Choose An Automation Tool Ebook Red Hat Developer
Choose An Automation Tool Ebook Red Hat Developer
AN
AUTOMATION
TOOL
Introduction................................................................................................................................... 2
Chapter 1:
Helm.................................................................................................................................................4
What is Helm?......................................................................................................................................... 4
Chapter 2:
Kubernetes Operators................................................................................................................8
Chapter 3:
Ansible...........................................................................................................................................12
What is Ansible?.................................................................................................................................... 12
Chapter 4:
Selecting an automation solution by use case....................................................................17
Chapter 5:
Summary...................................................................................................................................... 19
Chapter 6:
How Red Hat can help.............................................................................................................. 20
Introduction
This e-book is intended to help software developers and partners choose between
Helm, Kubernetes Operators, and Ansible® as an automation tool.
Why automate?
There are a number of reasons for software developers and partners to provide
automation as part of the software they produce:
Deployment flexibility.
Enterprises demand the flexibility to run software on site or in public and private
clouds to optimize costs and performance. The deployment of an application can
span multiple hybrid environments.
2
What to automate
For developers looking to add automation to their projects, automating installation is a natural starting point. The process of instal-
lation and initial configuration is often referred to as Day 1 operations. Automating the day-to-day tasks that are needed after the
software is running, referred to as Day 2 operations, can provide benefits by reducing manual toil. Automating both the Day 1 and
Day 2 aspects of application life cycle management can reduce the total cost of application ownership.
The Operator Framework for Kubernetes includes the Operator Capability Model, a taxonomy for automation capabilities and matu-
rity levels. Even if you aren’t using operators, this taxonomy is helpful for planning which application life cycle activities to automate.
The complexity of the automation and the value offered increases at each level. This taxonomy is used in this book to compare the
capabilities of Helm, Operators, and Ansible. An overview of operator capability model is shown in table 1.
Level 1 — Basic install Provide automated application provisioning and configuration management
(Day 1 operations)
Level 2 — Seamless upgrades Automate patching and upgrades between minor versions
(Day 2 operations)
Level 3 — Full life cycle Automate application life cycle events like backups and restores or failover
(Day 2 operations) and fallback to recover from failures
Level 4 — Detailed insights Automate tasks like collecting metrics, generating alerts, processing logs, and
(Day 2 operations) analyzing workload to support decision making and operational improvements
Healing capabilities
Configuration tuning
Abnormality detection
There are several factors to consider when choosing an automation tool, including:
Target environment
An overview of the three automation tools is provided, what problems they are intended to solve, and which tool is best
for specific use cases.
3
Chapter 1:
Helm
What is Helm?
Helm is analogous to operating system package managers like Yum and APT or lan-
guage package managers like npm and NuGet. Developers publish packages called
Helm Chart to online repositories. A simple Helm install command can be used to
download a Helm chart and deploy the software on Kubernetes.
Helm is an open source project that became part of the Cloud Native Computing
Foundation (CNCF) in early 2016. Helm reached the maturity status of a graduated
CNCF project in April of 2020.
Helm is used primarily for automating Day 1 operations tasks, specifically installation
and basic configuration management of applications on Kubernetes clusters. Some
basic Day 2 operations like simple upgrades and rollbacks can be performed with Helm.
In terms of the operator maturity model, Helm charts are considered to cover Level 1
Basic Install and Level 2 Upgrades.
It is easy to understand and use for software developers as well those installing and
operating software. Manually deploying software onto a Kubernetes cluster can involve
editing many lines of YAML to create and configure all the Kubernetes resources like
deployments, services, secrets, and configuration maps. Helm is used to make the
configuration process more generic, reusable, and repeatable.
Using Helm, configuration information is turned into a set of boilerplate templates and
a set of parameterized values. The templates can then be used in all the environments
where the Helm chart is deployed. The parameterized values are used to provide the
specific configuration details needed for each application deployment. Helm merges
the templates and parameterized values to produce the configuration that is applied
to the Kubernetes cluster. Using Helm, the person installing the software only needs
to specify the Helm chart to use and the values to customize the installation.
4
Due to its simplicity, Helm is not intended to provide full life cycle management
or to manage applications with complex requirements. Consider other automation
solutions for applications with complex state management requirements like
databases, file, object, or block stores that need to be distributed across the
cluster to provide availability and scalability.
5
Helm technical details
This summary of Helm technical details is intended to help you understand Helm and evaluate it against other automation solutions.
Helm makes configuration files reusable by separating boilerplate configuration and parameterized values.
The Go template language along with some custom Helm functions are used for templating configuration files.
Go templating was inspired by Jinja2 templating, which is used in Ansible and a number of other software projects.
Helm Charts can specify other charts as dependencies that need to be run first.
Dependencies can be used to install other pieces of software using either local charts or charts from online repositories.
It communicates with a cluster using the Kubernetes API, so it can be run outside of the Kubernetes cluster.
Before Helm can communicate with the Kubernetes cluster, you must be authenticated. Typically the authentication
is shared with other CLI tools, like kubectl and oc .
Helm only interacts with a single Kubernetes cluster at a time, it has no multicluster capabilities. To use a Helm chart on
a different cluster, change the KUBECONFIG environment variable, to point to the desired cluster and then run Helm again.
Software does not have to be installed on the Kubernetes cluster to use Helm.
The Helm client interacts directly with the Kubernetes API. Versions of Helm prior to version 3 required a component called
tiller to be installed on the cluster. This is no longer necessary.
6
For more information on Helm
What is Helm?
7
Chapter 2:
Kubernetes Operators
Kubernetes Operators, also known as the Kubernetes operator pattern, are intended
to automate the deployment and management Kubernetes-native applications.
Human operators who manage an application, like site reliability engineers (SREs),
develop deep knowledge of how an application is deployed, how it is supposed to be-
have, and how to react if there are problems. The goal for operators is to package this
operational knowledge in the form of software that can be shared with an application’s
consumers. While the goal for all automation is to reduce or eliminate repetitive tasks,
operators are intended to make application-specific operational expertise more widely
available, particularly for complex, dynamic applications that react to changes in load
and can handle failures gracefully.
As can be seen from the operator maturity model described earlier in this ebook, oper-
ators are intended to be able to provide full life cycle automation for applications.
An application that is managed with a sufficiently capable and mature operator should
be able provide a service level through automation that is similar to what is available
from managed service providers.
Not every operator will implement all five levels of the operator maturity model. Ini-
tially, an operator implementation might provide only Level 1 or 2 capabilities covering
basic installation and minor version upgrades. However, the operator pattern and tool-
ing for producing operators, like the Kubernetes Operator Framework and Kubernetes
Operator Software Development Kit (SDK), support the development of advanced
capabilities through Level 5.
The concept of the Kubernetes operator pattern was developed at CoreOS in 2016.
Red Hat acquired CoreOS in 2018. Work on operators continued in open source com-
munities, leading to a number of active open source projects that provide tooling for
operator development and management.
8
What are operators used for?
Red Hat has been driving development and adoption of operators in its products
and in open source communities:
Red Hat products like Red Hat AMQ streams, a high-performance data The development of the
streaming system based on Apache Kafka, provide operators for installation
Operator Framework, which
and management on Red Hat OpenShift and Kubernetes clusters. The
Red Hat Ansible Automation Platform Operator simplified the deployment includes the Operator SDK,
of Red Hat Ansible Automation Platform on Red Hat OpenShift, giving the Operator Lifecycle
organizations a streamlined path to implementing an enterprise-wide Manager (OLM), and the
automation solution.
OperatorHub software has
Starting with version 4 of Red Hat OpenShift, Red Hat uses operators to been driven by Red Hat in
install and manage the OpenShift cluster itself. The benefits is that the conjunction with the open
full life cycle management capabilities of operators are available for
source community since 2018.
managing the OpenShift platform.
The Operator Framework
Red Hat is leading the development of operators in the upstream open source became an incubating project
communities for software defined storage and data management projects
under the CNCF in July 2020.
like Rook-Ceph and NooBaa. These operators are available on the repository
OperatorHub.io. This public repository for sharing operators was launched by
Red Hat in conjunction with Amazon, Microsoft, and Google Cloud.
9
Kubernetes operator pattern technical details
The key aspect of Kubernetes Operators that differentiate them from other
automation approaches is that operators themselves are actually Kubernetes For in-depth information
applications. An operator is a piece of software installed on Kubernetes that reacts
on building operators,
to events and manages application-specific resources on the Kubernetes cluster.
The operator pattern can be used to extend and enhance Kubernetes without using the Operator-SDK,
modifying Kubernetes itself. and best practices, read
the O’Reilly book,
Operators are a special type of Kubernetes application that defines custom resources
(CRDs) and controllers to manage them. CRDs are higher-level abstractions for Kubernetes Operators —
applications and/or their components. A CRD defines high-level objects like Automating the container
MyApp-WebServer. The operator is responsible for managing the existing lower- orchestration platform.
level Kubernetes resources like deployments, services, secrets, and configuration maps
when an instance of MyApp-WebServer is required to run on the Kubernetes cluster.
Kubernetes Operators extend the core Kubernetes concept of the control loop.
The control loop continually observes the state of the Kubernetes cluster, compares
it to the state that is desired as expressed by the sum of the configuration, and takes
action to resolve those differences by calling on controllers that manage specific
Kubernetes resources.
When an operator is installed it is defined as the controller for the operator’s CRDs.
As an extension of the control loop, operators continually check that the application’s
current state matches what is defined and desired. The controllers implemented by
the operator will then be called to make any necessary changes to the current state.
Due to the nature of Helm, Helm-based operators are limited to Level 1 and 2
operator capabilities. The operator SDK allows for Go and Ansible-based operators
to implement all five levels of the operator maturity model, as illustrated in Figure 2.
10
Figure 2. Operator capabilities levels by implementation approach
Even with the operator SDK tooling, the process of developing operators should be viewed as a software development project.
The generated operator needs to be built into an image that can be deployed and become a running service on the Kubernetes
cluster. Installing operators requires cluster administration privileges. Aspects like operator permissioning need to be addressed
even with simpler approaches like Helm-based operators. A software engineering skill set is recommended.
What is a Kubernetes operator? Operator framework project, which Operator SDK: Ansible Operator
includes Operator SDK, Operator Tutorial
What are Red Hat OpenShift Lifecycle Manager, and OperatorHub
Operators? 5 tips for developing Kubernetes
Operator SDK with Helm, Operators with the new Operator
Simplify application management Memcached: A tutorial to create SDK
in Kubernetes environments a Memcached operator from an
existing Memcached Helm Chart Kube by Example Learning path:
Kubernetes Operators: Automating Building operators with Helm, Go,
the Container Orchestration Platform Operator SDK: Helm Operator and Ansible
Tutorial
11
Chapter 3:
Ansible
What is Ansible?
Ansible is an open source automation tool that can be used for configuring systems,
deploying software, and managing complex processes like continuous deployments
or zero downtime rolling updates. Ansible was initially released in 2012 and is the oldest
and most mature of the automation tools described in this e-book. Red Hat acquired
Ansible in 2015.
It can be used to automate tasks on systems running Linux, macOS, and Microsoft
Windows, network infrastructure, cloud environments, and orchestrate across environ-
ments. The term Ansible has been used to refer to a number of things:
Red Hat Ansible Automation Platform, a paid product that, when combined with a
subscription, provides full enterprise life cycle support for organizations looking to
standardize, operationalize, and scale automation. It includes numerous upstream
components, Red Hat Ansible Certified Content Collections from 60+ partners to
assist in installing, configuring and supporting automation in your organization.
While Ansible is a powerful automation tool, it was designed to be radically simple and
very extensible. Ansible is flexible, and lightweight. Systems managed by Ansible do not
need to have an agent or any Ansible software installed–usually they only need SSH
connectivity or access to an appropriate API. To be able to automate a wide range of
devices, Ansible has multiple connection plugins that can connect to many different
types of managed nodes. This makes it easier to start using Ansible and improves the
security posture by minimizing the attack surface.
12
The ansible-core package includes the Ansible engine. Once that package is
installed on a system, it provides the ability to configure and manage other systems
and devices. It is primarily implemented in Python and can run on Linux systems
and other Linux/Unix derived systems such as macOS. It is also available to run
on Microsoft Windows using Linux or POSIX compatibility tools such as Windows
Subsystem for Linux (WSL). Ansible core does not require any daemons, agents,
or databases. It is lightweight enough that it can be packaged with and installed
by the software you produce to manage deployments.
While Ansible core does not include a graphical user interface (GUI), Red Hat
Learn more about the
Ansible Automation Platform does. One of the main components of Red Hat
Ansible Automation Platform is the automation controller (formerly Ansible Tower). relationship between
Along with a user interface (UI), the automation controller includes role-based Ansible and Red Hat Ansible
access control (RBAC), workflows, and continuous integration and continuous Automation Platform.
delivery (CI/CD) to help organizations standardize how automation is deployed,
initiated, delegated, audited and scaled.
The focus in this e-book is on the Ansible core functionality that is available from
the aggregated community package (Ansible). That package includes all the com-
mand-line binary applications (Ansible Core) and many popular Ansible content
collections. The Ansible community package is not supported by Red Hat though
help is available from the Ansible community. Support is available from Red Hat
for those with a subscription for Red Hat Ansible Automation Platform.
As a very flexible, simple, and general automation tool, Ansible has been used for an incredibly wide range of tasks. There is a vast
library of Ansible content available from Red Hat, software and hardware providers, and the Ansible open source community. The
breadth of the certified and community supported Ansible content available covers installing and operating a wide range of software,
systems, and devices including network routers, switches, SDN controllers, firewalls and load balancers. A selection of key Ansible
integrations are shown here — click on a company logo to see their integrations.
13
While Ansible is used in enterprises to manage large fleets of systems, Ansible is also
used by operators and developers to automate tasks that only run on a few systems, For more information about
but need to be repeatable.
Red Hat Ansible Automation
Ansible automations are written using primarily YAML. Ansible Playbooks offer a Platform download the
repeatable, reusable method to declare configurations, orchestrate steps of any e-book, Red Hat Ansible
manual ordered process and launch tasks synchronously or asynchronously. Ansible
Automation Platform:
modules provide high-level functions for a vast range of operations that can be
declared from a task and run from an Ansible playbook. For example, to install a A beginner’s guide.
specific package such as ntpdate on a set of systems, I could use the package
module within an automation task as follows:
Ansible is easy for operations staff to learn, a software engineering skill set is not
required. A large community of people already have Ansible skills or have relevant
experience from other similar configuration management and automation tools.
Develop an organizational
Ansible can be used to automate the full life cycle of applications. A few of the
strategy for automation
things developers might use Ansible for include:
Software build and deploy automation including implementing the actions Read An IT executive’s
that need to be performed by CI/CD systems. guide to automation to
learn the benefits of a
Automating the process of building and testing container, virtual machine,
and operating system images. developing long-term
automation strategy and
Automating the installation, configuration, and management of application
the best practices to
software dependencies, such as web, database, and cache servers.
promote adoption within
Orchestrating complex multi-step application roll outs or upgrades where your organization.
each step needs to be completed successfully before the next step is performed.
14
Ansible technical details
This brief summary of Ansible technical details is intended to help you understand
Ansible and evaluate it against other automation solutions.
Ansible has a number of mechanisms like roles and collections for organizing
Ansible content, making it reusable, and shareable.
Collections are a packaging format for bundling and distributing Ansible con-
tent, including plugins, roles, modules, and more. A select group of collections
are included when Ansible is installed. Other collections can be found online and
installed through Ansible Galaxy. Ansible Galaxy is an online resource for finding
and distributing Ansible community content. The command line tool for manag- Certify your
ing Ansible collections is ansible-galaxy. automation content
Ansible is easily extensible through modules and plugins. Red Hat partners can build
Ansible modules are the units of work that Ansible ships out to remote and publish certified Ansible
machines. Modules are often implemented in Python where there is a useful Content Collections through
communal library of code to use. However, modules can be implemented the Automation Hub on
in any language that is available in the target environment. The primary
Red Hat Ansible Automation
requirement is that modules return JavaScript Object Notation (JSON).
Platform. For consumers, the
Ansible plugins are used to extend the core functionality of the Ansible certification is a statement
engine. Plugins run on the system running Ansible that is used to manage
that the Ansible content is
other targets.
supported by Red Hat and
Idempotency and desired state are key Ansible concepts that make Ansible Red Hat ecosystem partners.
well suited for infrastructure as code.
Most Ansible modules check whether the desired final state has already been
achieved, and exit without performing any actions if that state has been
achieved, so repeating the task does not change the final state. Modules that
behave this way are often called idempotent. Whether a playbook is run once,
or multiple times, the outcome should be the same.
15
Using Ansible with Kubernetes and Red Hat OpenShift
Given Ansible’s flexibility, there are many ways it can be used for automation in and around Kubernetes environments.
However, there are three broad categories to consider:
Using Ansible in the traditional way using either the command line or the Red Hat Ansible Automation Controller
Ansible playbooks and other content can be run outside the Kubernetes cluster to automate tasks both inside and outside
the cluster. This approach is very flexible and could be used for deploying and managing Kubernetes clusters or the
infrastructure they run on, as well as, the applications and other objects running inside the cluster.
Using the Operator SDK to build a Kubernetes operator that includes logic from Ansible playbooks, roles, and collections
The Operator SDK uses Ansible content along with Go language scaffolding and libraries to build and compile an operator
executable. When building an Ansible-based operator with the Operator SDK, you define the CRDs your operator will manage.
As with any other operator, the generated operator is installed on a Kubernetes cluster and becomes the controller for the
CRDs managed by the operator.
The advantage of this approach is that it leverages Ansible skills and content to create an operator that runs inside
the cluster and can react to changes in state. This approach does not require an installation of Ansible inside the cluster.
Running Red Hat Ansible Automation Platform on Red Hat OpenShift as an application managed by OpenShift
The Red Hat Ansible Automation Platform operator, which can be found on OperatorHub.io, uses the power of operators
to install and manage the Red Hat Ansible Automation Platform on OpenShift.
This makes it easier to install and operate all the tools included in the automation platform. Ansible playbooks, roles,
and collections can then be run on the cluster to manage objects inside or outside the cluster.
All three of these categories have the benefit of letting you use the breadth and depth of Ansible content, which has been
produced for over a decade, in your automations. One of the core Ansible collections is the collection for managing Kubernetes.
The collection provides access to Kubernetes APIs and objects from your Ansible automations.
Learning Ansible
16
Chapter 4:
Selecting an automation
solution by use case
This section covers common use cases and the automation solution that is
recommended in that situation.
Lack the time or resources right now to develop more full-featured automation.
Helm charts provide a straightforward way to quickly get basic applications running
on Kubernetes. Helm is relatively easy to learn and use for people who package appli-
cations and those who install them. While the functionality available in Helm is limited
compared to other automation solutions, it is a good way to get started automating
deployment of applications on Kubernetes.
Operators are actually Kubernetes applications that monitor the state of the appli-
cations they manage and react to changes to provide full life cycle management.
As an application, operators can encode operational expertise to manage complex
multi-component applications and those that need to be distributed across the Kuber-
netes cluster for scalability and availability.
17
Use cases that lean towards Ansible
Ansible can be used for automation across the IT landscape including systems running
Linux, macOS, and windows, network, storage, security, and edge devices. Automations
can be run from a central system that manages systems and devices across multiple
environments without requiring any agents or daemons to be installed on the target
systems or devices.
Ansible automations can orchestrate multiple-step processes where each step must be
completed successfully before subsequent steps can be allowed to run, even if those
steps involve systems and services that span environments. For workflows that might
need to be restarted after correcting problems, the design principle of idempotency in
Ansible content is helpful to avoid rerunning steps that should not be executed more
than once.
Ansible is an automation solution that scales from managing tasks on a single system
to an enterprise-wide automation platform. Developers can produce Ansible con-
tent that can run standalone or can be managed by an enterprise deployment of the
Red Hat Ansible automation controller.
18
Chapter 5:
Summary
This table provides a a high-level comparison of Helm, Kubernetes Operators, and Ansible:
Intended purpose Basic application installation Full life cycle management Broad scope IT
and upgrades for applications automation platform
When does automation run Once Automatically in response When invoked from CLI
to changes in state or automation controller
19
Chapter 6:
Red Hat can help you build your products, introduce them to a wider audience of
prospective customers, and grow the services your organization offers. Training,
certification, and consulting services are available from Red Hat. Organizations
that sell products and services can grow their business by joining one of the
Red Hat Partner Connect programs.
To improve your reach, Red Hat offers a number of ways to make it easier Training and accreditation
to find and install your software: for Red Hat partners
Red Hat OpenShift includes a catalog of installable operators using an
In 2022, Red Hat began
embedded version of the OperatorHub site. This makes it easy for Red Hat
OpenShift users to discover and deploy Kubernetes-native services from offering Red Hat training —
Red Hat, Red Hat’s ISV partners, and the open source community. previously only available to
Prospective customers can have higher confidence choosing software with customers — to partners at
Red Hat OpenShift Certified Operators, knowing that they are validated no cost. Red Hat Partner
and well-integrated offerings from Red Hat and Red Hat partners. Red Hat Training offers courses
OpenShift Operator Certification is available through the partner programs
to strengthen your open
that are part of Red Hat Partner Connect.
hybrid cloud expertise by
Red Hat Marketplace is an open cloud marketplace to discover, try, purchase, building technical skills
deploy, and manage certified software for Red Hat OpenShift clusters whether
that boosts developer
they are running in public or private clouds or on premise. Red Hat Partners that
certify their products can promote their products in the Marketplace. and sales productivity and
customer support. Courses
Red Hat Ecosystem Catalog makes it easy to find certified enterprise-grade
are updated regularly and
products that run on any of the Red Hat platforms including Red Hat Enterprise
Linux, Red Hat OpenStack platform, and Red Hat OpenShift. In addition, the cover a variety of topics.
Red Hat Ecosystem catalog also lists certified hardware and service providers.
20
About Red Hat
Red Hat is the world’s leading provider of enterprise open source software
solutions, using a community-powered approach to deliver reliable
and high-performing Linux, hybrid cloud, container, and Kubernetes
technologies. Red Hat helps customers develop cloud-native applications,
integrate existing and new IT applications, and automate and manage
complex environments. A trusted adviser to the Fortune 500, Red Hat
provides award-winning support, training, and consulting services that bring
the benefits of open innovation to any industry. Red Hat is a connective
hub in a global network of enterprises, partners, and communities, helping
organizations grow, transform, and prepare for the digital future.
Copyright © 2022 Red Hat, Inc. Red Hat, the Red Hat logo, Ansible, and OpenShift are trademarks or
registered trademarks of Red Hat, Inc., in the U.S. and other countries. Linux® is the registered trademark
of Linus Torvalds in the U.S. and other countries.
0922_KVM