Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

8 - OpenShift - A look at a container platform: what's in the box

59 views

Published on

Many already have some familiarity with containers, and maybe even with Kubernetes. But what's the difference between those and a container platform? In this session the goal is to look at OpenShift, Red Hat's container platform based on Kubernetes. We see what it's made out of, what makes it tick, and what the future of OpenShift & Kubernetes holds.

Published in: Software
  • Be the first to comment

  • Be the first to like this

8 - OpenShift - A look at a container platform: what's in the box

  1. 1. A look at a container platform: What's in the box? Ludovic Aelbrecht AppDev Business Development Mgr @laelbrecht
  2. 2. How do you enable Digital Transformation? New ways of developing, delivering, and integrating applications Applications More agile process across both IT and the business Process Modernize existing and build new cloud-based infrastructure Platform Organizations require an evolution in…. Why have containers become so popular?
  3. 3. How do you enable Digital Transformation?Why is Innovation Important?
  4. 4. Developers want to be productive and have choice Choice of architectures Choice of programming languages Choice of databases Choice of application services Choice of development tools Choice of build and deploy workflows They don’t want to have to worry about the infrastructure. Photo: rawpixel on Unsplash
  5. 5. A PROBLEM I.T. OPERATIONSDEVELOPERS
  6. 6. A key ingredient of the Solution Adopting a container strategy will allow applications to be easily shared, run and deployed in a controlled yet flexible manner.
  7. 7. Hardware Virtual Machine Operating System Container App Controlled by Developers Controlled by IT Operations
  8. 8. WHAT ARE CONTAINERS? CONTAINER BENEFITS FOR MULTIPLE TEAMS DEVELOPERS IT OPERATIONS BUSINESS LEADERS ● SIMPLIFY PACKAGING ● SIMPLIFY TESTING ● CONSISTENT APP DEPLOYS ● AUTOMATED APP DEPLOYS ● IMPROVED APP PERFORMANCE ● MULTI-CLOUD CONSISTENCY ● ENABLE DEVOPS CULTURE ● ENABLE HYBRID CLOUD ● REDUCE VM LICENSING COSTS ● ACCELERATE APP-DEV CYCLES CONTAINERS Package all app dependencies Integrated in Linux OS Fully Open Source Secure Isolation of Applications Eliminates need for VM Hypervisor Runs on Any Cloud Platform CLOUD INFRASTRUCTURE LINUX HOST (KERNEL) Container App Container App Container App Container App
  9. 9. $ docker build -t app:v1 .
  10. 10. $ docker build -t app:v1 . $ docker run app:v1
  11. 11. physical virtual private cloud public cloud
  12. 12. ?
  13. 13. $ docker build -t app/frontend:v1 . $ docker build -t app/backend:v1 . $ docker build -t app/database:v1 . $ docker build -t app/cache:v1 . $ docker build -t app/messaging:v1 .
  14. 14. $ docker run app/frontend:v1 link-to-backend $ docker run app/frontend:v1 link-to-backend $ docker run app/backend:v1 link-to-db-cache-messaging $ docker run app/backend:v1 link-to-db-cache-messaging $ docker run app/database:v1 $ docker run app/cache:v1 link-to-db $ docker run app/messaging:v1
  15. 15. ?
  16. 16. Scheduling Decide where to deploy containers WE NEED MORE THAN JUST CONTAINERS Lifecycle and health Keep containers running despite failures Discovery Find other containers on the network Monitoring Visibility into running containers Security Control who can do what Scaling Scale containers up and down Persistence Survive data beyond container lifecycle Aggregation Compose apps from multiple containers
  17. 17. Kubernetes is an open-source system for automating deployment, operations, and scaling of containerized applications across multiple hosts kubernetes
  18. 18. KUBERNETES IS THE CONTAINER ORCHESTRATION STANDARD OTHER ORCHESTRATORS (Cloud Foundry Diego, Nomad, Blox, etc.) 2 YEARS AGO Fragmented landscape TODAY Kubernetes consolidation OTHER ORCHESTRATORS Red Hat bet on Kubernetes from the start. It has now become the dominant orchestration ecosystem
  19. 19. kubernetes
  20. 20. DEVOPS WITH CONTAINERS AND KUBERNETES NETWORK Not enough! Need networking
  21. 21. DEVOPS WITH CONTAINERS AND KUBERNETES IMAGE REGISTRY NETWORK Not enough! Need an image registry
  22. 22. DEVOPS WITH CONTAINERS AND KUBERNETES IMAGE REGISTRY METRICS AND LOGGING NETWORK heapster Not enough! Need metrics and logging
  23. 23. DEVOPS WITH CONTAINERS AND KUBERNETES IMAGE REGISTRY Not enough! Need application lifecycle management APP LIFECYCLE MGMT METRICS AND LOGGING NETWORK
  24. 24. DEVOPS WITH CONTAINERS AND KUBERNETES IMAGE REGISTRY Not enough! Need self-service portal SELF-SERVICE APP SERVICES APP LIFECYCLE MGMT METRICS AND LOGGING NETWORK
  25. 25. NOT ENOUGH, THERE IS MORE! Routing & Load Balancing Multi-tenancy CI/CD Pipelines Role-based Authorization Capacity Management Chargeback Vulnerability Scanning Container Isolation Image Build Automation Quota Management Teams and Collaboration Infrastructure Visibility
  26. 26. CONFIDENTIAL - FOR INTERNAL USE ONLY 32 CONFIDENTIAL - FOR INTERNAL USE ONLY
  27. 27. CONFIDENTIAL - FOR INTERNAL USE ONLY 33 CONFIDENTIAL - FOR INTERNAL USE ONLY THE CLOUD-NATIVE APP DEV CHALLENGE
  28. 28. THE KUBERNETES NEWS YOU DON’T WANT ● No security on K8s dashboard ● IT infrastructure credentials exposed ● Enabled access to a large part of Weight Watchers' network ● K8S and etcd bug introduced to servers during update ● New features and changes deployed cause failures ● Restart backend components leading to full platform outage ● K8s dashboard exposed ● AWS environment with telemetry data compromised ● Tesla’s infrastructure was used for crypto mining Unnecessary Costs Increased Risk Unrealized Value
  29. 29. KUBERNETES DONE RIGHT IS HARD INSTALL HARDENDEPLOY OPERATE ● Templating ● Validation ● OS Setup ● Identity & Security Access ● App Monitoring & Alerts ● Storage & Persistence ● Egress, Ingress & Integration ● Host Container Images ● Build/Deploy Methodology ● Platform Monitoring & Alerts ● Metering & Chargeback ● Platform Security Hardening Image Hardening● ● Security Certifications Network Policy● Disaster Recovery● ● Resource Segmentation ● OS Upgrade & Patch ● Platform Upgrade & Patch Image Upgrade & Patch● ● App Upgrade & Patch Security Patches● Continuous Security● Scanning ● Multi-environment Rollout ● Enterprise Container Registry ● Cluster & App Elasticity ● Monitor, Alert, Remediate Log Aggregation● of enterprise users identify complexity of implementation and operations as the top blocker to adoption Source: The New Stack, The State of the Kubernetes Ecosystem, August 2017 75%
  30. 30. Security fixes 100s of defect and performance fixes 200+ validated integrations Middleware integrations (container images, storage, networking, cloud services, etc) 9 year enterprise lifecycle management Certified Kubernetes OPENSHIFT IS KUBERNETES FOR THE ENTERPRISE Kubernetes Release OpenShift Release 1-3 months hardening
  31. 31. Facilitating A Rich Container Ecosystem Represented by a broad coalition of industry leaders focused on common standards for software containers Create and drive the adoption of a new computing paradigm that is optimized for modern distributed systems
  32. 32. KUBERNETES PROJECT CONTRIBUTIONS Google – 505,013 Red Hat – 223,336 Independent – 25,917 Huawei – 25,748 Microsoft – 17,624 IBM – 17,575 Fujitsu – 15,743 FathomDB – 14,507 … Source: Kubernetes Companies Statistics (https://k8s.devstats.cncf.io/d/9/ – July, 2018)
  33. 33. API MACHINERY AZURE DOCS OPENSTACK STORAGE CONTAINER IDENTITY AWS BIG DATA INSTRUMENTATION PRODUCT MANAGEMENT TESTING KUBEADM ADOPTION APPS CLI MULTI CLUSTER RELEASE UI RESOURCE MANAGEMENT ARCHITECTURE CLUSTER LIFECYCLE NETWORK SCALABILITY WINDOWS AUTH CLUSTER OPS NODE SCHEDULING APP DEF AUTO SCALING CONTRIBUTOR EXPERIENCE ON-PREM SERVICE CATALOG CLUSTER API 15 of 33 GROUPSRED HAT LEAD or CO-LEAD KUBERNETES SIGs - ENGINEERING LEADERSHIP
  34. 34. HOW OPENSHIFT ENABLES DEVELOPER PRODUCTIVITY SPRING & JAVA EE MICROSERVICES FUNCTIONS LANGUAGES DATABASES APPLICATION SERVICES LINUX WINDOWS* * coming soon CODE BUILD TEST DEPLOY MONITORREVIEW Self-service Provisioning Automated build & deploy CI/CD pipelines Consistent environments Configuration management App logs & metrics
  35. 35. Container runtimes pod man
  36. 36. OPENSHIFT SERVICE MESH Observe Observe Secure ControlConnect Jaeger Prometheus (metrics) Istio Grafana (metrics graphing) Kiali (service mesh observability)
  37. 37. Kiali (GUI for Istio / OSM)
  38. 38. my-namespace marketing-monitoring Based on any metrics in Prometheus (Tech Preview) Prometheus Adapter Marketing Prometheus query openshift-monitoring Prometheus Adapter Cluster Monitoring Prometheus query Horizontal Pod Autoscaling
  39. 39. ● “Over-the-air” updates can be performed from either OpenShift Cluster Console: “Administration→Cluster Settings” menu or Red Hat Cloud web interface at https://cloud.openshift.com ● Updates images are comprised of top level controller manifests, roles, and other resources necessary to update a cluster to a particular version ○ Bundled as a container image to avoid the need for a separate content delivery mechanism OVER-THE-AIR UPDATES
  40. 40. We see the strong bookings Red Hat recently reported as further evidence of clients' confidence in the value," IBM CFO Jim Kavanaugh told investors on a conference call late Tuesday. "Remember, the quarter ended a month after the transaction was announced. From a value perspective, in addition to the growing Red Hat business itself, we see an opportunity to lift all of IBM by selling more of our own IBM Cloud and by selling more of our analytics and AI capabilities on OpenShift across multiple platforms." https://www.thestreet.com/investing/earnings/ibm-jumps-after-q4-earnings-cloud-focused-outlook-following- 34-bn-red-hat-deal-14842525 IBM’s CFO Statement (Jan 23, 2019)
  41. 41. CONTAINERS IN PRODUCTION ARE REAL ON RED HAT OPENSHIFT

×