DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where...

transcript

DevOps

June 2018

Duke Health Technology Solutions

Stakeholders

• Whole Enterprise

– Security Office

– Operations

– Engineering

– Infrastructure

– Development

– Quality Assurance

– Management

SOME CONCEPTSDevOps

• “Automated process to publish and update containerized microservices”

• “Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development”

• a.k.a. Latest way to anger customers and management by deploying unsupported components to production

DevOps

Timing

• Nobody agrees on what it is…

• Except that it is not A thing… so let’s try the components

– CI/CD

– Microservices architecture

– Infrastructure-as-Code (IAC), Policy as Code (PAC)

– Containerization

– Container Orchestration

DevOps or DevSecOps

CI Evolution

• Continuous Integration

– Versioning repository

– Automated “build” of every merge

• Set of automated steps that get applied on every single change

• Run on a clean environment

• Provide feedback when non-complaint

• Set of automated steps that get applied every time

• Run on a clean environment

• Provide feedback when non-complaint

– Syntax & style checking (LINT)

– Self testing / validation / code coverage

– Self testing / validation

$ istanbul cover _mocha -- -R spec Test

=============================================================================Writing coverage object [/builds/0f30dfe3/0/CATS/dash/CORServer/coverage/coverage.json]Writing coverage reports at [/builds/0f30dfe3/0/CATS/dash/CORServer/coverage]=============================================================================

=============================== Coverage summary ===============================Statements : 90.27% ( 2978/3299 )Branches : 78.09% ( 1112/1424 )Functions : 93.31% ( 293/314 )Lines : 90.32% ( 2976/3295 )================================================================================

CI in the enterprise?

https://www.algosec.com/wp-content/uploads/2016/03/The-State-of-Automation-in-Security-Survey-Final.pdf

Dev Test Acceptance Production

Time and complexity (cost) to find, identify and fix problems

Shift deployment, stage, networking, security to the left

• Continuous Delivery/Deployment

– Deployment instructions are checked in the repo and executed as part of the CI

– Last step manual (C.Del) or automated (C.Dep).

– Tools: Gitlab CI/Ansible/puppet/etc.

• Service oriented architecture (SOA)

• Monolithic apps typically don’t scale as well

• Break the app in smaller pieces and use APIs to communicate

• Do one thing, do it well

• Use 12 factors!

• Example: API Manager

Microservices

Management of infrastructure (networks, virtual machines, load balancers, and connection topology) in a descriptive model

Policy-as-Code is also an emerging discipline

Infrastructure as Code (IAC)

• Package all dependencies in an immutable image, ready to run

• Versioned text file describes layers

Containerization

• Package all dependencies in an immutable image, ready to run

• Versioned text file describes layers

• Portable

• Cookie cutter server hosts DB, web, application server, or several of the above

• Tools: Docker, Singularity

Containerization

• Fully automated realization of environments

– Descriptive recipe to automate deployment of applications, microservices to test/production

– Set of tools to manage, review, and audit all the aspects of the automation

– (*) Auto-scaling, self-healing infrastructure

• Tools: Kubernetes

Orchestration

THE PROBLEM

Containerization

OrchestrationAbstraction (CMP)

Technology choices

Docker

Singularity

Kubernetes

Mesos/Marathon

SN Cloud Management

RH OpenShift

RH OpenStack

Competing, overlapping and proprietary products

• Natural expansion of proven practices

• Smooth testing and deployment through automated, repeatable processes

• Not the experts on underlying production technologies

• Not as eager to think about support and maintenance issues

• Automated

• Repeatable

• Disposable instances

• Substantial change the way Ops is done

• Responsibility lines not clear

• Governance (review gates)

• Visible, transparent and automated process for deployment

• Container Inventory, patching

• Can’t ignore current needs to make the jump

• Finger-pointing support model

Enterprise

• Confusion: DevOps is not Technology… it is culture

• Totally different mindset

• Revolutionary shift in the way we solve problems in IT

• It takes time for Traditional IT organizations to make the move

The main problem…

THE VISION

THE SOLUTION

• Don’t buy A tool to solve the problem (yet)

– Avoid ”better” vendor solutions

• Don’t spend months over-architecting the final solution… it is evolving, start small

• Work in small steps in the right direction

– Create a DevOps team

– Create a cluster so there is a target for containers

– Work on all the disciplines in parallel

Not really… but recommendations

• Version everything (code, scripts, instructions, security scan)

• Lint/Unit Test/Security Scan every “build”

• Automate all steps (or as much as possible)

• Test and validate as part of your deployment

• Work on Guidelines and Best practices

Spread the CI/CD mentality

• Unbundle services with different scalability needs

• Provide a clean API

• Encourage standard interfaces

• Take advantage of the API Manager

Encourage Microservices (SOA)

• Establish an Enterprise Container Registry

– Curated

– Pre-req ready

• Best practices

– Data volumes

– Logging & Monitoring

• Define optimal but clear lines of responsibility

Containerization

• Engage people from the different disciplines/perspectives for pilot projects

– Balance speed and practicality for engagement

Orchestration

QUESTIONS?End of presentation

DevOps - NCHICA · containerized microservices” •“Improved relation between Dev and Ops where...

Documents