Ask the Product Manager Office Hours: Operators and Helm

Slide 1

Slide 1 text

CONFIDENTIAL designator OpenShift.tv Twitch Stream 04/19/2021 Helm & Operators Daniel Messer OpenShift Product Mgr Stevan LeMeur OpenShift Product Mgr 1

Slide 2

Slide 2 text

CONFIDENTIAL designator 2

Slide 3

Slide 3 text

CONFIDENTIAL designator Helm on OpenShift 3 ● 2016 - Joined CNCF ● 2020 - Graduated status Active development community Top level CNCF Project ● 13,000+ contributors ● 1,700+ contributing companies ● 9,500+ code commits Project Overview ● https://helm.sh/ ● https://github.com/helm/helm Package manager for Kubernetes applications deﬁne, install and update apps

Slide 4

Slide 4 text

CONFIDENTIAL designator GENERAL DISTRIBUTION WHAT IS HELM? 4 a package consisting of related Kubernetes YAML ﬁles a place where Charts can be stored, shared and distributed a speciﬁc instance of a Chart deployed on Kubernetes Chart Repository Release

Slide 5

Slide 5 text

CONFIDENTIAL designator GENERAL DISTRIBUTION How does Helm Work? 5 Releases (Kubernetes resources) Helm Chart (templates) Values (conﬁgs)

Slide 6

Slide 6 text

CONFIDENTIAL designator GENERAL DISTRIBUTION OPENSHIFT NAMESPACE Image Repository Releases How does Helm Work? 6 Helm Chart (templates) Values (conﬁgs) Helm CLI OpenShift Console

Slide 7

Slide 7 text

CONFIDENTIAL designator 7 Helm Demo

Slide 8

Slide 8 text

GENERAL DISTRIBUTION Helm & Operators 8 Phase I Phase II Phase III Phase IV Phase V Basic Install Automated application provisioning and conﬁguration management Seamless Upgrades Patch and minor version upgrades supported Full Lifecycle App lifecycle, storage lifecycle (backup, failure recovery) Deep Insights Metrics, alerts, log processing and workload analysis Auto Pilot Horizontal/vertical scaling, auto conﬁg tuning, abnormal detection, scheduling tuning Operator Automated Day-2 Operations Helm Package and Basic Install

Slide 9

Slide 9 text

CONFIDENTIAL designator Kubernetes Operators 9 Custom Resource Developer / OpenShift User Deployments StatefulSets Autoscalers Secrets ConfigMaps PersistentVolumes k8s API apiVersion: database.example.com/v2 kind: EnterpriseDatabase metadata: name: my-example-database spec: size: 5 version: 3.2.13 Custom Kubernetes Controller Watch Events Reconciliation + Custom Resource Definition Kubernetes Operator Built-in Kubernetes Resources

Slide 10

Slide 10 text

CONFIDENTIAL designator Helm Charts & Kubernetes Operators Compared 10 What does the user get? Helm Kubernetes Operator A packaged, templated version of the application itself A piece of software that offers an application on-demand / as-a-service

Slide 11

Slide 11 text

CONFIDENTIAL designator Helm Charts & Kubernetes Operators Compared 11 Where does it run? Helm Kubernetes Operator Invokes the Kubernetes API from outside the cluster Runs on the cluster with direct integration on the Kubernetes control plane, can also talk to external APIs (cloud services)

Slide 12

Slide 12 text

CONFIDENTIAL designator Helm Charts & Kubernetes Operators Compared 12 When does it run? Helm Kubernetes Operator Invoked manually or via GitOps using helm tool outside of the cluster Runs constantly and can respond to cluster / app events, invoked via Kubernetes API calls (manually or programmatically/via GitOps) 1x

Slide 13

Slide 13 text

CONFIDENTIAL designator 13 Namespace Configuration Operator

Slide 14

Slide 14 text

CONFIDENTIAL designator Helm Charts & Kubernetes Operators Compared 14 What is the main objective? Helm Kubernetes Operator Quick deployment with customizations and basic updates Automating Day 1 and Day 2 operations / integration with external systems / event-based automation 1. Download 2. Customize 3. Deploy App 4. Reconfigure 5. Retire Self-Heal Auto-Tune Backup Restore Failover Failback Request App Request External Service Update Applications Reconfigure / Retire Applications Automate workflows React to cluster events

Slide 15

Slide 15 text

CONFIDENTIAL designator Helm Charts & Kubernetes Operators Compared 15 What about permissions? Helm Kubernetes Operator Runs with the permissions of the app / users Runs with different permissions than those of the app and users RBAC inheritance RBAC inheritance RBAC inheritance

Slide 16

Slide 16 text

CONFIDENTIAL designator Helm Charts & Kubernetes Operators Compared 16 How does it do its job? Helm Kubernetes Operator Relies on built-in Kubernetes functionality to manage app, can ship custom pre-/post- deployment/update hooks to perform basic lifecycle Contains app-specific logic to ensure consistency, ordering, integrity of application operations over extended period of time 1x 1. 1. 1. 1. 2. 3.

Slide 17

Slide 17 text

CONFIDENTIAL designator 17 A production example

Slide 18

Slide 18 text

CONFIDENTIAL designator Application Example: Quay Registry 18 How to deploy Quay Get Redis Get PostgreSQL Get Object Storage Run Quay Config Editor Download Config Bundle Run Quay Run Clair Run Mirroring Workers Admin 1. 2. 3.

Slide 19

Slide 19 text

CONFIDENTIAL designator Application Example: Quay Registry 19 How to re-configure Quay Admin Run Quay Config Editor Update Secret Restart Quay pods Restart Clair pods Restart Mirror workers pods 1. 2. 3.

Slide 20

Slide 20 text

CONFIDENTIAL designator Application Example: Quay Registry 20 How to update Quay Admin Scale up one Quay Pod w/ new image Scale down Quay to 0 Database migrations Scale-up Quay w/ newer images

Slide 21

Slide 21 text

CONFIDENTIAL designator 21 Quay Operator

Slide 22

Slide 22 text

GENERAL DISTRIBUTION Application Packaging vs. User Experience 22 Application Lifecycle Management Application Packaging Complexity Better consumption experience Higher Package Maintainer Effort

Slide 23

Slide 23 text

GENERAL DISTRIBUTION Your application packaging journey 23 Phase I Phase II Phase III Phase IV Phase V Basic Install Automated application provisioning and configuration management Seamless Upgrades Patch and minor version upgrades supported Full Lifecycle App lifecycle, storage lifecycle (backup, failure recovery) Deep Insights Metrics, alerts, log processing and workload analysis Auto Pilot Horizontal/vertical scaling, auto config tuning, abnormal detection, scheduling tuning Helm / Golang / Ansible Operator Automated App Day-2 Operations & Integrate external services Helm Chart Install & Basic Updates / Reconfigure Hybrid Operators are coming. Mix-and-match Helm Charts with Go Code and Ansible Playbooks in a single Operator project.

Slide 24

Slide 24 text

CONFIDENTIAL designator 24

Slide 25

Slide 25 text

GENERAL DISTRIBUTION Helm & Operators Capabilities 25 Helm Chart Operator Packaging ✓ ✓ App Installation ✓ ✓ App Update (kubernetes manifests) ✓ ✓ App Upgrade (data migration, sequencing, etc) - ✓ Backup & Recovery - ✓ Auto tuning / Self-Healing with Workload & Log Analysis - ✓ Integrate external cloud services / APIs - ✓ Event-based automation - ✓ Custom App Deployment Managed Service / Automation

Slide 26

Slide 26 text

CONFIDENTIAL designator 26 Learn More

Slide 27

Slide 27 text

Helm Resources Helm Documentation https://helm.sh/docs/ Helm Project Repository https://github.com/helm/helm Slack https://slack.kubernetes.io/ (#helm) 27 Helm on OpenShift Interactive Lab https://learn.openshift.com/developing-on-openshift/helm/ Learn Helm https://www.packtpub.com/cloud-networking/learn-helm Learn JKube https:/www.eclipse.org/jkube/ Extend your knowledge of the Helm ecosystem

Slide 28

Slide 28 text

Operator Resources Operator SDK Operator SDK Documentation Operator Framework Project https;//operatorframework.io Slack https://slack.kubernetes.io/ #kubernetes-operators #operator-sdk-dev #olm-dev 28 Helm on OpenShift Interactive Lab https://learn.openshift.com/operatorframework/ Learn the Operator Pattern https://developers.redhat.com/books/kubernetes-operators Learn how to create Kubernetes Operators