 So welcome everybody To this OpenShift Commons briefing today We're really pleased to have the crew from get-up cloud down in Brazil who've been who back in November of 2012 launched a public pause For the Brazilian market using OpenShift v2 or maybe it was even v1 back then I don't know you guys were very daring and you've been with us from the very beginning and Now today, they're going to be talking about their journey from v2 to v3 on from Azure on to Azure from AWS and some of the lessons that they've learned and some of The new features they're taking advantage of so I'm going to get out of the way and let The get-up cloud guys talk for 20 to 30 minutes And then we're going to have a Q&A session and we're very pleased to have some of the members of the Microsoft Azure team with us And a few of the folks from Ceph because you'll hear today a little bit about how get-up cloud is using Ceph Ceph storage For this deployment on Azure and so there's lots of interesting things to talk about today So the Q&A Post your questions into the chat We're going to try and hold the questions until after the presentation and then we will go as long as it takes To answer all your questions today. So without further ado, I'm going to welcome Diogo From get-up cloud and I'll let him introduce himself and his team Thanks, Diane. Hello, everyone. My name is Diogo. I am the CEO of get-up cloud and It's a great it's great to be here today. It's okay a little about to get up and what you will we are doing here in Brazil? I'll start. I must confess that I didn't see this coming I did not imagine that we would be talking about deploying an open source project using Microsoft technology And I think this is great. It is a big deal. It's a way good to see Companies like Microsoft being more open and joining the party. So Microsoft to welcome and chapeau Very quickly about us Get-up is a Brazilian company specializing in platform as a service Founded three years ago by myself Diego Castro and Matheus Caruso Diego changes like please Okay We have a public offer also Based on open shift orange. We do on-premise open shift deployments as well some professional services focus on technical guidance to our customers mostly help them to Understand and embrace serverless architecture. This is new new for a bunch of people So we try to show the way when building cloud native applications Diego We chose open shift for a bunch of good reasons We started using AWS and focused on market agencies Running digital campaigns for some big brands fast-forward a lot of projects passed by and We started following all the fuss around Docker Docker containers Also the evolution in software development and they need for more speed and abstraction when building modern applications We have also other trains that you already know So last year we decided to make our shift to v3 Which seems to have all the answer till now The deployment is using Microsoft Azure Which is now our new partner Diego So why why Azure now? We all know that AWS is the leader in the segment so why we chose Azure Well, we we don't want to be locked with only one vendor And as this is a new environment we saw it as a good opportunity to start a new relationship We did a look at Azure and IBM software also To us Azure is way ahead of software Has a superior service the UI and API is friendly to use And also has a lot of services That we can use to extend our offer. For example, we use a lot of CDN any object storage To build the solutions to our customer Another great adventure Adventure is the fact that we can pay using our local currents With a fixed a fixed exchange rate avoiding monetary fluctuation We did a test Google because they don't have a Brazilian region And this is important for late insensitive application Yeah Before Diego going to technical details today of our deployments I'd like to show two cases running on OpenShift V3 and Using our infrastructure in Azure. The first one is Heineken up on the roof It is a free VIP party at the rooftop of Martin Eddie's building Which is an iconic sky scraper in Sao Paulo The application Was very simple. They built a web app to give the tickets Every Monday exactly 3 p.m. For six weeks in a row. They had opened the list with around 400 tickets per week All you had to do to get one is fuel a farm. Easy, isn't it? Not really Actually, the tickets finished in seconds the last the last week was in nine seconds to be exactly And every week the number of people searching for a spot was even higher This is a classic example where you need to speed you need speed when scaling reserves and The new architecture of V3 made it not only possible, but also simple because we are What we are working with digital agencies here not tech guys or tech savvy guys and All they need to do was launch new containers a few minutes before the traffic spike jib another case that I want to show it is really cool because We all know Netflix. We all know that TV companies are moving to the web So I Picked this one because it's a really cool case. It's RBS Octo RBS group is a Brazilian media conglomerate founded in 1957 They are one one of they are one of Brazil's largest communication groups It is also the largest one affiliated with Hedgeglobal or global networks Famous by their soap operas Let's see last year they started the Octo project a new TV channel and available only to the web The goal was to build the solution using microservices approach and they had only 90 90 days to develop so DevOps and agile development was crucial in this project because as well the consistency between that stage and production As the project was evolving We had no time for for error We worked with the product and development team providing them technical guidance helping them with the architecture The project was launching in time and it is a success inside the company It was a pilot probably you will see in a feature Near future more projects going forward going to the web Now I will pass the presentation to Diego to talk about infrastructure and the technical details Okay, hello, Diego Castro, I'm CTO at Giraffe Cloud and I'll make an overview of our OpenShift Changer deployment. So How we use it blob storage to start our registry images and what what they are doing to improve our services When I started to look at new services a new service cloud provider I wanted to make sure of three things be easy to deploy auto recovery and reliable as you may know OpenShift TV 3 has a whole new concept of deployment and management and One master and one DTCD are the only machines you have to care about backups Although all of the other can be easily replaced it This is perfect if you want to use a disposable servers and if a server goes down Just replace it with a new one and OpenShift takes care of rescheduling pods across the healthy nodes, it's it works really really well and We use Azure Resourcing manager templates I think that it's basically a big JSON file which defines what services you want to create and configure Our deploy or components are isolated on subnet subnets of our virtual networks those three layers you'll see here and Which are public private and SAM we have security groups attach it on subnets instead of network interfaces because We have standardized or deployment and it's easy to manage We have only four security groups. So it's very simple to manage it We also use Availability sets. This is the Azure concept of Redundas It works is spreading the servers on faulty domains Which are sets of hypervisor hardware power source network switch So it reduces the impact of hardware failure or Whatever power load agent so so Azure was the best best fit of what you have been Trying to achieve and At here at the very top those two points we have Trafficking manager and points one for our API and water for webby halting This is our first layer of load balancing Trafficking manager. It's a cloud services that has failover and load balancing features It works by monitoring the endpoints and provides Automatically failover when a service see goes down. It's very important to us to keep the service running all the time and Trafficking manager has a critical role on it. It's very easy to set up It's DNS based it and works really well on OpenShift So moving forward we have here on the public network. We have the jump node Which is used as a SSH Gateway to our servers. It's a machine OpenShift masters They are two for failover and load balancer managed by Trafficking manager And what do we call here router? They are OpenShifting nodes running HA proxy router image and those are the only nodes that has public IPs attached We don't use native HA solution based on base maker Because it doesn't work on Azure cloud. We use instead Trafficking manager and Here at the private network we have The major part of our services. They are Previz network Etcd cluster. They are three machines with data disks attached and we also have OpenShifting nodes for compute nodes for to host our customers containers and We also have OpenShift infra nodes and It's running metrics Halcular, hipster, Xandra and the logging system Elasticsearch and Kibana On the same network Here we have a set cluster. This is version Hammer and It holds the persistent volumes for the pods so each set OSD has four data disks on Rady 10 and performance is Performance here is critical and Unfortunately, we don't have SSD disks On Brazil. So we had to tweak the config a little bit to use the local ephemeral disks for journal and that way our performance It's really good We don't have we don't wanna Databases or Our disk is slowing down the whole application. So it works very well and We're looking forward to get the SSN disks on Brazilian region and Well We use instable to Configure the servers we use community playbooks and everything we developed it was sent back to the upstream I Recommend you guys doing the same the community guys are very nice and They have measured all of my pull requests. So to deploy a new server We start with Azure templates that creates a cloud Creates the cloud components bootstrap the server installing updates starting Docker Monitoring agents and then we run the instable playbook to finish the configuration We don't have Fully automated deployment yet. This is this is being developed. So we will be able to automatically Deploy and replace servers really Without any human intervention. So We don't we don't use golden images since Azure has a kind of It is not a limitation, but it's a it's a way to do things that Makes harder to use custom images and And Because of that or deployment Might get a little complex. So we use instead a central seven From the marketplace it's up-to-date and works very well we also have Azure DNS for our customers domain and Each group of servers They are also resource groups. So we can track costs and Have a better organization of the resources We use blob storage Bob stars to start or has three images and to start our backups and for monitoring solution we use New Relic and a page or dirty So I'm going to pass here. Okay one of one of our First work to do on wager was to get the hatches tree nice and Reliable way to start our images. So I'm gonna talk a little bit about how we How our registry was set to work on Azure cloud and It is using blob stars to For image persistence as we know Registry holds all of the private images and Needs a lot of lots of disk space. So blob is far. She was the best choice When we first came to Azure Hages the opportunity has just you didn't support it the blob stars. So it was our first contribution to the project and It's really easy to use here in green on the side. It's all you need to enable it in I Didn't put the whole procedure, but it's quite straightforward you can check the official docs for customize your hatches tree, but What this makes is tell the hatches tree to use The Azure blob stars in module to start the images and that way you can have ha hatches tree and scalable no comments here works really well and The only requirement is that the origin has to be at least one one two it was when they get measured to the to the upstream and It has been working since I don't know a couple couple months and Without any major issue works works. It's very reliable works really well and Okay, I'm sure you're here. Okay Moving forward we have We're working to enhance our deployment making them faster and simple We will also want to Use auto recovery and auto scaling features on the server side because Openshift takes care of the pods, but you we still have to take care of your machines Make sure they are up and running and you can scale them as fast as you can so That work has been Developed so Azure already has virtual machine scale sets in preview mode and As soon as it gets generally available, we're going to use it for our auto scaling solution and We also are looking for Multi-region deployment so we can serve customers outside Brazil with low lanes and That's it I'm going to open for the questions All right, then thanks. There's you actually done a very good job explaining most of all all of these things There was one comment and I'm just going to turn John Gosman on John you're you're open and you can talk Yeah, I just wanted to say first of all, I'm very impressed with how much stuff that you have Done and how complete this is The I was going to comment that VM skill sets are actually GA now. We just GA them last week at our build conference So What look at it though, they don't yet support data disks And so you might need that for that, but that's something that'll come quite soon afterwards But you should certainly start kicking the tires and giving us feedback on that. Oh Nice Okay Looking to see if there's any other questions from the audience Because I know that you had some here's something popping in How are you authenticating developers to the OpenShift console API and how are you authorizing that access? Okay, we have our own Auto-education backends it is Well, Matheus can explain a little bit about Hello everyone, I am Matheus Carusio. I am the developer of the cloud and and we are We are using our users from a jungle back end We have built it from the V2 to V3 We are now using jungle Ratch framework and there is this option on the shift master configuration file where you can Put where is your authentication back end OpenShift will forward the request with user and password and The jungle back end that responds with a token that is sent back to the user to make the subsequent calls It's pretty simple. It's working very nice with us because we handle the all the We can end up in the central point all the authentication the building system the Our registry and email validation and points and We already did that in V2 and it was just that one or two things to to run it under V3 Does it make answer the question? I think that did and it also showcased your use of Django So I can see where some people are gonna be interested in doing that especially myself. That's pretty cool There's one question coming in how how do you get the sand set up on Azure? Is that a VM network? Okay, the same. Okay. Okay the same it is a It is a regular Subnet from a virtual network. I call send because there is no access to outside the world And just the nodes can access them It's it's very straightforward. I have a template a business manager template that's been up my Seth cluster and Configure them so each It's safe each safe note has its own set of data disks Attached to its own Storage account so I don't get limited by the storage account IOps or throughput. So It's one It's one node for one Storage account and then a set of data disks touch it on I don't know. Is it clear? Answer your question. Yeah, I'm just want to get some ideas. How you so it sounds to me You are still using the VM level network So that's correct so the networking you are not on the host of the hypervisor networks Yeah, yeah, yeah, it's VM network is not a hypervisor network. Okay, do you Do you see any issues with the question that the network could be saturated? Well, to be honest, yes, I Saw some issues especially when I Believe a couple weeks ago there were Planted maintenance on the Azure network and things get really weird Seth machines couldn't provide I Don't know exactly what what was going on, but looks like the the network was flapping Sometimes it works. Sometimes it doesn't Losing packages and Seth didn't like of a flapping network as The network should be like really really stable to Seth work well and I Realized that when there's some Azure maintenance on the system things does doesn't work really smooth. So We are here with the Azure guys, I'd like to hear of them because It's only on the maintenance it Regular days works really well Thank you By the way, do you run any of the workload on what's kind of the workload you are running on the Side, so that's the position position story. I heard you are running some of the database on the Seth persistent storage. So do you also see any like performance issues? For some people no, okay, that sounds great to me Okay, I see I See like My squirrel post-grease MongoDB and also Regular data disks attach it on pods we we run all all sorts of workloads but We have to tweak a little bit the set configuration because the The standard disks the standard Storage accounts doesn't have a really good throughput. So We had to tweak to use the ephemeral disks on each machine for our journal and then It came up with a really good really good performance, but I mean the real the big deal is when SSG get arrived in some bubble and It's gonna Be way more faster But it's stable is Right. Yeah, I think so. Thank you for asking my asking my questions So there's there's one other question that just came in from Boris and Boris if you unmute yourself you can ask any follow-up like Have you explored hooking up Azure AD to open shift? Maybe you could explain what Azure AD is to the audience It's the Azure Active Directory. This is Boris So this is just the one of the mechanism of using off without having to do manage the password So it's the Azure Active Directory that does manage identity and open shift just uses that as a as a means of redirecting requests to Azure AD to get the authentication Okay, I have not used it Azure AD to authenticate our Customers, but we have I have experience of setting the OpenShift on Active Directory on on premise and It's really easy to use. I was amazing. It works really well Right so with with Azure AD, I think the only thing you need to do It's it's a matter of configuration. So that that should work right out of the box There's no need to build anything. It's just a matter of creating the Azure AD application and giving it right to access a Particular directory where the users are but that removes completely need to manage users and passwords Okay, but okay. Is it available on resourcing manager or just classic in deployment? It is you you have to create the application separately from deployment So all you have to provide in the deployment is the parameters the application The tenant ID and the tenant secret in the config file and the answer will config file and that should do it I have a sample if if you want I can show you I actually have the active cluster hooked up to Azure AD Okay, nice Cool. That sounds like something for a future OpenShift Commons briefings Boris watch out I will coerce you into doing doing that soon. So Excuse me, I'm interested in AD 2 And how could I integrate this with my Django application? If you are going to talk to Diego, I would like to join join you I think we'll make it a real an OpenShift Commons community briefing because there's probably a lot of interest in that as well so I will hit you up after this call Boris and find a time because So are there any other questions from the audience or from Mateus for the Ceph and Azure research that we have here Well, I would just like to have SD disks in Brazil I Have two or three here on my desk. Can I send them to some Apollo data centers? They can sell on our machines. I Will take a look to see when they're showing up in Brazil, but that's the it's rolling out worldwide By the way, you also talk about your network issue. Do you be sure? You know, do you I'm sure you filed an incident and you should get an RCA for what happens That's not expected behavior because of maintenance or anything else from what from what you described Okay, okay, I will All right, well, it sounds like That's a wrap what I'll do is I will make sure that The get-up cloud guys get all of the Azure guys and the Ceph guys email address so that you can talk amongst yourselves and I will set up a future session Boris on Azure AD and other things Related to setting up OpenShift on Azure because we're getting lots of calls and lots of interest in it And we are really thrilled with the work And very impressed with the work that the get-up cloud team has done Down there in Brazil and we're really looking forward to your launch, which we won't name any dates to hold you to And We'll figure out if we can have a party and have a Brazilian theme when you do that launch So and look forward to hearing more of your exploits. So thanks again, everybody for joining us and I will post this and We'll get this all up on the internets very soon and share it with everyone else Thanks. Oh, yeah, I just very impressed with all the work you've done. That's really cool. Nice to see