diff --git a/2023-07-20-acm-submariner-stream/README.org b/2023-07-20-acm-submariner-stream/README.org index 8b105ed..a59256f 100644 --- a/2023-07-20-acm-submariner-stream/README.org +++ b/2023-07-20-acm-submariner-stream/README.org @@ -1,10 +1,147 @@ -#+TITLE: Progressive cloud migrations with Red Hat Advanced Cluster Management +#+TITLE: Progressive cloud migrations with Submariner #+AUTHOR: James Blair #+DATE: <2023-07-20 Thu 11:00> This is a short demo I gave during an episode of the "APAC Hybrid Cloud Kopi Hour (E05) | Managing Kubernetes Clusters in a Hybrid and Multi-Cloud World" live stream. +The demo covered using the networking magic of [[https://submariner.io][Submariner]] to create secure tunnels for east/west traffic between our two clusters for the purpose of exposing services from one cluster to another. The demo use case I covered was a progressive migration, where we have a two tier application that we want to migrate to another cluster while still allowing access to datasources that exist on the initial cluster. + You can watch the full stream below: -[[./images/stream.png]] +[[https://www.youtube.com/watch?v=1Dc0_WAsYpE][./images/stream.png]] + + +* Pre-requisites + +The setup for this talk assumes you already have two distinct kubernetes clusters running and are orchestrating those with [[https://www.redhat.com/en/technologies/management/advanced-cluster-management][Red Hat Advanced Cluster Management]] the distribution of [[https://open-cluster-management.io][Open Cluster Management]] supported by Red Hat. + +In my case for this demo I have two OpenShift clusters running in Amazon Web Services. + +Additionally the steps below assume you have the ~oc~ command line utility installed and area already logged into the hub cluster. + + +* Step 1 - Create submariner cluster set + +Our first step is to login to Red Hat Advanced Cluster Management and create a new ~ManagedClusterSet~. This is the logical grouping of clusters that we will use to define which clusters to install and run submariner in. + +This can easily be created through the Red Hat Advanced Cluster Management user interface by navigating to **Infrastructure > Clusters > Cluster sets > Create cluster set**. + +Alternatively apply the yaml below: + +#+begin_src yaml +apiVersion: cluster.open-cluster-management.io/v1beta2 +kind: ManagedClusterSet +metadata: + annotations: + cluster.open-cluster-management.io/submariner-broker-ns: submariner-broker + finalizers: + - cluster.open-cluster-management.io/managedclusterset-clusterrole + - cluster.open-cluster-management.io/submariner-cleanup + name: submariner +spec: + clusterSelector: + selectorType: ExclusiveClusterSetLabel +#+end_src + + +Once our ~ManagedClusterSet~ has been created we will want to add both of our clusters to the set, again either using the user interface or applying a label to each of our ~ManagedCluster~ resources. + +#+begin_src bash +oc label ManagedCluster "cluster.open-cluster-management.io/clusterset=submariner" +#+end_src + + +* Step 2 - Install submariner addons + +Once our cluster set is in place we need to deploy submariner to each ~ManagedCluster~ in the ~ManagedClusterSet~. + +Once more, Red Hat Advanced Cluster Management makes this process straightforward. Just click into your cluster set and navigate to the **Submariner add-ons** tab and click **Install Submariner add-ons**. + +[[./images/install-add-ons.png]] + + +To do this as code we can create a ~SubmarinerConfig~ resource for each ~ManagedCluster~, see below example. + +#+begin_src yaml +apiVersion: submarineraddon.open-cluster-management.io/v1alpha1 +kind: SubmarinerConfig +metadata: + finalizers: + - submarineraddon.open-cluster-management.io/config-cleanup + - submarineraddon.open-cluster-management.io/config-cleanup + generation: 3 + name: submariner + namespace: dev-a +spec: + cableDriver: libreswan + gatewayConfig: + aws: + instanceType: m5.xlarge + gateways: 1 + rhos: + instanceType: PnTAE.CPU_4_Memory_8192_Disk_50 + airGappedDeployment: false + IPSecDebug: false + credentialsSecret: + name: dev-a-aws-creds + insecureBrokerConnection: false + Debug: false + NATTEnable: true + imagePullSpecs: {} + IPSecIKEPort: 500 + NATTDiscoveryPort: 4900 + IPSecNATTPort: 4500 + loadBalancerEnable: true + subscriptionConfig: + source: redhat-operators + sourceNamespace: openshift-marketplace + managedClusterInfo: + clusterName: dev-a + infraId: dev-a-9cbff + platform: AWS + region: ap-southeast-2 + vendor: OpenShift + vendorVersion: 4.13.4 +#+end_src + + +* Step 3 - Verify connectivity + +At this point after a short wait Submariner should be installed in both clusters and east/west traffic gateways operational. + +We can verify this by returning to the **Submariner add-ons** page and reviewing the status table: + +[[./images/status-table.png]] + + +* Step 4 - Deploy application + +With Submariner in place lets now deploy our demo application. This is a version of the classic Guestbook application with a web frontend and redis backend. + +For our initial deployment we will bring both application components up on the same cluster as our initial state prior to any migration. + +Run the command below to deploy the application via a Red Hat Advanced Cluster Management ~Subscription~. + +#+begin_src bash +oc apply --kustomize redis/acm-resources +oc apply --kustomize guestbook/acm-resources +#+end_src + + +We can verify the application is running as expected by opening the route to our web frontend in a browser. + +#+begin_src bash +oc get route --namespace guestbook guestbook +#+end_src + +[[./images/guestbook.png]] + + +* Step 5 - Migrate app frontend + +With the application deployed and our Subamariner networking in place we have all the ingredients we need to perform a progressive migration. + +For our progressive migration we will update the ~PlacementRule~ for our Guestbook frontend to change the cluster label to our second cluster. + +Once the changes are applied the frontend pods will immediately spin down on our initial cluster then create on our second cluster. We can verify that the frontend can still talk to redis as if they continued to be on the same cluster, thanks to our redis service being exposed via Submariner 🎉. diff --git a/2023-07-20-acm-submariner-stream/guestbook/acm-resources/channel.yaml b/2023-07-20-acm-submariner-stream/guestbook/acm-resources/channel.yaml index c6cd664..ec8f131 100644 --- a/2023-07-20-acm-submariner-stream/guestbook/acm-resources/channel.yaml +++ b/2023-07-20-acm-submariner-stream/guestbook/acm-resources/channel.yaml @@ -6,4 +6,4 @@ metadata: namespace: guestbook spec: type: GitHub - pathname: https://github.com/jmhbnz/acm-demo-app.git + pathname: https://github.com/jmhbnz/talks.git diff --git a/2023-07-20-acm-submariner-stream/guestbook/acm-resources/kustomization.yaml b/2023-07-20-acm-submariner-stream/guestbook/acm-resources/kustomization.yaml index 004ee24..fd4fa8f 100644 --- a/2023-07-20-acm-submariner-stream/guestbook/acm-resources/kustomization.yaml +++ b/2023-07-20-acm-submariner-stream/guestbook/acm-resources/kustomization.yaml @@ -1,3 +1,4 @@ +--- resources: - namespace.yaml - channel.yaml diff --git a/2023-07-20-acm-submariner-stream/guestbook/acm-resources/placementrule.yaml b/2023-07-20-acm-submariner-stream/guestbook/acm-resources/placementrule.yaml index 8fcf8da..23c3067 100644 --- a/2023-07-20-acm-submariner-stream/guestbook/acm-resources/placementrule.yaml +++ b/2023-07-20-acm-submariner-stream/guestbook/acm-resources/placementrule.yaml @@ -1,4 +1,4 @@ - +--- apiVersion: apps.open-cluster-management.io/v1 kind: PlacementRule metadata: @@ -13,4 +13,4 @@ spec: status: "True" clusterSelector: matchLabels: - name: dev-a \ No newline at end of file + name: local-cluster diff --git a/2023-07-20-acm-submariner-stream/guestbook/acm-resources/subscription.yaml b/2023-07-20-acm-submariner-stream/guestbook/acm-resources/subscription.yaml index 8fc155a..4c80244 100644 --- a/2023-07-20-acm-submariner-stream/guestbook/acm-resources/subscription.yaml +++ b/2023-07-20-acm-submariner-stream/guestbook/acm-resources/subscription.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apps.open-cluster-management.io/v1 kind: Subscription metadata: @@ -6,7 +7,7 @@ metadata: labels: app: guestbook-app annotations: - apps.open-cluster-management.io/git-path: guestbook-app/guestbook + apps.open-cluster-management.io/git-path: 2023-07-20-acm-submariner-stream/guestbook/guestbook apps.open-cluster-management.io/git-branch: main spec: channel: guestbook/guestbook-app-latest diff --git a/2023-07-20-acm-submariner-stream/images/guestbook.png b/2023-07-20-acm-submariner-stream/images/guestbook.png new file mode 100644 index 0000000..4774d13 Binary files /dev/null and b/2023-07-20-acm-submariner-stream/images/guestbook.png differ diff --git a/2023-07-20-acm-submariner-stream/images/install-add-ons.png b/2023-07-20-acm-submariner-stream/images/install-add-ons.png new file mode 100644 index 0000000..ae23c56 Binary files /dev/null and b/2023-07-20-acm-submariner-stream/images/install-add-ons.png differ diff --git a/2023-07-20-acm-submariner-stream/images/status-table.png b/2023-07-20-acm-submariner-stream/images/status-table.png new file mode 100644 index 0000000..9203ff9 Binary files /dev/null and b/2023-07-20-acm-submariner-stream/images/status-table.png differ diff --git a/2023-07-20-acm-submariner-stream/redis/acm-resources/channel.yaml b/2023-07-20-acm-submariner-stream/redis/acm-resources/channel.yaml index 5ed7ffc..69dfb22 100644 --- a/2023-07-20-acm-submariner-stream/redis/acm-resources/channel.yaml +++ b/2023-07-20-acm-submariner-stream/redis/acm-resources/channel.yaml @@ -6,4 +6,4 @@ metadata: namespace: guestbook spec: type: GitHub - pathname: https://github.com/jmhbnz/acm-demo-app.git + pathname: https://github.com/jmhbnz/talks.git diff --git a/2023-07-20-acm-submariner-stream/redis/acm-resources/kustomization.yaml b/2023-07-20-acm-submariner-stream/redis/acm-resources/kustomization.yaml index 8f362c1..55df2ed 100644 --- a/2023-07-20-acm-submariner-stream/redis/acm-resources/kustomization.yaml +++ b/2023-07-20-acm-submariner-stream/redis/acm-resources/kustomization.yaml @@ -1,3 +1,4 @@ +--- resources: - channel.yaml - placementrule.yaml diff --git a/2023-07-20-acm-submariner-stream/redis/acm-resources/subscription.yaml b/2023-07-20-acm-submariner-stream/redis/acm-resources/subscription.yaml index 5a6706d..8780dea 100644 --- a/2023-07-20-acm-submariner-stream/redis/acm-resources/subscription.yaml +++ b/2023-07-20-acm-submariner-stream/redis/acm-resources/subscription.yaml @@ -6,7 +6,7 @@ metadata: name: redis-master-app-subscription-1 annotations: apps.open-cluster-management.io/git-branch: main - apps.open-cluster-management.io/git-path: redis-master-app/redis-master + apps.open-cluster-management.io/git-path: 2023-07-20-acm-submariner-stream/redis/redis-master labels: app: redis-master-app spec: