GENERALISTS AND SPECIALISTS:DIVERGENT PATTERNS FOR DEVOPS

GORDON HAFFTechnology Evangelist, Red Hat

@ghaff

THE GENERALIST TEAM

IN THE BEGINNING

Source: Cisco

Source: http://www.agilebuddha.com/agile/demystifying-devops/

WIDENING AGILE PRINCIPLES TO CROSS- FUNCTIONAL TEAM

Source: Michael Coté, flickr/CC https://www.flickr.com/photos/cote/5559360372

“TWO PIZZA” TEAMS

● Autonomous● Cross-functional ● Responsible for a well-defined

function/service● Developing and running

CONWAY’S LAW

Any organization that designs a system (defined broadly) will produce a design whose structure is a copy of the organization's communication structure.

ONE OPPOSING VIEW

"I want to change my job because there is this horrible concept of "pager duty" or "oncall". Where the developer has to be ready for any issues that may occur. Are most software jobs like this? Is this a norm? Where can I find software development positions without such concepts?"

Anonymous Quora user

WE ALSO TALK ABOUT CULTURE A LOT

● Empathy● Trust● Learning● Cooperation● Responsibility

SEPARATING CONCERNS

NO OPS? (OR IS IT EVOLVED DEVOPS?)

"We have built tooling that removes many of the operations tasks completely from the developer, and which makes the remaining tasks quick and self service. "

Adrian Cockroft, Netflix, 2012

You do not, in fact, want to communicate with a bank teller more efficiently

Source: Flickr/cc Ning Hamhttps://www.flickr.com/photos/ningham/525770546

12

THE PROCESSStill involves people and communication

• The most effective processes have continuous communication - think scrums and kanban

• Allows for collaboration that can identify failures before they happen

• Allows for feedback to continuously improve and cultivate growth

• Provides transparency

SEPARATING CONCERNS:

WHAT DEVELOPERS NEED

FOCUS ON IMPROVED APP ARCHITECTURES &DEVELOPER WORKFLOWS

● Cloud-native app development● Collaboration● CI/CD● Issue tracking● Source code control● Code review● IDE● xPaaS

Source: Esti Alvarez cc license

15

MICROSERVICES

16

MICROSERVICES ARE NOT SOA. REALLY!

Source: PWC

Lighter-weight communicationsprotocols

Improved understanding of functional separation

More open source and vendor-neutral philosophies

Scale-out infrastructure standardization and automation

17

SIGNS YOU MIGHT NEED MICROSERVICES

Source: Daniel Pratts CC/flickr https://flic.kr/p/7RE6yc

● Having trouble coordinating function teams like DBAs and UI engineers

● Brittle apps. Minor changes cause major breakage

● Your CICD process is bogged down by big deployments

● Different teams keep reinventing the wheel (in gratuitously different ways)

● Hard to experiment

18

DESIRABLE ENTERPRISE CI/CD WORKFLOW

myRepo ProjectRepo

CI

Commit Push

Pass/Fail

Local Test

BuildRepo

CD

ReleaseRepo

Monitor

Build Test Review/Appr Deliver Deploy

3rd Party

19

CONTINUOUS BORINGDEPLOYMENTS

● Software (trunk) is always deployable

● Everyone is checking into trunk daily (at least), not feature branches

● If the build breaks it is fixed in 10 minutes (all hands on deck)

● Deployment is a low-risk push button affair

● Blue/Green and Canary deployments

SEPARATING CONCERNS:

WHAT OPS NEEDS

FOCUS ON PROVIDING CORE SERVICES AND GETTING OUT OF THE WAY

● Deploy a modern scalable container platform

● Enable automated developer workflows

● Mitigate risk and automate security

COMPREHENSIVE CLOUD-NATIVE INFRASTRUCTURE

OPERATED AT SCALE ACROSS HYBRID CLOUDS

● Different aspects of scale:○ Large scale workloads ○ Diverse workloads (batch and services)○ Complex resource management (QoS,

latency sensitivity, etc.)

● Focus on lightweight containerized instances

● Orchestration and resource management

24

THE RIGHT WORKFLOWRepeatably automate for consistency

● Goal is repeatable automation

● Configuration as code

● Monitoring and alerting strategy

● Initially pipelines may be very different for traditional vs. cloud-native

● It’s a journey that evolves

25

LOGGING WITH EFK STACK

● ElasticSearch, Fluentd, Kibana

● Based on log aggregation

● Event system - all events container, system, kubernetes, captured by EFK and issues or errors

● Good for ad hoc analytics

● Good for post mortem forensics because of extensive log information

26

MONITOR AND MEASURE AGAINST METRICSMetrics tools tend to make more use of APIs than logs. You need to figure out your organizational needs.

Hawkular is ideal for large scale central IT teams with lots of apps

Prometheus is ideal for WebScale DevSecOps

MANA

ReuseAutomationMicroservices Immutability

Pervasive accessSpeed

Rapid tech churn

Flexible deploysContainers

Software-defined

MANAGED RISKDev Ops

INTEGRATE SECURITY

"Our goal as information security architects must be to automatically incorporate security controls without manual

configuration throughout this cycle in a way that is as transparent as possible to DevOps teams and doesn't impede DevOps agility,

but fulfills our legal and regulatory compliance requirements as well as manages risk. "

DevSecOps: How to Seamlessly Integrate Security Into DevOps

Gartner. DevSecOps: How to Seamlessly Integrate Security Into DevOps. September 2016. G00315283

MAKING CONTAINERS SECURE AND TRUSTED

ISOLATION OF HOSTS

ARE SOURCES TRUSTED?

WHAT’S INSIDE CONTAINERS

TRUST IS TEMPORAL

Host OS + SELinux maintained by trusted kernel engineers and frequently updated.

A validated supply chain helps ensure use of tested and patched

software.

Red Hat + Black Duck = secure, trusted model

for validatingcontainer contents.

New vulnerabilities are identified daily and containers become

stale over time.

TRACK AND VALIDATETHIRD-PARTY TOOLS AND COMPONENTS

GETTING STARTED

QUESTIONS TO ASK

● What’s the business problem?

● Where am I today?

● How big are my teams?

● What skills do I have (or can hire)?

● On-premise and/or public clouds?

THANK YOU

plus.google.com/+RedHat

linkedin.com/company/red-hat

youtube.com/user/RedHatVideos

facebook.com/redhatinc

twitter.com/RedHatNews