Blame us on GitHub
<!-- .slide: data-background-transition="slide" data-background="assets/slides/gitops_iko/gitops_iko_sweeney_mccracken.jpeg"" -->
<!-- .slide: data-background-transition="slide" data-background="assets/slides/gitops_iko/devsoperative_background.jpg" --> ## <mark>Dan McCracken</mark> Devs Operative INC, COO Cloud Native Implementation and Site Reliability for Kubernetes Workloads <img src="assets/slides/gitops_iko/dan_logos.png" />
<!-- .slide: data-background-transition="slide" data-background="assets/slides/gitops_iko/tire-fhir.png" --> ## <mark>Ron Sweeney</mark> Integration Required, Principal Architect Building [PID^TOO||](https://www.pidtoo.com/), and currently getting help through a Digital Health Interoperability and FHIR® Incubator, [Caelestinus](https://www.caelestinus.tech/), to pull it all together. Its powered by [InterSystems Technologies](https://www.intersystems.com), Purpose Built for [HL7 FHIR®](https://hl7.org/fhir/R4/overview.html), and will be released through the [AWS Marketplace](https://aws.amazon.com/marketplace/). <img src="assets/slides/gitops_iko/ron_logos.png" />
<!-- .slide: data-background="#E6F7FF" --> ### THE EPIPHANY <!-- .element: class="r-fit-text" -->
<!-- .slide: data-background-transition="slide" data-background="assets/slides/gitops_iko/shooting_shit.png" --> ## Water Cooler Nonsense Ron and Dan Catch up <img src="assets/slides/gitops_iko/ron-bullshit.gif" /> <img src="assets/slides/gitops_iko/dan-bullshit.gif" />
<!-- .slide: data-background-transition="slide" data-background="assets/slides/gitops_iko/dude.png" --> <img src="assets/slides/gitops_iko/ron-dude.gif" /> ## Awkward, Post Covid Bro Hug Results in Catastrophic Mid-day Snack Accident <img src="assets/slides/gitops_iko/dan-dude.gif" />
<!-- .slide: data-background-transition="slide" data-background="assets/slides/gitops_iko/epiphany.png" --> ## Epiphany Turns out GitOps + IKO is Delicious!
<!-- .slide: data-background-iframe="https://www.youtube.com/embed/O7oD_oX-Gio?si=-3iedBokNVo9SaC6&controls=0" data-background-interactive--> ##
<!-- .slide: data-background="#fff" --> ## Do I have a deployable Solution or just a Pile of Containers and Charts ? <img src="assets/slides/gitops_iko/pile_of_containers_charts.png"/>
<!-- .slide: data-background="#000" --> ## App of Apps <img src="assets/slides/gitops_iko/argo_logo.png"/>
<!-- .slide: data-background="#ffa882" --> ## Git Ops <span style="color:white;font-weight:700"> GitOps is an alternative deployment paradigm, where the Kubernetes Cluster itself is "pulling" updates from manifests that reside in source control (making "Git" an integral part of the name). </span> <span style="color:gray;font-weight:700"> <table> <tr> <td> * Ops Practices using Git * Drive Operations through Git Repo * Git to Declare State * Merge Branch to Deploy </td> <td> * Version Control, History, Peer Review, Rollback * Continuous Delivery Pipelines * Webhooks, Push to Trigger </td> </tr> </table> </span>
<!-- .slide: data-background="#00c2b4" --> ## IKO <span style="color:white;font-weight:700"> The InterSystems Kubernetes Operator (IKO) extends the Kubernetes API with the IrisCluster custom resource, which can be deployed as an InterSystems IRIS® sharded cluster, distributed cache cluster, or standalone instance (all optionally mirrored) on any Kubernetes platform. </span> <span style="color:#272e9a;font-weight:700"> <table> <tr> <td> * TLS/SSL for Free * Observability for Free * Mirroring, Waaayyyyy Simplified * Common Password </td> <td> * Battle Tested Topologies * IRIS Application specific mechanics * IRIS Application Life-Cycle Management (Right alongside Compute) * </td> </tr> </table> </span> note: However, stateful applications, like databases and monitoring systems, require additional domain-specific knowledge that Kubernetes doesn’t have. It needs this knowledge in order to scale, upgrade, and reconfigure these applications.
<!-- .slide: data-background="#fff" --> ## <img width="100%" src="assets/slides/gitops_iko/argo-iko.png"/>
<!-- .slide: data-background="#E6F7FF" --> # SETUP Understanding our starting point, so we can move on to Git Ops. 1. Install Kubernetes Whereevers 2. Install ArgoCD Helm Chart 3. Create Git Repository 4. Create Feature Branch with Opinionated Structure 5. Connect Git to Argo 6. Create `isc` namespace, and add secret for `containers.intersystems.com` into it. 7. Commit InterSystems Kubernetes Operator to feature branch 8. Configure Kubernetes to poll branch through ArgoCD (values.yml)
<section data-transition="none"> ## Install Kubernetes ```python[1-19] import random import string import google.auth import google.auth.transport.requests from google.cloud import container_v1 from google.oauth2 import service_account from os.path import expanduser from os import getenv from string import punctuation class GoogleCloudKubernetesClient(object): def __init__(self, project_id, zone): file = f'/home/sween/.gcp/pidtoo-fhir.json' credentials = service_account.Credentials.from_service_account_file( filename=file) thinger = "/projects/pidtoo-fhir/locations/us-east4a" self.project_id = "pidtoo-fhir" self.zone = "us-east4-a" self.client = container_v1.ClusterManagerClient(credentials=credentials) ``` Its a small guy, about $100 USD a month </section> <section data-transition="none"> ## Install Kubernetes ```python[4-12] def cluster_spec(name, project): cluster_data = { "name": name, "network": "projects/pidtoo-fhir/global/networks/default", "addons_config": { "gce_persistent_disk_csi_driver_config": { "enabled": True } }, "subnetwork": "projects/pidtoo-fhir/regions/us-east4/subnetworks/default", "node_pools": [ { "name": name + "-pool", "config": { "machine_type": "g1-small",</section> ``` Adjust it to fit your wallet. </section> <section data-transition="none"> ## Install ArgoCD Helm Chart You will not regret this step. ```bash[1-3] kubectl create namespace argocd kubectl apply -n argocd -f \ https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml ``` </section> <section data-transition="none"> ## Add Namespace, Registry Secret for IKO ```markdown kubectl create ns isc kubectl create secret docker-registry \ pidtoo-pull-secret --namespace isc \ --docker-server=https://containers.intersystems.com \ --docker-username='ron@pidtoo.com' \ --docker-password='12345' ``` </section> <section data-transition="none"> ## Git Repo Opionionated Layout ``` . ├── argocd │ ├── app-of-apps │ │ ├── charts │ │ │ └── iris-cluster-collection │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ │ ├── iris-operator-application.yaml │ │ │ │ └── pidtoo-iris-cluster-application.yaml │ │ │ └── values.yaml │ │ └── cluster-seeds │ │ ├── engage.yaml │ │ └── README.md │ └── README.md ├── iko │ ├── AIKO.pdf │ └── iris_operator_amd-3.5.48.100 │ ├── chart │ │ └── iris-operator │ │ ├── Chart.yaml │ │ ├── README.md │ │ ├── templates │ │ │ ├── apiregistration.yaml │ │ │ ├── appcatalog-user-roles.yaml │ │ │ ├── cleaner.yaml │ │ │ ├── cluster-role-binding.yaml │ │ │ ├── cluster-role.yaml │ │ │ ├── deployment.yaml │ │ │ ├── _helpers.tpl │ │ │ ├── mutating-webhook.yaml │ │ │ ├── service-account.yaml │ │ │ ├── service.yaml │ │ │ ├── user-roles.yaml │ │ │ └── validating-webhook.yaml │ │ └── values.yaml │ └── pidtoo │ ├── Chart.yaml │ ├── common.cpf │ ├── compute.cpf │ ├── data.cpf │ └── templates │ └── pidtoo.yaml └── README.md ``` </section>
<!-- .slide: data-background="#E6F7FF" --> # GIT OPS <!-- .element: class="r-fit-text" --> [https://github.dev/pidtoo/gitops_iko](https://github.dev/pidtoo/gitops_iko) 1. Adding More Resources 2. No Subscription Bro? ( Feature Flags ) 3. Do IRIS Stuff 4. Add A Sidecar
<section data-transition="none"> ## Adding Disk Space Skip the Docs, Describe like a pro. </section> <section data-transition="none"> ## Enabling Entire Features Skip the Docs, Describe like a pro. </section>
<!-- .slide: data-background="#E6F7FF" --> # HACKS <!-- .element: class="r-fit-text" --> [https://github.dev/pidtoo/gitops_iko](https://github.dev/pidtoo/gitops_iko) 1. Describes As Yamls 2. Work Backwards 3. Get Helm Values.yml Defaults 4. Befriend (I|Z) Package Manager 5. Read the Fantastic Manual! (RTFM) 6. passwordhash
<section data-transition="none"> ## ConfigMaps As yaml Dont get confused with the relationship of CPF to ConfigMap, manage the ConfigMap directly. </section> <section data-transition="none"> ## Work Backwards Once you get everything running and you have the simplest sample running from the docs, just `describe` everything to see what is going on under the hood. </section> <section data-transition="none"> ## Get Default Helm Values If you are adding other solutions/charts to augment your solution, spit out the default values to see what is available for the chart. Also, beware of changes between releases. ``` helm get values "release-name-in-repo" ``` </section>
<!-- .slide: data-background-transition="slide" data-background="https://i0.wp.com/roomescapeartist.com/wp-content/uploads/2018/07/Spaceballs-Luggage-Combination.gif?ssl=1" --> ## PasswordHash Below generates a password for your IRIS workloads (and the Druidia AirShield) and should be included in your configmap (or cpf). ``` sween @ fhirwatch-pop-os ~/Desktop/VEGAS/gitops_iko_slides (gh_pages) └─ $ ▶ docker run --rm -it containers.intersystems.com/intersystems/passwordhash:1.1 -algorithm SHA512 -workfactor 10000 1.1: Pulling from intersystems/passwordhash f35eb96867aa: Pull complete Digest: sha256:784ee9ad3b6daf54badc0a7f57a934de7633d27da0da38e6482c2306d3d898db Status: Downloaded newer image for containers.intersystems.com/intersystems/passwordhash:1.1 Enter password: Enter password again: PasswordHash=dd3db559360ff44afc8ad4285454923286af054bcdfe246781403de71ad671ace9db97156558e8ad51a534532f5ec4cb0050905d22268b37093ff3e79a1ea62e,2679fe891b0dffffcf8a98b58ed5778ef8bbb1da5a8754f7ff3427274608cc8ca76d332bc50308042b0895f531925fa686c7501872625e719885cfca87c2b45c,10000,SHA512 ```
<!-- .slide: data-background="#E6F7FF" --> # SRE <!-- .element: class="r-fit-text" --> Site Reliability Tasks for IKO Workloads The podTemplate field can be useful in exploring deployment and startup errors; examples are provided in that section. `kubectl explain resource` `kubectl describe resource [instance-name]` Lists the fields and values for all instances of the specified resource, or for the specified instance of that resource. For example, kubectl describe pods shows you the node each pod is hosted by, the containers in the pod and the names of their data volumes (persistent volume claims), and many other details such as the license key and pull secrets. `kubectl get resource [instance-name] [options]` Without options, lists basic information for all instances of the specified resource, or for a specified instance of that resource. However, kubectl get -o provides many options for formatting and selecting subsets of the possible output of the command. For example, the command `kubectl get IrisCluster -o yaml IrisCluster-name output option` displays the details fields by the .yaml definition file for the specified IrisCluster in the same format with their current values. Troubleshoot IrisCluster deployment errors `kubectl logs (pod-name | resource/instance-name) [-c container-name]` Dislays the logs for the specified container in a pod or other specified resource instance (for example, kubectl logs deployment/intersystems-operator-name). For example, you could use kubectl exec in these ways: `kubectl exec pod-name -- iris list` Displays information about the InterSystems IRIS instance running in the container. `kubectl exec pod-name -- more /irissys/data/IRIS/mgr/messages.log` Displays the instance’s messages log. `kubectl exec pod-name -it -- iris terminal IRIS` Opens the InterSystems Terminal for the instance. `kubectl exec pod-name -it -- "/bin/bash"` Opens a command line inside the container.
<section data-transition="none"> ## ConfigMaps As yaml Dont get confused with the relationship of CPF to ConfigMap, manage the ConfigMap directly. </section> <section data-transition="none"> ## Work Backwards Once you get everything running and you have the simplest sample running from the docs, just `describe` everything to see what is going on under the hood. </section> <section data-transition="none"> ## Get Default Helm Values If you are adding other solutions/charts to augment your solution, spit out the default values to see what is available for the chart. Also, beware of changes between releases. ``` helm get values "release-name-in-repo" ``` </section>
<!-- .slide: data-background-transition="slide" data-background="https://i0.wp.com/roomescapeartist.com/wp-content/uploads/2018/07/Spaceballs-Luggage-Combination.gif?ssl=1" --> ## PasswordHash Below generates a password for your IRIS workloads (and the Druidia AirShield) and should be included in your configmap (or cpf). ``` sween @ fhirwatch-pop-os ~/Desktop/VEGAS/gitops_iko_slides (gh_pages) └─ $ ▶ docker run --rm -it containers.intersystems.com/intersystems/passwordhash:1.1 -algorithm SHA512 -workfactor 10000 1.1: Pulling from intersystems/passwordhash f35eb96867aa: Pull complete Digest: sha256:784ee9ad3b6daf54badc0a7f57a934de7633d27da0da38e6482c2306d3d898db Status: Downloaded newer image for containers.intersystems.com/intersystems/passwordhash:1.1 Enter password: Enter password again: PasswordHash=dd3db559360ff44afc8ad4285454923286af054bcdfe246781403de71ad671ace9db97156558e8ad51a534532f5ec4cb0050905d22268b37093ff3e79a1ea62e,2679fe891b0dffffcf8a98b58ed5778ef8bbb1da5a8754f7ff3427274608cc8ca76d332bc50308042b0895f531925fa686c7501872625e719885cfca87c2b45c,10000,SHA512 ```
<!-- .slide: data-background="#E6F7FF" --> # DONESIES <!-- .element: class="r-fit-text" --> For now... Next up: 1. More Gateway Stuff 2. Mirroring 3. ECP