1.
© Zühlke 2019Slide 1| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
Continuous Deployment with
Kubernetes/OpenShift

2.
© Zühlke 2019Slide 2| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
Ben Millo
Lead Software Architect
Andreas Landerer
@andreaslanderer
Lead Software Architect
Michael Lehmann
@lehmamic
Lead Software Architect

3.
© Zühlke 2019Slide 3| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
Architecture
Customer
API
Backend for Frontend
3rd party systems
3rd party systems
Mobile App
Native Plugins
Webview
3rd party systems

4.
© Zühlke 2019Slide 4| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
Introduction to OpenShift

5.
© Zühlke 2019Slide 5| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
OpenShift
What it is about
• Developed by RedHat
• “Enterprise Kubernetes”
• Offers additional features
 Image Registry
 EFK – Elasticsearch, Fluentd, Kibana
 Jenkins CI/CD

6.
© Zühlke 2019Slide 6| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
OpenShift

7.
© Zühlke 2019Slide 7| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
Pods – Running containers in Kubernetes
Kubernetes
• Co-located group of containers
• Ephemeral and stateless
• Kubernetes decides how to distribute pods
• Never access pods directly
• Organizing pods with labels

8.
© Zühlke 2019Slide 8| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
Deployments – Deploying managed pods
Kubernetes
• Run as part of Controller Manager on master
• Ensures related pods keep running
• Pods are identified by labels
• Make use of readiness and liveness probes

9.
© Zühlke 2019Slide 9| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
Services – Pod discovery and load balancing
Kubernetes
• Each Service has a stable name, IP address and port
• Can be exposed for external communication
• Distributes load across pods
• Pods are identified by labels

10.
© Zühlke 2019Slide 10| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
OpenShift

11.
© Zühlke 2019Slide 11| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
CI/CD with OpenShift

12.
© Zühlke 2019Slide 12| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
Our vision for the pipeline
• Everything is in the code
(infrastructure as code)
• One pipeline for building,
testing and deploying until prod
• Build once (deploy the same
tested artifact to all stages)
• Apply (configure) all required
Kubernetes objects together
with the deployment

13.
© Zühlke 2019Slide 13| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
OpenShift includes Jenkins

14.
© Zühlke 2019Slide 14| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
OpenShift and Jenkins work together
jenkins-client-plugin
jenkins-sync-plugin
kubernetes-plugin
syncs OS build config with
Jenkins pipeline, jobs and status
Runs dynamically agents on the
OS (Kubernetes) cluster
provides extensions to the Jenkins
pipeline DSL for the OS connection

15.
© Zühlke 2019Slide 15| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
OpenShift build pipeline
GIT Repo:
https://github.com/lehmamic/devopsmeetupzurich_cicd_with_openshift_and_jenkins
Jenkins Pipeline Build Config

16.
© Zühlke 2019Slide 16| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
OpenShift build pipeline

17.
© Zühlke 2019Slide 17| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
CI/CD Pipeline
• Build frontend and backend
• Start frontend and backend, afterwards run e2e and integration tests
• When everything is fine, build the docker images
=> we use binary2image from OS, not docker build
• Generate the artifact identifier for manual triggered deployments
• Deploy to DEV, TEST, ACPT
=> we don’t deploy to prod with every commit because no user wants to
update his app multiple times a day, but… we could .

18.
© Zühlke 2019Slide 18| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
OpenShift build pipeline
GIT Repo:
https://github.com/lehmamic/devopsmeetupzurich_cicd_with_openshift_and_jenkins
Jenkins Groovy File

19.
© Zühlke 2019Slide 19| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
CI/CD Pipeline – Prod Deployment

20.
© Zühlke 2019Slide 20| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
OpenShift build pipeline
GIT Repo:
https://github.com/lehmamic/devopsmeetupzurich_cicd_with_openshift_and_jenkins
OpenShift Templates

21.
© Zühlke 2019Slide 21| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
DevOps Approach

22.
© Zühlke 2019Slide 22| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
Know your Application status – “to log or not to log”
Application Monitoring
• Structured logging is your friend
• Use MDC or a similar concept
• Aggregated container logging
• Dashboards and views for real-time log aggregation
• Example EFK (provided by OpenShift)

23.
© Zühlke 2019Slide 23| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
Fluentd – log collector
Fluentd is an open source log collector,
processor, and aggregator that was created
back in 2011 by the folks at Treasure Data.
Fluentd was created to act as a unified
logging layer — a one-stop component that
can aggregate data from multiple sources,
unify the differently formatted data into JSON
objects and route it to different output
destinations.

24.
© Zühlke 2019Slide 24| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
Structured Logging - SLF4J and Logback
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder class="net.logstash.logback.encoder.LogstashEncoder"/>
</appender>
<root level="INFO">
<appender-ref ref="STDOUT"/>
</root>
</configuration>
application.properties
logging.config=classpath:my-logback-openshift.xml

25.
© Zühlke 2019Slide 25| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
Structured Logging – Usage example
private static final Logger LOGGER =
LoggerFactory.getLogger(OutboundHttpLoggingInterceptor.class);
MDC.put(“api_service_version”, this.serviceVersion);
…
APIMarkerBuilder markerBuilder = new APIMarkerBuilder(APIMarker.ENDPOINT, request.getURI())
.add(APIMarker.SERVICE_ID, ”my-api")
.add(APIMarker.HTTP_METHOD, request.getMethod())
.add(APIMarker.HTTP_DIRECTION, "REQUEST")
.add(APIMarker.HTTP_MODE, "OUTBOUND")
.add(APIMarker.AUTH_TOKEN, jwtTokenForLogging);
LOGGER.info(markerBuilder.build(), ”API OUTBOUND Request");

26.
© Zühlke 2019Slide 26| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
Structured Logging – Content and output
{
"@timestamp": "2019-08-13T23:09:02.086+02:00",
"@version": 1,
"message": ”MyApi OUTBOUND Request",
"logger_name": "com.my-api.OutboundHttpLoggingInterceptor",
"thread_name": ”My-API-CMS-Executor-3",
"level": "INFO",
"level_value": 20000,
”myapi_service_version": "1.20.0_ada021a",
"myapi_endpoint": "http://localhost:18090/my-api-mock/external/cms/content",
"myapi_service_id": ”my-api",
"myapi_http_method": "GET",
”myapi_http_type": "REQUEST",
”myapi_http_mode": "OUTBOUND",
”myapi_target_system": ”cms-service"
}

27.
© Zühlke 2019Slide 27| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
What should I log?
• Most important: requestId / sessionId / correlationId / userId
 Enables tracing of log-events through multiple systems
• Inbound and outbound calls (req/res) with meta-information
 HTTP-method, duration, status, initiator, use-case, target-system etc.
 Use interceptors
• About two additional log entries for the happy case
 Additional logging if “marketing” value is given

28.
© Zühlke 2019Slide 28| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
Structured Logging - Consolidate

29.
© Zühlke 2019Slide 29| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
Monitoring - Kibana

30.
© Zühlke 2019Slide 30| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
Daily Business
Living DevOps

31.
© Zühlke 2019Slide 31| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
Make DevOps visible
Spreading DevOps

32.
© Zühlke 2019Slide 32| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
Lessons learned and Pain Points
• You can easily setup decent logging yourself
• Visibility of DevOps makes it simpler to receive resources for Tech-Depth Story’s
• Common logging principles are helpful when dealing with multiple services/teams
• Steep learning curve (Jenkins in Kubernetes, Jenkins with OpenShift)
• Build a custom Jenkins Slave based on official OpenShift builds is very hard
• Difficult to achieve simple things like multi branch
• Investing in pipeline and monitoring was worth it. Maintenance dropped and feedback loop
is reasonable

33.
© Zühlke 2019Slide 33| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
Q & A

34.
© Zühlke 2019Slide 34| |Andreas, Ben and MichaelContinuous Deployment with OpenShift 29.10.2019 Public |
Slides
https://www.slideshare.net/lehmamic/cicd-with-k8s-and-os