devops - nchica · containerized microservices” •“improved relation between dev and ops where...
TRANSCRIPT
![Page 1: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/1.jpg)
DevOps
June 2018
Duke Health Technology Solutions
![Page 2: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/2.jpg)
Stakeholders
• Whole Enterprise
– Security Office
– Operations
– Engineering
– Infrastructure
– Development
– Quality Assurance
– Management
![Page 3: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/3.jpg)
SOME CONCEPTSDevOps
![Page 4: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/4.jpg)
• “Automated process to publish and update containerized microservices”
• “Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development”
• a.k.a. Latest way to anger customers and management by deploying unsupported components to production
DevOps
![Page 5: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/5.jpg)
Timing
![Page 6: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/6.jpg)
• Nobody agrees on what it is…
• Except that it is not A thing… so let’s try the components
– CI/CD
– Microservices architecture
– Infrastructure-as-Code (IAC), Policy as Code (PAC)
– Containerization
– Container Orchestration
DevOps or DevSecOps
![Page 7: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/7.jpg)
CI Evolution
![Page 8: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/8.jpg)
• Continuous Integration
– Versioning repository
CI
![Page 9: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/9.jpg)
• Continuous Integration
– Versioning repository
CI
![Page 10: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/10.jpg)
• Continuous Integration
– Versioning repository
– Automated “build” of every merge
• Set of automated steps that get applied on every single change
• Run on a clean environment
• Provide feedback when non-complaint
CI
![Page 11: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/11.jpg)
• Continuous Integration
– Versioning repository
– Automated “build” of every merge
• Set of automated steps that get applied every time
• Run on a clean environment
• Provide feedback when non-complaint
CI
![Page 12: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/12.jpg)
• Continuous Integration
– Versioning repository
– Automated “build” of every merge
– Syntax & style checking (LINT)
CI
![Page 13: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/13.jpg)
• Continuous Integration
– Versioning repository
– Automated “build” of every merge
– Syntax & style checking (LINT)
CI
![Page 14: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/14.jpg)
• Continuous Integration
– Versioning repository
– Automated “build” of every merge
– Syntax & style checking (LINT)
– Self testing / validation / code coverage
CI
![Page 15: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/15.jpg)
• Continuous Integration
– Versioning repository
– Automated “build” of every merge
– Syntax & style checking (LINT)
– Self testing / validation
CI
![Page 16: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/16.jpg)
• Continuous Integration
– Versioning repository
– Automated “build” of every merge
– Syntax & style checking (LINT)
– Self testing / validation
CI
$ istanbul cover _mocha -- -R spec Test
=============================================================================Writing coverage object [/builds/0f30dfe3/0/CATS/dash/CORServer/coverage/coverage.json]Writing coverage reports at [/builds/0f30dfe3/0/CATS/dash/CORServer/coverage]=============================================================================
=============================== Coverage summary ===============================Statements : 90.27% ( 2978/3299 )Branches : 78.09% ( 1112/1424 )Functions : 93.31% ( 293/314 )Lines : 90.32% ( 2976/3295 )================================================================================
![Page 17: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/17.jpg)
CI in the enterprise?
https://www.algosec.com/wp-content/uploads/2016/03/The-State-of-Automation-in-Security-Survey-Final.pdf
![Page 18: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/18.jpg)
Dev Test Acceptance Production
CD
Time and complexity (cost) to find, identify and fix problems
Shift deployment, stage, networking, security to the left
![Page 19: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/19.jpg)
• Continuous Delivery/Deployment
– Deployment instructions are checked in the repo and executed as part of the CI
– Last step manual (C.Del) or automated (C.Dep).
– Tools: Gitlab CI/Ansible/puppet/etc.
CD
![Page 20: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/20.jpg)
• Service oriented architecture (SOA)
• Monolithic apps typically don’t scale as well
• Break the app in smaller pieces and use APIs to communicate
• Do one thing, do it well
• Use 12 factors!
• Example: API Manager
Microservices
![Page 21: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/21.jpg)
Management of infrastructure (networks, virtual machines, load balancers, and connection topology) in a descriptive model
Policy-as-Code is also an emerging discipline
Infrastructure as Code (IAC)
![Page 22: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/22.jpg)
Infrastructure as Code (IAC)
![Page 23: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/23.jpg)
• Package all dependencies in an immutable image, ready to run
• Versioned text file describes layers
Containerization
![Page 24: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/24.jpg)
• Package all dependencies in an immutable image, ready to run
• Versioned text file describes layers
• Portable
• Cookie cutter server hosts DB, web, application server, or several of the above
• Tools: Docker, Singularity
Containerization
![Page 25: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/25.jpg)
• Fully automated realization of environments
– Descriptive recipe to automate deployment of applications, microservices to test/production
– Set of tools to manage, review, and audit all the aspects of the automation
– (*) Auto-scaling, self-healing infrastructure
• Tools: Kubernetes
Orchestration
![Page 26: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/26.jpg)
THE PROBLEM
![Page 27: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/27.jpg)
Containerization
OrchestrationAbstraction (CMP)
Technology choices
Docker
Singularity
Kubernetes
Mesos/Marathon
SN Cloud Management
RH OpenShift
RH OpenStack
Competing, overlapping and proprietary products
![Page 28: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/28.jpg)
• Natural expansion of proven practices
• Smooth testing and deployment through automated, repeatable processes
• Not the experts on underlying production technologies
• Not as eager to think about support and maintenance issues
Dev
![Page 29: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/29.jpg)
• Automated
• Repeatable
• Disposable instances
• Substantial change the way Ops is done
• Responsibility lines not clear
Ops
![Page 30: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/30.jpg)
• Governance (review gates)
• Visible, transparent and automated process for deployment
• Container Inventory, patching
• Can’t ignore current needs to make the jump
• Finger-pointing support model
Enterprise
![Page 31: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/31.jpg)
• Confusion: DevOps is not Technology… it is culture
• Totally different mindset
• Revolutionary shift in the way we solve problems in IT
• It takes time for Traditional IT organizations to make the move
The main problem…
![Page 32: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/32.jpg)
THE VISION
![Page 33: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/33.jpg)
![Page 34: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/34.jpg)
THE SOLUTION
![Page 35: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/35.jpg)
• Don’t buy A tool to solve the problem (yet)
– Avoid ”better” vendor solutions
• Don’t spend months over-architecting the final solution… it is evolving, start small
• Work in small steps in the right direction
– Create a DevOps team
– Create a cluster so there is a target for containers
– Work on all the disciplines in parallel
Not really… but recommendations
![Page 36: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/36.jpg)
• Version everything (code, scripts, instructions, security scan)
• Lint/Unit Test/Security Scan every “build”
• Automate all steps (or as much as possible)
• Test and validate as part of your deployment
• Work on Guidelines and Best practices
Spread the CI/CD mentality
![Page 37: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/37.jpg)
• Unbundle services with different scalability needs
• Provide a clean API
• Encourage standard interfaces
• Take advantage of the API Manager
Encourage Microservices (SOA)
![Page 38: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/38.jpg)
• Establish an Enterprise Container Registry
– Curated
– Pre-req ready
• Best practices
– Data volumes
– Logging & Monitoring
• Define optimal but clear lines of responsibility
Containerization
![Page 39: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/39.jpg)
• Engage people from the different disciplines/perspectives for pilot projects
– Balance speed and practicality for engagement
Orchestration
![Page 40: DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development” •a.k.a](https://reader033.vdocuments.net/reader033/viewer/2022042220/5ec6dc97df99ba07f6112c1a/html5/thumbnails/40.jpg)
QUESTIONS?End of presentation