with automation in mind The „new world“
- 13. K8s brings it’s own automation model The operator concept is at the base of everything K8s does The „new world“ - Two essential things that happened 1 Operator Manager Resource metadata: name: the-resource spec: … status: ... 1. Read spec 2. Perform work 3. Store state
- 14. K8s brings it’s own automation model The operator concept is at the base of everything K8s does 1 State Management Idempotent strategy, store (custom) state, diff state Scheduling Run jobs, organize executors, auditing, access control Task Execution Can run any container, tools inside needed to do actual work The „new world“ - Two essential things that happened
- 15. Ops responsibilities shift Ops provides platform, DevOps designs systems 2 IT Ops Responsibility Basic Networking Storage Kubernetes Resource API Computing Resources DevOps Responsibility Software Deployments Kubernetes Platform Global Auth&Auth Routing Rules Actually operator resources Project RBAC The „new world“ - Two essential things that happened DevOps Tools Usage Curated DevOps Toolset
- 16. Kubernetes as driver of IT automation Slide 22 Old and new world Systems management DevOps Engineers Ansible Tower Old World Ansible Engine IT Ops Helpdesk Jobs IT Helpdesk Install and update Retail Software (in classic IT) Jenkins Provision Cloud Infrastructure Deploy Custom Application Adapt Classic Infrastructure For Deployments New World Utilize DevOps Tooling Kubernetes Provide DevOps Tooling Install and update Retail Software (in K8s)
- 17. Kubernetes as driver of IT automation Slide 23 Shortcomings • Two scheduling infrastructures – Kubernetes – Ansible Tower → Waste of Computing Resources • Different automation stacks for different use cases – Different know-hows necessary – Both sides have little motivation to consider „other side“ technology – „new world“ people might establish different automation stack on top of Kubernetes → Automation Silos
- 18. Bottom line (for now) Kubernetes brings many new opportunities, but regarding Automation it is a radically new approach. ! Assumptions • Kubernetes will move to the center of IT in the years to come • However classic IT is not „going away“ any time soon • There are/will be automation processes involving both sides but ... – k8s stuff is best deployed using K8s operator strategy – classic stuff is best deployed using Ansible „Old world“ vs. „new world“
- 19. Conclusion We can’t get rid of one side but we can blend them together in a more handleable manner! ! What can be done? • Identify possible merging stategies of both worlds • Match strategies to use cases accordingly • Kubernetes should become the „driver“ • Make „old world“ technology of interest for „new word“ users and vice versa „Old world“ vs. „new world“
- 20. Kubernetes as driver of IT automation Slide 27 Old and new world: Essential questions • Where and how to define my processes? – There should be still a centralized and decentralised way to utilize IT automation – At the center there should be only one tool usable everywhere, other tools may fill gaps • Where to schedule my workload? – Only one infrastructure please • In a process, how do I bridge one world to the other? – Deploying on Kubernetes and also adapting classic IT or vice versa
- 21. Kubernetes as driver of IT automation Slide 28 Kubernetes Platform Technique #1: Custom Ansible Operators Operator Manager CustomResource metadata: name: the-resource spec: … status: ... 1. Read spec 2. Perform work 3a. Store state Resource metadata: name: other-resource Resource metadata: name: other-resource Manage other k8s resources Manage other k8s resources Ansible K8s collection Manage Any external adaptions Managing NGINX on OpenShift With Ansible Controllers (Cloud Native Virtual Conference) Volume/ Object STorage 3b. Store large state
- 22. Kubernetes as driver of IT automation Slide 29 Use Case #1.1: Ansible Operators in DevOps Source Code Tekton CI/CD Pipeline Kubernetes Platform Image Registry Image Registry Application Namespace Deployment Service Persistent Volume Custom Resource Pull Push built Application image Deploy K8s resources Custom Ansible Operator >_ Remote SSH shell Provision public Cloud resources https://... Call Web Services Persistent Volume Push built Application image Orchestrate other tools
- 23. Kubernetes as driver of IT automation Slide 30 Use Case #1.2: Ansible Operators as access control tooling for Kubernetes Kubernetes Platform Operator Manager Restricted Resource spec: fullSetting1: abc fullSetting2: def RestrictedSetting: x Custom Resource spec: curatedSetting1: true curatedSetting2: false x Not permitted To create directly Permitted To create directly creates triggers DevOps Engineer Curated DevOps Tooling
- 24. Kubernetes as driver of IT automation Slide 31 Use Case #1.3: Automate installation of complex systems (in order) Kubernetes Platform Operator Manager Software Resource spec: curatedSetting1: true curatedSetting2: false status: upgradedVersion: 1.0 #1 runs Triggers Ops Engineer Setup/ Migration Job Software Instances Software Instances Software Pods #3 schedules #2 adapts external infrastructure Monitoring /Adaption Job #4 schedules monitor Stores state
- 25. Kubernetes as driver of IT automation Slide 32 Technique #2: Ansible Automation Platform 2.0 Ansible Execution Environment Ansible Automation Controller On Kubernetes • Containerized Ansible execution platform • Once „Ansible Tower“ • Schedules execution environments on Kubernetes • Currently „early access“
- 26. Kubernetes as driver of IT automation Slide 33 Use Case #2.1: Migrate Tower to Kubernetes Kubernetes Platform Automation Controller Private Automation Hub Automation Controller Automation Controller Execution Environments Automation Developer Ops Engineer Load approved ansible collections Provide Private Ansible collections Public Automation Hub/Galaxy Provide public Ansible collections Define Schedules, creds Insights For Ansible Provide metrics Schedule jobs Do stuff Systems Management IT Helpdesk Tasks Install and update Retail Software
- 27. Kubernetes as driver of IT automation Slide 34 Technique #2b: Automation Controller via external triggers Kubernetes Platform Automation Controller Private Automation Hub Automation Controller Automation Controller Execution Environments Load approved ansible collections Insights For Ansible Provide metrics Schedule jobs Ansible Automation Platform Ansible Via AWX collection REST Interface External Application
- 28. Kubernetes as driver of IT automation Slide 35 Use Case #2.2: Provision Multi-tenant Software deployments via K8s resource Kubernetes Platform Automation Controller Runs configured Playbook Job Custom Ansible Operator Ansible Automation Platform Tenant Installation Resource #1 Tenant Installation Resource #2 Tenant Installation Resource #2 spec: option1: true option2: false status: InstallationJob: abc Tenant Instance 3 Tenant Instance 2 Tenant Instance 1 Setup Base Setup Option 1 Setup Option 2 Update 1 Schedule Job with config Store back state Trigger
- 29. Kubernetes as driver of IT automation Slide 36 Essential questions answered • Where and how to define my processes? – Centralized: Ansible Automation Controller – Decentralized: Kubernetes Resources, Ansible Operators, Your Job Runner – Ansible is at the center • Where to schedule my workload? – All on Kubernetes • In a process, how do I bridge one world to the other? – „New“ → „Old“ IT: Ansible Controllers – „Old“ → „New“ IT: Old IT Automation already runs on K8s in Automation Controller, easy to add new IT automation
- 30. Kubernetes as driver of IT automation Slide 37 Old and new world together Systems management DevOps Engineers Ansible Automation Controller Kubernetes Ansible Operators IT Ops Helpdesk Jobs IT Helpdesk Install and update Retail Software (in classic IT) Tekton Provision Cloud Infrastructure Deploy Custom Application Adapt Classic Infrastructure For Deployments Utilize DevOps Tooling Provide DevOps Tooling Install and update Retail Software (in K8s) Strategical Automation Stack K8s resources
- 31. Thanks! Managing NGINX on OpenShift With Ansible Controllers (Cloud Native Virtual Conference) https://www.youtube.com/watch?v=7aErEMN4SQw Consol Expert Session Automation, Cloud, Container, Databases, UI/UX, ... https://www.consol.de/it-services/expert-session/ ConSol Consulting & Solutions Software GmbH St.-Cajetan-Straße 43 D-81669 München Telefon: +49-89-45841-100 [email protected] www.consol.de Twitter: @consol_de