F5 / NGINX REDHAT & NGINX AUTOMATION DEEP-DIVE
| ©2019 F5 2 • Automation recap • Automating with Ansible • Automating Hybrid Cloud Application Delivery • Demo • Q&A CONFIDENTIAL Agenda
The Application Evolution 3 Monolithic Hybrid Microservices Application modernization >60% Core, legacy business apps ~30% Legacy with micro- services add-ons ~10% Modernapps optimized for digital Previously…
ModernApps Requirea Modern Architecture From Monolithic... ... to Dynamic Three-tier, J2EE-style architectures Complex protocols (HTML, SOAP) Persistent deployments Fixed, static Infrastructure Big-bang releases Silo’ed teams (Dev, Test, Ops) Microservices Lightweight (REST, JSON) Containers, VMs, Functions Infrastructure as Code Continuous delivery DevOps Culture Previously…
ModernApproach - The Value of Red Hat + F5 Previously…
| ©2019 F5 6 Automating with Ansible Ansible Automation Platform and NGINX Controller CONFIDENTIAL
Red Hat Ansible Automation Platform Combining the universal automation language with cloud services and certified content for automating, deploying, and operating applications, infrastructure and services securely at enterprise scale. Providingscalable, secure implementationfor describing, building,andmanagingthe deploymentofenterprise IT applications across diverse enterprise architectures. Ansible automation Cloud services that facilitateteam collaboration and provideoperational analytics for automating heterogeneous,hybridenvironments. Cloud services Extendsnative platformcapabilities with certified,supported content designedto expandthe automationdomainand accelerate adoption for enterprise customers. Certified content
Red Hat Ansible Tower Automation Hub Automation Services Catalog Fueled by an open source community Insights for Ansible Automation Platform Ansible command line Ansible Cloud Services On-premises Ansible content domains Infrastructure Cloud Network Security Linux Windows Content creators Operators Domain experts Users Red Hat Ansible Automation Platform
90+ Network Security Infrastructure Cloud certified platforms Red Hat Ansible Automation Platform
What makes up an Ansible playbook? Plugins Modules Plays Red Hat Ansible Automation Platform
11 nginx_core ├── MANIFEST.json ├── playbooks │ ├── deploy-nginx.yml │ └── ... ├── plugins ├── README.md └── roles ├── nginx │ ├── defaults │ ├── files │ │ └── … │ ├── tasks │ └── templates │ └── ... ├── nginx_app_protect └── nginx_config --- - name: Install NGINXPlus hosts: all tasks: - name: Install NGINX include_role: name: nginxinc.nginx vars: nginx_type: plus - name: Install NGINXApp Protect include_role: name: nginxinc.nginx_app_protect vars: nginx_app_protect_setup_license: false nginx_app_protect_remove_license: false nginx_app_protect_install_signatures: false deploy-nginx.yml Collections Red Hat Ansible Platform 90+ certified platforms
| ©2019 F5 12 Automating Hybrid-Cloud Application Delivery NGINX Controller, Ansible Automation Platform and Kubernetes CONFIDENTIAL
ModernApproach - The Value of Red Hat + F5 Previously…
EnterpriseAutomation NGINX Controller • Enterprisefeatures for NGINX Plus • Declarative API for pipeline integration • High level abstraction for ADC/APIM • Metrics collection and forwarding • WAF (NGINX App Protect) Management • RBAC for Security
Kubernetes Automation NGINX Ingress • NGINX Ingress Controller (KIC) • Fullymanaged through K8s API • Ansible configuration through Kubernetes.Core collection • Prometheus/Grafana/OpenTracing • WAF (NGINX App Protect) • RBAC through K8s CRDs
Components Source: https://kubernetes.io/docs/concepts/overview/components/ Kubernetes Controller
Control Loop “In robotics and automation, a control loop is a non- terminating loop that regulates the state of a system.” “In Kubernetes, controllers are control loops that watch the state of your cluster, then make or request changes where needed. Each controller tries to move the current cluster state closer to the desired state.” Source: https://kubernetes.io/docs/concepts/architecture/controller/ Kubernetes Controller
• HTTP layer 7 routing based on host header and paths • TLS termination (officially no re-encryption) • Advanced features need to be enabled via: • Annotations • ConfigMaps • Extensions via annotations are not validated • CRs are fully validated within K8s API • HTTP layer 7 routing based on all application data (Host, Path, Cookie, Header, Method, etc) • Support for HTTP2, GRPC, TCP, UDP • Application security (WAF support) • Layer 7 traffic policies (rate limit, ACL, etc.) • Traffic splitting, Blue/Green, Canary • Circuit breaker patterns Kubernetes Ingress Custom Resources Ingress Controller KubernetesIngress vs Custom Resources
• RBAC Enabled • Custom Resources for ingress: • Security policies • Service protection policies • Virtual server • Application routing • Ingress Link David NetOps Olivia DevOps Tony AppDev Alice SecOps NGINX Controller Secure Self Service with Custom Resources
Demo Setup • Automation with Ansible Tower • Ansible Collections • Nginxinc • Kubernetes.core • Data Plane Path • NGINX Plus → • NGINX KIC → • Containerized Application • Secured with RBAC • Tower, Controller, K8s • Secured with WAF • NGINX Plus, NGINX Ingress
| ©2019 F5 21 Demo’clock CONFIDENTIAL
Summary HOPEFULLY THE DEMO WENT WELL • Ansible Tower • Automation of traditional infrastructure and modern container platforms • Configuration Management • Ansible Collections • NGINX Ingress Controller provides a better Kubernetes Ingress by: • Not using Ingress ☺ • Deployable on K8s and OCP with a life-cycle operator • Custom Resources inherit RBAC • Brings all functionality into a well defined API Spec
Business value by the numbers Source: - IDC White Paper, sponsored by Red Hat. “Red Hat Ansible Automation Improves IT Agility and Time to Market. - The State of Modern App Delivery 2020 in the NGINX Open Source Community 498% 5-year return on investment with 5 months to payback 68% more productive IT infrastructure management teams 135% more applications developed per year 53% reduction in unplanned downtime
| ©2019 F5 24 Qs & As And links…. CONFIDENTIAL
Get Started! youtube.com/c/Nginxinc nginx.com/partners/red-hat/
Increase your Knowledge (ansible.com/get-started) Start your Automation Adoption Journey (ansible.com/contact-us) Evaluate your Savings (redhat.com/savetime) What’s next ? See how NGINX and Red Hat Work Together (nginx.com/partners/red-hat/)
| ©2019 F5 28 RedHat Tekton: https://tekton.dev/ CONFIDENTIAL Any Questions….

Deep Dive: Automating the Application and Security Pipeline with NGINX and Ansible

  • 1.
    F5 / NGINX REDHAT& NGINX AUTOMATION DEEP-DIVE
  • 2.
    | ©2019 F5 2 •Automation recap • Automating with Ansible • Automating Hybrid Cloud Application Delivery • Demo • Q&A CONFIDENTIAL Agenda
  • 3.
    The Application Evolution 3 MonolithicHybrid Microservices Application modernization >60% Core, legacy business apps ~30% Legacy with micro- services add-ons ~10% Modernapps optimized for digital Previously…
  • 4.
    ModernApps Requirea ModernArchitecture From Monolithic... ... to Dynamic Three-tier, J2EE-style architectures Complex protocols (HTML, SOAP) Persistent deployments Fixed, static Infrastructure Big-bang releases Silo’ed teams (Dev, Test, Ops) Microservices Lightweight (REST, JSON) Containers, VMs, Functions Infrastructure as Code Continuous delivery DevOps Culture Previously…
  • 5.
    ModernApproach - TheValue of Red Hat + F5 Previously…
  • 6.
    | ©2019 F5 6 Automatingwith Ansible Ansible Automation Platform and NGINX Controller CONFIDENTIAL
  • 7.
    Red Hat AnsibleAutomation Platform Combining the universal automation language with cloud services and certified content for automating, deploying, and operating applications, infrastructure and services securely at enterprise scale. Providingscalable, secure implementationfor describing, building,andmanagingthe deploymentofenterprise IT applications across diverse enterprise architectures. Ansible automation Cloud services that facilitateteam collaboration and provideoperational analytics for automating heterogeneous,hybridenvironments. Cloud services Extendsnative platformcapabilities with certified,supported content designedto expandthe automationdomainand accelerate adoption for enterprise customers. Certified content
  • 8.
    Red Hat Ansible Tower Automation Hub Automation ServicesCatalog Fueled by an open source community Insights for Ansible Automation Platform Ansible command line Ansible Cloud Services On-premises Ansible content domains Infrastructure Cloud Network Security Linux Windows Content creators Operators Domain experts Users Red Hat Ansible Automation Platform
  • 9.
    90+ Network Security Infrastructure Cloud certifiedplatforms Red Hat Ansible Automation Platform
  • 10.
    What makes upan Ansible playbook? Plugins Modules Plays Red Hat Ansible Automation Platform
  • 11.
    11 nginx_core ├── MANIFEST.json ├── playbooks │├── deploy-nginx.yml │ └── ... ├── plugins ├── README.md └── roles ├── nginx │ ├── defaults │ ├── files │ │ └── … │ ├── tasks │ └── templates │ └── ... ├── nginx_app_protect └── nginx_config --- - name: Install NGINXPlus hosts: all tasks: - name: Install NGINX include_role: name: nginxinc.nginx vars: nginx_type: plus - name: Install NGINXApp Protect include_role: name: nginxinc.nginx_app_protect vars: nginx_app_protect_setup_license: false nginx_app_protect_remove_license: false nginx_app_protect_install_signatures: false deploy-nginx.yml Collections Red Hat Ansible Platform 90+ certified platforms
  • 12.
    | ©2019 F5 12 AutomatingHybrid-Cloud Application Delivery NGINX Controller, Ansible Automation Platform and Kubernetes CONFIDENTIAL
  • 13.
    ModernApproach - TheValue of Red Hat + F5 Previously…
  • 14.
    EnterpriseAutomation NGINX Controller • Enterprisefeaturesfor NGINX Plus • Declarative API for pipeline integration • High level abstraction for ADC/APIM • Metrics collection and forwarding • WAF (NGINX App Protect) Management • RBAC for Security
  • 15.
    Kubernetes Automation NGINX Ingress •NGINX Ingress Controller (KIC) • Fullymanaged through K8s API • Ansible configuration through Kubernetes.Core collection • Prometheus/Grafana/OpenTracing • WAF (NGINX App Protect) • RBAC through K8s CRDs
  • 16.
  • 17.
    Control Loop “In roboticsand automation, a control loop is a non- terminating loop that regulates the state of a system.” “In Kubernetes, controllers are control loops that watch the state of your cluster, then make or request changes where needed. Each controller tries to move the current cluster state closer to the desired state.” Source: https://kubernetes.io/docs/concepts/architecture/controller/ Kubernetes Controller
  • 18.
    • HTTP layer7 routing based on host header and paths • TLS termination (officially no re-encryption) • Advanced features need to be enabled via: • Annotations • ConfigMaps • Extensions via annotations are not validated • CRs are fully validated within K8s API • HTTP layer 7 routing based on all application data (Host, Path, Cookie, Header, Method, etc) • Support for HTTP2, GRPC, TCP, UDP • Application security (WAF support) • Layer 7 traffic policies (rate limit, ACL, etc.) • Traffic splitting, Blue/Green, Canary • Circuit breaker patterns Kubernetes Ingress Custom Resources Ingress Controller KubernetesIngress vs Custom Resources
  • 19.
    • RBAC Enabled •Custom Resources for ingress: • Security policies • Service protection policies • Virtual server • Application routing • Ingress Link David NetOps Olivia DevOps Tony AppDev Alice SecOps NGINX Controller Secure Self Service with Custom Resources
  • 20.
    Demo Setup • Automationwith Ansible Tower • Ansible Collections • Nginxinc • Kubernetes.core • Data Plane Path • NGINX Plus → • NGINX KIC → • Containerized Application • Secured with RBAC • Tower, Controller, K8s • Secured with WAF • NGINX Plus, NGINX Ingress
  • 21.
  • 22.
    Summary HOPEFULLY THE DEMOWENT WELL • Ansible Tower • Automation of traditional infrastructure and modern container platforms • Configuration Management • Ansible Collections • NGINX Ingress Controller provides a better Kubernetes Ingress by: • Not using Ingress ☺ • Deployable on K8s and OCP with a life-cycle operator • Custom Resources inherit RBAC • Brings all functionality into a well defined API Spec
  • 23.
    Business value bythe numbers Source: - IDC White Paper, sponsored by Red Hat. “Red Hat Ansible Automation Improves IT Agility and Time to Market. - The State of Modern App Delivery 2020 in the NGINX Open Source Community 498% 5-year return on investment with 5 months to payback 68% more productive IT infrastructure management teams 135% more applications developed per year 53% reduction in unplanned downtime
  • 24.
    | ©2019 F5 24 Qs& As And links…. CONFIDENTIAL
  • 25.
  • 26.
    Increase your Knowledge (ansible.com/get-started) Startyour Automation Adoption Journey (ansible.com/contact-us) Evaluate your Savings (redhat.com/savetime) What’s next ? See how NGINX and Red Hat Work Together (nginx.com/partners/red-hat/)
  • 27.
    | ©2019 F5 28 RedHatTekton: https://tekton.dev/ CONFIDENTIAL Any Questions….