A DevOps Engineer's Guide to OCI
Oracle Cloud Infrastructure (OCI) provides developers tools to build, manage, and automate cloud native applications. This guide gives an overview of those tools and their application within the DevOps life cycle.
The DevOps Life Cycle
DevOps is a way of working that encourages multiple teams, mainly Development and Operations, to collaborate and achieve continuous delivery in the software development life cycle. Different tools contribute to different steps in the life cycle.
|
|
|
On the Development side, you need tools to help you with the following steps:
|
And on the Operations side you need tools to help you with the following steps:
|
Many of the tools that OCI provides for DevOps use are closely connected and address multiple steps in the life cycle. The sections in this guide group related steps and information accordingly.
- Plan and manage your infrastructure with configuration management (CM) and infrastructure-as-code (IaC) tools.
- Code for constant change by using application design strategies and tools.
- Build, test, release, and deploy with CI/CD tools.
- Operate with confidence by using OCI security.
- Monitor with observability tools.
The DevOps Approach
Automation is used throughout the DevOps life cycle. It reduces the need for manual tasks and intervention and increases the frequency of deliveries. Configuration management and infrastructure-as-code make much of this automation possible.
Configuration management (CM) is the process of applying programmatic methods to ensure an application's implementation, function, and performance.
Infrastructure-as-code (IaC) uses human-readable code to define, provision, and manage infrastructure. IaC is a key component of the continuous delivery model.
In OCI, Ansible and Terraform are the most commonly used tools that help with CM and IaC. Ansible is primarily a CM tool used for infrastructure configuration, patching, and application deployment and maintenance. Terraform is an IaC tool used for infrastructure provisioning and decommissioning. They are frequently used together.
Configuration Management
The OCI DevOps service is designed to integrate seamlessly with two CM tools: Ansible and Chef.
Ansible
The OCI Ansible Collection automates infrastructure provisioning and configuring of OCI resources, such as compute, load balancing, and database services.
OCI Ansible modules are a set of interpreters that help Ansible make calls against OCI API endpoints. At a basic level, Ansible brings a server or a list of hosts to a known state by using the following concepts:
- Inventory: Explains where to run; can be static or dynamic
- Task: A call to an Ansible module
- Plays: A series of Ansible tasks or roles mapped to a group of hosts in the inventory; run in order
- Playbooks: A series of plays that explain what to run and use YAML
- Role: A standard structure for specifying tasks and variable; enables modularity and reuse
Chef
Chef is an automation tool for CM that focuses on the delivery and management of entire IT stacks. With the OCI DevOps service, users can manage OCI resources by using the Chef Knife Plug-in.
Puppet is another common CM tool used to design, deploy, configure, and manage servers. You can integrate Puppet with OCI, but it requires manual scripting because OCI does not have a direct plug-in.
Infrastructure-as-Code
OCI uses Terraform for IaC. Terraform has a declarative language that lets you codify infrastructure and an engine that uses those configurations to manage infrastructure.
You can use the OCI Terraform Provider and the Terraform CLI to draft and apply configurations from your local machine that manage OCI infrastructure, however, that approach has two problems:
- Lack of version control: You need to track of various versions of the code if you need to roll back or branch.
- Collaboration: You must centralize configurations and plans to ensure that everyone stays in sync.
Instead of using Terraform directly, use OCI Resource Manager, a cloud-based Terraform host for centralized source control, state management, and job queuing. Resource Manager makes it easy for DevOps personnel to manage infrastructure, or stacks, by hiding Terraform in templates.
Resource Manager also includes Terraform-based automation such as resource discovery and drift detection. Because it's not always realistic to draft Terraform configurations first and then provision infrastructure, you can create resources in the Console and then use Resource Manager Resource Discovery to generate the stack and configuration. Drift detection reports can determine if provisioned resources have different states than those defined in the stack's last-run configuration.
Microservices let you design an application as a collection of loosely coupled services that use the "share-nothing" model and run as stateless processes. This approach makes it easier to scale and maintain the application.
In a microservices architecture, each microservice owns a simple task, and communicates with clients or other microservices by using lightweight communication mechanisms such as REST API requests. Applications that are designed as microservices have the following characteristics:
- Easy to maintain and independently deployable
- Easily scalable and highly available
- Loosely coupled with other services
- Developed using the programming language and framework that best suits the problem
Containerization is a common approach to microservice architecture. Containers use OS virtualization and hold only the application and its related binaries, which results in quick startup and increased security.
Containerization and Docker
Docker is an open source project and containerization platform that standardizes the packaging of applications and their dependencies into containers, which share the same host OS. Use Docker containers for fast, consistent delivery of your applications, responsive deployment and scaling, and portability.
A Docker image is a read-only template with instructions for creating a Docker container. A Docker image holds the application that you want Docker to run as a container, along with any dependencies. To create a Docker image, you first create a Dockerfile to describe that application, then build the Docker image from the Dockerfile.
Docker images can be stored in a registry such as OCI Container Registry. Without a registry, it's hard for development teams to maintain a consistent set of Docker images for their containerized applications. Without a managed registry, it's hard to enforce access rights and security policies for images.
Kubernetes
Deploying containerized applications creates a new problem: managing thousands of containers. Kubernetes is an open source tool that automatically orchestrates the container life cycle, distributing the containers across the hosting infrastructure. Kubernetes scales resources up or down, depending on demand. It provisions, schedules, deletes, and monitors the health of the containers.
OCI Kubernetes Engine
OCI Kubernetes Engine (OKE) (sometimes referred to as OKE) is a fully managed, scalable, and highly available service that you can use to deploy your containerized applications to the cloud.
Although you don’t need to use a managed Kubernetes service, OCI Kubernetes Engine is an easy way to run highly available clusters with the control, security, and predictable performance of OCI that gives DevOps teams greater visibility and control.
-
Access your clusters using
kubectl, which is included in Cloud Shell, or use a local installation ofkubectl. - Increase the availability of applications using clusters that span multiple availability domains (data centers) in any commercial region by taking advantage of autoscaling Kubernetes node pools and pods.
- Easily and quickly upgrade container clusters, with zero downtime, to keep them up to date with the latest stable version of Kubernetes.
- Observing Kubernetes Clusters using metrics, logs, and work requests.
Functions
Functions hosts applications while abstracting away from the actual servers. The serverless and elastic architecture of Functions means that there's no infrastructure administration or software administration for you to perform. You don't provision or maintain compute instances, and operating system software patches and upgrades are applied automatically. Functions ensures your app is highly available, scalable, secure, and monitored. You can write code in Java, Python, Node, Go, Ruby, and C# (and for advanced use cases, bring your own Dockerfile, and Graal VM). You can then deploy your code, call it directly, or trigger it in response to events.
Continuous integration and continuous delivery or deployment—CI/CD—is a DevOps best practice.
Continuous integration is the practice of developers integrating all of their work together as soon as possible in the life cycle. Incremental, frequent code changes are built, tested, and revised as needed based on constant feedback. A change to the code should automatically trigger standardized build-and-test steps that ensure that the code changes being merged into the repository are error-free and work with the existing code.
Continuous delivery or deployment is the practice of quickly getting code changes from developers to users. After the code passes unit, integration, acceptance, and other tests, it's released to production in either an automated continuous deployment or a manual continuous delivery process.
OCI DevOps
The build and deployment pipelines are the heart of the DevOps CI/CD workflow.
The OCI DevOps service lets you visually script build and deployment pipelines that automate calls to more focused tools. DevOps has the flexibility to integrate with your existing CI/CD workflows.