Learn about OpenShift on Azure Government
Hi. This is Steve michelada, from the azure government, engineering, team today. I am joined by Jamie, Duncan, from OpenShift and we're gonna be talking about OpenShift, on Azure government, welcome Jamie hey good morning how you doing so I guess we should just start out by telling. Us all a little bit about what is OpenShift yeah, well it. Goes a lot of ways OpenShift does a lot of things to a lot of people in it and it's hard to to, go in there the best definition, I can come, up with is that. OpenShift. Is. Kubernetes. Which, is one of the biggest buzzwords and I T one of the most popular open-source projects, out there on the planet. Openshift. Is is, an. Application platform that's, enterprise-grade, that, read hem comes with oliver it has support all of Red Hat's efforts with. Kubernetes, as its beating heart so, it's a it's an application platform, that has all of that flexibility, that's leveraging containers, underneath to give you your applications, ok all. Right so let's go into a little bit more depth. Often. We use this in CI CD pipelines all the time ok and, that's that's, where it's supposed to that's where a lot of that power is we talk about automation we talk about all of these great fun things, and. If. I, had to build out 15 virtual machines every time I wanted to launch a CI CD platform. My. Dev and stage environments, don't have to be massive we just don't have those resources we always have to figure out how to do more with less we have to isolate our, processes, more effectively. So. Though as more things become more CIC, deed almost like a buzzword almost like a verb that I've CI c deed this application, we. Have to figure, out how to do it in the tightest possible way in the fastest possible way if. I have an application that takes 10 minutes to build I can't, wait 45 minutes for my VMs to provision yeah I can't I can't have that overhead that operational, overhead taking. A ton of time in containers, where, virtual machines spin up in minutes containers. Typically, spin up in milliseconds, right and. We could where we can spin up 5, or 10 or 20 on a given, hypervisor, inside.
A Single virtual machine I can run 50 or 100 containers to planning on what the application is ok so we just get that economy of scale with that economy of speed they make CI CD way more practical all right there's back of those heady days of I'm gonna launch my build and then go have, we don't have to do that anymore it's, it's, great times yeah, so all, of, that containers, and kubernetes, and OpenShift. Really. Makes the ICT more practical okay, great for way more applications, all, right so what else should we talk about to set up our event, on those here yeah, so we have a couple of demos that we're going to do today any, time I do a presentation I always have to have a little good luck charm always stick a little about me slide in okay because it's fun. I've, been at Red Hat about seven years I've been working with our government customers that entire time so the, customers that the people that consume as your Gov I've worked, with every. Major government, agency out there and one. Of the things I really like to think about the way I like to talk to my customers is I. Try. To be that long focus lens I try to find customer, problems in the, healthcare industry. CMS. And and the. NIH and figure. Out how those problems are affecting what's going on in Homeland Security right and figuring out how it's going on in other civilian, agencies or DoD agencies, and try, to be that long focus lens with the breadth of experience. Seven, years and the government is kind of like dog years all right. I always take a picture of my daughter Elizabeth because she is the cutest thing on the planet this. Picture was from last week when she was showing us all how to wear sunglasses guys. Fun and then. A little bit of a shameless plug yes she really is that cute a little. Bit of a shameless plug John. Osborne and I another. Solutions. Architect inside, for Red Hat government, we, have a book, about OpenShift out, 320. Some odd pages where. We actually it's the first time someone, tried to talk about the, developer, experience and the operations experience and. Openshift, and kubernetes all under, one set of covers we, go all the way down to the bottom of the kernel and then we come all the way back up to the top of the application stack including a really. Complex sea icd pipeline in chapter 6 okay which is gonna, be impetus for this first thing. Openshift, is enterprise kubernetes, that's. What we just talked about it's you know it's using that beating heart of kubernetes all of that power of that massive, community, that's. Growing it's consistently, where the top five open source projects on the planet, the massive, growth massive, amount of work happening we're, taking all of that and we're putting the extra pieces on top of it to make openshift that, makes it an enterprise, consumable, product you, know we test OpenShift up to 2,000 No so, you can have a 2,000.
Node OpenShift cluster and red-hats gonna support it for. Production outages. It's. It, brings in a routing layer to make it easy to get in and out of your applications, from outside the cluster kubernetes doesn't come with that, configures. A software-defined, Network, for kubernetes to use kubernetes, doesn't. Come with one out of the box so, we take all those things and makes kubernetes hard that, you see on Twitter and we. Just make it work out-of-the-box that way God so that's kind of what open to those taking all this goodness that we already have in kubernetes and sprinkling. Some open shifts magic on top exactly. Exactly. We, make it so it takes an hour to deploy not four days yeah in. Fact I'll be doing a deploy later this week and we're planning on about an hour for a production or any cluster okay great it's it's. Good, stuff, but. All, of those bits and computer, geeks like us we, always get obsessed. With the new shiny right and we. Go into our customers and we talk about the new shiny and we might get them excited about it but we're not really helping them bring value we talk about projects, that are months. Or even years, away. From being ready to be deployed and in a datacenter for the government, right and I'm, trying, I try not to do that with openshift, I try not to do that with containers there's so much power there that. We do, it that. We can bring that value and we. Can make their lives better and at the end of the day whether. We're talking about DevOps, or CI CD or whatever buzzword, we want to use, we. Have to help them fulfill mission we have to help them make their job easier you know through, a couple of bullet points up here we have to make the dev or the ops guys lives, better right they have to be able to do more with less money I've. Talked to and I'm sure you have to hundreds, of government customers in the past year, nobody. Has a bigger budget next year than this year right, so we always have to do more with less right, we. Have to streamline workflows automation, is the only way we're gonna survive these days and and see ICD is really just really complex automation, right yeah we talk about how can we spend taxpayer, dollars more efficiently, exactly, focus enable, the mission focus on the mission and yeah. As a developer, I like to get up there and talk about slingin lines of code but the reality is it's not about, that it's about how you can bring those efficiencies, to this awesome algorithm, I wrote doesn't, matter if no hears about it if it doesn't fulfill mission bed right if it doesn't save us money in the long run, I'm just, being awesome isn't good enough anymore yeah so, that's, really where we like to focus on so the first demo we put, together is. I. When. I think about value especially public clouds like azure the. Ability to bring as many different kinds of workloads into them, without. Having to drastically, change those workloads to me is a huge value proposition, and the. First one is that legacy, app and people. Talk about it all the time their entire books written about how you can't, bring a legacy app into a cloud native world into a cloud ready or a public cloud provider and you. Really can if you, can get the app to run in a container you, can bring the entire thing inside. Open shift into Azure even. If you have requirements. That aren't great if you have like hard right, into this just a few months ago a customer. Had literally a hard-coded, requirement, for NFS in, the application, they couldn't not use NFS, and NFS, we all know it's. A great tool but production, is not its middle name yeah, so, even if you have those hard-coded, requirements, even if you have really complex deployment, processes using multiple, different third-party tools, which is what we're actually going to be doing here you. Can bring all of that into open chips all of those toolings, all of that tooling runs in this. Is a super important, use case especially in the government space of course, it's nice if you can rewrite your application, to use all these great, cloud native bells. And whistles but the reality, is that government. Customers, and agencies, get pressured they get, your stuff to the cloud right, now yes, how can we do that what does that mean yeah every single government agency, has a cloud has. A public cloud policy, no now and the. Reef they're, not serious about it's just because they don't know how to be serious about it because. They have these legacy apps so. The first demo is is. This. It's a Java app it's a monolithic, designed, app on purpose we're, using Jenkins we're, using sonar cube for, QA testing to, actually run the testing its using Nexus as its artifact repository the.
Source Control is in git we're. Using dogs which, is this containerized. Get repository, github clone essentially, all of that is deployed in OpenShift so, let's, trigger let's trigger this workflow I'm going to do literally a git push from my laptop right into. An open shift running, one Azure gov and we'll, watch the pipeline build-out right great thank you yeah, this is a great example because here. You have of course as your government with you know if you have an environment you need compliance, and whatnot but you have the OpenShift goodness just sitting right there in your compliant environment yeah so I'm able to abstract. Away some, of that cloud nativeness yeah and, bring in in insulate. My legacy workloads, you know things tools like open shift cool so I am miles, away from being a Java developer I'm an old ops guy but, this. Is and this is also just one say I'm, a laptop, Linux user for a long time this, is vs code yeah, yes. It's pretty awesome we were talking about it before we started fighting I may, be a convert today guess code you quickly. Become the most popular myself. Open-source project, it's pretty, pretty awesome stuff so we'll, save this off I just commented out and ignore clause and ignore decorator, yeah so. We're actually gonna run this test and, I'm really just looking for something. All. Right to do that and then. Ctrl. S push, your code yeah. So. We'll commit add all of our changes. We'll. Give a message. We'll. Get a good comment getting, rid of ignore, decorator there you go. Exactly. Yeah exactly. And. Then we'll commit our code yep. And. Then. We will push great. It's. Gonna ask me for my username. All. Right now we haven't looked at open shift yet yep all. We've done is make a simple yeah, push exactly, this, is the front page of openshift all right we get rid of this little filter here see, I have all these buttons all these different things I can do but. I also have the CI CD Projekt that I created and did create this ahead of time a little infomercial stock right you can see here all of my applications. I have gods which, is our source control for today and it's, just a github clone okay you, can see here getting, rid of ignore decorator, there's my git push so, from my laptop sitting here in Redmond Washington this, went out to the azure gov cloud and got. Committed so that part worked so we're good to go so yeah.
We Have Jenkins running. And. We look here, we. Have a Jenkins build pipeline. Going. On ready and this is going to take us a couple of minutes, because. It's going to pull down some information from the get-go. But. What I see that is I hope that is obvious to people right off the bat is that we're running, all this a national government this is just a legacy application, it didn't force you to use sequel server or write use either c-sharp. We didn't do John but we didn't force you use bsts, it's, running Jenkins this is you're taking your existing. Solution. With your existing tools and platform and doing, all this is, pure all open JDK JDK, this is awesome pure Java no frameworks, or anything that I'm aware of great so you see it's building the app now so it's got to pull down some information because this is the first time I've built it in this project so. Just. Kind of walking through what's going to happen. We're. Going to build, the app so we're gonna build the java application run, through put all the artifacts in the nexus pull them out do whatever it needs to happen build. A container image it has my application, we're, also gonna test run, through you so Newark you to test all of the code okay in there George show our test coverage do all of those things it's, happening right now you checked in the code and the CI CD build, is running yes and so it is running in the background okay. Here's. A nexus our nexus repository. It's. Doing all the stuff that it's doing. We. Haven't quite gotten to that step yet I jumped the gun a little okay, that's fine here's, Sonor cube. Senator. Cube is one of those apps that didn't exist when I was in everyday admin to kind of stunned that there's a tool that to do all this awesome, code. Checking but, again all of this is running side openshift so all of this is container, ready these are off-the-shelf, components so. I can bring my environment and drop these legacy apps and run them against these CI CD tooling products. That are they've been out there for ages awesome, so I can bring very complex environments, very quickly into openshift okay all. Right so our application is built or it's at least it's further down through the pipeline now let's, go see what we've got done so far so, we've built our application, so we've built a container that houses our application, we've built that container on the fly no docker files no anything no knowledge of really even how a container work yeah we, just took her application, we took maven and we built it all together using, a Tim blending technology, that's inside openshift, that just works out of the box we've. Ran our test suite against it we ran our code analysis, against it with open with ether, says it looks like they test just suck 13 seconds yeah all right great and our full Volta. Our full unit test suite on code. Analysis took 29 seconds we've archived, our app so we've archived, it into Nexus that took, ten seconds now, we're creating our image builder now we're getting ready to actually deploy, our application into another project okay, so this particular pipeline will deploy into what, we call a project, inside openshift which is just a logical separator, it's. Going to deploy into a dev state a dev environment okay, where our app will be up and running awesome. And then it's going to actually prompt us once we go look at our app and running the additional, human test we want yeah we click a button and now it's actually creating, the dev environment and. Then, once, we decide, that dev is okay it's actually gonna deploy, deploy, to a staging environment for us okay so we have a full CI CD workflow, inside. Here inside. Of three minutes okay and all of the times are down in here so now, that all these tests are done like we can go actually go look at sonar cube and. We. Can see if our tests passed so we have one project analyzed, it found two bugs with one vulnerability, and 17. Things didn't quite smell right yeah but. If we look at our project - god man I love the fact that it says code smells yeah makes. Me laugh. We. Found two bugs we can go in and see what those bugs are um these. Are pretty old ones that aren't gonna get fixed in this version of open JDK, 17. Code smells we got in a we don't have great test coverage but we'll get there yeah that was the thing that I I commented. Out to actually run, some tests to do some test coverage, zero. Duplications. And it's 2,000, lines of code all. Right great none of that existed, you know so we did all of this on the fly okay. So the deployments, still happening right now should be done by now okay, we've created dev and we've deployed to dev which took zero seconds, awesome, and now it's actually waiting on us to see, if we want to deploy and again this, is visualization, of Jenkins inside, so.
We Can go look at now, we go look at our dev environment. Tasks. This applications. Name is open shift tasks, here. We are. OpenShift deployed my application, gave me and built me a route into it so it gave me a URL to go look at my application automatically. Okay yeah like that yeah, I'm just all, of its just done and at the end of the day what does this developer want developers. Don't want to be rude on Linux servers developers, don't want to have to go be bad admins, right developers, want a place to write their code and a place to push it in a URL to go look at exactly, that's what the, rest of it they just want to be automated away exactly that's awesome okay so we took a legacy app and we deployed it using, OpenShift exactly, in a matter of three three four bits exactly three minutes live having, never deployed it into this open chip cluster before okay, here it is the app is up and working we can click all these buttons these things actually send stuff into log files, we. Can go you, know it's essentially it's a unit testing tool we can generate load against, our container for. For, however many seconds we want but. We say okay the app is done we. Still have, we've. Decided dev is okay Devi's passed all of our user acceptance, testing. We. Still have that pipeline running. And. It says input required my pipeline is Paul's now I'm gonna pause until just. Like Jenkins this is a Jenkins pipeline it's like a workflow yeah and, I. Have Jenkins integrated, with the same authentication that, my openshift is using okay. Sometimes. This login takes a few seconds but we're there and I'm. Ready promote to stage we. Don't need to remember that password. Yep. And there it is and I have Jenkins. Is deployed and we see the actual pipeline working, if Jenkins is an environment, you're more familiar with and it's. Done, we. Go back and look at open shift it's deployed to stay nice for seconds okay so it's good so every time any time I do a git push all I have to do is push my code in that pipeline gets built out okay, that idea of CI CD that would take a huge. Amount of resources right to, do in inside, in a traditional environment and if. We look inside our application we. Have our metrics deployed, the. Get root the git server is. Taking 51 megabytes, of memory okay, off of my system right if I'm playing too much about that exactly, I'm how it was last time you built a VM that had 51 megabytes right right okay just that loss of overhead, okay, so. We the legacy app what are some other types of apps we can play so, that the other value, proposition, and I loved and we consult will talk a little bit about that future looking kind of cloud native twelve factor thing here in a minute but. A huge, portion of the. Work that we do the work that our customers, do in the government I just. Call them simple applications, yeah they don't have these giant CI CD workflows, a team of one or two people wrote them they, keep them in a version control system they. Update. Them once every six months and they. Just update, them yeah, this, is actually an example that we use from that we use from the book I have. The pulled, up here a simple. Image uploader so. I have literally just to get repository, this, is a PHP, application. That I think is maybe one page and it. Lets you select a box you pick a picture and you upload it into it done. And done will. Clone it here this. Is github that everyone should be familiar with especially people in Microsoft oh yeah we love you guys know a little bit huh. So. Let's go we'll deploy this completely, from scratch okay, so a different application this, is no longer a java application no this is a PHP. Yeah yeah, great we'll create a project will, create one of those logical separators, we'll call it image uploader okay. Image. Uploader, app. And. Click, create. We. Can go in there I haven't, deployed anything okay so. I can browse our catalog and that's where this catalog comes in and we'll come back to what the catalog can do here in a few minutes but. I can browse by language and. Go, to PHP and. I can have what we call a builder image a builder. Image inside, openshift is, it's. PHP, and the web server and when, you tell it the source code to put in it there's a little bit of JSON in there that it knows where to put the source code to deploy it so it functions right sort. Of a getting start a quick start, so. We just tell it it's PHP, we. Tell it which version of PHP we're going to use, we. Give it a name uploader. And we tell if the URL do we pull from so I just give it a git repository right, there all that's all the information you need so that are pretty display names yeah exactly okay and I click create. We'll. Go to our project overview, now. This one obviously could, a couple of seconds to build the first time.
We. Can actually watch it in real time we can watch it download everything it's. Gonna doubt it's gonna pull these files in it's gonna take that builder image it's gonna take my source code it's gonna make a custom, container image from them kind of standard container folks exactly and then, it's going to take that custom container image and push it into the registry, that's inside, OpenShift that comes out of the box another one of those great little value, adds the right kubernetes on its own doesn't come from and, it's, done okay now, do you have configuration, figure. Ability of where the container registry, lives, or that's always the OpenShift registry by default it's the open ship registry it can be an external registry, like artifactory, or it could be as your container registry if, you wanted to be sure if registry exactly's you can tell OpenShift where to look but we're gonna our st. our same default is, we're gonna have one running internally make sense and there are a couple of bits and hooks in there that work but you, can configure all of that you can look at external you can look at fifteen or twenty different registries, depending, on what your people do awesome okay so this app built even before you asked the question okay great so and it also gave me a URL to go to love. That exactly. Click. The button and there. It is I'm not much I'm not a front-end web developer, so you'll forgive my shades of grey but. I'll pick a file there's. Our picture of Elizabeth swimming, here is Elizabeth, holding, some big giant foam swords, most of my pictures are Elizabeth related. And. It's done files, uploaded, and where did it upload the file to it, uploaded it by default it. Uploaded, it in to, get. Rid of our picture of Elizabeth here it. Uploaded it to the ephemeral, storage that's inside the container ok but I can add persistent. Storage to a container after I deploy ok so, just, by simply clicking or you can even you, could even add the, blob, storage if you wanted to it's a really right choice so with that then just cove blob not, quite there yet ok but, you could just write like, ph goes, directly.
Exactly. Exactly I'm out of the by, default, out of the box kubernetes. Has plugins that work with Azure disk and as your file yeah so, I can I can use the azure file store or I can create Azure disks dynamically. On-demand right and attach, them to the hosts that are miking that my containers are using and then, present, them into the container and all of that Salta mated cool. By. Default so I've already provisioned some storage, so. I can just go right here to. Uploader. Actions. Add storage. Oh hit. The wrong button. We. Don't need to auto scale this application, although that's another interesting, feature the other fun feature, yeah. So we have what we call a horizontal, autoscaler, so. Create, a storage we'll. Call this one image uploader I have. Multiple ways different, storage, providers have different types of different. Abilities. Obviously. The azure disk storage, I can't, present a the same disk two to two, VMs at the same time so I can't resent it to two containers at the same time so. It can only do read/write single user read/write other. Technologies, that can have where I could attach it to 50 containers across 50 hosts so I can do readwrite mini so, it's depending on the technology will. Do single user rewrite readwrite and let's we're, not gonna do a whole bunch of pictures so we'll just say one gigabyte easy peasy, click. Create I. Go. To storage now for. This project I can see that image uploader storage. Request and there's, this concept, inside, OpenShift of separating, the request for storage which is part of my application from. The actual storage which is part of the control plane yeah that, can separation, of concerns that can a DevOps mentality. Is. Inherent. In everything that openshift and kubernetes do does, great, so already, I had, an available, storage volume that met my capacity, and my storage type requirements, and it mounted and it bound it to, that storage request ok so those were a couple of awesome demos what can you tell us about some of the azure integration. We have with open chef yeah so a lot of that is it's. Actually pretty amazing so we, talked you know the for the most part we're talking bout legacy apps and these sort of these everyday applications, these smaller applications, but. The. Way we're going to be deploying apps the way we're gonna be building things out over the next few years is really. That twelve factory, micro service you, know take our code and integrate it with multiple, managed. Services, to get our job done yeah we don't want to have to write a search engine because you guys have a search engine we. Don't want to have to manage a Postgres, database because, you guys provide one or a cosmos. All, of that is integrated into OpenShift out of the box in this environment, this this one I deployed on Azure guv a few days ago I deployed. What's called the open service, broker for Azure okay, took, me about 15 minutes you, know it's a follow five or six steps instructions, drop some stuff in the command line and it was done and you.
Can See here when, when we did the earlier demo where we deployed the PHP application, I had that builder image and I was able to click on it and say. And follow the instructions, well, we have over, a hundred other applications. That we deploy from there's a bunch of JBoss stuff that comes out of the box no js'. Databases. All. Sorts of fun stuff ruby applications, different, databases all these things that we do out of the box a bunch of dotnet core stuff and all of this just comes with openshift, yeah so all these builder images all these quick starts all these very templated, automated, deployments, what, the avert as your service broker does and I'll just filter back on filter, down on the word adjure. It. Gives me a bunch of services that are in Azure gov that. I can, deploy. From, inside OpenShift and more, importantly than deploy from inside OpenShift OpenShift, is now aware of them okay, so that they become part of my applications, lifecycle, so, that if I need to make changes, to say the azure search, if. I deploy that as part of my applications. Ecosystem. I can. Now script, changes into Azure search because openshift is aware of how to interact with the part of the azure, API, that. Creates, and modify search for me so it almost becomes like a part of your solution manifests, Otis exactly okay yeah, and make sense I say all of those things become part, of my. Ecosystem, for my application the, open service broker for Azure OS, be a I'm, gonna need to work on the acronym a little bit because. Something that's a little more pronounceable, than Ozma right but we'll get there yeah is a little new so some of this is still only if some of these options are still experimental, I think searches among them but. Cosmos, DBS with different api's so there's I can deploy a cosmos, DB and use, the Mongo API or the, sequel server API all of. Those it's aware of all of those changes and then I can just take that application so just, again so just if we want to deploy a cosmos. Tell. It what I want it to do tell it which project, I wanted to add - so, that image if my, image uploader if I wanted to stop writing them directly to persistent, storage and want to put them in a database yep, deploy. It into that image uploader application, I take, I select all those options that as your, needs for Azure to be able to do its job correctly. That's. Basically connection information exactly, in this correctly exactly, I create, a secret, inside my application, that contains my connection information so it's encrypted and that's. It and then I click the Create button and I'm off to the races that's good okay, and it's all that, easy we take that stuff that hard stuff those, that, would take a lot of coding right - to code against that API and then I'd have to learn how to code against the API yeah, I seem, to point click a few things let me go fulfill mission let me not have to learn awesome, 50 new API endpoints, this week ok great so, we've been talking about open shift do you talk about deploying. Legacy, app. Even. Just deploying an app from github then wasn't legacy, as well as integrating with server broker, functionality, all on, Azure government, exactly okay great well thanks for joining us today this, has been Steve, McCatty of the azure government, engineering, team here with Jamie Duncan, from OpenShift thanks, for watching.
2018-08-23 10:37