IBM Cloud Private. Presenters: Tim John Panelists: Tim Pouyer, Ajay Apte, Olaph Wagoner, Jason Kennedy

Transcription

1 IBM Cloud Private Presenters: Tim John Panelists: Tim Pouyer, Ajay Apte, Olaph Wagoner, Jason Kennedy

2 Outline What is IBM Cloud Private Tour of IBM Cloud Private Community Edition Helm charts Using ICP CLI Services in Kubernetes Ingress resources Network policy resources Get your own IBM Cloud Private CE 2

3 Enterprises are rapidly adopting cloud capabilities but are encumbered with transforming existing application and infrastructure estate Example financial services application portfolio CHALLENGES Multi-provider security concerns Connectivity and performance Integration, Data management, service assurance & governance NOTE: The above is a representative example only Rapidly evolving technology Organizational & cultural changes to adopt DevOps transformations More ready for cloud May be ready for cloud Not ready for cloud What are best cloud technology choices and process changes needed? What are the options to optimize environments that are not cloud-ready? 3

4 What can help to close the gap? Public Cloud SaaS DevOps Services PaaS CaaS IaaS Security Orchestration Management Abstract the underlying infrastructure through - Automation & Patterns - Containerization Integration Infrastructure (Network, Storage) API Private Cloud Data Application & Data Integration Middleware DevOps Services PaaS CaaS IaaS Security Orchestration Management Security DevOps & Orchestration Service Management & Governance Run existing applications on new middleware deploy, run & manage models Provide Cloud Native Experience within existing data centers Integrate with one or more external cloud providers (incl. SaaS) Integration Enterprise Infrastructure ALM Middleware VMs Security Orchestration Management Manage application & infrastructure across existing, on- & off-premises clouds 4

5 IBM Cloud Private components Kubernetes based container platform Industry leading container orchestration platform across private, dedicated & public clouds Common Services To simplify operations management, DevOps, and hybrid integration Middleware, Data & Analytics Services Cloud enabled middleware, application runtimes, messaging, databases & analytics to optimize current investments and rapidly innovate --And-- With flexible infrastructure support: install on Openstack or VMware Managed by the customer Cloud Foundry For prescribed application development & deployment 5

6 IBM Cloud Private core personas Todd Jane Operations / Admin Enterprise Developer Responsible for infrastructure, security, and management of the environment. Responsible for modernizing existing applications and creating new Cloud Native Workloads. IBM Cloud private empowers both developers and administrators to meet business demands: IT Operations and Administrators can quickly set up a modern, flexible, and compliant private cloud Developers can create new cloud-native applications, optimize existing ones, and securely connect their applications with data and services across all clouds transforming the way IT operations and developers work 6

7 IBM Cloud Private use cases 1. Optimize legacy apps with cloud 2. Open your datacenter to work with cloud services Public Cloud Services Self-service Experience APIs Next Generation Middleware, Data & Analytics Integration Services & Cloud Native Programming Models Automation & Orchestration Automation & Orchestration Containers & Common Services Containers & Common Services Cloud-enabled middleware Machine Learning on p/z Blockchain Business Process Data & Apps On-Premises Software & Services Integration & Hybrid Cloud 3. Create new cloud native applications New Applications Cloud Native Services & Runtimes Automation & Orchestration Containers & Common Services New Applications 7

8 Kubernetes-based platform 8

9 Example Application 9

10 ICP Walkthrough 10

11 Helm Package manager for Kubernetes RedHat/Fedora rpm Microsoft msi Ubuntu apt Kubernetes helm Two components a client (helm) and a server (tiller) helm tiller app1 app2 worker1 worker2 worker3 or... helm master k8s cluster 11

12 Helm packages are called "charts" Each chart is a folder named for the chart A minimum chart contains: description - Chart.yaml templates folder with kubernetes resource definitions Most charts include values.yaml to specify installation defaults used in templates wordpress/ Chart.yaml LICENSE README.md requirements.yaml values.yaml charts/ templates/ # # # # # # # # templates/notes.txt A YAML file containing information about the chart OPTIONAL: A plain text file containing the license for the chart OPTIONAL: A human-readable README file OPTIONAL: A YAML file listing dependencies for the chart The default configuration values for this chart OPTIONAL: A directory containing any charts upon which this chart depends. A directory of templates that, when combined with values, will generate valid Kubernetes manifest files. # OPTIONAL: A plain text file containing short usage notes 12

13 Chart repositories Charts can be collected and shared using a repository charts/ bar-dev tgz foo-dev tgz... index.yaml # tarball of the bar chart # tarball of the foo chart # A YAML file with catalog of charts The index file can be created by helm $ helm repo index example: 13

14 Ingress Resource to provide external access to cluster services primarily HTTP Load Balancing TLS Virtual Hosting IBM Cloud Private nginx 14

15 Simple Ingress resource definition Minimal definition Sends all traffic arriving at /testpath to service named test at port 80 apiversion: extensions/v1beta1 kind: Ingress metadata: name: test-ingress annotations: ingress.kubernetes.io/rewrite-target: / spec: rules: - http: paths: - path: /testpath backend: servicename: test serviceport: 80 15

16 More complicated Fan out paths to different services Traffic to foo.bar.com/foo goes to service s1 and port 80 Traffic to foo.bar.com/bar goes to service s2 and port 80 apiversion: extensions/v1beta1 kind: Ingress metadata: name: test-ingress annotations: ingress.kubernetes.io/rewrite-target: / spec: rules: - host: foo.bar.com http: paths: - path: /foo backend: servicename: s1 serviceport: 80 - path: /bar backend: servicename: s2 serviceport: 80 foo.bar.com -> > /foo /bar -> s1:80 -> s2:80 16

17 Network policies Specifies how groups of pods are allowed to communicate Requires a Kubernetes network plugin that supports policies IBM Cloud Private uses Project Calico Project Calico L3 network and policy engine 17

18 Example Application 18

19 Typical Network resource definition Example policy Allow pods from test-app to reach the backend tier over TCP port 1234 kind: NetworkPolicy apiversion: networking.k8s.io/v1 metadata: name: test-policy spec: podselector: matchlabels: app: test-app tier: backend policytypes: - Ingress ingress: - from: - podselector: matchlabels: app: test-app ports: - protocol: TCP port:

20 Get your IBM Cloud Private Community Edition! Installing IBM Cloud Private Community Edition 1. Community project with automated builds on Vagrant/Virtualbox, Terraform/OpenStack, Terraform/Softlayer (recommended) 2. Custom installation from Docker images Try out IBM Code Patterns for Kubernetes (Cassandra, Microprofile, Others) 20