Overview - Day 0

The Cloud-Native Toolkit environment can be hosted in any Kubernetes or Red Hat OpenShift cluster, including those managed by IBM Cloud. The environment is provisioned using infrastructure-as-code Terraform scripts that make the process declarative, automated, and repeatable.

There are different entry points into the Cloud-Native Toolkit depending on the environment. The simplest approach is to install the Cloud-Native Toolkit on an existing cluster. The existing cluster can be Red Hat OpenShift running anywhere or IBM Cloud Kubernetes Service. The next simplest way to install the Cloud-Native Toolkit is to use the All-in-One approach to provision the cluster, SRE tools, and install the Cloud-Native Toolkit in one step. Finally, for more control of the environment each of the steps can be performed individually.

There three different options for installing the components:

A full installation of the Cloud-Native Toolkit is organized into four activities:

Explains the planning and configuration required to prepare for the installation of the Toolkit.

Provisions a cluster into which the toolkit will be installed.

Explains the end-to-end process for provisioning the environment with the Toolkit. Within that process, there two primary installation options. Select the approach that best suites your requirements:

Explains the steps to finalize the setup of the environment and begin on-boarding developers.

Infrastructure as Code (IaC) uses a high-level descriptive coding language to automate the provisioning of IT infrastructure. This automation eliminates the need for developers to manually provision and manage servers, operating systems, database connections, storage, and other infrastructure elements every time they want to develop, test, or deploy a software application.

In an era when it’s not uncommon for an enterprise to deploy hundreds of applications into production every day—and when infrastructure is constantly being spun up, torn down, and scaled up and down in response to developer and user demands—it’s essential for an organization to automate infrastructure in order to control costs, reduce risks, and respond with speed to new business opportunities and competitive threats. IaC makes this automation possible.

IaC is also an essential DevOps practice, indispensable to a competitively paced software delivery lifecycle. It enables DevOps teams rapidly create and version infrastructure in the same way they version source code and to track these versions so as to avoid inconsistency among IT environments that can lead to serious issues during deployment.

Sai Vennam takes a closer look at IaC in the following video, “What is Infrastructure as Code?”:

Source

GitOps is the operational pattern of using source code repositories (namely Git) as the source of truth for defining the configuration that makes up the desired state of the operational environment. Git repositories are used to declaratively represent the desired state of applications in deployment environments.

GitOps takes advantage of several Git features:

The IBM Cloud environment is provided with a number of powerful tools to manage user access and resource provisioning but little is configured for you out of the box. This guide gives an approach to managing the account in a sensible way that can easily be extended or re-configured based upon the requirements of a given situation.

This approach to managing the account is organized around four key roles:

This diagram from Resource Access Management shows the relationship of these access groups to a pair of development environments:

The account owner(s) is the user who owns the account or users who have been granted super-user access to the account at the same level as the account owner.

An account owner must create the access group for account managers. The account owner will:

The account managers are an account owner or other users with account management permissions

As described in Configure Account, the account managers can set up the resource groups and access groups needed to install and use the environments. For each environment, the account managers will:

The environment administrators are users in the account with permissions to create services in the environment’s resource group. In this case, the “environment” is scoped to the resource group. Environment administrators are granted broad access to create, manage, and destroy services and resources within a given resource group.

The environment users are users in the account with permissions to use existing services in the environment’s resource group (e.g. developers, data scientists, etc.). They are consumers of the services and resources that have been provisioned in order to build and deploy business applications.

The Environment Architecture page shows the structure of the environment that will be installed. Depending upon the approach for development teams, each development team can be assigned its own (small) environment or multiple teams can share a single environment. The environment structure is designed to support best practices for a cloud-native application architecture, including designing applications that are built to manage.

Private catalogs provide a way to centrally manage access to products in the IBM Cloud® catalog and your own catalogs. You can customize your private catalogs to make specific solutions available to users in your account. By doing so, you can ensure that your catalogs are relevant to your business.

Let’s say you’re an operations admin for your team, and you require access to all products in the IBM Cloud catalog. A member of your team is tasked with a specific project, for example, building a voice-enabled chatbot by using Watson Assistant, Speech to Text, and Text to Speech. And, you want them to access only those products in the IBM Cloud catalog.

To achieve this, you create one catalog that includes all products in the IBM Cloud catalog. Then, you create another catalog that includes only the required products, and you give the team member viewer access to the catalog.

Additionally, custom software can be added to the private catalog and easily installed through the tile.