Cloudify 4.2 Webinar - Agility & Control
-
Upload
cloudify-community -
Category
Software
-
view
111 -
download
0
Transcript of Cloudify 4.2 Webinar - Agility & Control
Cloudify 4.2 Webinar
Agility & Control
User-Roles Mechanism
New Roles
● Roles are now supported in the context of a tenant, allowing for better-defined resources separation and management.
● Roles are implemented as sets of permissions to the Cloudify APIs.
● To the existing roles of Sys-Admin and Tenant-User we’ve added:
○ Tenant-Manager
Manages all resources in specific tenant(s)
○ Tenant-Viewer
View-only permissions to tenant-wide resources in specific tenant(s)
○ Tenant-Operations
Deploy/execute permissions in specific tenant(s)
Role = Set of permissions
The new roles allow
users to have
different
permissions in
different tenants.
Group Roles
● Upon assigning a group to a tenant, a tenant-role is required and the role applies to all users in this group.
● This mechanism allows users who belong to more than one group to have more than one role in a specific
tenant. In this case, the permissions will be aggregated.
UI Page-Templates
UI Templates Management
● UI Templates are the
pre-defined sets of
pages which the users
will see upon login
into the system.
● Administrators can
now define templates
according to users
roles and tenants.
Global Resources
Global Resources
● Resource availability has been enhanced, and we added the new ‘Global’
option to the existing statuses of ‘Private’ and ‘Tenant’(=’Public’).
● A Global Resource is a Blueprint/Plugin/Secret that was created as either
Private or Tenant, and was set to be Global by the admin.
● The Global Resources are available to all tenants on the manager, and can be
used by all users who have access to at least one tenant.
Usability Enhancements
Graphs Improvements
More UI Improvements
Blueprint Modeling
Composer 4.2
Composer 4.2
Security Enhancements
Okta Authentication (SSO)
• Supporting Okta authentication via SAML
• Requires configuring the manager by admin
• http://docs.getcloudify.org/4.2.0/manager/okta_authentication/
Management Networks
• Supporting multiple management networks
• Enables network selection per node at blueprint modeling/deployment time:
• Segregation
• Multi-cloud multi-zone configurations
Agent Installation
• Secure method for installing agents via user data without leaving traces of the certificate in the log.
Includes capability to use a proxy for agents communication to the manager
• Direct all agents installation communication to manager through port 53333 only and only over SSL
ECOSYSTEM
1 2 3
Cloudify with Kubernetes
Kubernetes BlueprintsDeploys and scales
Kubernetes Clusters on OpenStack, AWS, GCP, Azure
Kubernetes PluginDeploys containerized
applications on K8ns and allows integration with non-containerized apps
OpenStack
Deploy
Kubernetes
ClusterKubernetes
Deploy
Kuberneres
Applications
VM App
Cloudify ProviderDeploys open cloud
infrastructure providers for Kubernetes, such as networks, load balancers
Kubernetes
Use
IaaS Resources
as Providers
App
https://github.com/cloudify-examples/simple-
kubernetes-blueprint
https://github.com/cloudify-incubator/cloudify-
kubernetes-plugin
https://github.com/cloudify-incubator/cloudify-
kubernetes-provider
API API
API
Kubernetes Integration
● cfy-go
○ Cloudify Rest Client
○ Cloudify CLI
○ https://godoc.org/github.com/cloudify-incubator/cloudify-rest-go-client
● CFY-Kubernetes (Cloud Provider)
○ CFY-Autoscale (Kubernetes Modification) - Currently early stage
○ Kubernetes Cluster Blueprint
○ https://github.com/cloudify-incubator/cloudify-kubernetes-
provider/releases/tag/0.0.0%2B7
● Cloudify Kubernetes Plugin
Plugins
● Openstack Plugin (2.3.0)
○ No Management Network Name property
● Cloudify GCP Plugin (1.1.0)
○ Install Agents via Init Script
● Cloudify Utilities Plugin (1.4.0)
○ File handling
● Cloudify Kubernetes Plugin (1.3.0)
○ State Verification (Delete)
○ Pod State Verification (Start)
Thank you
Roadmap
Roadmap
Cloudify Manager
● Service Composition: Consume existing, running deployed services with new application blueprints for service composition and building microservices architecture.
● Application Blueprint Versioning: The ability to upload new versions of application blueprints, and apply them selectively to running deployments
● Secrets Enhancement● Resuming Failed Workflows: Built-in ability for Cloudify Manager to resume from the last successful
execution point. This is useful when the workflow fails due to infrastructure allocation error, quotas, etc.● Scheduled Workflow Execution: The ability to schedule a workflow execution at a future time, such as
scaling the number of web server VMs at a certain time of the day.● Edge Orchestration: support for large distributed environments, and enablement of orchestration close
to the workload itself (federated management architecture)● Full TOSCA support and advanced orchestration capabilities via ARIA engine
Roadmap
Cloudify UI Framework
● Notifications Handling● Unified view for a multi-manager environment
Cloudify Composer
● Easy, graphical Service Composition creation ● Built-In templates and examples ● Enhanced integration with the Cloudify Manager