The document discusses OpenShift as a containerized application platform built on Docker and Kubernetes, highlighting its features and architecture for managing container orchestration, including scheduling, monitoring, and service discovery. It emphasizes the integration of development tools and automation for building, deploying, and managing applications, alongside a robust ecosystem and community support. Key concepts such as pods, services, and persistent storage are elaborated to explain the operational landscape within OpenShift and Kubernetes environments.

1. OpenShift Enterprise
a Containerized Application Platform
@LinhDo
AxonVibe Devops
April 16, 2017

2. Agenda
Docker
Kubernetes added-value
OpenShift added-value
Demo
Q & A

3. Container Technology
- Docker

4. Images & Containers
Docker “Image”
Unified Packaging format.
- Like “war" or “tar.gz"
- For any type of
Application
- Portable
Docker “Container”
Runtime
Isolation
Image BImage A
Hardware
Container
APP A
Image
Host Minimal OS
Container
APP B
Image
Container
APP C
Image
Docker Engine
Docker Registry
RHEL
JDK
Jboss-EAP
Libs A Libs B
App A App B
docker pull <image>

5. Evolution
Hardware
Host OS
LIBS A LIBS B LIBS..
APP A APP B
Hardware
Guest OS
LIBS A
APP A
Hypervisor
Guest OS
LIBS B
APP B
Guest OS
LIBS C
APP C
Hardware
Container
LIBS A
APP A
Host Minimal OS
Container
LIBS B
APP B
Container
LIBS C
APP C
Traditional Virtual Containershared system isolation process isolation

6. Linux Kernel
App1 App2 App3
Isolation, not Virtualization
• Kernel Namespaces
• Process
• Network
• IPC
• Mount
• User
• Resource Limits
• Cgroups
• Security
• SELinux

7. Container Orchestration
- Kubernetes

8. We need more than just packing and isolation
• Scheduling : Where should my containers run?
• Lifecycle and health : Keep my containers running despite failures
• Discovery : Where are my containers now?
• Monitoring : What’s happening with my containers?
• Auth{n,z} : Control who can do things to my containers
• Aggregates : Compose sets of containers into jobs
• Scaling : Making jobs bigger or smaller

9. Kubernetes – Container Orchestration at Scale
Greek for “Helmsman”; also the root of the word “Governor” and “cybernetic”
• Container Cluster Manager
- Inspired by the technology that runs Google
• Runs anywhere
- Public cloud
- Private cloud
- Bare metal
• Strong ecosystem
- Partners: Red Hat, VMware, CoreOS..
- Community: clients, integration

10. Kubernetes Cluster
Registry
Master
Node
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
Image
Core Concepts
• Pod
• Labels & Selectors
• ReplicationController
Service
Persistent Volumes
etcd
SkyDNS
Replication
Controller
APIDev/Ops
Visitor
Router
Policies
Logging
ELK

11. Pods
POD Definition:
• Group of Containers
• Related to each other
• Same namespace
• Emphemeral
Examples:
• Wordpress
• MySQL
• Wordpress + MySQL
• ELK
• Nginx+Logstash
• Auth-Proxy+PHP
• App + data-load

12. Kubernetes Cluster
Master
Node
Node
Pod
Node
Pod
Replication Controller
etcd
Replication
Controller
APIDev/Ops
kind: ReplicationController
metadata:
name: nginx
spec:
replicas: 2
selector:
app: nginx
template:
metadata:
name: nginx
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:v2.2
ports:
- containerPort: 80
“nginx”
RC Object
• Pod Scaling
• Pod Monitoring
• Rolling updates
# kubectl create –f nginx-rc.yaml

13. Kubernetes Cluster
MySQL
DB
MySQL
Service
Service Definition:
• Load-Balanced Virtual-IP (layer 4)
• Abstraction layer for your App
• Enables Service Discovery
• DNS
• ENV
Examples:
• frontend
• database
• api
172.16.0.1:3386
PHP
10.1.0.1:3306
10.2.0.1:3306
db.project.cluster.local
Visitor
<?php
mysql_connect(getenv(“db_host”))
mysql_connect(“db:3306”)
?>

14. MySQL
MySQL
Service
PHP
10.1.0.1:3306
10.2.0.1:3306
Master
Node
etcd
SkyDNS
APIDev/Ops
“DB”
Service Object
Kube
Proxy
IPTables
Kube
Proxy
IPTables
3. Register
Service
2. Watch
Changes
Redirect
3. Update
Rule
2. Watch
Changes
- apiVersion: v1
kind: Service
metadata:
labels:
app: MySQL
role: BE
phase: DEV
name: MySQL
spec:
ports:
- name: mysql-data
port: 3386
protocol: TCP
targetPort: 3306
selector:
app: MySQL
role: BE
sessionAffinity: None
type: ClusterIP
1. Create
Object
1. Register
Pod Object

15. Pod
Service
Pod
Pod
Labels & Selectors
- apiVersion: v1
kind: Service
metadata:
labels:
app: MyApp
role: BE
phase: DEV
name: MyApp
spec:
ports:
- name: 80-tcp
port: 80
protocol: TCP
targetPort: 8080
selector:
app: MyApp
role: BE
sessionAffinity: None
type: ClusterIP
Role: FE
Phase: Dev
Role: BE
Phase: DEV
Role: BE
Phase: TST
Role: BEthink SQL ‘select ... where ...’
- apiVersion: v1
kind: Pod
metadata:
labels:
app: MyApp
role: BE
phase: DEV
name: MyApp

16. MySQL
Service
MySQL
Ingress / Router
• Router Definition:
• Layer 7 Load-Balancer /
Reverse Proxy
• SSL/TLS Termination
• Name based Virtual Hosting
• Context Path based Routing
• Customizable (image)
• HA-Proxy
• F5 Big-IP
Examples:
• https://www.mysite.nl/myapp1/
• http://www.mysite.nl/myapp2
172.16.0.1:3386
PHP
10.1.0.1:3306
10.2.0.1:3306
db.project.cluster.local
Visitor
Router https://mysite.nl/service1/apiVersion:
extensions/v1beta1
kind: Ingress
metadata:
name: mysite
spec:
rules:
- host: www.mysite.nl
http:
paths:
- path: /foo
backend:
serviceName: s1
servicePort: 80
- path: /bar
backend:
serviceName: s2
servicePort: 80

17. Kubernetes Cluster
Node
Storage
Pod
Volume
Node
Pod
Pod
Persistent Storage
for Ops:
• Google
• AWS EBS
• OpenStack's Cinder
• Ceph
• GlusterFS
• NFS
• iSCSI
• FibreChannel
• EmptyDir
for Dev:
• “Claim”
kind: PersistentVolume
metadata:
name: pv0003
spec:
capacity:
storage: 8Gi
accessModes:
- ReadWriteOnce
nfs:
path: /tmp
server: 172.17.0.2
kind: PersistentVolumeClaim
metadata:
name: myclaim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 8Gi

18. Persistent Volume Claim
18
Storage
Provider(s)
Ops Dev
Persistent Volume Farm Projects Claim and Mount
Project: ABC
Project: XYZ
10G
SSD
40G
pod
pod
5G
SSD
10G pod
pod

19. • Each Host = 256 IPs
• Each POD = 1 IP
Programmable Infra:
• GCE / GKE
• AWS
• OpenStack
• Nuage
Networking
Overlay Networks:
• Flannel
• Weave
• OpenShift-SDN
• Open vSwitch

20. Kubernetes Cluster
Master
Node
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
Hosting Platform
• Scheduling
• Lifecycle and health
• Discovery
• Monitoring
• Auth{n,z}
• Scaling
etcd
SkyDNS
Replication
Controller
APIDev/Ops
Router
Policies
Registry
Image
Visitor
Logging
ELK

21. OpenShift as a Development Platform
• Project spaces
• Build tools
• Integration with your IDE

22. We need more than just Orchestration !
Self Service
-Templates
- Web Console
Multi-Language
Automation
- Deploy
- Build
DevOps
Collaboration
Secure
- Namespaced
- RBAC
Scalable
- Integrated LB
Open Source
Enterprise
- Authentication
- Web Console
- Central Logging

23. We need more than just Orchestration
Self Service
-Templates
- Web Console
Multi-Language
Automation
- Deploy
- Build
DevOps
Collaboration
Secure
- Namespaced
- RBAC
Scalable
- Integrated LB
Open Source
Enterprise
- Authentication
- Web Console
- Central Logging
OpenShift is Red Hat’s Container Application Platform (PaaS)

24. Kubernetes Embedded
https://master:8443/api = Kubernetes API
/oapi = OpenShift API
/console = OpenShift WebConsole
OpenShift:
• 1 Binary for Master
• 1 Binary for Node
• 1 Binary for Client
• Docker-image
• Vagrant-image
Kubernetes:
• ApiServer, Controller, Scheduler, Etcd
• KubeProxy, Kubelet
• Kubectl

25. Project Namespaces
Project
• Sandboxed Environment
• Network VXLan
• Authorization Policies
• Resource Quotas
• Ops in Control, Dev Freedom
oc new-project Project-Dev
oc policy add-role-to-user admin scientist1
oc new-app
--source=https://gitlab/MyJavaApp
--docker-image=jboss-eap
Project “Prod” Project “Dev” Project
Global Services
OpenShift Platform
APP A
Image
APP C
Image
App
• Images run in Containers
• Grouped together as a Service
• Defined as Template

26. Kubernetes Cluster
Master
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
Kubernetes
Hosting Architecture
etcd
SkyDNS
Replication
Controller
APIDev/Ops
Ingress
Policies
Registry
Image
VisitorLogging
ELK

27. OpenShift Cluster
Master
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
OpenShift
PaaS Architecture
etcd
SkyDNS
Replication
Controller
APIDev/Ops
Router
Deploy
Build
Policies
config
Registry
Image
VisitorLogging
EFK
• Added “Build”
• Added “Deployment”
• s/ELK/EFK/g
• s/Ingress/Router/g
• Added Policies + tools
• Added WebConsole
• OpenShift-SDN isolation
Web
Console

28. OpenShift Cluster
Master
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
OpenShift
Build & Deploy Architecture
etcd
SkyDNS
Replication
Controller
APIDev/Ops
Router
Deploy
Build
Policies
config
kind: "BuildConfig“
metadata:
name: “myApp-build“
spec:
source:
type: "Git“
git:
uri: "git://gitlab/project/hello.git“
dockerfile: “jboss-eap-6“
strategy:
type: "Source“
sourceStrategy:
from:
kind: "Image“
name: “jboss-eap-6:latest“
output:
to:
kind: “Image“
name: “myApp:latest“
triggers:
- type: "GitHub“
github:
secret: "secret101“
- type: "ImageChange“
# oc start-build myApp-build
Registry
Image
VisitorLogging
EFK

29. Code
Deploy
Build
Can configure different
deployment strategies
like A/B, Rolling upgrade,
Automated base updates,
and more.
Can configure triggers for
automated deployments,
builds, and more.
Build & Deploy an Image
Source
2
Image Builder
Image
Developer
SCM
Container Image
Builder Images
• Jboss-EAP
• PHP
• Python
• Ruby
• Jenkins
• Customer
• C++ / Go
• S2I (bash) scripts
Triggers
• Image Change (tagging)
• Code Change (webhook)
• Config Change

30. OpenShift Cluster
Master
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
OpenShift
Build & Deploy Architecture
etcd
SkyDNS
Replication
Controller
APIDev/Ops
Router
Deploy
Build
Policies
kind: “DeploymentConfig“
metadata:
name: “myApp“
spec:
replicas: 2
selector:
app: nginx
template:
metadata:
name: nginx
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
triggers:
- type: "ImageChange“
from:
kind: “Image”
name: “nginx:latest
# oc deploy myApp --latest
Registry
Image
VisitorLogging
EFK

31. Continuous Integration Pipeline example
Source Build Deploy
:test
:test
Deploy
:test-fw
Test Tag
:uat
Deploy
:uat
commit webhook
registry
ImageChange
registry
ImageChange
Approve Tag
:prod
Deploy
:prod
registry
ImageChange
ITIL
container

32. Template
OpenShift
MySQL
Service
MySQL
PHP
RouterapiVersion: v1
kind: Template
metadata:
name: redis-template
annotations:
description: "Description“
iconClass: "icon-redis“
tags: "database,nosql“
objects:
- apiVersion: v1
kind: Pod
…
parameters:
- description: Password
from: '[A-Z0-9]{8}‘
generate: expression
name: REDIS_PASSWORD
labels:
redis: master
apiVersion: v1
kind: List
Items:
- apiVersion: v1
kind: Pod
…
- apiVersion: v1
kind: Service
…
Kubernetes
curl –s https://get.helm.sh | bash
helm update
helm search redis
helm install redis
Deis Helm

33. Demo
https://github.com/thachphongphong/os-demo.git

34. Questions?
docs.openshift.org
www.youtube.com/user/rhopenshift
www.facebook.com/thachphongph
ong
linh.do@axonactive.com