DevOps
June 2018
Duke Health Technology Solutions
Stakeholders
• Whole Enterprise
– Security Office
– Operations
– Engineering
– Infrastructure
– Development
– Quality Assurance
– Management
SOME CONCEPTSDevOps
• “Automated process to publish and update containerized microservices”
• “Improved relation between Dev and Ops where Dev disciplines extends to Ops and Ops participation starts at development”
• a.k.a. Latest way to anger customers and management by deploying unsupported components to production
DevOps
Timing
• Nobody agrees on what it is…
• Except that it is not A thing… so let’s try the components
– CI/CD
– Microservices architecture
– Infrastructure-as-Code (IAC), Policy as Code (PAC)
– Containerization
– Container Orchestration
DevOps or DevSecOps
CI Evolution
• Continuous Integration
– Versioning repository
CI
• Continuous Integration
– Versioning repository
CI
• Continuous Integration
– Versioning repository
– Automated “build” of every merge
• Set of automated steps that get applied on every single change
• Run on a clean environment
• Provide feedback when non-complaint
CI
• Continuous Integration
– Versioning repository
– Automated “build” of every merge
• Set of automated steps that get applied every time
• Run on a clean environment
• Provide feedback when non-complaint
CI
• Continuous Integration
– Versioning repository
– Automated “build” of every merge
– Syntax & style checking (LINT)
CI
• Continuous Integration
– Versioning repository
– Automated “build” of every merge
– Syntax & style checking (LINT)
CI
• Continuous Integration
– Versioning repository
– Automated “build” of every merge
– Syntax & style checking (LINT)
– Self testing / validation / code coverage
CI
• Continuous Integration
– Versioning repository
– Automated “build” of every merge
– Syntax & style checking (LINT)
– Self testing / validation
CI
• Continuous Integration
– Versioning repository
– Automated “build” of every merge
– Syntax & style checking (LINT)
– Self testing / validation
CI
$ istanbul cover _mocha -- -R spec Test
=============================================================================Writing coverage object [/builds/0f30dfe3/0/CATS/dash/CORServer/coverage/coverage.json]Writing coverage reports at [/builds/0f30dfe3/0/CATS/dash/CORServer/coverage]=============================================================================
=============================== Coverage summary ===============================Statements : 90.27% ( 2978/3299 )Branches : 78.09% ( 1112/1424 )Functions : 93.31% ( 293/314 )Lines : 90.32% ( 2976/3295 )================================================================================
CI in the enterprise?
https://www.algosec.com/wp-content/uploads/2016/03/The-State-of-Automation-in-Security-Survey-Final.pdf
Dev Test Acceptance Production
CD
Time and complexity (cost) to find, identify and fix problems
Shift deployment, stage, networking, security to the left
• Continuous Delivery/Deployment
– Deployment instructions are checked in the repo and executed as part of the CI
– Last step manual (C.Del) or automated (C.Dep).
– Tools: Gitlab CI/Ansible/puppet/etc.
CD
• Service oriented architecture (SOA)
• Monolithic apps typically don’t scale as well
• Break the app in smaller pieces and use APIs to communicate
• Do one thing, do it well
• Use 12 factors!
• Example: API Manager
Microservices
Management of infrastructure (networks, virtual machines, load balancers, and connection topology) in a descriptive model
Policy-as-Code is also an emerging discipline
Infrastructure as Code (IAC)
Infrastructure as Code (IAC)
• Package all dependencies in an immutable image, ready to run
• Versioned text file describes layers
Containerization
• Package all dependencies in an immutable image, ready to run
• Versioned text file describes layers
• Portable
• Cookie cutter server hosts DB, web, application server, or several of the above
• Tools: Docker, Singularity
Containerization
• Fully automated realization of environments
– Descriptive recipe to automate deployment of applications, microservices to test/production
– Set of tools to manage, review, and audit all the aspects of the automation
– (*) Auto-scaling, self-healing infrastructure
• Tools: Kubernetes
Orchestration
THE PROBLEM
Containerization
OrchestrationAbstraction (CMP)
Technology choices
Docker
Singularity
Kubernetes
Mesos/Marathon
SN Cloud Management
RH OpenShift
RH OpenStack
Competing, overlapping and proprietary products
• Natural expansion of proven practices
• Smooth testing and deployment through automated, repeatable processes
• Not the experts on underlying production technologies
• Not as eager to think about support and maintenance issues
Dev
• Automated
• Repeatable
• Disposable instances
• Substantial change the way Ops is done
• Responsibility lines not clear
Ops
• Governance (review gates)
• Visible, transparent and automated process for deployment
• Container Inventory, patching
• Can’t ignore current needs to make the jump
• Finger-pointing support model
Enterprise
• Confusion: DevOps is not Technology… it is culture
• Totally different mindset
• Revolutionary shift in the way we solve problems in IT
• It takes time for Traditional IT organizations to make the move
The main problem…
THE VISION
THE SOLUTION
• Don’t buy A tool to solve the problem (yet)
– Avoid ”better” vendor solutions
• Don’t spend months over-architecting the final solution… it is evolving, start small
• Work in small steps in the right direction
– Create a DevOps team
– Create a cluster so there is a target for containers
– Work on all the disciplines in parallel
Not really… but recommendations
• Version everything (code, scripts, instructions, security scan)
• Lint/Unit Test/Security Scan every “build”
• Automate all steps (or as much as possible)
• Test and validate as part of your deployment
• Work on Guidelines and Best practices
Spread the CI/CD mentality
• Unbundle services with different scalability needs
• Provide a clean API
• Encourage standard interfaces
• Take advantage of the API Manager
Encourage Microservices (SOA)
• Establish an Enterprise Container Registry
– Curated
– Pre-req ready
• Best practices
– Data volumes
– Logging & Monitoring
• Define optimal but clear lines of responsibility
Containerization
• Engage people from the different disciplines/perspectives for pilot projects
– Balance speed and practicality for engagement
Orchestration
QUESTIONS?End of presentation