Openshift meetup Paris - 21/03/2018

Docker/ Openshift introduction
1
Introducing Docker and Openshift
oc start-build bc/MeetupOpenShiftParis
build "MeetupOpenShiftParis-20180320" started

Charles Sabourdin
Formation du 0809/02/2018 - 09/02/2018 - Dassault System 
Salle
Formateur : Charles Sabourdin
Javaiste
Linuxien
Devoxx France
ParisJUG
OpenSource
Architect Dev/
Ops
@kanedafromparis
https://github.com/kanedafromparis/
https://github.com/kanedafromparisfriends

Agenda
● Containers and docker
● OpenShift overview
● Demo
3

Principles of container
Coming from Chroot / BSD Jails / Openvz / lxc / solaris ...
A container is a specific way to isolate process within the server.
Containered process are isolated using cgroups.
Containered process use less resources than virtual machine allowing
more containers on a machine. It allows a stronger densification of
servers.
4
Linux Kernel Isolation

What docker brings : Docker image
Docker allows to encapsulate the code and application as an image in order to ease its
diffusion.
The docker image is :
- agnostic to the host
- immutable
- runnable
- execution isolated
Therefore you can easily create an app and deploy it using docker.
The app is build using DockerFile into a docker image, stored via “docker push” into a registry
and shipped on any docker host via “docker pull”
5
Immutable applicative image

Openshift
6
Open Source Based PaaS
OpenShift is a PaaS, it allows to develop, run, and manage applications without the
complexity of building and maintaining the infrastructure typically associated with
developing and launching an app.
Openshift is based on kubernetes, which is a container platform orchestrator.
Its purpose is to build, ship and run containers.
it provides :
- Run
- including standardized images, automated restart, load balancer,
- Ship
- including internal registry, webhooks, image-tag etc…
- Builds
- including inheritance overwriting, etc...

Different ways to store docker images (various registries)
Docker images are stored into a centralized service called a registry
Openshift for technical purpose provides an internal registry
 
JFrog product Artifactory provides a docker registry.
Sonatype has Nexus 3 that also provides a docker registry
7
Store, share and reuse images

How it works
8

View : Docker and registry
9
Diagram representation
Docker container
Docker registry
pullpush

Openshift is a container platform orchestrator : it manages a cluster of containers servers
called nodes.
Openshift is used to instantiate docker images, with the desired settings (environment
variables, volumes, secrets…).
An Openshift Pod is a group of one or more containers, tied together for the purposes of
administration and networking.
Openshift uses pod as its core execution unit.
A pod is the smallest deployable unit that can be created and managed by Openshift.
A pod can instantiate more than one docker image but it is better to have only one docker per
pod.
Nodes and Pods
10
Openshift atomic unit

Cluster View : Master, Nodes and PODs
11
Master
Nodes
Pods

Routes & services
Openshift provides :
- services to allow pods to be used internally within the cluster.
- routes in order to expose services to the outside world.
12
Internal and External network communication

View : Routes & services
13
services
routes

Build Config
Openshift can build docker images using build configurations.
A build configuration describes a single build definition and a set of triggers for when a new build should be
created.
Various build strategies :
- Source-to-Image build strategy
Source-to-Image (S2I) is a tool for building reproducible, Docker-formatted container images. It produces
ready-to-run images by injecting application source into a container image name base image and
assembling a new image.  
The new image incorporates the base image (the builder) and built source and is ready to use with the
docker run command.
- Docker build strategy
The Docker build strategy invokes the docker build command, and it therefore expects a repository with a
Dockerfile and all required artifacts in it to produce a runnable image.
14
Source to image

Build Config : View
15
Build Config
git repository
Base images
application images

Deployment Config
Openshift uses Deployment Config in order to describe the manner to instantiate pods on
nodes, accessible through services
It describe (overview):
- the docker images to instantiate
- the storage volumes to use, if needed
- the number of replicas
- the triggers on which react
Openshift will manage pods and nodes state and availability, in order to maintain the fixed
number of pods spread among its nodes.
It will ensure the service delivery even if a pod or a node crash.
Openshift uses a key-value database (etcd) in order to keep track of the whole cluster state
16
Deploy, replicate, scale

Deployment Config : View
17
Deployment Config

A lot of other objects
A container is an instanciate executable
isolated process
A container repository is a library of image.
A Kubernetes Pod (PO) is a group of one or
more containers.
An image stream (IS) is a virtual view of related
images, similar to an image repository.
A service (SVC) is named mapping to pod
A route is an exposition of service
A build configuration (BC) describes a build
definition and a set of triggers for when a new
build should be created.
A DeploymentConfig (DC) instantiate docker
images that will provide services.
Persistent Volume (PV) is a piece of networked
storage in the cluster.
Persistent Volume Claim (PVC) is a reservation of a
Persistent Volume into a namespace / project
18
Image Streams, Storage management, ...
Icones from https://github.com/kanedafromparisfriends/icones_ocp_kube
...

BuildConfig (BC)
-- Pipelines
-- Source to Image (S2i) 
-- ImageStream (IS)
-- -- DeploymentConfig (DC)
-- -- -- Routes
Objects ownership
19
OpenShift and Kubernetes objects
Namespace (NS)
Deployment (Deploy)
ReplicationController (RC)
PersistentVolume (PV)
-- PersistentVolumeClaim
Service (SVC)
-- Pods (PO)
-- daemonsets
-- StatefulSets
-- Jobs
-- -- scheduledjobs
Openshift Kubernetes

Namespace / project
Openshift provides projects in order to isolate specific groups of
resources managed by the cluster
An Openshift project is equivalent to a kubernetes namespace.
Openshift provides user management and policies at project level.
Openshift also allows a granular security through Security Context
Constraints, Service accounts and Roles within cluster and project.
20
Security, Segregation of resources and roles

Projects and Namespaces
21

Demo
22

oc start-build bc/MeetupOpenShiftParis
build "MeetupOpenShiftParis-20180320" started
23

Projects and Namespaces
24
Diagram representation : proposed cluster with Application Lifecycle Management

A Virtual Machine versus a Container
25
HYPERVISOR
EMULATOR
FULL OS DEPLOY
LACK OF RESOURCES
FULL ISOLATION
NO EMULATION
NO SPECIAL NEEDS
WORKS EVERYWHERE

Openshift meetup Paris - 21/03/2018

More Related Content

What's hot

Similar to Openshift meetup Paris - 21/03/2018

Recently uploaded

Openshift meetup Paris - 21/03/2018