Orchestructure: Building Kubernetes Operators with Ansible Talk

Building Kubernetes
Operators with
Ansible
CHRIS SHORT
PRINCIPAL TECHNICAL MARKETING
MANAGER, CLOUD PLATFORMS
@ChrisShort

View Slide

The Ansible Operator SDK makes it
easier to deploy and manage Kubernetes
applications with native Ansible support

View Slide

Manage how containerized apps interact
with other apps or the outside world
Run distributed systems resiliently across
a cluster of nodes
Perform health checks
Kubernetes Operators with Ansible
What does Kubernetes help do?
Scale your services up or down
Perform graceful rolling updates
Networking and routing of trafﬁc
Manages ephemeral and persistent
storage volumes

View Slide

Pod
Deployment
DaemonSet
ReplicaSet
StatefulSet
Job
CronJob
Kubernetes objects are persistent entities that represent the state
of your cluster that you can mange with the K8s API
EndPoints
Ingress
Service
ConﬁgMap
Secret
StorageClass
Volume
Namespace
NetworkPolicy
PersistentVolume
Role
RoleBinding
ServiceAccount
Understanding Kubernetes objects

View Slide

apiVersion: v1
kind: Pod
metadata:
name: example-app
labels:
app: example-app
spec:
containers:
- name: example
image: companyname/example:v1.2.0
ports:
- containerPort: 8000
apiVersion: v1
kind: Service
metadata:
name: example-service
spec:
selector:
app: example-app
ports:
- protocol: TCP
port: 80
targetPort: 8000
Kubernetes Object Deﬁnitions

View Slide

Extending Kubernetes with a
Custom Resource Deﬁnition (CRD)
apiVersion:
cache.example.com/v1alpha1
kind: Memcached
metadata:
name: example-memcached
spec:
size: 3
Custom resources deﬁnition (CRD) is a
powerful feature introduced into Kubernetes
which enables users to add their own/custom
objects to the Kubernetes cluster and use it
like any other native Kubernetes objects.

View Slide

Ansible ﬁts naturally into a
Kubernetes environment

View Slide

Kubernetes and Ansible
● Both help make hard things easier through automation and orchestration
● Both are very active and widely used open source projects
● Both have vibrant communities working to solve common problems
● Both use YAML to describe the desired state of the world

View Slide

apiVersion: v1
kind: ConfigMap
metadata:
name: foo
namespace: default
data:
color: red
- name: create foo configmap
k8s:
definition:
apiVersion: v1
kind: ConfigMap
metadata:
name: foo
namespace: default
data:
color: “{{ color }}”
YAML to describe the desired state of the world
KUBERNETES/KUBECTL ANSIBLE

View Slide

Templating Kubernetes resource deﬁnitions
with Ansible
---
- name: create foo configmap
k8s:
definition: "{{ lookup('template', '/foo.yml') | from_yaml
}}"

View Slide

What are
Kubernetes Operators?

View Slide

Stateless is easy,
Stateful is hard

View Slide

● Encode human operational knowledge
● Automatically patch, upgrade, recover, and tune
container-based apps and services
● Kubernetes-native
● Purpose-built for a speciﬁc application or service
● Enable “day 2” management
Kubernetes Operators
Operators simplify management of complex applications
on Kubernetes

View Slide

Encoding and automating Ops knowledge
WITH OPERATORS: PROACTIVE
Continually adjusts to optimal state
Automatically acts in milliseconds
WITHOUT OPERATORS: REACTIVE
Continually checks for anomalies
Alert humans for response
Requires manual change to ﬁx

View Slide

K8S API CUSTOM
RESOURCE & MY
APP STATE
WATCH
EVENTS
RECONCILE MY K8S
APPLICATION
The Operator Pattern
Controller

View Slide

github.com/operator-framework
Install, update, and manage
Operators and their
dependencies
An open source toolkit to manage application instances
on Kubernetes in an automated, scalable way
Build Operators without
specialized knowledge of
the Kubernetes API
Enable usage reporting
for Operators
Operator Framework

View Slide

Why build Operators
with Ansible?

View Slide

Making it easier to deploy and manage Kubernetes apps in an Ansible-native way
Ansible Operator SDK
Use the Operator SDK to
create a new skeleton
Operator.
operator-sdk new Add Ansible Content
Use Ansible Roles and
playbooks to manage
lifecycle events for your
containerized applications.
operator-sdk build
Use the Operator SDK to
build and deploy your
Operator to Kubernetes.

View Slide

EXISTING SKILLS & ECOSYSTEM
Same tried & trusted Ansible tooling
Utilize existing skills
Supports cloud-native & traditional IT automation
with one simple language
Leverages vibrant existing ecosystem
Why build Operators with Ansible?
LOWER BARRIER OF ENTRY
No programming required
Faster iterations and easier maintenance
Declarative state deﬁnitions like K8s
Templating of resources
Abstraction layer & helpers that reduces
necessary K8s API experience

View Slide

Operator capability level
Phase I Phase II Phase III Phase IV Phase V
Basic Install
Automated application
provisioning and
conﬁguration management
Seamless Upgrades
Patch and minor version
upgrades supported
Full Lifecycle
App lifecycle, storage
lifecycle (backup, failure
recovery)
Deep Insights
Metrics, alerts, log
processing and workload
analysis
Auto Pilot
Horizontal/vertical scaling,
auto conﬁg tuning, abnormal
detection, scheduling tuning

View Slide

K8S API MY K8S
APPLICATION
K8s Operator with Ansible
WATCH
FILE
PLAYBOOK
OR ROLE
OPERATOR
SDK
BINARY
Design overview
CUSTOM
RESOURCE & MY
APP STATE

View Slide

K8S API
CUSTOM
RESOURCE
MY K8S
APPLICATION
automatically
updates resource
status
OPERATOR SDK BINARY
K8s Operator with Ansible
WATCHES.YML
ANSIBLE
RUNNER
executes
& reports
Reconciliation with K8s Cluster
event monitoring
manages
INFORMER
REVERSE
PROXY
reads

View Slide

Developing your ﬁrst
Operator with Ansible

View Slide

Developing your first Operator with Ansible
● Initialize Your Operator With Ansible
○ $ operator-sdk new foo-operator
--api-version=cache.example.com/v1alpha1 --kind=Foo --type=ansible
● Automate With Ansible
○ Create new roles and playbooks or reuse an existing one
● Define a watches file
○ Map a Kubernetes object to your Ansible content
● Build Your Operator
○ $ operator-sdk build foo-operator:v0.0.1
● Deploy Your Operator to a Kubernetes Cluster

View Slide

Initialize your Operator with Ansible
$ operator-sdk new memcached-operator
--api-version=cache.example.com/v1alpha1
--kind=Memcached --type=ansible
The new command in the Operator SDK using
type=ansible will create an Ansible Role
skelton, watches.yaml mapping ﬁle, CRD,
deploy manifest for the Operator and basic
tests using Molecule.

View Slide

Automate with Ansible
● Develop Ansible playbook or roles to reconcile your Kubernetes application
and manage its lifecycle
● Data from the associated Custom Resource will be passed into the Ansible run
by extra_vars for use with your tasks, templates, conditionals etc.
● Typically your automation will leverage the Ansible k8s module and other
associated ones to interact with the Kubernetes cluster itself

View Slide

Ansible Roles
Roles are a package of closely related
Ansible content that can be shared more
easily than plays alone:
Improves readability & maintainability of complex plays
Eases sharing, reuse and standardization of automation
processes
Enables Ansible content to exist independently of
playbooks, projects -- even organizations
Provides functional conveniences such as ﬁle path
resolution and default values
memcached/
├── defaults
│ └── main.yml
├── files
├── handlers
├── meta
├── tasks
├── templates
├── tests
└── vars
└── main.yml

View Slide

Mapping Kubernetes events to Ansible automation
Maps a Kubernetes Group Version Kind (GVK) to a role or playbook
# watches.yaml
---
version: v1alpha1
group: cache.example.com
kind: Memcached
playbook:
/path/to/playbook
The “watches” ﬁle (watches.yaml)
maps a Kubernetes object to your
Ansible automation
Associates the Kubernetes Group, Version, Kind
(GVK) to an Ansible Role or Playbook
The Operator SDK binary watches the cluster for
matching events deﬁned in the watches.yml
Executes the associated Ansible content when an
event occurs

View Slide

Custom resource spec to Ansible extra variables
apiVersion:
kind:
metadata:
name:
spec:
:
….
status:
:
….
spec: values will be translated to
Ansible extra_vars.
status: will be a generic status
recorded by the Ansible Operator
SDK operator. This will use
ansible-runner output to generate
meaningful information for the user.

View Slide

Anatomy of Ansible-enabled Operator image
your Operator image
Ansible Role
Ansible Role
watches.yaml
base Ansible Operator SDK image
Operator SDK Binary
ansible-runner
Ansible
Python + Libraries

View Slide

Build your Operator image
$ operator-sdk build memcached-operator:v0.0.1
…
….
Digest: sha256:6d3b4e6c9eca300277655f5bd2dcbcc33d12c3ac297a71aff4d5f723e09d606a
Status: Downloaded newer image for quay.io/water-hole/ansible-operator:latest
---> ff7b5533bfd2
Step 2/3 : COPY roles/ ${HOME}/roles/
---> d6ec895c8a6d
Removing intermediate container eac3560f3dab
Step 3/3 : COPY watches.yaml ${HOME}/watches.yaml
---> 060f91e9a843
Removing intermediate container f680881ec972
Successfully built 060f91e9a843

View Slide

Deploy your Operator
● Create RBAC and Service Account objects for the Operator
● Create the Operator Custom Resource Deﬁnition (CRD)
● Deploy the Operator to the cluster
● Create a Custom Resource (CR) to initialize the Operator

View Slide

Explore Operators
OperatorHub.io is a home for
the Kubernetes community to
share Operators.
Find an existing Operator or
list your own today.

View Slide

Advanced
Operator patterns

View Slide

Get started with Ansible: Get started with Operators:
ansible.com/get-started
ansible.com/community
github.com/operator-framework/getting-started
ansible.com/operators
Next steps

View Slide

etcd Operator
A great example of a sophisticated Kubernetes
Operator using Ansible:
github.com/water-hole/etcd-ansible-operator
Memcached Operator
Simple walkthrough for building an Operators using the
Ansible Operator SDK and Kubernetes CRDs
github.com/operator-framework/operator-sdk-sample
s/tree/master/memcached-operator
More resources

View Slide

Red Hat Certiﬁed Operators
Red Hat Partners that certify their
Operators have special status due to
their backing of the Operator(s) with
formal support, testing, and joint
go-to-market activities.
● Register to Red Hat Connect
● Join TSANet
● For Each Operator Version Release:
○ Test
○ Submit
○ Release
○ Publish
See the Operator Developer Guide for Red Hat
Partners for more details on the Red Hat
Certiﬁed Operators program.

View Slide

linkedin.com/company/red-hat
youtube.com/user/RedHatVideos
facebook.com/redhatinc
twitter.com/RedHat
Thank you

View Slide

A SMARTER KUBERNETES PLATFORM
Automated installation, patching, and updates from the OS on up*
APPLICATIONS AND SERVICES
ISV Operators
Custom Operators (built w/Operator SDK)
PLATFORM AND CLUSTER MANAGEMENT
Automated updates for Kubernetes,
monitoring, security, registry and more
LINUX HOST
Atomic, over-the-air updates for
Red Hat CoreOS
ANY INFRASTRUCTURE
*coming soon
ACROSS HYBRID / MULTI CLOUD DEPLOYMENTS
Automated operations

View Slide

● Supported model for running
Playbooks in an Operator fashion
● Great for Ops teams that aren’t
traditional devs
● Takes the human out of the loop
● Connects the playbooks to
Kubernetes events like Node failures Tomcat Object
apiVersion: apache.org/v1
kind: Tomcat
metadata:
name: example-app
Namespace: production
spec:
replicaCount: 10
maxActiveSessions: 500
Container Build
Ansible
Playbooks
Operator Container
v1.2.7 Tomcat Object
apiVersion: apache.org/v1
kind: Tomcat
metadata:
name: prod-1.2.7
Namespace: production
spec:
replicaCount: 10
maxActiveSessions: 1000
Running Operator
v1.2.7
$ oc get Tomcats --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
production prod-1.2.7 1/1 Running 0 4d
staging staging-v1.2.8 1/1 Running 1 2h
ANSIBLE OPERATOR SDK Playbook
Mapping

View Slide

Orchestructure: Building Kubernetes Operators with Ansible Talk

Orchestructure: Building Kubernetes Operators with Ansible Talk

Chris Short

More Decks by Chris Short

Other Decks in Technology

Featured

Transcript