Ask the Product Manager Office Hours: Operators and Helm

Transcript

1. CONFIDENTIAL designator OpenShift.tv Twitch Stream 04/19/2021 Helm & Operators Daniel

   Messer OpenShift Product Mgr Stevan LeMeur OpenShift Product Mgr 1

2. CONFIDENTIAL designator 2

3. CONFIDENTIAL designator Helm on OpenShift 3 • 2016 - Joined

   CNCF • 2020 - Graduated status Active development community Top level CNCF Project • 13,000+ contributors • 1,700+ contributing companies • 9,500+ code commits Project Overview • https://helm.sh/ • https://github.com/helm/helm Package manager for Kubernetes applications define, install and update apps

4. CONFIDENTIAL designator GENERAL DISTRIBUTION WHAT IS HELM? 4 a package

   consisting of related Kubernetes YAML files a place where Charts can be stored, shared and distributed a specific instance of a Chart deployed on Kubernetes Chart Repository Release

5. CONFIDENTIAL designator GENERAL DISTRIBUTION How does Helm Work? 5 Releases

   (Kubernetes resources) Helm Chart (templates) Values (configs)

6. CONFIDENTIAL designator GENERAL DISTRIBUTION OPENSHIFT NAMESPACE Image Repository Releases How

   does Helm Work? 6 Helm Chart (templates) Values (configs) Helm CLI OpenShift Console

7. CONFIDENTIAL designator 7 Helm Demo

8. GENERAL DISTRIBUTION Helm & Operators 8 Phase I Phase II

   Phase III Phase IV Phase V Basic Install Automated application provisioning and configuration management Seamless Upgrades Patch and minor version upgrades supported Full Lifecycle App lifecycle, storage lifecycle (backup, failure recovery) Deep Insights Metrics, alerts, log processing and workload analysis Auto Pilot Horizontal/vertical scaling, auto config tuning, abnormal detection, scheduling tuning Operator Automated Day-2 Operations Helm Package and Basic Install

9. CONFIDENTIAL designator Kubernetes Operators 9 Custom Resource Developer / OpenShift

   User Deployments StatefulSets Autoscalers Secrets ConfigMaps PersistentVolumes k8s API apiVersion: database.example.com/v2 kind: EnterpriseDatabase metadata: name: my-example-database spec: size: 5 version: 3.2.13 Custom Kubernetes Controller Watch Events Reconciliation + Custom Resource Definition Kubernetes Operator Built-in Kubernetes Resources

10. CONFIDENTIAL designator Helm Charts & Kubernetes Operators Compared 10 What

    does the user get? Helm Kubernetes Operator A packaged, templated version of the application itself A piece of software that offers an application on-demand / as-a-service

11. CONFIDENTIAL designator Helm Charts & Kubernetes Operators Compared 11 Where

    does it run? Helm Kubernetes Operator Invokes the Kubernetes API from outside the cluster Runs on the cluster with direct integration on the Kubernetes control plane, can also talk to external APIs (cloud services)

12. CONFIDENTIAL designator Helm Charts & Kubernetes Operators Compared 12 When

    does it run? Helm Kubernetes Operator Invoked manually or via GitOps using helm tool outside of the cluster Runs constantly and can respond to cluster / app events, invoked via Kubernetes API calls (manually or programmatically/via GitOps) 1x

13. CONFIDENTIAL designator 13 Namespace Configuration Operator

14. CONFIDENTIAL designator Helm Charts & Kubernetes Operators Compared 14 What

    is the main objective? Helm Kubernetes Operator Quick deployment with customizations and basic updates Automating Day 1 and Day 2 operations / integration with external systems / event-based automation 1. Download 2. Customize 3. Deploy App 4. Reconfigure 5. Retire Self-Heal Auto-Tune Backup Restore Failover Failback Request App Request External Service Update Applications Reconfigure / Retire Applications Automate workflows React to cluster events

15. CONFIDENTIAL designator Helm Charts & Kubernetes Operators Compared 15 What

    about permissions? Helm Kubernetes Operator Runs with the permissions of the app / users Runs with different permissions than those of the app and users RBAC inheritance RBAC inheritance RBAC inheritance

16. CONFIDENTIAL designator Helm Charts & Kubernetes Operators Compared 16 How

    does it do its job? Helm Kubernetes Operator Relies on built-in Kubernetes functionality to manage app, can ship custom pre-/post- deployment/update hooks to perform basic lifecycle Contains app-specific logic to ensure consistency, ordering, integrity of application operations over extended period of time 1x 1. 1. 1. 1. 2. 3.

17. CONFIDENTIAL designator 17 A production example

18. CONFIDENTIAL designator Application Example: Quay Registry 18 How to deploy

    Quay Get Redis Get PostgreSQL Get Object Storage Run Quay Config Editor Download Config Bundle Run Quay Run Clair Run Mirroring Workers Admin 1. 2. 3.

19. CONFIDENTIAL designator Application Example: Quay Registry 19 How to re-configure

    Quay Admin Run Quay Config Editor Update Secret Restart Quay pods Restart Clair pods Restart Mirror workers pods 1. 2. 3.

20. CONFIDENTIAL designator Application Example: Quay Registry 20 How to update

    Quay Admin Scale up one Quay Pod w/ new image Scale down Quay to 0 Database migrations Scale-up Quay w/ newer images

21. CONFIDENTIAL designator 21 Quay Operator

22. GENERAL DISTRIBUTION Application Packaging vs. User Experience 22 Application Lifecycle

    Management Application Packaging Complexity Better consumption experience Higher Package Maintainer Effort

23. GENERAL DISTRIBUTION Your application packaging journey 23 Phase I Phase

    II Phase III Phase IV Phase V Basic Install Automated application provisioning and configuration management Seamless Upgrades Patch and minor version upgrades supported Full Lifecycle App lifecycle, storage lifecycle (backup, failure recovery) Deep Insights Metrics, alerts, log processing and workload analysis Auto Pilot Horizontal/vertical scaling, auto config tuning, abnormal detection, scheduling tuning Helm / Golang / Ansible Operator Automated App Day-2 Operations & Integrate external services Helm Chart Install & Basic Updates / Reconfigure Hybrid Operators are coming. Mix-and-match Helm Charts with Go Code and Ansible Playbooks in a single Operator project.

24. CONFIDENTIAL designator 24

25. GENERAL DISTRIBUTION Helm & Operators Capabilities 25 Helm Chart Operator

    Packaging ✓ ✓ App Installation ✓ ✓ App Update (kubernetes manifests) ✓ ✓ App Upgrade (data migration, sequencing, etc) - ✓ Backup & Recovery - ✓ Auto tuning / Self-Healing with Workload & Log Analysis - ✓ Integrate external cloud services / APIs - ✓ Event-based automation - ✓ Custom App Deployment Managed Service / Automation

26. CONFIDENTIAL designator 26 Learn More

27. Helm Resources Helm Documentation https://helm.sh/docs/ Helm Project Repository https://github.com/helm/helm Slack

    https://slack.kubernetes.io/ (#helm) 27 Helm on OpenShift Interactive Lab https://learn.openshift.com/developing-on-openshift/helm/ Learn Helm https://www.packtpub.com/cloud-networking/learn-helm Learn JKube https:/www.eclipse.org/jkube/ Extend your knowledge of the Helm ecosystem

28. Operator Resources Operator SDK Operator SDK Documentation Operator Framework Project

    https;//operatorframework.io Slack https://slack.kubernetes.io/ #kubernetes-operators #operator-sdk-dev #olm-dev 28 Helm on OpenShift Interactive Lab https://learn.openshift.com/operatorframework/ Learn the Operator Pattern https://developers.redhat.com/books/kubernetes-operators Learn how to create Kubernetes Operators