Download as PDF, PPTX
![Packer: Builders
packer: builders
"builders": [ {
"type": "virtualbox-iso",
"boot_command": [
"<up><wait><tab>",
" text inst.ks=
http://{{ .HTTPIP }}:{{ .HTTPPort }}/{{user `vm_name`}}.cfg",
"<enter><wait>"
]}],
8](https://image.slidesharecdn.com/07-mihaicriveti-shipitcon-continuousdeploymentandmulticloudwithansibleandkubernetes-211023131949/75/ShipItCon-Continuous-Deployment-and-Multicloud-with-Ansible-and-Kubernetes-11-2048.jpg)
![Packer: Provisioners
packer: provisioners
"provisioners": [
{
"type": "ansible",
"playbook_file": "{{user `playbook_file`}}"
}],
"post-processors": [ { "compression_level": 9 } ]
9](https://image.slidesharecdn.com/07-mihaicriveti-shipitcon-continuousdeploymentandmulticloudwithansibleandkubernetes-211023131949/75/ShipItCon-Continuous-Deployment-and-Multicloud-with-Ansible-and-Kubernetes-12-2048.jpg)
Uploaded byMihai Criveti
ShipItCon - Continuous Deployment and Multicloud with Ansible and Kubernetes
The document discusses the integration of continuous deployment practices using tools like Ansible, Packer, OpenSCAP, and Kubernetes within a DevOps culture. It outlines workflows for automating infrastructure, building secure images, and managing applications, emphasizing the importance of collaboration, cultural transformation, and leveraging cloud capabilities. Key highlights include automated security compliance, testing playbooks with Molecule, and orchestrating containers with Kubernetes for scalable deployments.
More Related Content
Similar to ShipItCon - Continuous Deployment and Multicloud with Ansible and Kubernetes
![Getting Started with DevOps on AWS [Mar 2020]](https://cdn.slidesharecdn.com/ss_thumbnails/gettingstartedwithdevopsonawsmar2020-240904112851-e692c900-thumbnail.jpg?width=640&height=640&fit=bounds)
![[HKOSCON][20200613][ Ansible: From VM to Kubernetes]](https://cdn.slidesharecdn.com/ss_thumbnails/hkoscon20200613ansiblefromvmtokubernetes-200613104932-thumbnail.jpg?width=640&height=640&fit=bounds)
ShipItCon - Continuous Deployment and Multicloud with Ansible and Kubernetes
- 1. Continuous Deployment andMulti-Cloud with Ansible, Packer, OpenSCAP and Kubernetes Mihai Criveti 6th September 2019 http://galaxy.ansible.com/crivetimihai 1
- 2. 0 The riseof DevOps 1 Automate Your Infrastructure and Image Build Pipeline 2 Hashicorp Packer: Image Build Automation 3 OpenSCAP: Automate Security Baselines 4 Ansible: Provisioning and Configuration Management 5 Molecule: Test your Ansible Playbooks on Docker, Vagrant or Cloud 6 Kubernetes: Container Orchestration at Scale 2
- 3. 0 The riseof DevOps
- 4. People, Processes andTools that bring Continuous Delivery of Value Continuous Integration Merging changes to the main branch as often as possible. Running automated builds and tests against the build. Continuous Deployment Every change that passes all stages of your pipeline is released automatically. Continuous Delivery Making sure you can release new changes to customers quickly. Automated release process to deploy your application. 3
- 5. Collaborate to continuouslydeliver Figure 1: Practices 4
- 6. Cultural Transformation • Culture:Build trust and align your team with better communication and transparency. • Discover: Understand the problem domain and align on common goals. • Think: Know your audience and meet its needs faster than the competition. • Develop: Collaborate to build, continuously integrate and deliver high-quality code. • Reason: Apply AI techniques so that you can make better decisions. • Operate: Harness the power of the cloud to quickly get your minimum viable product (MVP) into production, and monitor and manage your applications to a high degree of quality and meet your service level agreements. Grow or shrink your resources based on demand. • Learn: Gain insights from your users as they interact with your application. 5
- 7. 1 Automate YourInfrastructure and Image Build Pipeline
- 8. Setting up anInfrastructure as Code Workflow for Images Example Use Cases: • Create development and test images (Vagrant and VirtualBox) with pre-installed development tools. • Test your application across a wide set of platforms with Molecule. • Create secure OS images for production deployment. Continuous, Secure Image Build Workflow: • Build images (VMware, VirtualBox, KVM, Xen, Vagrant Box, AWS, Azure) from a single source. • Apply security baselines throughout all your environments. • Install packages and perform configuration automatically. 6
- 9. Example Workflow: Build,Secure and Test Images for Multiple Environments 1. Track build artifacts (JSON, YAML, etc) in Git (ex: GitHub, GitLab, TravisCI). 2. Build virtual and cloud OS images with Hashicorp Packer. 3. Apply security profile with OpenSCAP (ex: PCI, Cloud). 4. Install baseline packages and configuration with Ansbile 5. Test your application across multiple platforms using Molecule (Docker, VirtualBox, Cloud). 6. Build and package your Python applications as containers using podman, buildah an helm. 7. Orchestrate your application containers using Kubernetes. 7
- 10. 2 Hashicorp Packer:Image Build Automation
- 11. Packer: Builders packer: builders "builders":[ { "type": "virtualbox-iso", "boot_command": [ "<up><wait><tab>", " text inst.ks= http://{{ .HTTPIP }}:{{ .HTTPPort }}/{{user `vm_name`}}.cfg", "<enter><wait>" ]}], 8
- 12. Packer: Provisioners packer: provisioners "provisioners":[ { "type": "ansible", "playbook_file": "{{user `playbook_file`}}" }], "post-processors": [ { "compression_level": 9 } ] 9
- 13. Packer building aVirtualBox image for RHEL 8 using Kickstart Automated Install 10
- 14. 3 OpenSCAP: AutomateSecurity Baselines
- 15.
- 16. Automatic Remediation asshell, ansible or puppet 12
- 17. Make your systemscompliant with a simple command Install and run OpenSCAP Scanner dnf install openscap-scanner sudo oscap xccdf eval --report report.html --profile xccdf_org.ssgproject.content_profile_pci-dss /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml 13
- 18. 4 Ansible: Provisioningand Configuration Management
- 19. Application Deployment, ConfigurationManagement, Continuous Delivery 14
- 20. What can Ido with Ansible? 15
- 21. Ansible Supports TechnologiesYou Use Today 16
- 22.
- 23.
- 24. Ansible for Enterprise:Architecture 19
- 25. Ansible Playbooks Run ansible: ansible-playbook-i localhost, playbook.yml playbook.yml - hosts: all connection: local become: yes gather_facts: yes roles: - role: kvm 20
- 26. What’s inside? tasks/install.yml - name:install RedHat packages package: name: "{{ redhat_packages }}" state: present become: yes vars/main.yml redhat_packages: - policycoreutils-python-utils - qemu-kvm - qemu-img 21
- 27. Running ad-hoc commands,and ansible facts ansible -m setup localhost localhost | SUCCESS => { "ansible_facts": { "ansible_all_ipv4_addresses": [ "172.18.0.1", "172.19.0.1", "172.17.0.1", "141.125.85.138", "10.196.49.9", "192.168.122.1" 22
- 28. 5 Molecule: Testyour Ansible Playbooks on Docker, Vagrant or Cloud
- 29. Ansible Molecule Creating avagrant or docker machine and trigger goss tests: molecule create -s vagrant-centos-7 molecule converge -s vagrant-centos-7 molecule login In one step molecule test 23
- 30. Molecule Cookie CutterTemplates Cookiecutter: Better Project Templates • Cookiecutter creates projects from project templates, e.g. Ansible role structure, with molecule tests. • Molecule provides a native cookiecutter interface, so developers can provide their own templates. Create a new role from a template, with molecule tests included molecule init template --url https://github.com/crivetimihai/ansible_cookiecutter.git --role-name httpd 24
- 31.
- 32. 6 Kubernetes: ContainerOrchestration at Scale Figure 5: Kubernetes is Desired State Management 25
- 33.
- 34. Static Analysis andVulnerability Checks Figure 6: Vulnerability Scanner: Check your Containers too! 27
- 35. Buildah: build imageswithout root priviledges 28
- 36.