service overview - huawei...(tasks you define in the process) are lined up by pipelines to automate...
TRANSCRIPT
ContainerOps
Service Overview
Issue 01
Date 2020-08-28
HUAWEI TECHNOLOGIES CO., LTD.
Copyright © Huawei Technologies Co., Ltd. 2020. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without priorwritten consent of Huawei Technologies Co., Ltd. Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respectiveholders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei andthe customer. All or part of the products, services and features described in this document may not bewithin the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,information, and recommendations in this document are provided "AS IS" without warranties, guaranteesor representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.
Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. i
Contents
1 Notes and Constraints............................................................................................................ 1
2 Introduction.............................................................................................................................. 2
3 Advantages............................................................................................................................... 5
4 Basic Concepts.......................................................................................................................... 7
5 Permissions Management..................................................................................................... 8
6 Related Services.....................................................................................................................10
ContainerOpsService Overview Contents
Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. ii
1 Notes and Constraints
ContainerOps subscription is now suspended. If you have subscribed toContainerOps before June 25, 2020, you can continue to use it. Sorry for anyinconvenience caused.
QuotasQuotas are imposed on the number of software repositories a user can add. Formore information on quotas, see Quotas.
Table 1-1 lists the quotas imposed by SWR. To apply for more quotas, CreateService Ticket.
Table 1-1 SWR resource quotas
Resource Type Quota
Number of softwarerepositories
10
ContainerOpsService Overview 1 Notes and Constraints
Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. 1
2 Introduction
ContainerOps is a DevOps orchestration platform for you to clearly define theentire DevOps workflow from source code obtaining to application rolling out,covering key steps like code compiling, image build, gray deployment, andcontainerized deployment. ContainerOps smooths the whole process fromdevelopment, deployment, to O&M, facilitating speedy application iterations.
Figure 2-1 How ContainerOps works
FeaturesOne-stop container CI/CD
ContainerOps supports continuous integration (CI) and continuous delivery (CD)of containers throughout the whole DevOps process from source code to imagebuild and deployment. You can conveniently use the built-in pipelines or customizeyour own pipelines to best suit your needs.
Easy integration with source code hosting websites to facilitate image build
Your code hosted in DevCloud, GitHub, GitLab, or Gitee can be directly used forimage build in ContainerOps after your authorization. These images will then bestored in Software Repository for Container (SWR) for you. You can easily deploythem at any time.
Gray deployment
ContainerOpsService Overview 2 Introduction
Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. 2
As you prepare a new version of an application, you can upgrade certain pods ofthe service cluster first to test the new version before the official release. In thisway, your application can iterate in a more smooth and reliable manner.
Figure 2-2 Gray deployment
End-to-end agile delivery across alpha, beta, and gamma environments
ContainerOps can automatically deploy the same version of application tomultiple environments, namely, alpha, beta, and gamma, with differentconfigurations for you. This frees you from tedious work trying to keepenvironments consistent and speeds up application iterations. Each pipelineindependently manages the lifecycle of a (micro) service, reducing the couplingoperations cross (micro) services or cross DC/regions.
ContainerOpsService Overview 2 Introduction
Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. 3
Figure 2-3 End-to-end agile delivery across alpha, beta, and gamma environments
Easy integration with existing R&D platforms
A comprehensive set of APIs is provided for your own R&D platforms to workseamlessly with ContainerOps. There is no need to change your original R&Dworkflows or deprecate existing resources.
Figure 2-4 Integrating with existing R&D platforms
ContainerOpsService Overview 2 Introduction
Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. 4
3 Advantages
Ease of UseContainerOps provides detailed guidance to walk you through all the key featuresat your own pace. In addition, diverse CI/CD pipelines for typical scenarios arebuilt in for your direct usage. No need to build environments on your own.
Quick Image Delivery● ContainerOps, as a one-stop orchestration platform, supports the whole
DevOps process from code compiling, image build, store, deployment, torelease, making application containerization and delivery faster and stabler.
● ContainerOps enables collaborative application deployment across multipleenvironments (such as R&D, test, pre-release, and production) whileautomating the process from R&D to delivery. No need to worry about versionconsistency any more.
Open ArchitectureWith the decoupled capabilities of ContainerOps and RESTful APIs provided, youcan integrate desired features of your existing systems into ContainerOps. In thisway, you are free to keep your original development and O&M workflows.
Faster Image Pull and BuildIntelligent node scheduling around the globe ensures that your image build taskscan be automatically assigned to the idle nodes nearest to the image repository.
ContainerOpsService Overview 3 Advantages
Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. 5
Figure 3-1 Node scheduling around the globe
ContainerOpsService Overview 3 Advantages
Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. 6
4 Basic Concepts
DevOps
DevOps is a novel software engineering concept with Dev referring todevelopment and Ops referring to operations. Unlike the traditional softwareengineering, in which development, test, and O&M function in relative silos,DevOps attaches great importance to the end-to-end agile and consistent deliveryprocess. It emphasizes the cooperation among development, test, and O&M toimprove efficiency, and shorten software's time to market (TTM).
Pipeline
Pipelines clearly define the CI and deployment process of applications. Stages(tasks you define in the process) are lined up by pipelines to automate the wholeDevOps process. Tasks such as image build, gray deployment, and imagedeployment can be set as different stages in pipelines.
Image
Container images are like templates that include everything needed to runapplications. When deploying containerized applications, you can use images fromthe image center and your private image registries. For example, a containerimage can contain a complete Ubuntu operating system, in which only therequired programs and dependencies are installed. Container images are used tocreate containers. A container engine provides an easy way to create and updateyour own images. You can also pull images created by other users.
Container
A container is a running instance of a container image. Multiple containers canrun on one node. Containers are actually software processes. Unlike traditionalsoftware processes, containers have separate namespaces and do not run directlyon a host.
The relationship between image and container is similar to that between class andinstance in the object-oriented program design. Images are static, while containersare the entities when images are running. Containers can be created, started,stopped, deleted, and suspended.
ContainerOpsService Overview 4 Basic Concepts
Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. 7
5 Permissions Management
If you need to assign different permissions to employees in your enterprise toaccess your ContainerOps resources, Identity and Access Management (IAM) is agood choice for fine-grained permissions management. IAM provides identityauthentication, permissions management, and access control, helping you secureaccess to your HUAWEI CLOUD resources.
With IAM, you can use your HUAWEI CLOUD account to create IAM users, andassign permissions to the users to control their access to specific resources. Forexample, some software developers in your enterprise need to use ContainerOpsresources but should not be allowed to delete the resources or perform any otherhigh-risk operations. In this scenario, you can create IAM users for the softwaredevelopers and grant them only the permissions required for using ContainerOpsresources.
If your HUAWEI CLOUD account does not require individual IAM users forpermissions management, skip this section.
IAM can be used free of charge. You pay only for the resources in your account.For more information about IAM, see IAM Service Overview.
NO TE
ContainerOps shares the same system policy with Software Repository for Container (SWR).For details, see ContainerOps Permissions.
ContainerOps Permissions
By default, new IAM users do not have permissions assigned. You need to add auser to one or more groups, and attach permissions policies or roles to thesegroups. Users inherit permissions from the groups to which they are added andcan perform specified operations on cloud services based on the permissions.
ContainerOps is a project-level service deployed and accessed in specific physicalregions. To assign ContainerOps permissions to a user group, specify the scope asregion-specific projects and select projects for the permissions to take effect. If Allprojects is selected, the permissions will take effect for the user group in allregion-specific projects. When accessing ContainerOps, the users need to switch toa region where they have been authorized to use the ContainerOps service.
ContainerOpsService Overview 5 Permissions Management
Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. 8
Table 5-1 lists all the system-defined roles and policies supported byContainerOps.
Table 5-1 System-defined roles and policies supported by ContainerOps
Role/PolicyName
Description Type
SWR Admin ContainerOps administrator, which includesall ContainerOps permissions.
System-definedrole
TenantAdministrator
ContainerOps administrator, which includesall ContainerOps permissions.
System-definedpolicy
Tenant Guest ContainerOps developer, which includespermissions such as viewing pipelines.
System-definedpolicy
SvcStgDeveloper
ContainerOps developer, which includespermissions such as viewing pipelines.
System-definedrole
Helpful Links● IAM Service Overview● Creating a User and Granting Permissions
ContainerOpsService Overview 5 Permissions Management
Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. 9
6 Related Services
ContainerOps works with other cloud services and requires permissions to accessthem. For details, see Figure 6-1.
Figure 6-1 Related services
● Cloud Container Engine (CCE)
CCE is a high-performance and high-reliability service through whichenterprises can manage containerized applications. It supports Kubernetes-native applications and tools, allowing you to easily set up a containerruntime environment in the cloud.
ContainerOps works seamlessly with CCE. You can deploy images on CCEclusters.
ContainerOpsService Overview 6 Related Services
Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. 10
● Cloud Container Instance (CCI)CCI is a serverless container engine that allows you to run containers withoutcreating and managing server clusters.ContainerOps works seamlessly with CCI. Images can also be deployed on CCI.
● Cloud Performance Test Service (CPTS)CPTS has powerful distributed pressure testing capabilities. It providesperformance tests for deployed cloud applications.ContainerOps can call CPTS APIs to perform pressure tests in the test stagesof pipelines.
● Application Orchestration Service (AOS)AOS enables you to deploy your applications on HUAWEI CLOUD with a fewclicks, simplifying cloud service management. AOS uses templates to describeand orchestrate applications and cloud services, facilitating automaticapplication deployment, cloud service creation, and E2E application lifecyclemanagement.ContainerOps can call AOS APIs to create AOS stacks from templates in theimage deployment stages of pipelines.
● DevCloudDevCloud is a one-stop, cloud-based DevOps platform built with Huawei'spractices of nearly three decades in R&D, together with its cutting-edge R&Dideas, and advanced tools. This out-of-the-box cloud service enables you tomanage projects, host code, review code, execute pipelines, compile, build,deploy, test, and release in the cloud anytime and anywhere.ContainerOps can connect to DevCloud to provide capabilities such as codemanagement and R&D tools supporting the whole DevOps process. The CIand CD of ContainerOps, together with the IDE and CodeHub of DevCloud,enhance your every step from code hosting to containerized delivery. You canperform VM deployment and container deployment at the same time with thesame code in the DevCloud platform integrated with ContainerOps,experiencing a smooth transition during containerization.
ContainerOpsService Overview 6 Related Services
Issue 01 (2020-08-28) Copyright © Huawei Technologies Co., Ltd. 11