A DEVOPS STATE OF MIND WITH DOCKER AND …res.cdn.sys-con.com/session/3394/Chris_Van_Tuin.pdfA...

A DEVOPS STATE OF MIND WITH DOCKER AND KUBERNETES

Chris Van Tuin Chief Technologist, West [email protected]

mailto:[email protected]?subject=

“In short, software is eating the world.” - Marc Andreessen, Wall Street Journal, August 2011

Open SourceV

UBER, LYFT FALLOUT: TAXI RIDES PLUNGE 65% IN SAN FRANCISCO

5

DEV QA OPS

Walled off people, walled off processes, walled off technologies

“THROW IT OVER THE WALL”

THE NEED FOR SPEED THE ACCELERATION OF APPLICATION DELIVERY FOR THE BUSINESS

WHAT CAN I.T. DO? I.T. CAN TURN OPS AND DEV INTO DEVOPS

“DevOps is a software development method that stresses communication, collaboration and integration between software developers and information technology (IT) professionals.”[1]

Applying many of the principles of Agile software development to the full application lifecycle and incorporating automation and monitoring with just a touch of Lean Manufacturing theory.

PEOPLE

PROCESS TECHNOLOGY

DEVOPS

8

DEV QA OPS

Cross-organization teams, walled off processes, walled off technologies

BREAK DOWN THE WALLS

“Configuration in code” • Standardized environments • Linux containers • Automated provisioning

WHAT ENABLES DEVOPS?

KEY CONCEPT: FAIL FAST AND RECOVER VS. NEVER FAIL

CI/CD: Automated testing and deployment • Continuous integration • Continuous delivery


KEY CONCEPT: SMALL CHANGES = LESS RISK

Continuous innovation • Developer self-service • Rapid prototyping


KEY CONCEPT: CULTURE CHANGE = ACCEPTANCE OF FAILURE

ORGANIZATIONS IMPLEMENTING DEVOPS

Source: 2014 State of DevOps Report Puppet Labs, IT Revolution Press, ThoughtWorks

DEVOPS VALUE IN ACTION: VELOCITY AT AMAZON AWS

SOFTWARE DEPLOYMENTS CAUSING AN OUTAGE

MEAN TIME BETWEEN DEPLOYMENTS

(SECONDS)

10,000

.001%11.6

MAX DEPLOYMENTS/ HOURBetter deployment quality 63%

Faster release frequency 63%

Improved process visibility 61%

CASE STUDY

FINANCIAL SERVICES COMPANY

Growth Competition

“It took 2 years after a competitive start-up launch to get a competing

product to market.”


“It could take 6 weeks to get a single word changed on

the web site.”

Agility PredictabilityGrowth Competition





the web site.”

“When developers work in Node.js, they can change the

code they’re working on, direct it to run, and see whether it

works-in the blink of an eye.”

Productivity






the web site.”

“When developers work in Node.js, they can change the

code they’re working on, direct it to run, and see whether it

works-in the blink of an eye.”

“The environment, while stable, didn’t use the sexiest

technologies, which made recruiting difficult.”

RecruitingProductivity




DEVOPS SOLUTION APPROACH

Leverage Automation Technologies Combined with Cloud Architecture

CI/CD with Containers

ENABLING TECHNOLOGIES

OPEN SOURCE ENABLING DEVOPS

THE NEW OPERATING SYSTEM

Orchestrator: Model the app across multiple hosts/containers

Scheduler: Provide service and APIs for placing the app onto resources

APP

SERVICE 1 SERVICE 2

SERVICE 3 SERVICE 4

SCHEDULER

RED HAT ENTERPRISE

LINUX

RED HAT ENTERPRISE

LINUX

RED HAT ENTERPRISE

LINUXContainer pool : Provide resources to run app

24

WHAT ARE LINUX CONTAINERS?

• Used to create containers for software applications / microservices

• Package Once Deploy Anywhere

• Containers provide lightweight isolation of process, network, filesystem spaces

• Docker builds on Linux containers, adds an API, image format, runtime, and a delivery and sharing model

HOST OS

SERVER

CONTAINER

LIBS

APP

CONTAINER USE CASES

DevOpsApp

Modernization Microservices

Availability Real-time Scale Diet VM

Infrastructure Optimization Big Data

100%

CI/CD Hardware Modernization

27

docker.io RegistryPrivate

RegistryRed Hat Certified

FROM fedora:latest CMD echo “Hello”

Dockerfile

Physical, Virtual, Cloud

“docker build or commit”

Image Container

“docker push or pull <IMAGE_ID>”

“docker run <IMAGE_ID>”

Build RunShip

BUILD, SHIP, RUN

28


Dockerfile


Build

BUILD, SHIP, RUN

public class HelloWorld {

public static void main(String[] args) { System.out.println ("Hello, World"); }}

#include<stdio.h>

main(){ printf("Hello World");}

var http = require('http');var server = http.createServer( function (request, response) { response.writeHead(200, {"Content-Type": "text/plain"}); response.end("Hello World\n");});server.listen(8000);

$_ = "hello world";$_ =~ s/^(\b\w)(\B\w+)\s(\D)(\D+)$/ \U$1\E$2 \U$3\E$4\!\n/;print $_;

PHYSICAL VIRTUAL PRIVATE CLOUD PUBLIC CLOUD

<?php Print "Hello, World!"; ?>

Docker provides a language agnostic packaging format and runtime API

CONSISTENT PACKAGING FORMAT

public class HelloWorld {

public static void main(String[] args) { System.out.println ("Hello, World"); }}

#include<stdio.h>

main(){ printf("Hello World");}

var http = require('http');var server = http.createServer( function (request, response) { response.writeHead(200, {"Content-Type": "text/plain"}); response.end("Hello World\n");});server.listen(8000);

$_ = "hello world";$_ =~ s/^(\b\w)(\B\w+)\s(\D)(\D+)$/ \U$1\E$2 \U$3\E$4\!\n/;print $_;

PHYSICAL VIRTUAL PRIVATE CLOUD PUBLIC CLOUD

<?php Print "Hello, World!"; ?>

bash glibc

...

bash glibc

jre

libssl libv8

...

bash glibc

nodejs perl php

...

bash glibc

Package dependencies ensure consistency and portability*

PACKAGED DEPENDENCIES

TRADITIONAL SOFTWARE SUPPLY CHAIN

A CONVERGED SOFTWARE SUPPLY CHAIN

CUSTOM SUPPLY CHAIN

34




Dockerfile


Image


Build Ship

BUILD, SHIP, RUN

64% of official images in Docker Hub contain high priority security vulnerabilities

examples: ShellShock (bash)

Heartbleed (OpenSSL) Poodle (OpenSSL)

Source: Over 30% of Official Images in Docker Hub Contain High Priority Security Vulnerabilities, Jayanth Gummaraju, Tarun Desikan, and Yoshio Turner, BanyanOps, May 2015 (http://www.banyanops.com/pdf/BanyanOps-AnalyzingDockerHub-WhitePaper.pdf)

WHAT’S INSIDE THE CONTAINER MATTERS

http://www.banyanops.com/pdf/BanyanOps-AnalyzingDockerHub-WhitePaper.pdf

OpenSCAP

ReportsScan

SCAP Security Guide

for RHEL

CCE-27002-5 Set Password Minimum Length

Content

Scan physical servers, virtual machines, docker images and containersfor Compliance (CCEs) and known Vulnerabilities (CVEs)

38

WHAT ARE MY OPTIONS?

Security-by-Luck • Unsupported distro • Public registry • End-of-lifed

Security-by-Firewall • No patch management • Untrusted containers • selinux disabled

Trusted Platform • Supported distro • Patch management • Trusted containers & host • Private registry • Container scanning • selinux enforcing

39




Dockerfile

Physical, Virtual, Cloud


Image Container


“docker run <IMAGE_ID>”

Build RunShip

BUILD, SHIP, RUN

ContainersTraditional OS

HARDWARE

HOST OS

HARDWARE

HOST OS

CONTAINER

LIBS

APP A

LIBS A LIBS B LIBS LIBS

APP A APP B

CONTAINER

LIBS

APP B

TRADITIONAL OS VS CONTAINERS

ADD NAME (View > Master > Slide master)

More serious workloads require orchestration like Kubernetes to offload management overhead


42

Kubernetes: Deploy Application


43



44



45

Kubernetes: Scale Service


46

Kubernetes: Scale Service


Once created, Kubernetes will keep the environment online as described in the json file

JSON Kubernetes

51

Canary Deployments

Version 1 Version 1Version 1

Version 1.2

`

Tests / CI

52

Each container/pod is updated one by one

Version 1

33%

Version 1.2Version 1

53

Canary Deployments

Version 1

66%

Version 1.2Version 1.2

54

Canary Deployments

Version 1.2

100%

Version 1.2Version 1.2


Blue / Green Deployments

Version 1


Admins won’t get stuck in middle of a deployment

Version 1 Version 1.2


Tests and certification can be done before customers access it

Version 1 Version 1.2 Tests / CI


Once ready, the new version is used and the old version can be removed

Version 1 Version 1.2


Rollbacks can be done using the same method if desired

Version 1.2

DEVOPS with Platform as a Service REDUCE CYCLE TIME FROM IDEA TO FEATURE

Any App • Any Docker Image

• Any Source 2 Image

• Big Data

• Web, App, DB

• Batch

• Legacy, Persistent

• .NET

Anywhere • Dev, Test, Prod

• Private Cloud

• Public Cloud

• Physical

• Virtual

• Laptop

• Mac,Win,Lin CDK

Any Scale • Cloud burst

• Multi-DC

• Scale Up/Down

• Web Scale

• 1k hosts

• 30k pods

Any Time • Self-Service

• DevOps

• CI/CD

• Auto Build

• Auto Deploy

• Security Scan

• Health Check

OPENSHIFT: The Docker and Kubernetes Container Platform

Choice of Platforms Add any Docker Image

Automated Build Pipeline

Automated Deployments

DEVOPS ROI

Improve business agility

Improve business predictability

Improve developer productivity

Improve operational efficiency and costs

Deployment Frequency

Change Volume

Lead Time

DeploymentFailure Rate

Mean Time to Recover

99.999

Service Availability

DEVOPS METRICS

THANK YOU

Chris Van Tuin

[email protected]

mailto:[email protected]

A DEVOPS STATE OF MIND WITH DOCKER AND …res.cdn.sys-con.com/session/3394/Chris_Van_Tuin.pdfA...

Documents

Transcript of A DEVOPS STATE OF MIND WITH DOCKER AND …res.cdn.sys-con.com/session/3394/Chris_Van_Tuin.pdfA...