OLM Architecture

High-availability Enterprise Operator Lifecycle Manager

Operators are an exciting new approach to complex systems automation in the enterprise. The operator pattern has been widely discussed in the Kubernetes community, but the principles behind it are universal. The Juju OLM is an enterprise-grade operator lifecycle manager (OLM) which supports operators on both Kubernetes clusters and traditional machines, whether bare metal, virtualised or cloud.

Components in the Juju OLM

Juju is a distributed system consisting of a controller which provides the API service, and agents installed alongside operators. It is usually accessed from a command line client, or through a web dashboard GUI which uses websockets and REST APIs on the controller.

In the diagram above, two models have been defined, one on a Kubernetes cluster and the other on a public cloud with virtual machines. In both cases there are two apps, A and B, which are integrated.

In the Kubernetes cluster, the two operators are inside their own containers together with the agent. The operators have launched their applications in separate containers. On the machine substrate, there are two machines, each has the agent installed. The first machine has the operator for A installed, which has installed application A locally, and likewise for the second machine with operator and application B.

The lines of communication are from the CLI and web dashboard to the REST API of the controller, and between the controller and agents in containers and on machines. Agents in turn invoke operator event handlers as needed.

Client

The command-line interface for Juju is provided by the juju command. The CLI can be used to bootstrap new controllers on cloud machines or Kubernetes, login to existing controllers, add or remove models, and manipulate model desired state. The CLI has a comprehensive built-in help capability.

Without any arguments, the juju command enters a console shell, which can be used to navigate between models or use any of the standard Juju commands. The console shell is primarily used for the web dashboard to enable direct access to features not yet reflected in the GUI.

Updates to the client are typically delivered automatically, although major version updates require deliberate switching of tracks unless the user has chosen the ‘latest’ track. Clients are backward compatible for an extended period of time.

Web dashboard GUI

The web dashboard is a single-page application which is served up by the controller and uses REST and websockets to talk back to the controller. It is possible to configure the dashboard to work with multiple controllers and to switch between them.

Juju web dashboard

The web dashboard shows live status of applications, units, machines, and relations.

Controller

The Juju OLM controller is the engine of the lifecycle management service. It offers up a websocket and REST API interface to clients, and accepts incoming connections from agents. The controller is an event distribution mechanism, alerting operators to changes in the model which affect them, and updates to related operators.

The controller is a Golang application for efficient concurrent processing that handles thousands of agent connections representing thousands of application units in large models. The controller provides a range of operator lifecycle services, including persistent state, leader election and integration oriented data sharing.

The data store for the controller is a MongoDB instance which is managed by the controller itself. Administrators can arrange for independent backups or maintenance on the MongoDB cluster.

Models can be migrated between controllers with no interruption of service. Model migration can take place between different but compatible versions of the Juju controller, enabling controller upgrades to be done by creating a new controller of the higher version and migrating models individually to the new controller until the old controller has no models and can be removed.

Updates to the controller are published regularly and can be retrieved by the controller itself. Updates are not applied automatically. On request, the controller can upgrade itself, including any database migrations needed.

Agent

The operator lifecycle management agent is a golang binary that is installed on all machines participating in a model, and in every operator container whether a pod, or sidecar. The agent connects to the controller and authenticates itself, after which it receives a stream of events associated with model updates or relation data changes.

Updates to the agent are retrieved by the controller but not applied automatically. On request, updated agents are installed on machines in a model, or rolling updates done through the Kubernetes API.

JAAS hosted OLM services

Juju-as-a-service is a cloud-hosted operator lifecycle management service. JAAS aggregates multiple OLM controllers into a single API endpoint, enabling a global view of models across all of the controllers. JAAS is available on premise for enterprise OLM with a central compliance and management console, from Canonical.