Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
OPENSHIFT CONTAINER PLATFORM
TECHNICAL OVERVIEW
Mario Mendoza
Senior Solution Architect
OPENSHIFT TECHNICAL OVERVIEW2
Self-Service
Multi-language
Automation
Collaboration
Seamless
Standards-based
Web-scale
Open...
OPENSHIFT ARCHITECTURE
OPENSHIFT TECHNICAL OVERVIEW4
OPENSHIFT ARCHITECTURE
EXISTING
AUTOMATION
TOOLSETS
SCM
(GIT)
CI/CD
SERVICE LAYER
ROUTING LA...
OPENSHIFT TECHNICAL OVERVIEW5
YOUR CHOICE OF INFRASTRUCTURE
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
OPENSHIFT TECHNICAL OVERVIEW
NODES RHEL INSTANCES WHERE APPS RUN
6
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
...
OPENSHIFT TECHNICAL OVERVIEW
RHEL
NODE
c
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
C
C
C C
C
C
C CC C
APPS RUN IN ...
OPENSHIFT TECHNICAL OVERVIEW8
PODS ARE THE UNIT OF ORCHESTRATION
RHEL
NODE
c
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
...
OPENSHIFT TECHNICAL OVERVIEW
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
9
MASTERS ARE THE CONTROL PLANE
R...
OPENSHIFT TECHNICAL OVERVIEW
RHEL
NODE
RHEL
NODE
RHEL
NODE
10
API AND AUTHENTICATION
RHEL
NODE
RHEL
NODE
RHEL
NODE
RED HAT...
OPENSHIFT TECHNICAL OVERVIEW
RHEL
NODE
RHEL
NODE
RHEL
NODE
11
DESIRED AND CURRENT STATE
RHEL
NODE
RHEL
NODE
RHEL
NODE
PHYS...
OPENSHIFT TECHNICAL OVERVIEW12
INTEGRATED CONTAINER REGISTRY
RHEL
NODE
RHEL
NODE
RHEL
RHEL
NODE
RHEL
NODE
RHEL
RHEL
NODE
P...
OPENSHIFT TECHNICAL OVERVIEW13
ORCHESTRATION AND SCHEDULING
RHEL
NODE
RHEL
NODE
RHEL
RHEL
NODE
RHEL
NODE
RHEL
RHEL
NODE
PH...
OPENSHIFT TECHNICAL OVERVIEW14
PLACEMENT BY POLICY
RHEL
NODE
RHEL
NODE
RHEL
NODE
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
RE...
OPENSHIFT TECHNICAL OVERVIEW
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
C
C
RHEL
NODE
c
C
C
15
AUTOSCALING PODS
PHY...
OPENSHIFT TECHNICAL OVERVIEW16
SERVICE DISCOVERY
SERVICE LAYER
REGISTRY
RHEL
NODE
C
C
RHEL
NODE
C C
RHEL
NODE
c
C
C
RHEL
N...
OPENSHIFT TECHNICAL OVERVIEW17
PERSISTENT DATA IN CONTAINERS
SERVICE LAYER
PERSISTENT
STORAGE
REGISTRY
RHEL
NODE
C
C
RHEL
...
OPENSHIFT TECHNICAL OVERVIEW18
ROUTING AND LOAD-BALANCING
SERVICE LAYER
ROUTING LAYER
PERSISTENT
STORAGE
REGISTRY
RHEL
NOD...
OPENSHIFT TECHNICAL OVERVIEW19
ACCESS VIA WEB, CLI, IDE AND API
EXISTING
AUTOMATION
TOOLSETS
SCM
(GIT)
CI/CD
SERVICE LAYER...
TECHNICAL DEEP DIVE
OPENSHIFT TECHNICAL OVERVIEW21
AUTO-HEALING FAILED CONTAINERS
RHEL
NODE
RHEL
NODE
c
RHEL
NODE
RHEL
NODE
c
RHEL
NODE
C
C
RH...
OPENSHIFT TECHNICAL OVERVIEW22
AUTO-HEALING FAILED CONTAINERS
RHEL
NODE
RHEL
NODE
c
RHEL
NODE
RHEL
NODE
c
RHEL
NODE
C
C
RH...
OPENSHIFT TECHNICAL OVERVIEW23
AUTO-HEALING FAILED CONTAINERS
RHEL
NODE
RHEL
NODE
c
RHEL
NODE
RHEL
NODE
c
RHEL
NODE
C
C
RH...
OPENSHIFT TECHNICAL OVERVIEW24
AUTO-HEALING FAILED CONTAINERS
RHEL
NODE
RHEL
NODE
c
RHEL
NODE
RHEL
NODE
c
RHEL
NODE
C
C
RH...
OPENSHIFT TECHNICAL OVERVIEW25
AUTO-HEALING FAILED CONTAINERS
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
C
C
RHEL
NODE
C
C
c
...
NETWORKING
OPENSHIFT TECHNICAL OVERVIEW27
BUILT-IN SERVICE DISCOVERY
INTERNAL LOAD-BALANCING
SERVICE
app=payroll role=frontend
POD
ap...
OPENSHIFT TECHNICAL OVERVIEW28
BUILT-IN SERVICE DISCOVERY
INTERNAL LOAD-BALANCING
SERVICE
app=payroll role=frontend
POD
ap...
OPENSHIFT TECHNICAL OVERVIEW29
SERVICE
POD POD
ROUTER
POD
EXTERNAL TRAFFIC
INTERNAL TRAFFIC
ROUTE EXPOSES SERVICES EXTERNA...
OPENSHIFT TECHNICAL OVERVIEW30
● Pluggable routing architecture
○ HAProxy Router
○ F5 Router
● Multiple-routers with traff...
OPENSHIFT TECHNICAL OVERVIEW31
ROUTE SPLIT TRAFFIC
SERVICE A
App A App A
SERVICE B
App B App B
ROUTE
10% traffic90% traffi...
OPENSHIFT TECHNICAL OVERVIEW
● NodePort binds a service to a
unique port on all the nodes
● Traffic received on any node
r...
OPENSHIFT TECHNICAL OVERVIEW
NODE
192.10.0.12
NODE
192.10.0.11
NODE
192.10.0.10
33
EXTERNAL TRAFFIC TO A SERVICE
ON ANY PO...
OPENSHIFT TECHNICAL OVERVIEW34
CONTROL OUTGOING TRAFFIC
SOURCE IP WITH EGRESS ROUTER
NODE
IP1
EGRESS
ROUTER
POD
IP1
EGRESS...
OPENSHIFT TECHNICAL OVERVIEW35
● Built-in internal DNS to reach services by name
● Split DNS is supported via SkyDNS
○ Mas...
OPENSHIFT TECHNICAL OVERVIEW36
OPENSHIFT NETWORK PLUGINS
OPENSHIFT
KUBERNETES CNI
OpenShift
Plugin
Flannel
Plugin*
Nuage
P...
OPENSHIFT TECHNICAL OVERVIEW
NODE
172.16.1.10
37
OPENSHIFT NETWORKING
POD
10.1.2.1
POD
10.1.4.1
NODE
172.16.1.20
POD
10.1....
OPENSHIFT TECHNICAL OVERVIEW
FLAT NETWORK (Default)
● All pods can communicate with each
other across projects
MULTI-TENAN...
OPENSHIFT TECHNICAL OVERVIEW
PROJECT A
39
OPENSHIFT SDN - NETWORK POLICY
POD
POD
POD
POD
PROJECT B
POD
POD
POD
POD
Example...
OPENSHIFT TECHNICAL OVERVIEW
Container to Container on the Same Host
40
OPENSHIFT SDN - OVS PACKET FLOW
NODE
POD 1
veth0
1...
OPENSHIFT TECHNICAL OVERVIEW
NODE 2
NODE 1
41
OPENSHIFT SDN - OVS PACKET FLOW
POD 1
veth0
10.1.15.2/24
br0
10.1.15.1/24
vx...
OPENSHIFT TECHNICAL OVERVIEW
Container Connects to External Host
Container to Container on Different Hosts
42
OPENSHIFT SD...
OPENSHIFT TECHNICAL OVERVIEW43
OPENSHIFT SDN WITH
FLANNEL FOR OPENSTACK
NODE 1
POD 1
veth0
10.1.15.2/24
docker0
10.1.15.1/...
LOGGING & METRICS
OPENSHIFT TECHNICAL OVERVIEW45
● EFK stack to aggregate logs for hosts and applications
○ Elasticsearch: an object store t...
OPENSHIFT TECHNICAL OVERVIEW
CENTRAL LOG MANAGEMENT WITH EFK
APPLICATION LOGS
OPERATION LOGS
ELASTIC
ELASTIC
46
RHEL
NODE
...
OPENSHIFT TECHNICAL OVERVIEW47
CONTAINER METRICS
OPENSHIFT TECHNICAL OVERVIEW
CONTAINER METRICS
48
RHEL
NODE
POD POD
PODPOD
FLUENTD
CONTAINER METRICS
RHEL
NODE
POD POD
POD...
SECURITY
OPENSHIFT TECHNICAL OVERVIEW50
TEN LAYERS OF CONTAINER SECURITY
Container Host & Multi-tenancy
Container ContentContainer ...
OPENSHIFT TECHNICAL OVERVIEW
NODE
MASTER
● Secure mechanism for holding sensitive data e.g.
○ Passwords and credentials
○ ...
PERSISTENT STORAGE
OPENSHIFT TECHNICAL OVERVIEW53
● Persistent Volume (PV) is tied to a piece of network storage
● Provisioned by an administ...
OPENSHIFT TECHNICAL OVERVIEW
PROJECT
POOL OF PERSISTENT VOLUMES
54
PERSISTENT STORAGE
NFSP
V
iSCSI
PV
NFSP
V
Admin
User
re...
OPENSHIFT TECHNICAL OVERVIEW55
DYNAMIC VOLUME PROVISIONING
Admin
User
define StorageClass
create claim: Fastest
Slow
Azure...
OPENSHIFT TECHNICAL OVERVIEW56
● Containerized Red Hat Gluster Storage
● Native integration with OpenShift
● Unified Orche...
OPENSHIFT TECHNICAL OVERVIEW
NODENODENODE
CONTAINER-NATIVE STORAGE
57
NODE
POD POD POD POD POD POD POD
POD POD POD
RHGS RH...
SERVICE BROKER
OPENSHIFT TECHNICAL OVERVIEW59
● Born out of Cloud Foundry Foundation
● Standard way to deliver services to apps
running o...
OPENSHIFT TECHNICAL OVERVIEW60
CONSUMING SERVICES
SERVICE
CONSUMER
SERVICE
PROVIDER
☑ Open ticket
☑ Wait for allocation
☑ ...
OPENSHIFT TECHNICAL OVERVIEW61
CONSUMING SERVICES
WITH OPEN SERVICE BROKER API
SERVICE
CONSUMER
SERVICE
PROVIDER
SERVICE
C...
OPENSHIFT TECHNICAL OVERVIEW62
OPENSHIFT SERVICE CATALOG
OPENSHIFT SERVICE CATALOG
Ansible
Service
Broker
OpenShift
Templa...
OPERATIONAL
MANAGEMENT
OPENSHIFT TECHNICAL OVERVIEW64
TOP CHALLENGES OF
RUNNING CONTAINERS AT SCALE
SERVICE
HEALTH
SECURITY
& COMPLIANCE
FINANCIA...
OPENSHIFT TECHNICAL OVERVIEW65
Operational Management
Across the Stack
● Real-time discovery
● Visualize relationships
● M...
OPENSHIFT TECHNICAL OVERVIEW
● CloudForms continuously discovers your
infrastructure in near real time.
● CloudForms disco...
OPENSHIFT TECHNICAL OVERVIEW67
OPERATIONAL EFFICIENCY
OPENSHIFT TECHNICAL OVERVIEW
● CloudForms monitors resource consumption
and shows trends
● CloudForms alerts on performanc...
OPENSHIFT TECHNICAL OVERVIEW69
SERVICE HEALTH
OPENSHIFT TECHNICAL OVERVIEW
● CloudForms finds and marks nodes
non-compliant with policy.
● CloudForms allows reporting o...
OPENSHIFT TECHNICAL OVERVIEW71
SECURITY & COMPLIANCE
OPENSHIFT TECHNICAL OVERVIEW
● Define cost models for infrastructure and
understand your cost.
● Rate schedules per platfo...
OPENSHIFT TECHNICAL OVERVIEW73
FINANCIAL MANAGEMENT
REFERENCE
ARCHITECTURES
OPENSHIFT TECHNICAL OVERVIEW
OpenShift on VMware vCenter
https://access.redhat.com/articles/2745171
OpenShift on Red Hat O...
BUILD AND DEPLOY
CONTAINER IMAGES
OPENSHIFT TECHNICAL OVERVIEW77
BUILD AND DEPLOY CONTAINER IMAGES
DEPLOY YOUR
SOURCE CODE
DEPLOY YOUR
APP BINARY
DEPLOY YOU...
OPENSHIFT TECHNICAL OVERVIEW78
DEPLOY YOUR
SOURCE CODE
OPENSHIFT TECHNICAL OVERVIEW79
DEPLOY SOURCE CODE WITH
SOURCE-TO-IMAGE (S2I)
codeGit
Repository
Source-to-Image
(S2I)
depl...
OPENSHIFT TECHNICAL OVERVIEW
Developers write code using
existing development tools
such as Maven, NPM, Bower,
PIP, Docker...
OPENSHIFT TECHNICAL OVERVIEW
S2I combines source code
with a builder image
(language and application
runtimes) and stores ...
OPENSHIFT TECHNICAL OVERVIEW
OpenShift automates the
deployment of application
containers across multiple
hosts via the Ku...
OPENSHIFT TECHNICAL OVERVIEW
DEPLOY YOUR
APP BINARY
83
OPENSHIFT TECHNICAL OVERVIEW
DEPLOY
84
DEPLOY APP BINARY WITH
SOURCE-TO-IMAGE (S2I)
Application
Binary
(e.g. WAR)
Source-t...
OPENSHIFT TECHNICAL OVERVIEW
Developers use the existing
build process and tools (e.g.
Maven, Gradle, Jenkins, Nexus)
to b...
OPENSHIFT TECHNICAL OVERVIEW86
DEPLOY APP BINARY WITH
SOURCE-TO-IMAGE (S2I)
Application
Binary
(e.g. WAR)
Source-to-Image
...
OPENSHIFT TECHNICAL OVERVIEW87
DEPLOY APP BINARY WITH
SOURCE-TO-IMAGE (S2I)
Application
Binary
(e.g. WAR)
Source-to-Image
...
OPENSHIFT TECHNICAL OVERVIEW
DEPLOY YOUR
CONTAINER
IMAGE
88
OPENSHIFT TECHNICAL OVERVIEW
App images are built using an
existing image build process.
OpenShift automates the
deploymen...
OPENSHIFT TECHNICAL OVERVIEW
BUILD STAGE 3
BUILD STAGE 2
BUILD STAGE 1
90
BUILD IMAGES IN MULTIPLE STAGES
OPENSHIFT TECHNICAL OVERVIEW91
EXAMPLE: USE ANY RUNTIME IMAGE WITH
SOURCE-TO-IMAGE BUILDS
DOCKER BUILDWILDFLY S2I BUILD ap...
OPENSHIFT TECHNICAL OVERVIEW92
EXAMPLE: USE ANY BUILD TOOL WITH
OFFICIAL RUNTIME IMAGES
DOCKER BUILDCUSTOM GRADLE BUILD
Cu...
OPENSHIFT TECHNICAL OVERVIEW93
EXAMPLE: SMALL LEAN RUNTIMES
DOCKER BUILDCUSTOM GO BUILD
Custom
Go S2I
Builder Image
Scratc...
CONTINUOUS INTEGRATION (CI)
CONTINUOUS DELIVERY (CD)
OPENSHIFT TECHNICAL OVERVIEW
CI/CD WITH BUILD AND DEPLOYMENTS
95
BUILDS
● Webhook triggers: build the app image whenever t...
OPENSHIFT TECHNICAL OVERVIEW96
CONTINUOUS DELIVERY WITH CONTAINERS
source
repository
CI/CD
engine
dev container
physical
v...
OPENSHIFT TECHNICAL OVERVIEW97
OPENSHIFT LOVES CI/CD
JENKINS-AS-A SERVICE
ON OPENSHIFT
HYBRID JENKINS INFRA
WITH OPENSHIFT...
OPENSHIFT TECHNICAL OVERVIEW98
JENKINS-AS-A-SERVICE ON OPENSHIFT
● Certified Jenkins images with pre-configured plugins
○ ...
OPENSHIFT TECHNICAL OVERVIEW
● Scale existing Jenkins infrastructure by dynamically provisioning Jenkins slaves on OpenShi...
OPENSHIFT TECHNICAL OVERVIEW
● Existing CI/CD infrastructure outside OpenShift performs operations against OpenShift
○ Ope...
OPENSHIFT TECHNICAL OVERVIEW101
OPENSHIFT PIPELINES
● OpenShift Pipelines allow defining a
CI/CD workflow via a Jenkins pi...
OPENSHIFT TECHNICAL OVERVIEW102
OpenShift
Pipelines in
Web Console
OPENSHIFT TECHNICAL OVERVIEW
APPLICATION
IMAGE
103
CONTINUOUS DELIVERY PIPELINE
DEV TEAM GIT SERVER
ARTIFACT
REPOSITORY
JE...
OPENSHIFT TECHNICAL OVERVIEW
CONTINUOUS DELIVERY PIPELINE
INTEGRATED
IMAGE
REGISTRY
OPENSHIFT
CLUSTER
104
DEVELOPER GIT SE...
OPENSHIFT TECHNICAL OVERVIEW
INTEGRATED
IMAGE
REGISTRY
OPENSHIFT
CLUSTER
105
CONTINUOUS DELIVERY PIPELINE
DEVELOPER GIT SE...
OPENSHIFT TECHNICAL OVERVIEW
INTEGRATED
IMAGE
REGISTRY
OPENSHIFT
CLUSTER
106
CONTINUOUS DELIVERY PIPELINE
DEVELOPER GIT SE...
OPENSHIFT TECHNICAL OVERVIEW
ServiceNow
JIRA Service Desk
Zendeks
BMC Remedy
INTEGRATED
IMAGE
REGISTRY
OPENSHIFT
CLUSTER
1...
OPENSHIFT TECHNICAL OVERVIEW
INTEGRATED
IMAGE
REGISTRY
OPENSHIFT
CLUSTER
108
CONTINUOUS DELIVERY PIPELINE
DEVELOPER GIT SE...
DEVELOPER WORKFLOW
OPENSHIFT TECHNICAL OVERVIEW110
LOCAL DEVELOPMENT WORKFLOW
Develop
Local
Deploy
Verify Git Push PipelineBootstrap
OPENSHIFT TECHNICAL OVERVIEW
BOOTSTRAP
● Pick your programming language and application runtime of choice
● Create the pro...
OPENSHIFT TECHNICAL OVERVIEW112
DEVELOP
● Pick your framework of choice such as Java EE, Spring, Ruby on Rails, Django, Ex...
OPENSHIFT TECHNICAL OVERVIEW113
LOCAL DEPLOY
● Deploy your code on a local OpenShift cluster
○ Red Hat Container Developme...
OPENSHIFT TECHNICAL OVERVIEW114
VERIFY
● Verify your code is working as expected
● Run any type of tests that are required...
OPENSHIFT TECHNICAL OVERVIEW115
GIT PUSH
● Push the code and configuration to the Git repository
● If using Fork & Pull Re...
OPENSHIFT TECHNICAL OVERVIEW
PIPELINE
● Pushing code to the Git repository triggers one or multiple deployment pipelines
●...
APPLICATION SERVICES
OPENSHIFT TECHNICAL OVERVIEW118
A PLATFORM THAT GROWS WITH YOUR BUSINESS
Data
Virtualization
Real Time
Decision
Intelligen...
OPENSHIFT TECHNICAL OVERVIEW
CrunchyData
GitLab
Iron.io
Couchbase
Sonatype
EnterpriseDB
NuoDB
Fujitsu
and many more
119
.....
THANK YOU
plus.google.com/+RedHat
linkedin.com/company/red-hat
youtube.com/user/RedHatVideos
facebook.com/redhatinc
twitte...
Upcoming SlideShare
Loading in …5
×

The Real World with OpenShift - Red Hat DevOps & Microservices Conference 2017

3,280 views

Published on

By Mario Mendoza Sánchez – Senior Solution Architect @Red Hat

Published in: Technology
  • Hello! Get Your Professional Job-Winning Resume Here - Check our website! https://vk.cc/818RFv
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

The Real World with OpenShift - Red Hat DevOps & Microservices Conference 2017

  1. 1. OPENSHIFT CONTAINER PLATFORM TECHNICAL OVERVIEW Mario Mendoza Senior Solution Architect
  2. 2. OPENSHIFT TECHNICAL OVERVIEW2 Self-Service Multi-language Automation Collaboration Seamless Standards-based Web-scale Open Source Enterprise Grade Secure
  3. 3. OPENSHIFT ARCHITECTURE
  4. 4. OPENSHIFT TECHNICAL OVERVIEW4 OPENSHIFT ARCHITECTURE EXISTING AUTOMATION TOOLSETS SCM (GIT) CI/CD SERVICE LAYER ROUTING LAYER PERSISTENT STORAGE REGISTRY RHEL NODE c RHEL NODE RHEL NODE RHEL NODE RHEL NODE RHEL NODE C C C C C C C CC C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
  5. 5. OPENSHIFT TECHNICAL OVERVIEW5 YOUR CHOICE OF INFRASTRUCTURE PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
  6. 6. OPENSHIFT TECHNICAL OVERVIEW NODES RHEL INSTANCES WHERE APPS RUN 6 RHEL NODE RHEL NODE RHEL NODE RHEL NODE RHEL NODE RHEL NODE PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
  7. 7. OPENSHIFT TECHNICAL OVERVIEW RHEL NODE c RHEL NODE RHEL NODE RHEL NODE RHEL NODE RHEL NODE C C C C C C C CC C APPS RUN IN CONTAINERS 7 Container Image Container Pod
  8. 8. OPENSHIFT TECHNICAL OVERVIEW8 PODS ARE THE UNIT OF ORCHESTRATION RHEL NODE c RHEL NODE RHEL NODE RHEL NODE RHEL NODE RHEL NODE C C C C C C C CC C
  9. 9. OPENSHIFT TECHNICAL OVERVIEW RHEL NODE RHEL NODE RHEL NODE RHEL NODE RHEL NODE RHEL NODE 9 MASTERS ARE THE CONTROL PLANE RED HAT ENTERPRISE LINUX MASTER PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
  10. 10. OPENSHIFT TECHNICAL OVERVIEW RHEL NODE RHEL NODE RHEL NODE 10 API AND AUTHENTICATION RHEL NODE RHEL NODE RHEL NODE RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
  11. 11. OPENSHIFT TECHNICAL OVERVIEW RHEL NODE RHEL NODE RHEL NODE 11 DESIRED AND CURRENT STATE RHEL NODE RHEL NODE RHEL NODE PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
  12. 12. OPENSHIFT TECHNICAL OVERVIEW12 INTEGRATED CONTAINER REGISTRY RHEL NODE RHEL NODE RHEL RHEL NODE RHEL NODE RHEL RHEL NODE PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE NODE REGISTRY RHEL
  13. 13. OPENSHIFT TECHNICAL OVERVIEW13 ORCHESTRATION AND SCHEDULING RHEL NODE RHEL NODE RHEL RHEL NODE RHEL NODE RHEL RHEL NODE PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER NODE REGISTRY RHEL
  14. 14. OPENSHIFT TECHNICAL OVERVIEW14 PLACEMENT BY POLICY RHEL NODE RHEL NODE RHEL NODE PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER REGISTRY RHEL NODE RHEL NODE C C RHEL NODE c C C
  15. 15. OPENSHIFT TECHNICAL OVERVIEW RHEL NODE RHEL NODE RHEL NODE RHEL NODE RHEL NODE C C RHEL NODE c C C 15 AUTOSCALING PODS PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER REGISTRY HEALTH/SCALING
  16. 16. OPENSHIFT TECHNICAL OVERVIEW16 SERVICE DISCOVERY SERVICE LAYER REGISTRY RHEL NODE C C RHEL NODE C C RHEL NODE c C C RHEL NODE C C RHEL NODE C RHEL NODE C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
  17. 17. OPENSHIFT TECHNICAL OVERVIEW17 PERSISTENT DATA IN CONTAINERS SERVICE LAYER PERSISTENT STORAGE REGISTRY RHEL NODE C C RHEL NODE C C RHEL NODE c C C RHEL NODE C C RHEL NODE C RHEL NODE C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
  18. 18. OPENSHIFT TECHNICAL OVERVIEW18 ROUTING AND LOAD-BALANCING SERVICE LAYER ROUTING LAYER PERSISTENT STORAGE REGISTRY RHEL NODE C C RHEL NODE C C RHEL NODE c C C RHEL NODE C C RHEL NODE C RHEL NODE C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
  19. 19. OPENSHIFT TECHNICAL OVERVIEW19 ACCESS VIA WEB, CLI, IDE AND API EXISTING AUTOMATION TOOLSETS SCM (GIT) CI/CD SERVICE LAYER ROUTING LAYER PERSISTENT STORAGE REGISTRY RHEL NODE C C RHEL NODE C C RHEL NODE c C C RHEL NODE C C RHEL NODE C RHEL NODE C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
  20. 20. TECHNICAL DEEP DIVE
  21. 21. OPENSHIFT TECHNICAL OVERVIEW21 AUTO-HEALING FAILED CONTAINERS RHEL NODE RHEL NODE c RHEL NODE RHEL NODE c RHEL NODE C C RHEL NODE C C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING C
  22. 22. OPENSHIFT TECHNICAL OVERVIEW22 AUTO-HEALING FAILED CONTAINERS RHEL NODE RHEL NODE c RHEL NODE RHEL NODE c RHEL NODE C C RHEL NODE C C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING C
  23. 23. OPENSHIFT TECHNICAL OVERVIEW23 AUTO-HEALING FAILED CONTAINERS RHEL NODE RHEL NODE c RHEL NODE RHEL NODE c RHEL NODE C C RHEL NODE C C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING C
  24. 24. OPENSHIFT TECHNICAL OVERVIEW24 AUTO-HEALING FAILED CONTAINERS RHEL NODE RHEL NODE c RHEL NODE RHEL NODE c RHEL NODE C C RHEL NODE C C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING C
  25. 25. OPENSHIFT TECHNICAL OVERVIEW25 AUTO-HEALING FAILED CONTAINERS RHEL NODE RHEL NODE RHEL NODE RHEL NODE C C RHEL NODE C C c RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING C c
  26. 26. NETWORKING
  27. 27. OPENSHIFT TECHNICAL OVERVIEW27 BUILT-IN SERVICE DISCOVERY INTERNAL LOAD-BALANCING SERVICE app=payroll role=frontend POD app=payroll role=frontend POD app=payroll role=frontend Name: payroll-frontend IP: 172.10.1.23 Port: 8080 POD app=payroll role=backendversion=1.0 version=1.0
  28. 28. OPENSHIFT TECHNICAL OVERVIEW28 BUILT-IN SERVICE DISCOVERY INTERNAL LOAD-BALANCING SERVICE app=payroll role=frontend POD app=payroll role=frontend POD app=payroll role=frontend POD app=payroll role=frontend Name: payroll-frontend IP: 172.10.1.23 Port: 8080 POD app=payroll role=backendversion=2.0 version=1.0 version=1.0
  29. 29. OPENSHIFT TECHNICAL OVERVIEW29 SERVICE POD POD ROUTER POD EXTERNAL TRAFFIC INTERNAL TRAFFIC ROUTE EXPOSES SERVICES EXTERNALLY
  30. 30. OPENSHIFT TECHNICAL OVERVIEW30 ● Pluggable routing architecture ○ HAProxy Router ○ F5 Router ● Multiple-routers with traffic sharding ● Router supported protocols ○ HTTP/HTTPS ○ WebSockets ○ TLS with SNI ● Non-standard ports via cloud load-balancers, external IP, and NodePort ROUTING AND EXTERNAL LOAD-BALANCING
  31. 31. OPENSHIFT TECHNICAL OVERVIEW31 ROUTE SPLIT TRAFFIC SERVICE A App A App A SERVICE B App B App B ROUTE 10% traffic90% traffic Split Traffic Between Multiple Services For A/B Testing, Blue/Green and Canary Deployments
  32. 32. OPENSHIFT TECHNICAL OVERVIEW ● NodePort binds a service to a unique port on all the nodes ● Traffic received on any node redirects to a node with the running service ● Ports in 30K-60K range which usually differs from the service ● Firewall rules must allow traffic to all nodes on the specific port 32 EXTERNAL TRAFFIC TO A SERVICE ON A RANDOM PORT WITH NODEPORT NODE 192.10.0.12 NODE 192.10.0.11 NODE 192.10.0.10 SERVICE INT IP: 172.1.0.20:90 POD 10.1.0.1:90 POD 10.1.0.2:90 POD 10.1.0.3:90 connect 192.10.0.10:31421 192.10.0.11:31421 192.10.0.12:31421 CLIENT
  33. 33. OPENSHIFT TECHNICAL OVERVIEW NODE 192.10.0.12 NODE 192.10.0.11 NODE 192.10.0.10 33 EXTERNAL TRAFFIC TO A SERVICE ON ANY PORT WITH INGRESS SERVICE EXT IP: 200.1.0.10:90 INT IP: 172.1.0.20:90 POD 10.1.0.1:90 POD 10.1.0.2:90 POD 10.1.0.3:90 connect 200.1.0.10:90 CLIENT● Access a service with an external IP on any TCP/UDP port, such as ○ Databases ○ Message Brokers ● Automatic IP allocation from a predefined pool using Ingress IP Self-Service ● IP failover pods provide high availability for the IP pool
  34. 34. OPENSHIFT TECHNICAL OVERVIEW34 CONTROL OUTGOING TRAFFIC SOURCE IP WITH EGRESS ROUTER NODE IP1 EGRESS ROUTER POD IP1 EGRESS SERVICE INTERNAL-IP:8080 EXTERNAL SERVICE Whitelist: IP1 POD POD POD
  35. 35. OPENSHIFT TECHNICAL OVERVIEW35 ● Built-in internal DNS to reach services by name ● Split DNS is supported via SkyDNS ○ Master answers DNS queries for internal services ○ Other nameservers serve the rest of the queries ● Software Defined Networking (SDN) for a unified cluster network to enable pod-to-pod communication ● OpenShift follows the Kubernetes Container Networking Interface (CNI) plug-in model OPENSHIFT NETWORKING
  36. 36. OPENSHIFT TECHNICAL OVERVIEW36 OPENSHIFT NETWORK PLUGINS OPENSHIFT KUBERNETES CNI OpenShift Plugin Flannel Plugin* Nuage Plugin Tigera Calico Plugin Juniper Contrail Plugin Cisco Contiv Plugin Big Switch Plugin Certified Plugin Validated Plugin * Flannel is minimally verified and is supported only and exactly as deployed in the OpenShift on OpenStack reference architecture VMware NSX-T Plugin In-Progress For a Complete List of Certified Plugins refer to OpenShift Third-Party SDN FAQ DEFAULT
  37. 37. OPENSHIFT TECHNICAL OVERVIEW NODE 172.16.1.10 37 OPENSHIFT NETWORKING POD 10.1.2.1 POD 10.1.4.1 NODE 172.16.1.20 POD 10.1.2.2 POD 10.1.4.2 IP Network VxLAN Overlay Network
  38. 38. OPENSHIFT TECHNICAL OVERVIEW FLAT NETWORK (Default) ● All pods can communicate with each other across projects MULTI-TENANT NETWORK ● Project-level network isolation ● Multicast support ● Egress network policies NETWORK POLICY (Tech Preview) ● Granular policy-based isolation 38 OPENSHIFT SDN NODE POD POD PODPOD NODE POD POD PODPOD PROJECT A PROJECT B DEFAULT NAMESPACE ✓ PROJECT C Multi-Tenant Network
  39. 39. OPENSHIFT TECHNICAL OVERVIEW PROJECT A 39 OPENSHIFT SDN - NETWORK POLICY POD POD POD POD PROJECT B POD POD POD POD Example Policies ● Allow all traffic inside the project ● Allow traffic from green to gray ● Allow traffic to purple on 8080 ✓ ✓ 8080 5432 ✓ apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: allow-to-purple-on-8080 spec: podSelector: matchLabels: color: purple ingress: - ports: - protocol: tcp port: 8080 ✓
  40. 40. OPENSHIFT TECHNICAL OVERVIEW Container to Container on the Same Host 40 OPENSHIFT SDN - OVS PACKET FLOW NODE POD 1 veth0 10.1.15.2/24 br0 10.1.15.1/24 192.168.0.100 eth0 POD 2 veth1 10.1.15.3/24 vxlan0
  41. 41. OPENSHIFT TECHNICAL OVERVIEW NODE 2 NODE 1 41 OPENSHIFT SDN - OVS PACKET FLOW POD 1 veth0 10.1.15.2/24 br0 10.1.15.1/24 vxlan0 POD 2 veth0 10.1.20.2/24 br0 10.1.20.1/24 vxlan0 192.168.0.100 eth0 192.168.0.200 eth0 Container to Container on the Different Hosts
  42. 42. OPENSHIFT TECHNICAL OVERVIEW Container Connects to External Host Container to Container on Different Hosts 42 OPENSHIFT SDN - OVS PACKET FLOW NODE 1 POD 1 veth0 10.1.15.2/24 br0 10.1.15.1/24 tun0 192.168.0.100 External Host eth0
  43. 43. OPENSHIFT TECHNICAL OVERVIEW43 OPENSHIFT SDN WITH FLANNEL FOR OPENSTACK NODE 1 POD 1 veth0 10.1.15.2/24 docker0 10.1.15.1/24 Routing Table flanneld NODE 2 POD 2 veth0 10.1.20.2/24 docker0 10.1.20.1/24 Routing Table flanneld etcd 192.168.0.100 eth0 192.168.0.200 eth0 Flannel is minimally verified and is supported only and exactly as deployed in the OpenShift on OpenStack reference architecture https://access.redhat.com/articles/2743631
  44. 44. LOGGING & METRICS
  45. 45. OPENSHIFT TECHNICAL OVERVIEW45 ● EFK stack to aggregate logs for hosts and applications ○ Elasticsearch: an object store to store all logs ○ Fluentd: gathers logs and sends to Elasticsearch. ○ Kibana: A web UI for Elasticsearch. ● Access control ○ Cluster administrators can view all logs ○ Users can only view logs for their projects ● Ability to send logs elsewhere ○ External elasticsearch, Splunk, etc CENTRAL LOG MANAGEMENT WITH EFK
  46. 46. OPENSHIFT TECHNICAL OVERVIEW CENTRAL LOG MANAGEMENT WITH EFK APPLICATION LOGS OPERATION LOGS ELASTIC ELASTIC 46 RHEL NODE POD POD PODPOD FLUENTD RHEL NODE POD POD PODPOD FLUENTD ELASTICSEARCH RHEL NODE POD POD PODPOD FLUENTD USER ELASTIC ELASTIC KIBANA ELASTIC ELASTIC ELASTICSEARCH ELASTIC ELASTIC KIBANA ADMIN
  47. 47. OPENSHIFT TECHNICAL OVERVIEW47 CONTAINER METRICS
  48. 48. OPENSHIFT TECHNICAL OVERVIEW CONTAINER METRICS 48 RHEL NODE POD POD PODPOD FLUENTD CONTAINER METRICS RHEL NODE POD POD PODPOD FLUENTD HEAPSTER RHEL NODE POD POD PODPOD CADVISOR HAWKULAR OPENSHIFT WEB CONSOLE ELASTIC ELASTIC CASSANDRA RED HAT CLOUDFORMS CUSTOM DASHBOARDS API USER
  49. 49. SECURITY
  50. 50. OPENSHIFT TECHNICAL OVERVIEW50 TEN LAYERS OF CONTAINER SECURITY Container Host & Multi-tenancy Container ContentContainer Registry Building Containers Deploying Container Container Platform Network Isolation Storage API Management Federated Clusters
  51. 51. OPENSHIFT TECHNICAL OVERVIEW NODE MASTER ● Secure mechanism for holding sensitive data e.g. ○ Passwords and credentials ○ SSH Keys ○ Certificates ● Secrets are made available as ○ Environment variables ○ Volume mounts ○ Interaction with external systems ● Encrypted in transit ● Never rest on the nodes 51 SECRET MANAGEMENT Container Distributed Store Container
  52. 52. PERSISTENT STORAGE
  53. 53. OPENSHIFT TECHNICAL OVERVIEW53 ● Persistent Volume (PV) is tied to a piece of network storage ● Provisioned by an administrator (static or dynamically) ● Allows admins to describe storage and users to request storage PERSISTENT STORAGE NFS GlusterFS OpenStack Cinder Ceph RBD AWS EBS GCE Persistent Disk iSCSI Fibre Channel Azure File Azure Disk
  54. 54. OPENSHIFT TECHNICAL OVERVIEW PROJECT POOL OF PERSISTENT VOLUMES 54 PERSISTENT STORAGE NFSP V iSCSI PV NFSP V Admin User register PV create claim NFSP V GlusterFS PV Pod claim Pod claim Pod claim Ceph RBD PV
  55. 55. OPENSHIFT TECHNICAL OVERVIEW55 DYNAMIC VOLUME PROVISIONING Admin User define StorageClass create claim: Fastest Slow Azure-Disk Fast AWS-SSD Fastest NetApp-Flash NetApp Provisioner AWS Provisioner Pod claim PV OpenShift PV Controller provision Azure Provisioner bound
  56. 56. OPENSHIFT TECHNICAL OVERVIEW56 ● Containerized Red Hat Gluster Storage ● Native integration with OpenShift ● Unified Orchestration using Kubernetes for applications and storage ● Greater control & ease of use for developers ● Lower TCO through convergence ● Single vendor Support DISTRIBUTED, SECURE, SCALE-OUT STORAGE CLUSTER APPLICATION CONTAINER APPLICATION CONTAINER APPLICATION CONTAINER STORAGE CONTAINER STORAGE CONTAINER STORAGE CONTAINER CONTAINER-NATIVE STORAGE
  57. 57. OPENSHIFT TECHNICAL OVERVIEW NODENODENODE CONTAINER-NATIVE STORAGE 57 NODE POD POD POD POD POD POD POD POD POD POD RHGS RHGS RHGS POD POD POD MASTER
  58. 58. SERVICE BROKER
  59. 59. OPENSHIFT TECHNICAL OVERVIEW59 ● Born out of Cloud Foundry Foundation ● Standard way to deliver services to apps running on OpenShift, Kubernetes, etc ● A collaboration between multiple vendors ● Integrated with OpenShift and Kubernetes ● Release Timeline ○ OCP 3.6 Tech Preview ○ OCP 3.7 GA OPEN SERVICE BROKER API RED HAT PIVOTAL IBM SAP GOOGLE FUJITSU
  60. 60. OPENSHIFT TECHNICAL OVERVIEW60 CONSUMING SERVICES SERVICE CONSUMER SERVICE PROVIDER ☑ Open ticket ☑ Wait for allocation ☑ Receive credentials ☑ Add to app ☑ Deploy app
  61. 61. OPENSHIFT TECHNICAL OVERVIEW61 CONSUMING SERVICES WITH OPEN SERVICE BROKER API SERVICE CONSUMER SERVICE PROVIDER SERVICE CATALOG SERVICE BROKER
  62. 62. OPENSHIFT TECHNICAL OVERVIEW62 OPENSHIFT SERVICE CATALOG OPENSHIFT SERVICE CATALOG Ansible Service Broker OpenShift Template Broker Cloud Service Broker Other Service Brokers ANSIBLE OPENSHIFT PUBLIC CLOUD OTHER COMPATIBLE SERVICES Ansible Playbook Bundles OpenShift Templates Public Cloud Services Other Services (TECH PREVIEW)
  63. 63. OPERATIONAL MANAGEMENT
  64. 64. OPENSHIFT TECHNICAL OVERVIEW64 TOP CHALLENGES OF RUNNING CONTAINERS AT SCALE SERVICE HEALTH SECURITY & COMPLIANCE FINANCIAL MANAGEMENT OPERATIONAL EFFICIENCY
  65. 65. OPENSHIFT TECHNICAL OVERVIEW65 Operational Management Across the Stack ● Real-time discovery ● Visualize relationships ● Monitoring and alerts ● Vulnerability scanning ● Security compliance ● Workflow and policy ● Automation ● Chargeback
  66. 66. OPENSHIFT TECHNICAL OVERVIEW ● CloudForms continuously discovers your infrastructure in near real time. ● CloudForms discovers and visualizes relationships between infra components ● CloudForms cross references inventory across technologies. ● CloudForms offers custom automation via control policy or UI extensions 66 OPERATIONAL EFFICIENCY
  67. 67. OPENSHIFT TECHNICAL OVERVIEW67 OPERATIONAL EFFICIENCY
  68. 68. OPENSHIFT TECHNICAL OVERVIEW ● CloudForms monitors resource consumption and shows trends ● CloudForms alerts on performance thresholds or other events ● CloudForms offers right-sizing recommendations ● CloudForms enforces configuration and tracks it over time. 68 SERVICE HEALTH
  69. 69. OPENSHIFT TECHNICAL OVERVIEW69 SERVICE HEALTH
  70. 70. OPENSHIFT TECHNICAL OVERVIEW ● CloudForms finds and marks nodes non-compliant with policy. ● CloudForms allows reporting on container provenance. ● CloudForms scans container images using OpenSCAP. ● CloudForms tracks genealogy between images and containers. 70 SECURITY & COMPLIANCE
  71. 71. OPENSHIFT TECHNICAL OVERVIEW71 SECURITY & COMPLIANCE
  72. 72. OPENSHIFT TECHNICAL OVERVIEW ● Define cost models for infrastructure and understand your cost. ● Rate schedules per platform and per tenant with multi-tiered and multi-currency support ● CloudForms shows top users for CPU, memory, as well as cost. ● Chargeback/showback to projects based on container utilization. 72 FINANCIAL MANAGEMENT
  73. 73. OPENSHIFT TECHNICAL OVERVIEW73 FINANCIAL MANAGEMENT
  74. 74. REFERENCE ARCHITECTURES
  75. 75. OPENSHIFT TECHNICAL OVERVIEW OpenShift on VMware vCenter https://access.redhat.com/articles/2745171 OpenShift on Red Hat OpenStack Platform https://access.redhat.com/articles/2743631 OpenShift on Amazon Web Services https://access.redhat.com/articles/2623521 OpenShift on Google Cloud Platform https://access.redhat.com/articles/2751521 OpenShift on Microsoft Azure https://access.redhat.com/articles/3030691 Deploying an OpenShift Distributed Architecture https://access.redhat.com/articles/1609803 OpenShift Architecture and Deployment Guide https://access.redhat.com/articles/1755133 OpenShift Scaling, Performance, and Capacity Planning https://access.redhat.com/articles/2191731 Application Release Strategies with OpenShift https://access.redhat.com/articles/2897391 Building Polyglot Microservices on OpenShift https://access.redhat.com/articles/2893381 Building JBoss EAP 6 Microservices on OpenShift https://access.redhat.com/articles/2094731 Building JBoss EAP 7 Microservices on OpenShift https://access.redhat.com/articles/2407801 Business Process Management with JBoss BPMS on OpenShift https://access.redhat.com/articles/2893421 Build and Deployment of Java Applications on OpenShift https://access.redhat.com/articles/3016691 Building Microservices on OpenShift with Fuse Integra... https://access.redhat.com/articles/3068571 JFrog Artifactory on OpenShift Container Platform https://access.redhat.com/articles/3049611 75 REFERENCE ARCHITECTURES
  76. 76. BUILD AND DEPLOY CONTAINER IMAGES
  77. 77. OPENSHIFT TECHNICAL OVERVIEW77 BUILD AND DEPLOY CONTAINER IMAGES DEPLOY YOUR SOURCE CODE DEPLOY YOUR APP BINARY DEPLOY YOUR CONTAINER IMAGE
  78. 78. OPENSHIFT TECHNICAL OVERVIEW78 DEPLOY YOUR SOURCE CODE
  79. 79. OPENSHIFT TECHNICAL OVERVIEW79 DEPLOY SOURCE CODE WITH SOURCE-TO-IMAGE (S2I) codeGit Repository Source-to-Image (S2I) deploy CODE BUILD DEPLOY Builder Image Image Registry OPSDEV Application Container
  80. 80. OPENSHIFT TECHNICAL OVERVIEW Developers write code using existing development tools such as Maven, NPM, Bower, PIP, Dockerfile and Git and then access the OpenShift Web, CLI or IDE to create an app from the code 80 DEPLOY SOURCE CODE WITH SOURCE-TO-IMAGE (S2I) codeGit Repository CODE DEV
  81. 81. OPENSHIFT TECHNICAL OVERVIEW S2I combines source code with a builder image (language and application runtimes) and stores the resulting application image in the image registry 81 DEPLOY SOURCE CODE WITH SOURCE-TO-IMAGE (S2I) codeGit Repository Source-to-Image (S2I) Builder Image Image Registry BUILD DEV
  82. 82. OPENSHIFT TECHNICAL OVERVIEW OpenShift automates the deployment of application containers across multiple hosts via the Kubernetes. Users can trigger deployments, rollback, configure A/B or other custom deployments 82 DEPLOY SOURCE CODE WITH SOURCE-TO-IMAGE (S2I) codeGit Repository Source-to-Image (S2I) deploy Builder Image Image Registry OPSDEV DEPLOY Application Container
  83. 83. OPENSHIFT TECHNICAL OVERVIEW DEPLOY YOUR APP BINARY 83
  84. 84. OPENSHIFT TECHNICAL OVERVIEW DEPLOY 84 DEPLOY APP BINARY WITH SOURCE-TO-IMAGE (S2I) Application Binary (e.g. WAR) Source-to-Image (S2I) deploy Builder Image Image Registry OPSDEV BUILD APP BUILD IMAGE Existing Build Process Application Container build
  85. 85. OPENSHIFT TECHNICAL OVERVIEW Developers use the existing build process and tools (e.g. Maven, Gradle, Jenkins, Nexus) to build the app binaries (e.g. JAR, WAR, EAR) and use OpenShift CLI to create an app from the app binaries 85 DEPLOY APP BINARY WITH SOURCE-TO-IMAGE (S2I) Application Binary (e.g. WAR) DEV BUILD APP Existing Build Process ... build
  86. 86. OPENSHIFT TECHNICAL OVERVIEW86 DEPLOY APP BINARY WITH SOURCE-TO-IMAGE (S2I) Application Binary (e.g. WAR) Source-to-Image (S2I) Builder Image Image Registry DEV build Existing Build Process BUILD IMAGE S2I combines app binaries (e.g. JAR, WAR, EAR) with a builder image (language and application runtimes) and stores the resulting application image in the image registry
  87. 87. OPENSHIFT TECHNICAL OVERVIEW87 DEPLOY APP BINARY WITH SOURCE-TO-IMAGE (S2I) Application Binary (e.g. WAR) Source-to-Image (S2I) deploy Builder Image Image Registry OPSDEV Existing Build Process DEPLOY Application Container OpenShift automates the deployment of application containers across multiple hosts via the Kubernetes. Users can trigger deployments, rollback, configure A/B or other custom deployments build
  88. 88. OPENSHIFT TECHNICAL OVERVIEW DEPLOY YOUR CONTAINER IMAGE 88
  89. 89. OPENSHIFT TECHNICAL OVERVIEW App images are built using an existing image build process. OpenShift automates the deployment of app containers across multiple hosts via the Kubernetes. Users can trigger deployments, rollback, configure A/B, etc DEPLOY 89 DEPLOY DOCKER IMAGE build Application Container deploy Application Image Image Registry OPSDEV BUILD Existing Image Build Process
  90. 90. OPENSHIFT TECHNICAL OVERVIEW BUILD STAGE 3 BUILD STAGE 2 BUILD STAGE 1 90 BUILD IMAGES IN MULTIPLE STAGES
  91. 91. OPENSHIFT TECHNICAL OVERVIEW91 EXAMPLE: USE ANY RUNTIME IMAGE WITH SOURCE-TO-IMAGE BUILDS DOCKER BUILDWILDFLY S2I BUILD app.war WildFly S2I Builder Image WildFly Runtime Image Use Source-to-Image to build app binaries and deploy on lean vanilla runtimes read more on https://blog.openshift.com/chaining-builds/
  92. 92. OPENSHIFT TECHNICAL OVERVIEW92 EXAMPLE: USE ANY BUILD TOOL WITH OFFICIAL RUNTIME IMAGES DOCKER BUILDCUSTOM GRADLE BUILD Custom Gradle S2I Builder Image Red Hat OpenJDK Image Use your choice of build tool like Gradle and deploy to official images like the JDK image read more on https://blog.openshift.com/chaining-builds/ app.war
  93. 93. OPENSHIFT TECHNICAL OVERVIEW93 EXAMPLE: SMALL LEAN RUNTIMES DOCKER BUILDCUSTOM GO BUILD Custom Go S2I Builder Image Scratch Image Build the app binary and deploy on small scratch images read more on https://blog.openshift.com/chaining-builds/ app
  94. 94. CONTINUOUS INTEGRATION (CI) CONTINUOUS DELIVERY (CD)
  95. 95. OPENSHIFT TECHNICAL OVERVIEW CI/CD WITH BUILD AND DEPLOYMENTS 95 BUILDS ● Webhook triggers: build the app image whenever the code changes ● Image trigger: build the app image whenever the base language or app runtime changes ● Build hooks: test the app image before pushing it to an image registry DEPLOYMENTS ● Deployment triggers: redeploy app containers whenever configuration changes or the image changes in the OpenShift integrated registry or upstream registries
  96. 96. OPENSHIFT TECHNICAL OVERVIEW96 CONTINUOUS DELIVERY WITH CONTAINERS source repository CI/CD engine dev container physical virtual private cloud public cloud
  97. 97. OPENSHIFT TECHNICAL OVERVIEW97 OPENSHIFT LOVES CI/CD JENKINS-AS-A SERVICE ON OPENSHIFT HYBRID JENKINS INFRA WITH OPENSHIFT EXISTING CI/CD DEPLOY TO OPENSHIFT
  98. 98. OPENSHIFT TECHNICAL OVERVIEW98 JENKINS-AS-A-SERVICE ON OPENSHIFT ● Certified Jenkins images with pre-configured plugins ○ Provided out-of-the-box ○ Follows Jenkins 1.x and 2.x LTS versions ● Jenkins S2I Builder for customizing the image ○ Install Plugins ○ Configure Jenkins ○ Configure Build Jobs ● OpenShift plugins to integrate authentication with OpenShift and also CI/CD pipelines ● Dynamically deploys Jenkins slave containers Plugins Jobs Configuration Jenkins (S2I) Custom Jenkins Image Jenkins Image
  99. 99. OPENSHIFT TECHNICAL OVERVIEW ● Scale existing Jenkins infrastructure by dynamically provisioning Jenkins slaves on OpenShift ● Use Kubernetes plug-in on existing Jenkin servers 99 HYBRID JENKINS INFRA WITH OPENSHIFT OPENSHIFT APP APPrun job JENKINS SLAVE Run Job JENKINS SLAVE Run Job build JENKINS MASTER deploy
  100. 100. OPENSHIFT TECHNICAL OVERVIEW ● Existing CI/CD infrastructure outside OpenShift performs operations against OpenShift ○ OpenShift Pipeline Jenkins Plugin for Jenkins ○ OpenShift CLI for integrating other CI Engines with OpenShift ● Without disrupting existing processes, can be combined with previous alternative 100 EXISTING CI/CD DEPLOY TO OPENSHIFT OPENSHIFT APP EXISTING CI/CD INFRA Jenkins, Bamboo, TeamCity, etc APPbuild deploy S2I Buildrun job
  101. 101. OPENSHIFT TECHNICAL OVERVIEW101 OPENSHIFT PIPELINES ● OpenShift Pipelines allow defining a CI/CD workflow via a Jenkins pipeline which can be started, monitored, and managed similar to other builds ● Dynamic provisioning of Jenkins slaves ● Auto-provisioning of Jenkins server ● OpenShift Pipeline strategies ○ Embedded Jenkinsfile ○ Jenkinsfile from a Git repository apiVersion: v1 kind: BuildConfig metadata: name: app-pipeline spec: strategy: type: JenkinsPipeline jenkinsPipelineStrategy: jenkinsfile: |- node('maven') { stage('build app') { git url: 'https://git/app.git' sh "mvn package" } stage('build image') { sh "oc start-build app --from-file=target/app.jar } stage('deploy') { openshiftDeploy deploymentConfig: 'app' } } Provision a Jenkins slave for running Maven
  102. 102. OPENSHIFT TECHNICAL OVERVIEW102 OpenShift Pipelines in Web Console
  103. 103. OPENSHIFT TECHNICAL OVERVIEW APPLICATION IMAGE 103 CONTINUOUS DELIVERY PIPELINE DEV TEAM GIT SERVER ARTIFACT REPOSITORY JENKINS IMAGE BUILD ● S2I build from source code ● S2I build from app binary ● Existing docker container image build process
  104. 104. OPENSHIFT TECHNICAL OVERVIEW CONTINUOUS DELIVERY PIPELINE INTEGRATED IMAGE REGISTRY OPENSHIFT CLUSTER 104 DEVELOPER GIT SERVER ARTIFACT REPOSITORY OPENSHIFT CI/CD PIPELINE (JENKINS) IMAGE BUILD & DEPLOY INTEGRATED IMAGE REGISTRY OPENSHIFT CLUSTER NON-PROD PRODDEV
  105. 105. OPENSHIFT TECHNICAL OVERVIEW INTEGRATED IMAGE REGISTRY OPENSHIFT CLUSTER 105 CONTINUOUS DELIVERY PIPELINE DEVELOPER GIT SERVER ARTIFACT REPOSITORY OPENSHIFT CI/CD PIPELINE (JENKINS) IMAGE BUILD & DEPLOY INTEGRATED IMAGE REGISTRY OPENSHIFT CLUSTER PROMOTE TO TEST NON-PROD PRODDEV TEST
  106. 106. OPENSHIFT TECHNICAL OVERVIEW INTEGRATED IMAGE REGISTRY OPENSHIFT CLUSTER 106 CONTINUOUS DELIVERY PIPELINE DEVELOPER GIT SERVER ARTIFACT REPOSITORY OPENSHIFT CI/CD PIPELINE (JENKINS) IMAGE BUILD & DEPLOY INTEGRATED IMAGE REGISTRY OPENSHIFT CLUSTER PROMOTE TO TEST PROMOTE TO UAT NON-PROD PRODDEV TEST UAT
  107. 107. OPENSHIFT TECHNICAL OVERVIEW ServiceNow JIRA Service Desk Zendeks BMC Remedy INTEGRATED IMAGE REGISTRY OPENSHIFT CLUSTER 107 CONTINUOUS DELIVERY PIPELINE DEVELOPER GIT SERVER ARTIFACT REPOSITORY OPENSHIFT CI/CD PIPELINE (JENKINS) IMAGE BUILD & DEPLOY INTEGRATED IMAGE REGISTRY OPENSHIFT CLUSTER GO LIVE? PROMOTE TO TEST PROMOTE TO UAT RELEASE MANAGER NON-PROD PROD ☒ ☑ DEV TEST UAT
  108. 108. OPENSHIFT TECHNICAL OVERVIEW INTEGRATED IMAGE REGISTRY OPENSHIFT CLUSTER 108 CONTINUOUS DELIVERY PIPELINE DEVELOPER GIT SERVER ARTIFACT REPOSITORY OPENSHIFT CI/CD PIPELINE (JENKINS) IMAGE BUILD & DEPLOY INTEGRATED IMAGE REGISTRY OPENSHIFT CLUSTER GO LIVE? PROMOTE TO TEST PROMOTE TO UAT PROMOTE TO PROD RELEASE MANAGER NON-PROD PRODDEV TEST UAT ☒ ☑
  109. 109. DEVELOPER WORKFLOW
  110. 110. OPENSHIFT TECHNICAL OVERVIEW110 LOCAL DEVELOPMENT WORKFLOW Develop Local Deploy Verify Git Push PipelineBootstrap
  111. 111. OPENSHIFT TECHNICAL OVERVIEW BOOTSTRAP ● Pick your programming language and application runtime of choice ● Create the project skeleton from scratch or use a generator such as ○ Maven archetypes ○ Quickstarts and Templates ○ OpenShift Generator ○ Spring Initializr 111 LOCAL DEVELOPMENT WORKFLOW Develop Local Deploy Verify Git Push PipelineBootstrap
  112. 112. OPENSHIFT TECHNICAL OVERVIEW112 DEVELOP ● Pick your framework of choice such as Java EE, Spring, Ruby on Rails, Django, Express, ... ● Develop your application code using your editor or IDE of choice ● Build and test your application code locally using your build tools ● Create or generate OpenShift templates or Kubernetes objects LOCAL DEVELOPMENT WORKFLOW Develop Local Deploy Verify Git Push PipelineBootstrap
  113. 113. OPENSHIFT TECHNICAL OVERVIEW113 LOCAL DEPLOY ● Deploy your code on a local OpenShift cluster ○ Red Hat Container Development Kit (CDK), minishift and oc cluster ● Red Hat CDK provides a standard RHEL-based development environment ● Use binary deploy, maven or CLI rsync to push code or app binary directly into containers LOCAL DEVELOPMENT WORKFLOW Develop Local Deploy Verify Git Push PipelineBootstrap
  114. 114. OPENSHIFT TECHNICAL OVERVIEW114 VERIFY ● Verify your code is working as expected ● Run any type of tests that are required with or without other components (database, etc) ● Based on the test results, change code, deploy, verify and repeat LOCAL DEVELOPMENT WORKFLOW Develop Local Deploy Verify Git Push PipelineBootstrap
  115. 115. OPENSHIFT TECHNICAL OVERVIEW115 GIT PUSH ● Push the code and configuration to the Git repository ● If using Fork & Pull Request workflow, create a Pull Request ● If using code review workflow, participate in code review discussions LOCAL DEVELOPMENT WORKFLOW Develop Local Deploy Verify Git Push PipelineBootstrap
  116. 116. OPENSHIFT TECHNICAL OVERVIEW PIPELINE ● Pushing code to the Git repository triggers one or multiple deployment pipelines ● Design your pipelines based on your development workflow e.g. test the pull request ● Failure in the pipeline? Go back to the code and start again 116 LOCAL DEVELOPMENT WORKFLOW Develop Local Deploy Verify Git Push PipelineBootstrap
  117. 117. APPLICATION SERVICES
  118. 118. OPENSHIFT TECHNICAL OVERVIEW118 A PLATFORM THAT GROWS WITH YOUR BUSINESS Data Virtualization Real Time Decision Intelligent Process Integration Messaging Data Grid Java EE Application Web Application Single Sign-On Mobile API Management Micro services
  119. 119. OPENSHIFT TECHNICAL OVERVIEW CrunchyData GitLab Iron.io Couchbase Sonatype EnterpriseDB NuoDB Fujitsu and many more 119 ...and virtually any docker image out there! TRUE POLYGLOT PLATFORM PHPPythonJava NodeJS Perl Ruby .NET Core Apache HTTP Server MySQL Redis nginx TomcatVarnish JBoss EAP JBoss A-MQ JBoss Fuse JBoss BRMS JBoss BPMS JBoss Data Grid JBoss Data Virt RH Mobile RH SSO 3SCALE API mgmt JBoss Web Server Spring Boot Wildfly Swarm Vert.x PostgreSQL MongoDB Phusion Passenger Third-party Language Runtimes Third-party Databases Third-party App Runtimes Third-party Middleware Third-party Middleware LANGUAGES DATABASES WEB SERVERS MIDDLEWARE
  120. 120. THANK YOU plus.google.com/+RedHat linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHatNews

×