platforms can run platforms on your BOSH: running ... · Do you know Cloud Foundry? Do you know...
57
© Copyright 2018 Pivotal Software, Inc. All rights Reserved. Version 1.0 Paul Czarkowski / @pczarkowski Principal Technologist Pivotal software BOSH: running platforms so you can run platforms on your platforms
Transcript of platforms can run platforms on your BOSH: running ... · Do you know Cloud Foundry? Do you know...
© Copyright 2018 Pivotal Software, Inc. All rights Reserved. Version 1.0
Paul Czarkowski / @pczarkowskiPrincipal TechnologistPivotal software
BOSH: running platforms so you can run platforms on your platforms
© Copyright 2018 Pivotal Software, Inc. All rights Reserved. Version 1.0
Paul Czarkowski / @pczarkowskiPrincipal TechnologistPivotal software
Sucessful Patterns for Deploying [and Operating]Platforms.
Do you know Cloud Foundry?
Do you know Kubernetes ?
Do you know BOSH ?
What is a platform ?
https://en.wikipedia.org/wiki/Computing_platform
A modern software
platform provides
API driven compute
resources.
“Every IT team is a
Platform Team.”
http://slides.eightypercent.net/platform-platform/index.html#1
https://twitter.com/kelseyhightower/status/935252923721793536
Generic Platform
API
Users
Storage Compute NetworkDatabase AccessArtifacts
Enterprise IT
API
Users
SystemsAdmin
NetworkEngineer SecurityDBA QAStorage
Admin
“You don’t have a platform
problem, you have a culture
problem.”
InfraServices
AppPlatform
Evolve your IT teams!
Platform Team
ApplicationTeam
Build common servicesfor App Teams
Take business requirements and turn
them into features
IaaS
Virtual Infrastructure
Physical Infrastructure
Abstract infrastructure complexity with easy
consumption
DBaaSELK
App2App1 App3
Middleware
ML
Creds/CertsMessaging
???
Container ServicesContainer Hosts | Kubernetes
InfrastructureTeam
People build PlatformsPeople build AppsApps run on Platforms
People are the most important componentof any platform.
TraditionalTicketBasedHuman
Toil
Build App Artifact
Build App Container(s)
App → to the Platform
Container RuntimeContainer Hosts
CaaSContainer
Orchestrator
PaaSApplication Platform
IaaS
CaaS
PaaSInfrastructure
AsCode
What Abstraction is the Right One for You ?
More Control Less Complexity
IaaS API
CF API
K8s API
ConfigManagement
Build Application
Dependencies
IaaSHardware
PXE boot ?
18
Hardware
IaaS
CaaS
PaaS
FaaS
Strategic goal: Push as many workloads as technically feasible to the top of the platform hierarchy
Higher flexibility and less enforcement of
standards
Lower development complexity and higher operational efficiency
Hardware
IaaS
CaaS
PaaS
FaaS
InfrastructureTeam
Infrastructure TeamPlatform Team
Platform TeamInfrastructure Team
App Team
App TeamPlatform Team
App TeamPlatform Team
Infrastructure Team
Consumers of the abstraction
“In general, taking something that’s already working somewhere and expanding its usage (capabilities) is far more likely to succeed than building these capabilities from scratch”
Embedded OS(Windows & Linux)
NSX-T
CPI (15 methods)
v1
v2
v3...
CVEsProduct Updates Java | .NET | NodeJS
Pivotal Application Service (PAS)
Application Code & Frameworks Buildpacks | Spring Boot | Spring Cloud |
Steeltoe
Elastic | Packaged Software | Spark
Pivotal Container Service (PKS)
>cf push >kubectl run
YOU build the containerWE build the container
vSphereAzure &
Azure StackGoogle CloudAWSOpenstack
PivotalNetwork
“3Rs”
Github
Concourse
Concourse
Pivotal ServicesMarketplace
Pivotal and Partner Products
Continuousdelivery
Public Cloud Services
Customer Managed Services
Ope
n S
ervi
ce B
roke
r A
PI
Repair — CVEs
Repave Rotate — Credhub
The Google Problem
x 1,000,000
API Server
Kube Scheduler
K8s MasterContr
oller Manager
Etcd
C
Kubelet
Kube-proxy
K8s Worker
PodPodPod
K8s Worker
PodPodPod
K8s Worker
PodPodPod
CNI CNI CNI
Docker
Kubelet
Kube-proxy
Docker
Kubelet
Kube-proxy
Docker
API Server
Kube Scheduler
K8s Master
Controller Manager
Etcd
C
Kubelet
Kube-proxy
K8s Worker
PodPod
Pod
K8s Worker
PodPod
Pod
K8s Worker
PodPod
Pod
CNI CNI CNI
Docker
Kubelet
Kube-proxy
Docker
Kubelet
Kube-proxy
Docker
Google Compute Engine(hidden from user)
Google Compute Engine
TraditionalTicketBasedHuman
Toil
Build App Artifact
Build App Container(s)
App → to the Platform
Container RuntimeContainer Hosts
CaaSContainer
Orchestrator
PaaSApplication Platform
IaaS
CaaS
PaaSInfrastructure
AsCode
What Abstraction is the Right One for You ?
More Control Less Complexity
IaaS API
CF API
K8s API
ConfigManagement
Build Application
Dependencies
IaaSHardware
PXE boot ?
32
BOSH - Component Architecture
Director
Postgres DB
NATS
CLI
Health Monitor
Blob Store
Agent
Agent
Agent
Agent
IaaS API
Cloud Provider Interface
IaaS
BOSH provides the means to go from deployment configuration to VM creation and management. It includes interfaces for Azure, vSphere, AWS, GCP, and OpenStack. Additional CPI can be written for alternative IaaS providers.
Registry
w
BOSH - Service Deployment
Manifest
Release
Stemcell
Deployment
BOSH - Stemcell
Stemcell
▪ Secured, Hardened, and Versioned Operating System image wrapped with IaaS specific packaging
▪▪ Contains a bare minimum OS skeleton with a few
common utilities pre-installed, a BOSH Agent, and a few configuration files to securely configure the OS by default.
▪▪ Images come in two flavors Ubuntu 14.04 and CentOS
7 for all IaaS’ supported▪▪ Maintained by BOSH team and available at
http://bosh.io/stemcells
BOSH - Release
Job(s)
Package(s)
Monit
Packaging
Spec
Spec
Src
Blobs
Dependency Tree:
Organization:Elements:
Jobs - Pieces of the service or application you are releasing, including how to compile & run them
Packages - Provide source code and dependencies to jobs
Src - Non-binary files which is provided to packages
Blobs - Provide binary files (other than those checked into a source code repository) to packages
Monit - Script utilized to start/stop/restart the job
Packaging - Script utilized to compile the source needed by a job
Spec - Key/Value file which stores all configuration properties which can be set externally
Green - Script (erb or bash)Orange - Properties (yml)
BOSH - Manifest
▪ Deployment Identification: A name for the deployment and the UUID of the Director managing the deployment
▪ Releases Block: Name and version of each release in a deployment
▪ Stemcells Block: Name and version of each stemcell in a deployment
▪ Update Block: Defines how BOSH updates instances during deployment
▪ Instance Groups Block: Configuration and resource information for instance groups (Jobs)
▪ Properties Block: Describes global properties and generalized configuration information
▪
Required Blocks:
YAML - Primer found at end of presentation
Provides the ability to customize BOSH releases (your service)
BOSH - Service Deployment
Director
Postgres DB
NATS
CLI
Health Monitor
Blob Store
IaaS API
Cloud Provider Interface
Registry
Stemcell
*
Release
Agent
*
Manifest
Agent
Agent
Agent
Config
BOSH - Process High Availability
Director
NATSAgent
Agent
IaaS
Proc-1
Proc-1
Restart! Health Monitor
Alert Sent!
BOSH - VM High AvailabilityManifest - Desired State
Director
NATS
Agent
Proc-1
Agent
IaaS
Proc-1
Health Monitor Agent
Proc-1
Alert Sent!
Agent
Agent
Proc-1
Proc-1=IaaS API
Cloud Provider Interface
BOSH - Canary Upgrades
Manifest -
AgentAgent
Agent
Agent
Code Update 4.04!
Any update error causes the deployment to stop. Since only canaries are affected before an update stops, problem jobs
and packages are prevented from taking over all instances.
BOSH - Day 2 OpsConsistent, Reliable, Scalable, Secure
▪ Checks against “desired state to return consistency
▪ No ad hoc automation burden▪ Manage services, not servers▪ 4 layers of Self Healing
ProvisionDeploy
and Configure
Monitor and
DetectRe-mediate
CurrentState
DesiredState
IaaS
Node
NodeKubernetes
Cluster Services
API
Cluster3
NSX-T
vSphere
PKS includes:• PKS Control Plane, CFCR• NSX-T, Harbor, GCP Broker• BOSH Release for Kubernetes• Configures Day 1 of
- CFCR- vSphere- NSX Integration- Harbor
• Manages Day 2 of Kubernetes Clusters
- Scaling- Patching- Upgrades- Failures
Kubo CFCR
Kubernetes(As a Bosh Release)
BOSH(Deploys/Manages VMs)
CPI
CNI
HarborPrivate Container
Registry
PKS “How it Works”The value of BOSH
Node
Node
Node
Kubernetes Cluster Services
API
Node
Node
Node
Kubernetes Cluster Services
API
Node
Cluster1
Cluster2
GCPService Broker
API
#pks create-cluster K8s-1 -n 3#pks create-cluster K8s-2 -n 3#pks create-cluster K8s-3 -n 3# pks create-cluster --plan small Cluster3
PKS Control Plane
VM
VM
VM
VM
VM
VM
VM
VM
VM
Node
NodeKubernetes
Cluster Services
API
Cluster3 Node
Node
Node
VM
VM
VM
VM
VM
Hardware
IaaS
CaaS
PaaS
FaaS
HPE, Dell, IBM, Lenovo
AWS, Azure, GCP, Openstack, VMWare
PKS, GKE, OpenShift, AWS
Fargate, Kubernetes
PCF, Azure App Service, Heroku, Deis
AWS Lambda, Azure Functions, OpenWhisk,
kubeless, PFS
http://www.bsielearning.com.au/keep-simple-stupid/
Full Opensource DIY
● ??? pxe ● Openstack Ansible● Kubespray● Ansible Hardening
https://github.com/openstack/openstack-ansible
https://github.com/openstack/ansible-hardening
https://github.com/kubernetes-incubator/kubespray
!!!
PLATFORM VALUE STREAM AND METRICS
REPLATFORM > MODERNIZE > OPTIMIZE
ESTABLISH, MEASURE AND UPDATE KEY OBJECTIVES AND RESULTS (OKRs)
SPEED & AGILITY STABILITY
SCALABILITY SAVINGS
$SECURITY
40-60%*More Projects With Same Staff
MillionsAnnual Savings on HW, SW and Support
25-50%*Fewer Support Incidents
40%*Faster Patching Delivery @ Zero Downtime
-90%*Time to Scale
$
$
%
How We Think about the Business Case
Questions ?
THE END
