Join us
@tom_sapak ・ Sep 12,2022 ・ 3 min read ・ 2754 views
It’s been almost two years since we released KYPO cyber range platform¹ as Open-source project. KYPO consists of 10 microservices and up to 8 supporting services making deployment and configuration a complex task. We’ve released two projects to make it simpler:
kypo-crp-openstack-base² — set of shell scripts and heat templates for OpenStack cloud resources allocation
kypo-crp-deployment³ —Ansible playbooks and roles for application provisioning
We soon realized that orchestration with Heat and shell scripts is not flexible enough, so we’ve replaced it internally with Terraform.
Legacy deployment
The final legacy deployment consists of the following steps:
As you can see, we’ve successfully removed all manual tasks, but it wasn’t still all rainbows and unicorns. After several months in production, we’ve discovered these issues:
Helm deployment
To tackle most of the issues, we’ve decided to migrate to Helm & Kubernetes. We’ve created the kypo-crp-helm⁵ project, a replacement for the kypo-crp-deployment project. Ansible roles were refactored into set of subcharts deployed by one common umbrella chart.
We had an issue with the old deployment that we needed to maintain the kypo-crp-openstack-base project for a community, but we’ve used internally Terraform code instead. To remove this dual work, we’ve created a set of Terraform modules⁶ that are used both by a new community deployment project⁷ and by our internal tools (removing redundant work).
The current deployment workflow consists of these steps:
Infrastructure deployment
Application deployment
Benefits of a new deployment model:
Conclusion
Was all the effort worth it? The new deployment model brought almost only positives. Code is now easier to read and maintain, and operations are more reliable and deterministic. I was a bit worried about adoption among the rest of the team, but I was pleasantly surprised by my colleagues, who immediately started sending merge requests to both new and legacy deployments. And we had a lot of fun in the process. If this is not all rainbows and unicorns, I don’t know what is.
PS: If you want to play with KYPO CRP without significant effort, try our zero-configuration tool KYPO lite⁸.
[2] https://gitlab.ics.muni.cz/muni-kypo-crp/devops/kypo-crp-openstack-base
[3] https://gitlab.ics.muni.cz/muni-kypo-crp/devops/kypo-crp-deployment
[4] https://www.imdb.com/title/tt1029234/?ref_=nv_sr_srsg_0
[5] https://gitlab.ics.muni.cz/muni-kypo-crp/devops/kypo-crp-helm
[6] https://gitlab.ics.muni.cz/muni-kypo-crp/devops/terraform-modules
[7] https://gitlab.ics.muni.cz/muni-kypo-crp/devops/kypo-crp-tf-deployment
[8] https://gitlab.ics.muni.cz/muni-kypo-crp/devops/kypo-lite
Join other developers and claim your FAUN account now!
Influence
Total Hits
Posts
Only registered users can post comments. Please, login or signup.