SlideShare a Scribd company logo
DevOps di applicazioni Python
(e non solo) su OpenShift
Francesco Fiore, System Architect
PyCon Nove, 20 aprile 2018
2
Agenda
• Cos’è OpenShift
• Cenni sull’architettura
• Setup di una semplice applicazione
• OpenShift per applicazioni Python: source-to-image
• Dietro le quinte: API objects
• Parametrizzare il setup di applicazioni usando i Template
• Git, OpenShift e Jenkins: integrazione nativa per la CI/CD
• Application lifecycle management
• Application promotion
• Strategie di deployment
3
OpenShift overview
• Platform as a Service di Red Hat
• OpenShift Origin è un progetto opensource
• Basato su:
– Kubernetes (CaaS)
– Docker
– Atomic
• Add-on rispetto a k8s
– API objects
– Web console
– Software Defined Network
– Docker registry
– logging centralizzato
• Focus su application lifecycle management e automation
• Red Hat OpenShift Container Platform
4
OpenShift vs Kubernetes
Source to
Image (S2I)
Integrated
Registry
Build
Configuration
Image Stream
Deployment
Configuration
Persistent
Volume Claims
Replication
Controller
Replica Sets Daemon Sets
Persistent
Volumes
Secrets Config Maps Services Routes
Software
Defined
Network (SDN)
Web console
Users and
Groups
Projects Namespaces
OpenShift Kubernetes
5
OpenShift: architettura
6
Setup di una applicazione
oc new-project demo
oc new-app https://github.com/ffiore/devops-on-openshift-demo.git
--context-dir samples/flask
--name flask-sample
• OpenShift rileva automaticamente qual è la strategy di build
– if Jenkinsfile -> Pipeline strategy
– elif Dockerfile -> Docker strategy
– else -> Source strategy
File Linguaggio
requirements.txt, setup.py python
pom.xml jee
app.json, package.json nodejs
Godeps, main.go golang
cpanfile, index.pl perl
composer.json, index.php php
Gemfile, Rakefile, config.ru ruby
build.sbt scala
• Se Source strategy, OpenShift
rileva il linguaggio
7
Setup di una applicazione
oc new-app https://github.com/ffiore/devops-on-openshift-demo.git
--context-dir samples/flask
--name flask-sample
--env WELCOME_MESSAGE=‘Hello Pycon9!’
--build-env HTTP_PROXY=‘http://x.y.z.w:8080’
oc new-app python:2.7~https://github.com/ffiore/devops-on-
openshift-demo.git
--context-dir samples/flask
--name flask-sample-python27
--env WELCOME_MESSAGE=‘Hello Pycon9!’
oc expose svc flask-sample
• Per esporre l’applicazione all’esterno (Route)
8
Source-to-image: Python
• s2i è la modalità utilizzata con Source strategy
• Nessuna modifica all’applicazione
– sufficiente requirements.txt
• 4 modalità di esecuzione
– Gunicorn
• se in requirements.txt o in setup.py (install_requires)
• entrypoint: wsgi.py (wsgi:application) o APP_MODULE
– Django development server
– Python script
• APP_FILE, default app.py
– Script file
• APP_SCRIPT, default app.sh
9
Setup di una applicazione: API objects
• BuildConfig
– Build
• ImageStream
– ImageStreamTag
• DeploymentConfig
– ReplicationController
• Pod
• Service
spec:
output:
to:
kind: ImageStreamTag
name: flask-sample:latest
source:
git:
uri: https://github.com/ffiore/devops-on-
openshift-demo
contextDir: samples/flask
type: Git
strategy:
sourceStrategy:
from:
kind: ImageStreamTag
name: python:3.5
namespace: openshift
type: Source
triggers:
- github:
secret: iopmuY9undV5grr7Z8zV
type: GitHub
- generic:
secret: QOhldIxeE2ciwomAgoY9
type: Generic
- type: ConfigChange
- type: ImageChange
apiVersion: v1
kind: BuildConfig
metadata:
annotations:
openshift.io/generated-by: OpenShiftNewApp
labels:
app: flask-sample
name: flask-sample
namespace: demo
...
10
Setup di una applicazione: API objects
• BuildConfig
– Build
• ImageStream
– ImageStreamTag
• DeploymentConfig
– ReplicationController
• Pod
• Service
apiVersion: v1
kind: ImageStream
metadata:
annotations:
openshift.io/generated-by: OpenShiftNewApp
labels:
app: flask-sample
name: flask-sample
namespace: demo
spec: {}
status:
dockerImageRepository:
172.30.0.128:5000/demo/flask-sample
11
Setup di una applicazione: API objects
• BuildConfig
– Build
• ImageStream
– ImageStreamTag
• DeploymentConfig
– ReplicationController
• Pod
• Service
template:
metadata:
...
labels:
app: flask-sample
deploymentconfig: flask-sample
spec:
containers:
- image: flask-sample:latest
imagePullPolicy: Always
name: flask-sample
ports:
- containerPort: 8080
protocol: TCP
dnsPolicy: ClusterFirst
restartPolicy: Always
terminationGracePeriodSeconds: 30
triggers:
- type: ConfigChange
- imageChangeParams:
automatic: true
containerNames:
- flask-sample
from:
kind: ImageStreamTag
name: flask-sample:latest
namespace: demo
type: ImageChange
apiVersion: v1
kind: DeploymentConfig
metadata:
name: flask-sample
namespace: demo
spec:
replicas: 1
strategy:
rollingParams:
...
type: Rolling
12
Setup di una applicazione: API objects
• BuildConfig
– Build
• ImageStream
– ImageStreamTag
• DeploymentConfig
– ReplicationController
• Pod
• Service
apiVersion: v1
kind: Service
metadata:
annotations:
openshift.io/generated-by: OpenShiftNewApp
labels:
app: flask-sample
name: flask-sample
namespace: demo
spec:
clusterIP: 172.30.82.11
ports:
- name: 8080-tcp
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: flask-sample
deploymentconfig: flask-sample
type: ClusterIP
13
Creare un Template
• Aggiungere altri API object
– ConfigMap
– Secret
– PersistentVolumeClaim
– ...
• Personalizzare gli oggetti
– consumare ConfigMap, Secret, PVC, ecc.
– creare legami tra componenti applicativi (es. applicazione + database)
• Parametrizzare gli oggetti
• Riutilizzare il tutto
– su project/ambienti diversi
– per applicazioni diverse
14
Usare i Template
oc process –f python-flask-sample-s2i.yaml
-p APPLICATION_NAME=‘welcome-app’
-p SOURCE_REPOSITORY_URL=‘https://github.com/ffiore/devops-on-openshift-
demo’
-p CONTEXT_DIR=‘samples/flask’
-p WELCOME_MESSAGE=‘Hello Pycon9!’ –o yaml | oc create –f -
• Creare l’applicazione usando il Template
• Inserire un Template «a catalogo»
oc –n devops create –f django-postgresql-persistent.yaml
• Usare un Template «a catalogo»
oc –n devops process django-psql-persistent
-p NAME=‘django-app’
-p SOURCE_REPOSITORY_URL=‘https://github.com/sclorg/django-ex’
| oc –n demo create –f -
15
Automatizzare con Jenkins
• BuildConfig possono avere strategy jenkinsPipelineStrategy
– jenkinsfile
– webhook per il triggering da Git
• OpenShift si aspetta di trovare una istanza di Jenkins
– creazione della pipeline in Jenkins
– creazione di un Build
• In alternativa, jenkins-ephemeral
• Jenkins
– autoconfigurazione al primo deploy
• puntamenti a Kubernetes
• provisioning pipeline esistenti
– openshift jenkins plugin (deprecato da OpenShift 3.7)
– openshift jenkins client plugin (GA da OpenShift 3.7)
• Parametrizzare usando Template
– automatic setup e CI/CD
16
Lifecycle management
• git flow/gitlab
flow/...
• github/generic
webhook
git
push/merge
• build applicazione
• unit test
(postCommit)
• build image
build • setup/update
database (pre)
• deploy applicazione
• integration test
(post)
deploy
17
Lifecycle management e software promotion
git
push/merge
•git flow/gitlab flow/...
•github/generic webhook
build
•build applicazione
•unit test (postCommit)
•build image
deploy DEV
•setup/update database (pre)
•deploy applicazione
•functional/integration test (post)
deploy
STAGING
•setup/update database (pre)
•deploy applicazione
•smoke test (post)
deploy
PRODUCTION
•setup/update database (pre)
•deploy applicazione
•smoke test (post)
18
Rolling deployment
• Rimpiazzare le istanze della vecchia
versione con la nuova
– readiness check
– canary deployment
– rollback automatico
• builtin in OpenShift
• quando:
– no downtime
– N-1 compatibility
• lifecycle hooks
– pre
– post
pre hook
scale in
old rc
scale out
new rc
repeat
scaling
post hook
git push
build
deploy
19
Recreate deployment
• Rimpiazzare tutte le istanze della
vecchia versione con la nuova
– readiness check
– rollback automatico
• builtin in OpenShift
• quando:
– migrazione dati
– no N-1 compatibility
– RWO volume
• downtime
• lifecycle hooks
– pre
– mid
– post
pre hook
scale in
to 0
mid hook
scale out
to N
post hook
git push
build
deploy
20
Blue-green deployment
• Obiettivo: testing prima dello switch
del traffico
– smoke test
– integration test
• 2 versioni dell’applicazione
– production
– internal (release candidate)
• ‘internal’ può essere pubblica o
privata
• 2 service
• 2 deployment configuration
• switch gestito da Jenkins
• alternativa, API manager
– <public, staging, private> URL
• N-1 compatibility
git push
build
deploy
test
go live
21
Blue-green deployment
Pod
Service
Route app
app-blue
app-blue-1-x app-blue-1-y
app-green
app-green-2-z app-green-2-k
app.os.local.int
22
Blue-green deployment
Pod
Service
Route app
app-blue
app-blue-1-x app-blue-1-y
app-green
app-green-2-z app-green-2-k
app.os.local.int
oc patch route app –p ‘{“spec”: {“to”: {“name”: “app-green”}}}’
23
Canary deployment
• Obiettivo: ridurre il rischio di deploy
di una nuova versione
• come blue/green, ma entrambe
versioni online
• 1 service
• 2 deployment configuration
• molteplici shard
• proxy shard
– scale out/in deployment configs ->
traffic splitter (%)
• N-1 compatibility
• gestito da Jenkins
git push
build
deploy
go live
test
scale
out/in
24
Canary deployment
Pod
Service
Route app
app
app1-1-x app1-1-y app1-1-z app2-1-k
app.os.local.int
25
Canary deployment
Pod
Service
Route app
app
app1-1-x app1-1-y app2-1-k app2-1-t
app.os.local.int
oc scale --replicas=2 dc app2 && oc scale --replicas=2 dc app1
26
Canary deployment
Pod
Service
Route app
app
app2-1-k app2-1-t app2-1-j app2-1-w
app.os.local.int
oc scale --replicas=4 dc app2 && oc scale --replicas=0 dc app1
27
A/B deployment
• Obiettivi:
– testing di 2 (o più) versioni
contemporaneamente
– 2 (o più) configurazioni, stessa
versione (es. più region)
• come A/B testing, ma codice + config
• 1 service
• 2 (o più) deployment configuration
• molteplici shard
• proxy shard
– scale out/in deployment configs ->
traffic splitter (%)
• N-1 compatibility
• gestito da Jenkins
git push
build
deploy
go live
test
scale
out/in
28
A/B deployment
Pod
Service
Route app
app
app-1-x app-1-k app-a-1-y app-b-2-z
app.os.local.int
29
A/B deployment
Pod
Service
Route app
app
app-1-x app-a-1-y app-b-2-z app-b-2-k
oc scale --replicas=2 dc app-b && oc scale --replicas=1 dc app
app.os.local.int
30
A/B deployment
Pod
Service
Route app
app
app-a-1-y app-a-1-t app-b-2-z app-b-2-k
oc scale --replicas=2 dc app-a && oc scale --replicas=0 dc app
app.os.local.int
31
A/B deployment
Pod
Service
Route app
app
app-b-2-z app-b-2-k app-b-2-t app-b-2-w
oc scale --replicas=4 dc app-b && oc scale --replicas=0 dc app-a
app.os.local.int
Sede Legale e Unità Operativa
Via Alfredo Campanini, 6
20124 Milano
Tel: +39 02.66732.1 – Fax: +39 02.66732.300
Unità Operativa
Via Cristoforo Colombo, 163
00147 Roma
Tel: +39 06.9826.9600 – Fax: +39 06.9826.9680
Grazie per l’attenzione!
francesco.fiore@par-tec.it | @ffiore81
https://www.par-tec.it

More Related Content

What's hot (20)

PDF
Cloud-Native CI/CD on Kubernetes with Tekton Pipelines
Nikhil Thomas
 
PDF
Red Hat OpenShift Operators - Operators ABC
Robert Bohne
 
PDF
It's a Breeze to develop Apache Airflow (Apache Con Berlin)
Jarek Potiuk
 
PDF
Introduction to Tekton
Victor Iglesias
 
PDF
GitLab as an Alternative Development Platform for Github.com
B1 Systems GmbH
 
PDF
はじめての JFrog Artifactory
Tsuyoshi Miyake
 
PDF
Open Source tools overview
Luciano Resende
 
PDF
Build and run applications in a dockerless kubernetes world
Jorge Morales
 
ODP
An OpenShift Primer for Developers to get your Code into the Cloud (PTJUG)
Eric D. Schabell
 
PDF
Meetup Openshift Geneva 03/10
MagaliDavidCruz
 
PDF
OpenShift-Build-Pipelines: Build -> Test -> Run! @JavaForumStuttgart
Tobias Schneck
 
PDF
Continuous delivery with jenkins pipelines @ devdays
Roman Pickl
 
PDF
Assign, commit, and review - A developer’s guide to OpenStack contribution-20...
OpenCity Community
 
PDF
Brief tutorial on Git
聖文 鄭
 
PDF
Gitlab ci, cncf.sk
Juraj Hantak
 
PDF
Operator SDK for K8s using Go
CloudOps2005
 
PDF
How to plan and define your CI-CD pipeline
ElasTest Project
 
PDF
Openbar 7 - Leuven - OpenShift - The Enterprise Container Platform - Piros
Openbar
 
PDF
Assign, Commit, and Review
Zhongyue Luo
 
PPTX
Workflows using Git GitHub | Edureka
Edureka!
 
Cloud-Native CI/CD on Kubernetes with Tekton Pipelines
Nikhil Thomas
 
Red Hat OpenShift Operators - Operators ABC
Robert Bohne
 
It's a Breeze to develop Apache Airflow (Apache Con Berlin)
Jarek Potiuk
 
Introduction to Tekton
Victor Iglesias
 
GitLab as an Alternative Development Platform for Github.com
B1 Systems GmbH
 
はじめての JFrog Artifactory
Tsuyoshi Miyake
 
Open Source tools overview
Luciano Resende
 
Build and run applications in a dockerless kubernetes world
Jorge Morales
 
An OpenShift Primer for Developers to get your Code into the Cloud (PTJUG)
Eric D. Schabell
 
Meetup Openshift Geneva 03/10
MagaliDavidCruz
 
OpenShift-Build-Pipelines: Build -> Test -> Run! @JavaForumStuttgart
Tobias Schneck
 
Continuous delivery with jenkins pipelines @ devdays
Roman Pickl
 
Assign, commit, and review - A developer’s guide to OpenStack contribution-20...
OpenCity Community
 
Brief tutorial on Git
聖文 鄭
 
Gitlab ci, cncf.sk
Juraj Hantak
 
Operator SDK for K8s using Go
CloudOps2005
 
How to plan and define your CI-CD pipeline
ElasTest Project
 
Openbar 7 - Leuven - OpenShift - The Enterprise Container Platform - Piros
Openbar
 
Assign, Commit, and Review
Zhongyue Luo
 
Workflows using Git GitHub | Edureka
Edureka!
 

Similar to DevOps of Python applications using OpenShift (Italian version) (20)

PDF
Openshift cheat rhce_r3v1 rhce
Darnette A
 
PDF
Rodando *qualquer coisa* na nuvem com OpenShift, o PaaS open source da Red Hat
Fabiano Franz
 
PPTX
DevOps best practices with OpenShift
Michael Lehmann
 
PDF
Red Hat Forum Benelux 2015
Microsoft
 
ODP
Deploying & Scaling OpenShift on OpenStack using Heat - OpenStack Seattle Mee...
OpenShift Origin
 
ODP
Deploying & Scaling OpenShift on OpenStack using Heat - OpenStack Seattle Mee...
Diane Mueller
 
ODP
Openshift: Build, deploy & manage open, standard containers
Jonh Wendell
 
PPTX
OpenShift: Devops Made Easy
Bent Terp
 
PDF
OPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
Natale Vinto
 
ODP
OpenShift PaaS Anywhere (Infrastructure.Next Ghent 2014-02-24) Diane Mueller
OpenShift Origin
 
PDF
Build Your Own PaaS, Just like Red Hat's OpenShift from LinuxCon 2013 New Orl...
OpenShift Origin
 
PDF
TechEvent OpenShift for Developers
Trivadis
 
PPTX
Accelerating Application Delivery with OpenShift
POSSCON
 
PDF
OpenShift As A DevOps Platform
Lalatendu Mohanty
 
ODP
OpenShift Anywhere given at Infrastructure.Next Talk at #Scale12X
OpenShift Origin
 
PDF
NLUUG Spring 2012 - OpenShift Primer
Eric D. Schabell
 
PDF
Codemotion 2012 Rome - An OpenShift Primer
Eric D. Schabell
 
PDF
PuppetConf 2016: Using Puppet with Kubernetes and OpenShift – Diane Mueller, ...
Puppet
 
PDF
OpenShift State of the Union, brought to you by JBoss
Eric D. Schabell
 
PPTX
Chapter 06: Eclipse Vert.x - Reactive Microservices with OpenShift
Firmansyah, SCJP, OCEWCD, OCEWSD, TOGAF, OCMJEA, CEH
 
Openshift cheat rhce_r3v1 rhce
Darnette A
 
Rodando *qualquer coisa* na nuvem com OpenShift, o PaaS open source da Red Hat
Fabiano Franz
 
DevOps best practices with OpenShift
Michael Lehmann
 
Red Hat Forum Benelux 2015
Microsoft
 
Deploying & Scaling OpenShift on OpenStack using Heat - OpenStack Seattle Mee...
OpenShift Origin
 
Deploying & Scaling OpenShift on OpenStack using Heat - OpenStack Seattle Mee...
Diane Mueller
 
Openshift: Build, deploy & manage open, standard containers
Jonh Wendell
 
OpenShift: Devops Made Easy
Bent Terp
 
OPENSHIFT CONTAINER PLATFORM CI/CD Build & Deploy
Natale Vinto
 
OpenShift PaaS Anywhere (Infrastructure.Next Ghent 2014-02-24) Diane Mueller
OpenShift Origin
 
Build Your Own PaaS, Just like Red Hat's OpenShift from LinuxCon 2013 New Orl...
OpenShift Origin
 
TechEvent OpenShift for Developers
Trivadis
 
Accelerating Application Delivery with OpenShift
POSSCON
 
OpenShift As A DevOps Platform
Lalatendu Mohanty
 
OpenShift Anywhere given at Infrastructure.Next Talk at #Scale12X
OpenShift Origin
 
NLUUG Spring 2012 - OpenShift Primer
Eric D. Schabell
 
Codemotion 2012 Rome - An OpenShift Primer
Eric D. Schabell
 
PuppetConf 2016: Using Puppet with Kubernetes and OpenShift – Diane Mueller, ...
Puppet
 
OpenShift State of the Union, brought to you by JBoss
Eric D. Schabell
 
Chapter 06: Eclipse Vert.x - Reactive Microservices with OpenShift
Firmansyah, SCJP, OCEWCD, OCEWSD, TOGAF, OCMJEA, CEH
 
Ad

Recently uploaded (20)

PDF
SciPy 2025 - Packaging a Scientific Python Project
Henry Schreiner
 
PPTX
Empowering Asian Contributions: The Rise of Regional User Groups in Open Sour...
Shane Coughlan
 
PDF
Driver Easy Pro 6.1.1 Crack Licensce key 2025 FREE
utfefguu
 
PDF
유니티에서 Burst Compiler+ThreadedJobs+SIMD 적용사례
Seongdae Kim
 
PDF
Generic or Specific? Making sensible software design decisions
Bert Jan Schrijver
 
PPTX
Agentic Automation: Build & Deploy Your First UiPath Agent
klpathrudu
 
PPTX
Agentic Automation Journey Series Day 2 – Prompt Engineering for UiPath Agents
klpathrudu
 
PDF
IDM Crack with Internet Download Manager 6.42 Build 43 with Patch Latest 2025
bashirkhan333g
 
PPTX
Customise Your Correlation Table in IBM SPSS Statistics.pptx
Version 1 Analytics
 
PPTX
Hardware(Central Processing Unit ) CU and ALU
RizwanaKalsoom2
 
PPTX
Agentic Automation Journey Session 1/5: Context Grounding and Autopilot for E...
klpathrudu
 
PPTX
Foundations of Marketo Engage - Powering Campaigns with Marketo Personalization
bbedford2
 
PDF
Technical-Careers-Roadmap-in-Software-Market.pdf
Hussein Ali
 
PPTX
Tally_Basic_Operations_Presentation.pptx
AditiBansal54083
 
PDF
4K Video Downloader Plus Pro Crack for MacOS New Download 2025
bashirkhan333g
 
PDF
Odoo CRM vs Zoho CRM: Honest Comparison 2025
Odiware Technologies Private Limited
 
PDF
AOMEI Partition Assistant Crack 10.8.2 + WinPE Free Downlaod New Version 2025
bashirkhan333g
 
PDF
iTop VPN With Crack Lifetime Activation Key-CODE
utfefguu
 
PDF
Open Chain Q2 Steering Committee Meeting - 2025-06-25
Shane Coughlan
 
PPTX
Help for Correlations in IBM SPSS Statistics.pptx
Version 1 Analytics
 
SciPy 2025 - Packaging a Scientific Python Project
Henry Schreiner
 
Empowering Asian Contributions: The Rise of Regional User Groups in Open Sour...
Shane Coughlan
 
Driver Easy Pro 6.1.1 Crack Licensce key 2025 FREE
utfefguu
 
유니티에서 Burst Compiler+ThreadedJobs+SIMD 적용사례
Seongdae Kim
 
Generic or Specific? Making sensible software design decisions
Bert Jan Schrijver
 
Agentic Automation: Build & Deploy Your First UiPath Agent
klpathrudu
 
Agentic Automation Journey Series Day 2 – Prompt Engineering for UiPath Agents
klpathrudu
 
IDM Crack with Internet Download Manager 6.42 Build 43 with Patch Latest 2025
bashirkhan333g
 
Customise Your Correlation Table in IBM SPSS Statistics.pptx
Version 1 Analytics
 
Hardware(Central Processing Unit ) CU and ALU
RizwanaKalsoom2
 
Agentic Automation Journey Session 1/5: Context Grounding and Autopilot for E...
klpathrudu
 
Foundations of Marketo Engage - Powering Campaigns with Marketo Personalization
bbedford2
 
Technical-Careers-Roadmap-in-Software-Market.pdf
Hussein Ali
 
Tally_Basic_Operations_Presentation.pptx
AditiBansal54083
 
4K Video Downloader Plus Pro Crack for MacOS New Download 2025
bashirkhan333g
 
Odoo CRM vs Zoho CRM: Honest Comparison 2025
Odiware Technologies Private Limited
 
AOMEI Partition Assistant Crack 10.8.2 + WinPE Free Downlaod New Version 2025
bashirkhan333g
 
iTop VPN With Crack Lifetime Activation Key-CODE
utfefguu
 
Open Chain Q2 Steering Committee Meeting - 2025-06-25
Shane Coughlan
 
Help for Correlations in IBM SPSS Statistics.pptx
Version 1 Analytics
 
Ad

DevOps of Python applications using OpenShift (Italian version)

  • 1. DevOps di applicazioni Python (e non solo) su OpenShift Francesco Fiore, System Architect PyCon Nove, 20 aprile 2018
  • 2. 2 Agenda • Cos’è OpenShift • Cenni sull’architettura • Setup di una semplice applicazione • OpenShift per applicazioni Python: source-to-image • Dietro le quinte: API objects • Parametrizzare il setup di applicazioni usando i Template • Git, OpenShift e Jenkins: integrazione nativa per la CI/CD • Application lifecycle management • Application promotion • Strategie di deployment
  • 3. 3 OpenShift overview • Platform as a Service di Red Hat • OpenShift Origin è un progetto opensource • Basato su: – Kubernetes (CaaS) – Docker – Atomic • Add-on rispetto a k8s – API objects – Web console – Software Defined Network – Docker registry – logging centralizzato • Focus su application lifecycle management e automation • Red Hat OpenShift Container Platform
  • 4. 4 OpenShift vs Kubernetes Source to Image (S2I) Integrated Registry Build Configuration Image Stream Deployment Configuration Persistent Volume Claims Replication Controller Replica Sets Daemon Sets Persistent Volumes Secrets Config Maps Services Routes Software Defined Network (SDN) Web console Users and Groups Projects Namespaces OpenShift Kubernetes
  • 6. 6 Setup di una applicazione oc new-project demo oc new-app https://github.com/ffiore/devops-on-openshift-demo.git --context-dir samples/flask --name flask-sample • OpenShift rileva automaticamente qual è la strategy di build – if Jenkinsfile -> Pipeline strategy – elif Dockerfile -> Docker strategy – else -> Source strategy File Linguaggio requirements.txt, setup.py python pom.xml jee app.json, package.json nodejs Godeps, main.go golang cpanfile, index.pl perl composer.json, index.php php Gemfile, Rakefile, config.ru ruby build.sbt scala • Se Source strategy, OpenShift rileva il linguaggio
  • 7. 7 Setup di una applicazione oc new-app https://github.com/ffiore/devops-on-openshift-demo.git --context-dir samples/flask --name flask-sample --env WELCOME_MESSAGE=‘Hello Pycon9!’ --build-env HTTP_PROXY=‘http://x.y.z.w:8080’ oc new-app python:2.7~https://github.com/ffiore/devops-on- openshift-demo.git --context-dir samples/flask --name flask-sample-python27 --env WELCOME_MESSAGE=‘Hello Pycon9!’ oc expose svc flask-sample • Per esporre l’applicazione all’esterno (Route)
  • 8. 8 Source-to-image: Python • s2i è la modalità utilizzata con Source strategy • Nessuna modifica all’applicazione – sufficiente requirements.txt • 4 modalità di esecuzione – Gunicorn • se in requirements.txt o in setup.py (install_requires) • entrypoint: wsgi.py (wsgi:application) o APP_MODULE – Django development server – Python script • APP_FILE, default app.py – Script file • APP_SCRIPT, default app.sh
  • 9. 9 Setup di una applicazione: API objects • BuildConfig – Build • ImageStream – ImageStreamTag • DeploymentConfig – ReplicationController • Pod • Service spec: output: to: kind: ImageStreamTag name: flask-sample:latest source: git: uri: https://github.com/ffiore/devops-on- openshift-demo contextDir: samples/flask type: Git strategy: sourceStrategy: from: kind: ImageStreamTag name: python:3.5 namespace: openshift type: Source triggers: - github: secret: iopmuY9undV5grr7Z8zV type: GitHub - generic: secret: QOhldIxeE2ciwomAgoY9 type: Generic - type: ConfigChange - type: ImageChange apiVersion: v1 kind: BuildConfig metadata: annotations: openshift.io/generated-by: OpenShiftNewApp labels: app: flask-sample name: flask-sample namespace: demo ...
  • 10. 10 Setup di una applicazione: API objects • BuildConfig – Build • ImageStream – ImageStreamTag • DeploymentConfig – ReplicationController • Pod • Service apiVersion: v1 kind: ImageStream metadata: annotations: openshift.io/generated-by: OpenShiftNewApp labels: app: flask-sample name: flask-sample namespace: demo spec: {} status: dockerImageRepository: 172.30.0.128:5000/demo/flask-sample
  • 11. 11 Setup di una applicazione: API objects • BuildConfig – Build • ImageStream – ImageStreamTag • DeploymentConfig – ReplicationController • Pod • Service template: metadata: ... labels: app: flask-sample deploymentconfig: flask-sample spec: containers: - image: flask-sample:latest imagePullPolicy: Always name: flask-sample ports: - containerPort: 8080 protocol: TCP dnsPolicy: ClusterFirst restartPolicy: Always terminationGracePeriodSeconds: 30 triggers: - type: ConfigChange - imageChangeParams: automatic: true containerNames: - flask-sample from: kind: ImageStreamTag name: flask-sample:latest namespace: demo type: ImageChange apiVersion: v1 kind: DeploymentConfig metadata: name: flask-sample namespace: demo spec: replicas: 1 strategy: rollingParams: ... type: Rolling
  • 12. 12 Setup di una applicazione: API objects • BuildConfig – Build • ImageStream – ImageStreamTag • DeploymentConfig – ReplicationController • Pod • Service apiVersion: v1 kind: Service metadata: annotations: openshift.io/generated-by: OpenShiftNewApp labels: app: flask-sample name: flask-sample namespace: demo spec: clusterIP: 172.30.82.11 ports: - name: 8080-tcp port: 8080 protocol: TCP targetPort: 8080 selector: app: flask-sample deploymentconfig: flask-sample type: ClusterIP
  • 13. 13 Creare un Template • Aggiungere altri API object – ConfigMap – Secret – PersistentVolumeClaim – ... • Personalizzare gli oggetti – consumare ConfigMap, Secret, PVC, ecc. – creare legami tra componenti applicativi (es. applicazione + database) • Parametrizzare gli oggetti • Riutilizzare il tutto – su project/ambienti diversi – per applicazioni diverse
  • 14. 14 Usare i Template oc process –f python-flask-sample-s2i.yaml -p APPLICATION_NAME=‘welcome-app’ -p SOURCE_REPOSITORY_URL=‘https://github.com/ffiore/devops-on-openshift- demo’ -p CONTEXT_DIR=‘samples/flask’ -p WELCOME_MESSAGE=‘Hello Pycon9!’ –o yaml | oc create –f - • Creare l’applicazione usando il Template • Inserire un Template «a catalogo» oc –n devops create –f django-postgresql-persistent.yaml • Usare un Template «a catalogo» oc –n devops process django-psql-persistent -p NAME=‘django-app’ -p SOURCE_REPOSITORY_URL=‘https://github.com/sclorg/django-ex’ | oc –n demo create –f -
  • 15. 15 Automatizzare con Jenkins • BuildConfig possono avere strategy jenkinsPipelineStrategy – jenkinsfile – webhook per il triggering da Git • OpenShift si aspetta di trovare una istanza di Jenkins – creazione della pipeline in Jenkins – creazione di un Build • In alternativa, jenkins-ephemeral • Jenkins – autoconfigurazione al primo deploy • puntamenti a Kubernetes • provisioning pipeline esistenti – openshift jenkins plugin (deprecato da OpenShift 3.7) – openshift jenkins client plugin (GA da OpenShift 3.7) • Parametrizzare usando Template – automatic setup e CI/CD
  • 16. 16 Lifecycle management • git flow/gitlab flow/... • github/generic webhook git push/merge • build applicazione • unit test (postCommit) • build image build • setup/update database (pre) • deploy applicazione • integration test (post) deploy
  • 17. 17 Lifecycle management e software promotion git push/merge •git flow/gitlab flow/... •github/generic webhook build •build applicazione •unit test (postCommit) •build image deploy DEV •setup/update database (pre) •deploy applicazione •functional/integration test (post) deploy STAGING •setup/update database (pre) •deploy applicazione •smoke test (post) deploy PRODUCTION •setup/update database (pre) •deploy applicazione •smoke test (post)
  • 18. 18 Rolling deployment • Rimpiazzare le istanze della vecchia versione con la nuova – readiness check – canary deployment – rollback automatico • builtin in OpenShift • quando: – no downtime – N-1 compatibility • lifecycle hooks – pre – post pre hook scale in old rc scale out new rc repeat scaling post hook git push build deploy
  • 19. 19 Recreate deployment • Rimpiazzare tutte le istanze della vecchia versione con la nuova – readiness check – rollback automatico • builtin in OpenShift • quando: – migrazione dati – no N-1 compatibility – RWO volume • downtime • lifecycle hooks – pre – mid – post pre hook scale in to 0 mid hook scale out to N post hook git push build deploy
  • 20. 20 Blue-green deployment • Obiettivo: testing prima dello switch del traffico – smoke test – integration test • 2 versioni dell’applicazione – production – internal (release candidate) • ‘internal’ può essere pubblica o privata • 2 service • 2 deployment configuration • switch gestito da Jenkins • alternativa, API manager – <public, staging, private> URL • N-1 compatibility git push build deploy test go live
  • 21. 21 Blue-green deployment Pod Service Route app app-blue app-blue-1-x app-blue-1-y app-green app-green-2-z app-green-2-k app.os.local.int
  • 22. 22 Blue-green deployment Pod Service Route app app-blue app-blue-1-x app-blue-1-y app-green app-green-2-z app-green-2-k app.os.local.int oc patch route app –p ‘{“spec”: {“to”: {“name”: “app-green”}}}’
  • 23. 23 Canary deployment • Obiettivo: ridurre il rischio di deploy di una nuova versione • come blue/green, ma entrambe versioni online • 1 service • 2 deployment configuration • molteplici shard • proxy shard – scale out/in deployment configs -> traffic splitter (%) • N-1 compatibility • gestito da Jenkins git push build deploy go live test scale out/in
  • 24. 24 Canary deployment Pod Service Route app app app1-1-x app1-1-y app1-1-z app2-1-k app.os.local.int
  • 25. 25 Canary deployment Pod Service Route app app app1-1-x app1-1-y app2-1-k app2-1-t app.os.local.int oc scale --replicas=2 dc app2 && oc scale --replicas=2 dc app1
  • 26. 26 Canary deployment Pod Service Route app app app2-1-k app2-1-t app2-1-j app2-1-w app.os.local.int oc scale --replicas=4 dc app2 && oc scale --replicas=0 dc app1
  • 27. 27 A/B deployment • Obiettivi: – testing di 2 (o più) versioni contemporaneamente – 2 (o più) configurazioni, stessa versione (es. più region) • come A/B testing, ma codice + config • 1 service • 2 (o più) deployment configuration • molteplici shard • proxy shard – scale out/in deployment configs -> traffic splitter (%) • N-1 compatibility • gestito da Jenkins git push build deploy go live test scale out/in
  • 28. 28 A/B deployment Pod Service Route app app app-1-x app-1-k app-a-1-y app-b-2-z app.os.local.int
  • 29. 29 A/B deployment Pod Service Route app app app-1-x app-a-1-y app-b-2-z app-b-2-k oc scale --replicas=2 dc app-b && oc scale --replicas=1 dc app app.os.local.int
  • 30. 30 A/B deployment Pod Service Route app app app-a-1-y app-a-1-t app-b-2-z app-b-2-k oc scale --replicas=2 dc app-a && oc scale --replicas=0 dc app app.os.local.int
  • 31. 31 A/B deployment Pod Service Route app app app-b-2-z app-b-2-k app-b-2-t app-b-2-w oc scale --replicas=4 dc app-b && oc scale --replicas=0 dc app-a app.os.local.int
  • 32. Sede Legale e Unità Operativa Via Alfredo Campanini, 6 20124 Milano Tel: +39 02.66732.1 – Fax: +39 02.66732.300 Unità Operativa Via Cristoforo Colombo, 163 00147 Roma Tel: +39 06.9826.9600 – Fax: +39 06.9826.9680 Grazie per l’attenzione! [email protected] | @ffiore81 https://www.par-tec.it