SlideShare a Scribd company logo
OPENSHIFT CONTAINER PLATFORM
TECHNICAL OVERVIEW
Presenter
Presenter’s title
Date
Self-Service
Multi-language
Automation
Collaboration
Multi-tenant
Standards-based
Web-scale
Open Source
Enterprise Grade
Secure
2 OPENSHIFT TECHNICAL OVERVIEW
OPENSHIFT ARCHITECTURE
3 OPENSHIFT TECHNICAL OVERVIEW
LINUX CONTAINERS
WHAT ARE CONTAINERS?
It Depends Who You Ask
● Application processes on a shared kernel
● Simpler, lighter, and denser than VMs
● Portable across different environments
● Package apps with all dependencies
● Deploy to any environment in seconds
● Easily accessed and shared
INFRASTRUCTURE
5 OPENSHIFT TECHNICAL OVERVIEW
APPLICATIONS
VIRTUAL MACHINES AND CONTAINERS
VIRTUAL MACHINES CONTAINERS
virtual machines are isolated
apps are not
containers are isolated
so are the apps
VM
App App App App
OS Dependencies
Kernel
Hypervisor
Hardware
Container
App
OS deps
Container
App
OS deps
Container
App
OS deps
Container
App
OS deps
Container Host (Kernel)
Hardware
6 OPENSHIFT TECHNICAL OVERVIEW
Container Host
Container
Application
OS dependencies
Virtual Machine
Application
OS dependencies
Operating System
VIRTUAL MACHINES AND CONTAINERS
VM Isolation
Complete OS
Static Compute
Static Memory
High Resource Usage
Container Isolation
Shared Kernel
Burstable Compute
Burstable Memory
Low Resource Usage
7 OPENSHIFT TECHNICAL OVERVIEW
VIRTUAL MACHINES AND CONTAINERS
Container Host
Container
Application
OS dependencies
Dev
IT Ops
Infrastructure
Virtual Machine
Application
OS dependencies
Operating System
IT Ops
(and Dev, sort of)
Infrastructure
Clear ownership boundary
between Dev and IT Ops
drives DevOps adoption
and fosters agility
Optimized for stability
Optimized for agility
8 OPENSHIFT TECHNICAL OVERVIEW
Virtual machines are NOT portable across hypervisor and
do NOT provide portable packaging for applications
APPLICATION PORTABILITY WITH VM
VM Type X
Application
OS dependencies
Operating System
BARE METAL PRIVATE CLOUD PUBLIC CLOUD
VIRTUALIZATION
LAPTOP
Application
9 OPENSHIFT TECHNICAL OVERVIEW
OS dependencies
Operating System
VM Type Y
Application
OS dependencies
Operating System
VM Type Z
Application
OS dependencies
Operating System
Guest VM
Application
OS dependencies
Operating System
APPLICATION PORTABILITY WITH CONTAINERS
LAPTOP
Container
Application
OS dependencies
Guest VM
RHEL
BARE METAL
Container
Application
OS dependencies
RHEL
VIRTUALIZATION
Container
Application
OS dependencies
Virtual Machine
RHEL
PRIVATE CLOUD
Container
Application
OS dependencies
Virtual Machine
RHEL
PUBLIC CLOUD
Container
Application
OS dependencies
Virtual Machine
RHEL
RHEL Containers + RHEL Host = Guaranteed Portability
Across Any Infrastructure
10 OPENSHIFT TECHNICAL OVERVIEW
Base Image
Image Layer 1
Image Layer 2
Image Layer 3
Application Layer
Java Runtime Layer
OS Update Layer
Base RHEL
Container Image Layers
11 OPENSHIFT TECHNICAL OVERVIEW
Example Container Image
RAPID SECURITY PATCHING USING
CONTAINER IMAGE LAYERING
A lightweight, OCI-compliant container runtime
Available in OpenShift Online (soon)
Tech Preview in OCP 3.7, GA in OCP 3.8
Optimized for
Kubernetes
12 OPENSHIFT TECHNICAL OVERVIEW
Any OCI-compliant
container from any
OCI registry
(including docker)
Improve Security and
Performance at scale
OPENSHIFT ARCHITECTURE
YOUR CHOICE OF INFRASTRUCTURE
14 OPENSHIFT TECHNICAL OVERVIEW
NODES RHEL INSTANCES WHERE APPS RUN
15 OPENSHIFT TECHNICAL OVERVIEW
APPS RUN IN CONTAINERS
16 OPENSHIFT TECHNICAL OVERVIEW
PODS ARE THE UNIT OF ORCHESTRATION
17 OPENSHIFT TECHNICAL OVERVIEW
MASTERS ARE THE CONTROL PLANE
18 OPENSHIFT TECHNICAL OVERVIEW
API AND AUTHENTICATION
19 OPENSHIFT TECHNICAL OVERVIEW
DESIRED AND CURRENT STATE
20 OPENSHIFT TECHNICAL OVERVIEW
INTEGRATED CONTAINER REGISTRY
21 OPENSHIFT TECHNICAL OVERVIEW
ORCHESTRATION AND SCHEDULING
22 OPENSHIFT TECHNICAL OVERVIEW
PLACEMENT BY POLICY
23 OPENSHIFT TECHNICAL OVERVIEW
AUTOSCALING PODS
24 OPENSHIFT TECHNICAL OVERVIEW
SERVICE DISCOVERY
25 OPENSHIFT TECHNICAL OVERVIEW
PERSISTENT DATA IN CONTAINERS
26 OPENSHIFT TECHNICAL OVERVIEW
ROUTING AND LOAD-BALANCING
27 OPENSHIFT TECHNICAL OVERVIEW
ACCESS VIA WEB, CLI, IDE AND API
28 OPENSHIFT TECHNICAL OVERVIEW
TECHNICAL DEEP DIVE
MONITORING
APPLICATION HEALTH
AUTO-HEALING FAILED PODS
31 OPENSHIFT TECHNICAL OVERVIEW
AUTO-HEALING FAILED CONTAINERS
32 OPENSHIFT TECHNICAL OVERVIEW
AUTO-HEALING FAILED CONTAINERS
33 OPENSHIFT TECHNICAL OVERVIEW
AUTO-HEALING FAILED CONTAINERS
34 OPENSHIFT TECHNICAL OVERVIEW
AUTO-HEALING FAILED CONTAINERS
35 OPENSHIFT TECHNICAL OVERVIEW
NETWORKING
BUILT-IN SERVICE DISCOVERY
INTERNAL LOAD-BALANCING
37 OPENSHIFT TECHNICAL OVERVIEW
BUILT-IN SERVICE DISCOVERY
INTERNAL LOAD-BALANCING
38 OPENSHIFT TECHNICAL OVERVIEW
ROUTE EXPOSES SERVICES EXTERNALLY
39 OPENSHIFT TECHNICAL OVERVIEW
● Pluggable routing architecture
○ HAProxy Router
○ F5 Router
● Multiple-routers with traffic sharding
● Router supported protocols
○ HTTP/HTTPS
○ WebSockets
○ TLS with SNI
● Non-standard ports via cloud load-balancers,
external IP, and NodePort
ROUTING AND EXTERNAL LOAD-BALANCING
40 OPENSHIFT TECHNICAL OVERVIEW
ROUTE SPLIT TRAFFIC
Split Traffic Between
Multiple Services For A/B
Testing, Blue/Green and
Canary Deployments
41 OPENSHIFT TECHNICAL OVERVIEW
● NodePort binds a service to a
unique port on all the nodes
● Traffic received on any node
redirects to a node with the
running service
● Ports in 30K-60K range which
usually differs from the service
● Firewall rules must allow traffic to
all nodes on the specific port
EXTERNAL TRAFFIC TO A SERVICE
ON A RANDOM PORT WITH NODEPORT
42 OPENSHIFT TECHNICAL OVERVIEW
EXTERNAL TRAFFIC TO A SERVICE
ON ANY PORT WITH INGRESS
43 OPENSHIFT TECHNICAL OVERVIEW
● Access a service with an external
IP on any TCP/UDP port, such as
○ Databases
○ Message Brokers
● Automatic IP allocation from a
predefined pool using Ingress IP
Self-Service
● IP failover pods provide high
availability for the IP pool
CONTROL OUTGOING TRAFFIC
SOURCE IP WITH EGRESS ROUTER
44 OPENSHIFT TECHNICAL OVERVIEW
● Built-in internal DNS to reach services by name
● Split DNS is supported via SkyDNS
○ Master answers DNS queries for internal services
○ Other nameservers serve the rest of the queries
● Software Defined Networking (SDN) for a unified
cluster network to enable pod-to-pod communication
● OpenShift follows the Kubernetes
Container Networking Interface (CNI) plug-in model
OPENSHIFT NETWORKING
45 OPENSHIFT TECHNICAL OVERVIEW
OPENSHIFT NETWORK PLUGINS
* Flannel is minimally verified and is supported only and exactly as deployed in the OpenShift on OpenStack reference architecture
46 OPENSHIFT TECHNICAL OVERVIEW
OPENSHIFT NETWORKING
47 OPENSHIFT TECHNICAL OVERVIEW
FLAT NETWORK (Default)
● All pods can communicate with
each other across projects
MULTI-TENANT NETWORK
● Project-level network isolation
● Multicast support
● Egress network policies
NETWORK POLICY (Tech Preview)
● Granular policy-based isolation
OPENSHIFT SDN
NODE
POD POD
POD
POD
NODE
POD POD
POD
POD
48 OPENSHIFT TECHNICAL OVERVIEW
OPENSHIFT SDN - NETWORK POLICY
49 OPENSHIFT TECHNICAL OVERVIEW
Example Policies
● Allow all traffic inside the project
● Allow traffic from green to gray
● Allow traffic to purple on 8080
apiVersion: extensions/v1beta1
kind: NetworkPolicy
metadata:
name: allow-to-purple-on-8080
spec:
podSelector:
matchLabels:
color: purple
ingress:
- ports:
- protocol: tcp
port: 8080
Container to Container on the Same Host
OPENSHIFT SDN - OVS PACKET FLOW
50 OPENSHIFT TECHNICAL OVERVIEW
OPENSHIFT SDN - OVS PACKET FLOW
51 OPENSHIFT TECHNICAL OVERVIEW
Container to Container on the Different
Hosts
Container Connects to External Host
OPENSHIFT SDN - OVS PACKET FLOW
52 OPENSHIFT TECHNICAL OVERVIEW
OPENSHIFT SDN WITH
FLANNEL FOR OPENSTACK
Flannel is minimally verified and is supported only and exactly as deployed in the OpenShift
on OpenStack reference architecture https://access.redhat.com/articles/2743631
53 OPENSHIFT TECHNICAL OVERVIEW
LOGGING & METRICS
● EFK stack to aggregate logs for hosts and applications
○ Elasticsearch: an object store to store all logs
○ Fluentd: gathers logs and sends to Elasticsearch.
○ Kibana: A web UI for Elasticsearch.
● Access control
○ Cluster administrators can view all logs
○ Users can only view logs for their projects
● Ability to send logs elsewhere
○ External elasticsearch, Splunk, etc
CENTRAL LOG MANAGEMENT WITH EFK
55 OPENSHIFT TECHNICAL OVERVIEW
CENTRAL LOG MANAGEMENT WITH EFK
ELASTIC
ELASTIC
NODE
OD POD
RHEL
FLUENTD
OD POD
RHEL
FLUENTD
RHEL
POD POD
NODE
P
POD POD
NODE
P
POD POD
POD
POD
FLUENTD
ELASTIC
ELASTIC
ELASTIC
ELASTIC
ELASTIC
ELASTIC
56 OPENSHIFT TECHNICAL OVERVIEW
CONTAINER METRICS
57 OPENSHIFT TECHNICAL OVERVIEW
NODE
POD POD
RHEL
POD
POD
FLUENTD
CONTAINER METRICS
NODE
POD POD
RHEL
POD
POD
FLUENTD
RHEL
NODE
POD POD
POD
POD
CADVISOR
ELASTIC
ELASTIC
58 OPENSHIFT TECHNICAL OVERVIEW
SECURITY
TEN LAYERS OF CONTAINER SECURITY
60 OPENSHIFT TECHNICAL OVERVIEW
Container Host & Multi-tenancy
Container Content
Container Registry
Building Containers
Deploying Container
Container Platform
Network Isolation
Storage
API Management
Federated Clusters
● Secure mechanism for holding sensitive data e.g.
○ Passwords and credentials
○ SSH Keys
○ Certificates
● Secrets are made available as
○ Environment variables
○ Volume mounts
○ Interaction with external systems
● Encrypted in transit
● Never rest on the nodes
61 OPENSHIFT TECHNICAL OVERVIEW
SECRET MANAGEMENT
PERSISTENT STORAGE
● Persistent Volume (PV) is tied to a piece of network storage
● Provisioned by an administrator (static or dynamically)
● Allows admins to describe storage and users to request storage
● Assigned to pods based on the requested size, access mode, labels and type
63 OPENSHIFT TECHNICAL OVERVIEW
PERSISTENT STORAGE
NFS
GlusterFS
OpenStack
Cinder
Ceph RBD
AWSEBS
GCE Persistent
Disk
iSCSI
Fiber Channel
Azure Disk
Azure File
FlexVolume
VMWare
vSphere VMDK
PERSISTENT STORAGE
64 OPENSHIFT TECHNICAL OVERVIEW
DYNAMIC VOLUME PROVISIONING
65 OPENSHIFT TECHNICAL OVERVIEW
● Containerized Red Hat Gluster Storage
● Native integration with OpenShift
● Unified Orchestration using Kubernetes for
applications and storage
● Greater control & ease of use for developers
● Lower TCO through convergence
● Single vendor Support
CONTAINER-NATIVE STORAGE
66 OPENSHIFT TECHNICAL OVERVIEW
NODE
NODE
NODE
CONTAINER-NATIVE STORAGE
NODE
POD POD POD POD POD POD POD
POD POD POD
POD POD POD
MASTER
67 OPENSHIFT TECHNICAL OVERVIEW
SERVICE BROKER
WHY A SERVICE BROKER?
69 OPENSHIFT TECHNICAL OVERVIEW
Manual, Time-consuming and Inconsistent
A multi-vendor project to
standardize how services
are consumed on
cloud-native platforms
across service providers
70 OPENSHIFT TECHNICAL OVERVIEW
WHAT IS A SERVICE BROKER?
71 OPENSHIFT TECHNICAL OVERVIEW
Automated, Standard and Consistent
OPENSHIFT SERVICE CATALOG
72 OPENSHIFT TECHNICAL OVERVIEW
SERVICE BROKER CONCEPTS
SERVICE
CONSUMER
SERVICE
PROVIDER
SERVICE
CATALOG
73 OPENSHIFT TECHNICAL OVERVIEW
SERVICE
BROKER
SERVICE: an offering that can be used by an app e.g. database
PLAN: a specific flavor of a service e.g. Gold Tier
SERVICE INSTANCE: an instance of the offering
PROVISION: creating a service instance
BIND: associate a service instance and its credentials to an app
● Deploy service broker on or off OpenShift
● Register the broker referring to the deployed broker
74 OPENSHIFT TECHNICAL OVERVIEW
● Register the broker services by creating ServiceClass resources
(the service broker might automatically perform this step)
HOW TO ADD A SERVICE BROKER
apiVersion: servicecatalog.k8s.io/v1alpha1
kind: Broker
metadata:
name: asb-broker
spec:
url: https://asb-1338-ansible-service-broker.10.2.2.15.nip.io
● Exposes Templates and Instant Apps in the Service Catalog
● Pulled from openshift namespace by default
● Multiple namespaces can be configured for template discovery
75 OPENSHIFT TECHNICAL OVERVIEW
TEMPLATE SERVICE BROKER
TEMPLATE SERVER BROKER
PROVISIONING
Template Service
Broker
Node.js
Container
openshift
namespace
76 OPENSHIFT TECHNICAL OVERVIEW
nodejs-template
OpenShift
Service Catalog
Service Broker creates a
the objects from the
template
TEMPLATE SERVICE BROKER
BINDING
Template Service
Broker
Node.js
Container
openshift
namespace
77 OPENSHIFT TECHNICAL OVERVIEW
nodejs-template
OpenShift
Service Catalog
create binding
Service Broker creates a
binding and secret for
any credentials (config
map, secret, etc) created
by the template
OPENSHIFT ANSIBLE BROKER
78 OPENSHIFT TECHNICAL OVERVIEW
● Use Ansible on OpenShift
○ Deploy containerized applications
○ Provision external services (e.g. Oracle database)
○ Provision cloud services (e.g. AWS RDS)
○ Orchestrate multi-service solutions
○ Conditional logic for control on deployments (e.g. database is initialized)
● Leverage existing Ansible playbooks
● Anything you can do with Ansible, you can do with OAB
● Lightweight application definition
● Packaged as a container image
● Embedded Ansible runtime
● Metadata for parameters
● Named playbooks for actions
● Leverage existing Ansible playbooks
● Registry is queried to discover APBs
79 OPENSHIFT TECHNICAL OVERVIEW
ANSIBLE PLAYBOOK BUNDLES (APB)
Ansible Playbook Bundle
(Container Image)
Ansible Runtime
├─ roles
├─ playbooks
│ ├─ provision.yaml
│ ├─ unprovision.yaml
│ ├─ bind.yaml
│ └─ unbind.yaml
└─ apb.yaml
OpenShift
Ansible Broker
Red Hat
Container Catalog
Docker
Hub
OpenShift
Registry
mediawiki-apb
80 OPENSHIFT TECHNICAL OVERVIEW
postgresql-apb
Discover and list
APBs from the
configured image
registries
OpenShift
Service Catalog
OPENSHIFT ANSIBLE BROKER
PROVISIONING
OpenShift
Ansible Broker
APB
Container
(postgresql)
oc run postgresql-apb provision $vars
Pull APB image and
run it with the broker
action as a parameter
Red Hat
Container Catalog
81 OPENSHIFT TECHNICAL OVERVIEW
Docker
Hub
OpenShift
Registry
mediawiki-apb
postgresql-apb
OpenShift
Service Catalog
OPENSHIFT ANSIBLE BROKER
PROVISIONING
Ansible
Service Broker
APB
Container
(postgresql)
oc run postgresql-apb provision $vars ansible-playbook provision.yaml $vars
Postgre
SQL
Container
APB container runs
provision.yaml
playbook to create a
PostgreSQL container
Red Hat
Container Catalog
mediawiki-apb
postgresql-apb
OpenShift
Service Catalog
OpenShift
Ansible Broker
Postgre
SQL
Container
Red Hat
Container Catalog
82 OPENSHIFT TECHNICAL OVERVIEW
Docker
Hub
OpenShift
Registry
mediawiki-apb
postgresql-apb
OPENSHIFT ANSIBLE BROKER
PROVISIONING
OpenShift
Ansible Broker
APB
Container
(postgresql)
Postgre
SQL
Container
APB container runs
bind.yaml
playbook to create
database user
oc run postgresql-apb bind $vars ansible-playbook bind.yaml $vars
Red Hat
Container Catalog
83 OPENSHIFT TECHNICAL OVERVIEW
Docker
Hub
OpenShift
Registry
mediawiki-apb
postgresql-apb
MediaWiki
Container
OpenShift
Service Catalog
OPENSHIFT ANSIBLE BROKER
BINDING
OpenShift
Ansible Broker
Postgre
SQL
Container
APB container goes
away and Service Broker
creates a binding for
the PostgreSQL service
Red Hat
Container Catalog
Docker
Hub
OpenShift
Registry
mediawiki-apb
postgresql-apb
create binding
84 OPENSHIFT TECHNICAL OVERVIEW
MediaWiki
Container
OpenShift
Service Catalog
OPENSHIFT ANSIBLE BROKER
BINDING
OpenShift
Ansible Broker
Postgre
SQL
Container
Red Hat
Container Catalog
Docker
Hub
OpenShift
Registry
mediawiki-apb
postgresql-apb
MediaWiki
Container
OpenShift
Service Catalog
mount binding secret
85 OPENSHIFT TECHNICAL OVERVIEW
Service Catalog creates
a secret for the binding,
containing the database
credentials
OPENSHIFT ANSIBLE BROKER
BINDING
OpenShift
Ansible Broker
Postgre
SQL
Container
MediaWiki container
uses the credentials in
the secret to connect
to the PostgreSQL
database
Red Hat
Container Catalog
Docker
Hub
OpenShift
Registry
mediawiki-apb
postgresql-apb
MediaWiki
Container
OpenShift
Service Catalog
mount binding secret
86 OPENSHIFT TECHNICAL OVERVIEW
OPENSHIFT ANSIBLE BROKER
BINDING
● Targets Top 10 AWS Services
● Uses Ansible Playbook Bundles
● Available in OpenShift 3.7
AWS SERVICE BROKER
SQS SNS DynamoDB Redshift SES S3
RDS EMR AWSBatch ElastiCache Route 53
87 OPENSHIFT TECHNICAL OVERVIEW
AWS PROVISIONING
AWS
RDS
Compatible
Docker
Registries
oc run rds-apb provision $vars ansible-playbook provision.yaml $vars
APB container runs
provision.yaml playbook
to interact with CFN and
create RDS instance
OpenShift
Service Catalog
APB
Container
(rds)
OpenShift
Ansible Broker
AWSECR
s3-apb
rds-apb
AWS
Cloud
Formation
88 OPENSHIFT TECHNICAL OVERVIEW
OPERATIONAL
MANAGEMENT
TOP CHALLENGES OF
RUNNING CONTAINERS AT SCALE
SERVICE
HEALTH
SECURITY
& COMPLIANCE
FINANCIAL
MANAGEMENT
OPERATIONAL
EFFICIENCY
90 OPENSHIFT TECHNICAL OVERVIEW
●
●
●
●
●
●
●
●
91 OPENSHIFT TECHNICAL OVERVIEW
● CloudForms continuously discovers your
infrastructure in near real time.
● CloudForms discovers and visualizes
relationships between infra components
● CloudForms cross references inventory
across technologies.
● CloudForms offers custom automation via
control policy or UI extensions
OPERATIONAL EFFICIENCY
92 OPENSHIFT TECHNICAL OVERVIEW
OPERATIONAL EFFICIENCY
93 OPENSHIFT TECHNICAL OVERVIEW
● CloudForms monitors resource
consumption and shows trends
● CloudForms alerts on performance
thresholds or other events
● CloudForms offers right-sizing
recommendations
● CloudForms enforces configuration and
tracks it over time.
SERVICE HEALTH
94 OPENSHIFT TECHNICAL OVERVIEW
SERVICE HEALTH
95 OPENSHIFT TECHNICAL OVERVIEW
● CloudForms finds and marks nodes
non-compliant with policy.
● CloudForms allows reporting on container
provenance.
● CloudForms scans container images using
OpenSCAP.
● CloudForms tracks genealogy between
images and containers.
SECURITY & COMPLIANCE
96 OPENSHIFT TECHNICAL OVERVIEW
SECURITY & COMPLIANCE
97 OPENSHIFT TECHNICAL OVERVIEW
● Define cost models for infrastructure and
understand your cost.
● Rate schedules per platform and per tenant
with multi-tiered and multi-currency
support
● CloudForms shows top users for CPU,
memory, as well as cost.
● Chargeback/showback to projects based on
container utilization.
FINANCIAL MANAGEMENT
98 OPENSHIFT TECHNICAL OVERVIEW
FINANCIAL MANAGEMENT
99 OPENSHIFT TECHNICAL OVERVIEW
REFERENCE
ARCHITECTURES
Application Release Strategies with OpenShift
Building Polyglot Microservices on OpenShift
Building JBoss EAP 6 Microservices on OpenShift
Building JBoss EAP 7 Microservices on OpenShift
Business Process Management with JBoss BPMS on OpenShift
Build and Deployment of Java Applications on OpenShift
Building Microservices on OpenShift with Fuse Integration...
JFrog Artifactory on OpenShift Container Platform
Spring Boot Microservices on Red Hat OpenShift
API Management with Red Hat 3scale on OpenShift
OpenShift on VMware vCenter
OpenShift on Red Hat OpenStack Platform
OpenShift on Amazon Web Services
OpenShift on Google Cloud Platform
OpenShift on Microsoft Azure
OpenShift on Red Hat Virtualization
OpenShift on HPE Servers with Ansible Tower
OpenShift on VMware vCenter 6 with Gluster
Deploying an OpenShift Distributed Architecture
OpenShift Architecture and Deployment Guide
OpenShift Scaling, Performance, and Capacity Planning
101 OPENSHIFT TECHNICAL OVERVIEW
REFERENCE ARCHITECTURES
BUILD AND DEPLOY
CONTAINER IMAGES
BUILD AND DEPLOY CONTAINER IMAGES
DEPLOY YOUR
SOURCE CODE
DEPLOY YOUR
CONTAINER IMAGE
DEPLOY YOUR
APP BINARY
103 OPENSHIFT TECHNICAL OVERVIEW
DEPLOY SOURCE CODE WITH
SOURCE-TO-IMAGE (S2I)
User/Tool Does OpenShift Does
104 OPENSHIFT TECHNICAL OVERVIEW
DEPLOY APP BINARY WITH
SOURCE-TO-IMAGE (S2I)
User/Tool Does OpenShift Does
105 OPENSHIFT TECHNICAL OVERVIEW
DEPLOY DOCKER IMAGE
User/Tool Does OpenShift Does
106 OPENSHIFT TECHNICAL OVERVIEW
BUILD IMAGES IN MULTIPLE STAGES
107 OPENSHIFT TECHNICAL OVERVIEW
EXAMPLE: USE ANY RUNTIME IMAGE WITH
SOURCE-TO-IMAGE BUILDS
Use Source-to-Image to build app binaries and deploy on lean vanilla runtimes
read more on https://blog.openshift.com/chaining-builds/
108 OPENSHIFT TECHNICAL OVERVIEW
EXAMPLE: USE ANY BUILD TOOL WITH
OFFICIAL RUNTIME IMAGES
Use your choice of build tool like Gradle and deploy to official images like the JDK image
read more on https://blog.openshift.com/chaining-builds/
109 OPENSHIFT TECHNICAL OVERVIEW
EXAMPLE: SMALL LEAN RUNTIMES
Build the app binary and deploy on small scratch images
read more on https://blog.openshift.com/chaining-builds/
110 OPENSHIFT TECHNICAL OVERVIEW
CONTINUOUS INTEGRATION (CI)
CONTINUOUS DELIVERY (CD)
CI/CD WITH BUILD AND DEPLOYMENTS
112 OPENSHIFT TECHNICAL OVERVIEW
BUILDS
● Webhook triggers: build the app image whenever the code changes
● Image trigger: build the app image whenever the base language or app runtime changes
● Build hooks: test the app image before pushing it to an image registry
DEPLOYMENTS
● Deployment triggers: redeploy app containers whenever configuration changes or the
image changes in the OpenShift integrated registry or upstream registries
CONTINUOUS DELIVERY WITH CONTAINERS
113 OPENSHIFT TECHNICAL OVERVIEW
OPENSHIFT LOVES CI/CD
JENKINS-AS-A SERVICE
ON OPENSHIFT
HYBRID JENKINS INFRA
WITH OPENSHIFT
EXISTING CI/CD
DEPLOY TO OPENSHIFT
114 OPENSHIFT TECHNICAL OVERVIEW
JENKINS-AS-A-SERVICE ON OPENSHIFT
● Certified Jenkins images with pre-configured plugins
○ Provided out-of-the-box
○ Follows Jenkins 1.x and 2.x LTS versions
● Jenkins S2I Builder for customizing the image
○ Install Plugins
○ Configure Jenkins
○ Configure Build Jobs
● OpenShift plugins to integrate authentication with
OpenShift and also CI/CD pipelines
● Dynamically deploys Jenkins slave containers
115 OPENSHIFT TECHNICAL OVERVIEW
● Scale existing Jenkins infrastructure by dynamically provisioning Jenkins slaves on OpenShift
● Use Kubernetes plug-in on existing Jenkin servers
HYBRID JENKINS INFRA WITH OPENSHIFT
116 OPENSHIFT TECHNICAL OVERVIEW
● Existing CI/CD infrastructure outside OpenShift performs operations against OpenShift
○ OpenShift Pipeline Jenkins Plugin for Jenkins
○ OpenShift CLI for integrating other CI Engines with OpenShift
● Without disrupting existing processes, can be combined with previous alternative
EXISTING CI/CD DEPLOY TO OPENSHIFT
117 OPENSHIFT TECHNICAL OVERVIEW
OPENSHIFT PIPELINES
● OpenShift Pipelines allow defining a
CI/CD workflow via a Jenkins pipeline
which can be started, monitored, and
managed similar to other builds
● Dynamic provisioning of Jenkins slaves
● Auto-provisioning of Jenkins server
● OpenShift Pipeline strategies
○ Embedded Jenkinsfile
○ Jenkinsfile from a Git repository
apiVersion: v1
kind: BuildConfig
metadata:
name: app-pipeline
spec:
strategy:
type: JenkinsPipeline
jenkinsPipelineStrategy:
jenkinsfile: |-
node('maven') {
stage('build app') {
git url: 'https://git/app.git'
sh "mvn package"
}
stage('build image') {
sh "oc start-build app --from-file=target/app.jar
}
stage('deploy') {
openshiftDeploy deploymentConfig: 'app'
}
}
118 OPENSHIFT TECHNICAL OVERVIEW
119 OPENSHIFT TECHNICAL OVERVIEW
CONTINUOUS DELIVERY PIPELINE
●
●
●
120 OPENSHIFT TECHNICAL OVERVIEW
CONTINUOUS DELIVERY PIPELINE
121 OPENSHIFT TECHNICAL OVERVIEW
CONTINUOUS DELIVERY PIPELINE
122 OPENSHIFT TECHNICAL OVERVIEW
CONTINUOUS DELIVERY PIPELINE
123 OPENSHIFT TECHNICAL OVERVIEW
ServiceNow
JIRA Service Desk
Zendeks
BMC Remedy
CONTINUOUS DELIVERY PIPELINE
☒
☑
124 OPENSHIFT TECHNICAL OVERVIEW
CONTINUOUS DELIVERY PIPELINE
☒
☑
125 OPENSHIFT TECHNICAL OVERVIEW
DEVELOPER WORKFLOW
LOCAL DEVELOPMENT WORKFLOW
127 OPENSHIFT TECHNICAL OVERVIEW
BOOTSTRAP
● Pick your programming language and application runtime of choice
● Create the project skeleton from scratch or use a generator such as
○ Maven archetypes
○ Quickstarts and Templates
○ OpenShift Generator
○ Spring Initializr
LOCAL DEVELOPMENT WORKFLOW
128 OPENSHIFT TECHNICAL OVERVIEW
DEVELOP
● Pick your framework of choice such as Java EE, Spring, Ruby on Rails, Django, Express, ...
● Develop your application code using your editor or IDE of choice
● Build and test your application code locally using your build tools
● Create or generate OpenShift templates or Kubernetes objects
LOCAL DEVELOPMENT WORKFLOW
129 OPENSHIFT TECHNICAL OVERVIEW
LOCAL DEPLOY
● Deploy your code on a local OpenShift cluster
○ Red Hat Container Development Kit (CDK), minishift and oc cluster
● Red Hat CDK provides a standard RHEL-based development environment
● Use binary deploy, maven or CLI rsync to push code or app binary directly into
containers
LOCAL DEVELOPMENT WORKFLOW
130 OPENSHIFT TECHNICAL OVERVIEW
VERIFY
● Verify your code is working as expected
● Run any type of tests that are required with or without other components (database, etc)
● Based on the test results, change code, deploy, verify and repeat
LOCAL DEVELOPMENT WORKFLOW
131 OPENSHIFT TECHNICAL OVERVIEW
GIT PUSH
● Push the code and configuration to the Git repository
● If using Fork & Pull Request workflow, create a Pull Request
● If using code review workflow, participate in code review discussions
LOCAL DEVELOPMENT WORKFLOW
132 OPENSHIFT TECHNICAL OVERVIEW
PIPELINE
● Pushing code to the Git repository triggers one or multiple deployment pipelines
● Design your pipelines based on your development workflow e.g. test the pull request
● Failure in the pipeline? Go back to the code and start again
LOCAL DEVELOPMENT WORKFLOW
133 OPENSHIFT TECHNICAL OVERVIEW
APPLICATION SERVICES
A PLATFORM THAT GROWS WITH YOUR BUSINESS
Web
Application
Data
Virtualization
Intelligent
Process
Micro
services
API
Management
Single
Sign-On
Java EE
Application Mobile
Integration Messaging Data Grid
Real Time
Decision
135 OPENSHIFT TECHNICAL OVERVIEW
CrunchyData
GitLab
Iron.io
Couchbase
Sonatype
EnterpriseDB
NuoDB
Fujitsu
and many more
TRUE POLYGLOT PLATFORM
LANGUAGES
136 OPENSHIFT TECHNICAL OVERVIEW
DATABASES
WEBSERVERS
MIDDLEWARE
SUPPORTED MICROSERVICES RUNTIMES
TESTED AND VERIFIED MICROSERVICES FRAMEWORKS
Reactive
Eclipse Vert.x
MicroProfile
WildFly Swarm
Server-side JS
Node.js
Java EE
JBoss EAP
Java EE Web
Embedded Tomcat
Modern, Cloud-Native Application Runtimes and
an Opinionated Developer Experience
137 OPENSHIFT TECHNICAL OVERVIEW
LAUNCH
Spring Boot Netflix Hystrix Netflix Ribbon
MICROSERVICES
INFRASTRUCTURE:
ISTIO SERVICE MESH
WHAT YOU NEED FOR MICROSERVICES?
139 OPENSHIFT TECHNICAL OVERVIEW
Visibility & Reporting
Resilience & Fault Tolerance
Routing & Traffic Control
Identity & Security
Policy Enforcement
WHAT YOU NEED FOR MICROSERVICES?
Visibility & Reporting
Resilience & Fault Tolerance
Routing & Traffic Control
Identity & Security
Policy Enforcement
Istio
140 OPENSHIFT TECHNICAL OVERVIEW
Control
Plane
WHAT IS ISTIO?
a service mesh to connect, manage, and secure microservices
Pilot Mixer Auth
Data
Plane
Pod
Envoy
App
Pod
Envoy
App
Pod
Envoy
App
Pod
Envoy
App
141 OPENSHIFT TECHNICAL OVERVIEW
openshift technical overview - Flow of openshift containerisatoin

More Related Content

Similar to openshift technical overview - Flow of openshift containerisatoin

Openshift 3.10 & Container solutions for Blockchain, IoT and Data Science
Openshift 3.10 & Container solutions for Blockchain, IoT and Data ScienceOpenshift 3.10 & Container solutions for Blockchain, IoT and Data Science
Openshift 3.10 & Container solutions for Blockchain, IoT and Data Science
John Archer
 
Open shift 4 infra deep dive
Open shift 4    infra deep diveOpen shift 4    infra deep dive
Open shift 4 infra deep dive
Winton Winton
 
OpenShift 4 installation
OpenShift 4 installationOpenShift 4 installation
OpenShift 4 installation
Robert Bohne
 
OpenShift_Installation_Deep_Dive_Robert_Bohne.pdf
OpenShift_Installation_Deep_Dive_Robert_Bohne.pdfOpenShift_Installation_Deep_Dive_Robert_Bohne.pdf
OpenShift_Installation_Deep_Dive_Robert_Bohne.pdf
ssuser9e06a61
 
Red Hat Container Strategy
Red Hat Container StrategyRed Hat Container Strategy
Red Hat Container Strategy
Red Hat Events
 
Oracle week Israel - OpenStack Platform - 2013
Oracle week Israel - OpenStack Platform - 2013Oracle week Israel - OpenStack Platform - 2013
Oracle week Israel - OpenStack Platform - 2013
Arthur Berezin
 
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVM
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVMSven Vogel: Running CloudStack and OpenShift with NetApp on KVM
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVM
ShapeBlue
 
What_s_New_in_OpenShift_Container_Platform_4.6.pdf
What_s_New_in_OpenShift_Container_Platform_4.6.pdfWhat_s_New_in_OpenShift_Container_Platform_4.6.pdf
What_s_New_in_OpenShift_Container_Platform_4.6.pdf
chalermpany
 
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...
AWS Summits
 
TechWiseTV Open NX-OS Workshop
TechWiseTV  Open NX-OS WorkshopTechWiseTV  Open NX-OS Workshop
TechWiseTV Open NX-OS Workshop
Robb Boyd
 
OpenShift Meetup 8th july 2019 at ConSol - OpenShift v4
OpenShift Meetup 8th july 2019 at ConSol - OpenShift v4OpenShift Meetup 8th july 2019 at ConSol - OpenShift v4
OpenShift Meetup 8th july 2019 at ConSol - OpenShift v4
Robert Bohne
 
OpenStack-and-OpenDaylight-Integrated-IaaS-for-SDN-and-NFV.pdf
OpenStack-and-OpenDaylight-Integrated-IaaS-for-SDN-and-NFV.pdfOpenStack-and-OpenDaylight-Integrated-IaaS-for-SDN-and-NFV.pdf
OpenStack-and-OpenDaylight-Integrated-IaaS-for-SDN-and-NFV.pdf
Ajit Dash
 
MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise Kubernetes
MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise KubernetesMongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise Kubernetes
MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise Kubernetes
MongoDB
 
Deploying OpenStack Services with Linux Containers - Brisbane OpenStack Meetu...
Deploying OpenStack Services with Linux Containers - Brisbane OpenStack Meetu...Deploying OpenStack Services with Linux Containers - Brisbane OpenStack Meetu...
Deploying OpenStack Services with Linux Containers - Brisbane OpenStack Meetu...
Ken Thompson
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric Overview
Michelle Holley
 
OpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations  - terasky tech dayOpenStack Best Practices and Considerations  - terasky tech day
OpenStack Best Practices and Considerations - terasky tech day
Arthur Berezin
 
Osdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauserOsdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauser
yfauser
 
OSDC 2014: Yves Fauser - OpenStack Networking (Neutron) - Overview of network...
OSDC 2014: Yves Fauser - OpenStack Networking (Neutron) - Overview of network...OSDC 2014: Yves Fauser - OpenStack Networking (Neutron) - Overview of network...
OSDC 2014: Yves Fauser - OpenStack Networking (Neutron) - Overview of network...
NETWAYS
 
Red hat cloud platforms
Red hat cloud platformsRed hat cloud platforms
Red hat cloud platforms
Giovanni Galloro
 
Stacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStackStacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStack
Open-NFP
 

Similar to openshift technical overview - Flow of openshift containerisatoin (20)

Openshift 3.10 & Container solutions for Blockchain, IoT and Data Science
Openshift 3.10 & Container solutions for Blockchain, IoT and Data ScienceOpenshift 3.10 & Container solutions for Blockchain, IoT and Data Science
Openshift 3.10 & Container solutions for Blockchain, IoT and Data Science
 
Open shift 4 infra deep dive
Open shift 4    infra deep diveOpen shift 4    infra deep dive
Open shift 4 infra deep dive
 
OpenShift 4 installation
OpenShift 4 installationOpenShift 4 installation
OpenShift 4 installation
 
OpenShift_Installation_Deep_Dive_Robert_Bohne.pdf
OpenShift_Installation_Deep_Dive_Robert_Bohne.pdfOpenShift_Installation_Deep_Dive_Robert_Bohne.pdf
OpenShift_Installation_Deep_Dive_Robert_Bohne.pdf
 
Red Hat Container Strategy
Red Hat Container StrategyRed Hat Container Strategy
Red Hat Container Strategy
 
Oracle week Israel - OpenStack Platform - 2013
Oracle week Israel - OpenStack Platform - 2013Oracle week Israel - OpenStack Platform - 2013
Oracle week Israel - OpenStack Platform - 2013
 
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVM
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVMSven Vogel: Running CloudStack and OpenShift with NetApp on KVM
Sven Vogel: Running CloudStack and OpenShift with NetApp on KVM
 
What_s_New_in_OpenShift_Container_Platform_4.6.pdf
What_s_New_in_OpenShift_Container_Platform_4.6.pdfWhat_s_New_in_OpenShift_Container_Platform_4.6.pdf
What_s_New_in_OpenShift_Container_Platform_4.6.pdf
 
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...
AWS Summit Singapore 2019 | Latest Trends for Cloud-Native Application Develo...
 
TechWiseTV Open NX-OS Workshop
TechWiseTV  Open NX-OS WorkshopTechWiseTV  Open NX-OS Workshop
TechWiseTV Open NX-OS Workshop
 
OpenShift Meetup 8th july 2019 at ConSol - OpenShift v4
OpenShift Meetup 8th july 2019 at ConSol - OpenShift v4OpenShift Meetup 8th july 2019 at ConSol - OpenShift v4
OpenShift Meetup 8th july 2019 at ConSol - OpenShift v4
 
OpenStack-and-OpenDaylight-Integrated-IaaS-for-SDN-and-NFV.pdf
OpenStack-and-OpenDaylight-Integrated-IaaS-for-SDN-and-NFV.pdfOpenStack-and-OpenDaylight-Integrated-IaaS-for-SDN-and-NFV.pdf
OpenStack-and-OpenDaylight-Integrated-IaaS-for-SDN-and-NFV.pdf
 
MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise Kubernetes
MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise KubernetesMongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise Kubernetes
MongoDB World 2018: Partner Talk - Red Hat: Deploying to Enterprise Kubernetes
 
Deploying OpenStack Services with Linux Containers - Brisbane OpenStack Meetu...
Deploying OpenStack Services with Linux Containers - Brisbane OpenStack Meetu...Deploying OpenStack Services with Linux Containers - Brisbane OpenStack Meetu...
Deploying OpenStack Services with Linux Containers - Brisbane OpenStack Meetu...
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric Overview
 
OpenStack Best Practices and Considerations - terasky tech day
OpenStack Best Practices and Considerations  - terasky tech dayOpenStack Best Practices and Considerations  - terasky tech day
OpenStack Best Practices and Considerations - terasky tech day
 
Osdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauserOsdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauser
 
OSDC 2014: Yves Fauser - OpenStack Networking (Neutron) - Overview of network...
OSDC 2014: Yves Fauser - OpenStack Networking (Neutron) - Overview of network...OSDC 2014: Yves Fauser - OpenStack Networking (Neutron) - Overview of network...
OSDC 2014: Yves Fauser - OpenStack Networking (Neutron) - Overview of network...
 
Red hat cloud platforms
Red hat cloud platformsRed hat cloud platforms
Red hat cloud platforms
 
Stacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStackStacks and Layers: Integrating P4, C, OVS and OpenStack
Stacks and Layers: Integrating P4, C, OVS and OpenStack
 

Recently uploaded

OME754 – INDUSTRIAL SAFETY - unit notes.pptx
OME754 – INDUSTRIAL SAFETY - unit notes.pptxOME754 – INDUSTRIAL SAFETY - unit notes.pptx
OME754 – INDUSTRIAL SAFETY - unit notes.pptx
shanmugamram247
 
ANATOMY OF SOA - Thomas Erl - Service Oriented Architecture
ANATOMY OF SOA - Thomas Erl - Service Oriented ArchitectureANATOMY OF SOA - Thomas Erl - Service Oriented Architecture
ANATOMY OF SOA - Thomas Erl - Service Oriented Architecture
Divya Rajasekar
 
JORC_Review_presentation. 2024 código jorcpdf
JORC_Review_presentation. 2024 código jorcpdfJORC_Review_presentation. 2024 código jorcpdf
JORC_Review_presentation. 2024 código jorcpdf
WilliamsNuezEspetia
 
Human_assault project using jetson nano new
Human_assault project using jetson nano newHuman_assault project using jetson nano new
Human_assault project using jetson nano new
frostflash010
 
Agricultural Profitability through Resilience: Smallholder Farmers' Strategie...
Agricultural Profitability through Resilience: Smallholder Farmers' Strategie...Agricultural Profitability through Resilience: Smallholder Farmers' Strategie...
Agricultural Profitability through Resilience: Smallholder Farmers' Strategie...
IJAEMSJORNAL
 
Cisco Intersight Technical OverView.pptx
Cisco Intersight Technical OverView.pptxCisco Intersight Technical OverView.pptx
Cisco Intersight Technical OverView.pptx
Duy Nguyen
 
Digital Image Processing - Module 4 Chapter 2
Digital Image Processing - Module 4 Chapter 2Digital Image Processing - Module 4 Chapter 2
Digital Image Processing - Module 4 Chapter 2
821priyankaj
 
Basic information about the indian constitutions and professional ethics
Basic information about the indian constitutions and professional ethicsBasic information about the indian constitutions and professional ethics
Basic information about the indian constitutions and professional ethics
mpa7083
 
charting the development of the autonomous train
charting the development of the autonomous traincharting the development of the autonomous train
charting the development of the autonomous train
huseindihon
 
Indian Railway Signalling concepts and basics.pdf
Indian Railway Signalling concepts and basics.pdfIndian Railway Signalling concepts and basics.pdf
Indian Railway Signalling concepts and basics.pdf
princeshah76
 
UNIT 1 - INTRODUCTION ON DISASTER MANAGEMENT.ppt
UNIT 1 - INTRODUCTION ON DISASTER MANAGEMENT.pptUNIT 1 - INTRODUCTION ON DISASTER MANAGEMENT.ppt
UNIT 1 - INTRODUCTION ON DISASTER MANAGEMENT.ppt
shanmugamram247
 
Kerong Gas Gas Recovery System Catalogue.pdf
Kerong Gas Gas Recovery System Catalogue.pdfKerong Gas Gas Recovery System Catalogue.pdf
Kerong Gas Gas Recovery System Catalogue.pdf
Nicky Xiong熊妮
 
Red Hat Enterprise Linux Administration 9.0 RH124 pdf
Red Hat Enterprise Linux Administration 9.0 RH124 pdfRed Hat Enterprise Linux Administration 9.0 RH124 pdf
Red Hat Enterprise Linux Administration 9.0 RH124 pdf
mdfkobir
 
the potential for the development of autonomous aircraft
the potential for the development of autonomous aircraftthe potential for the development of autonomous aircraft
the potential for the development of autonomous aircraft
huseindihon
 
NOVEC 1230 Fire Suppression System Presentation
NOVEC 1230 Fire Suppression System PresentationNOVEC 1230 Fire Suppression System Presentation
NOVEC 1230 Fire Suppression System Presentation
miniruwan1
 
Updated Limitations of Simplified Methods for Evaluating the Potential for Li...
Updated Limitations of Simplified Methods for Evaluating the Potential for Li...Updated Limitations of Simplified Methods for Evaluating the Potential for Li...
Updated Limitations of Simplified Methods for Evaluating the Potential for Li...
Robert Pyke
 
TestRigor - Element Location Rules and UI Grid system
TestRigor - Element Location Rules and UI Grid systemTestRigor - Element Location Rules and UI Grid system
TestRigor - Element Location Rules and UI Grid system
artembondar5
 
Modified O-RAN 5G Edge Reference Architecture using RNN
Modified O-RAN 5G Edge Reference Architecture using RNNModified O-RAN 5G Edge Reference Architecture using RNN
Modified O-RAN 5G Edge Reference Architecture using RNN
ijwmn
 
LOCAL-BUDGET-CIRCULAR-NO-158-DATED-JULY-11-2024.pdf
LOCAL-BUDGET-CIRCULAR-NO-158-DATED-JULY-11-2024.pdfLOCAL-BUDGET-CIRCULAR-NO-158-DATED-JULY-11-2024.pdf
LOCAL-BUDGET-CIRCULAR-NO-158-DATED-JULY-11-2024.pdf
jellyjm
 
李易峰祝绪丹做爱视频流出【网芷:ht28.co】可爱学生妹>>>[网趾:ht28.co】]<<<
李易峰祝绪丹做爱视频流出【网芷:ht28.co】可爱学生妹>>>[网趾:ht28.co】]<<<李易峰祝绪丹做爱视频流出【网芷:ht28.co】可爱学生妹>>>[网趾:ht28.co】]<<<
李易峰祝绪丹做爱视频流出【网芷:ht28.co】可爱学生妹>>>[网趾:ht28.co】]<<<
amzhoxvzidbke
 

Recently uploaded (20)

OME754 – INDUSTRIAL SAFETY - unit notes.pptx
OME754 – INDUSTRIAL SAFETY - unit notes.pptxOME754 – INDUSTRIAL SAFETY - unit notes.pptx
OME754 – INDUSTRIAL SAFETY - unit notes.pptx
 
ANATOMY OF SOA - Thomas Erl - Service Oriented Architecture
ANATOMY OF SOA - Thomas Erl - Service Oriented ArchitectureANATOMY OF SOA - Thomas Erl - Service Oriented Architecture
ANATOMY OF SOA - Thomas Erl - Service Oriented Architecture
 
JORC_Review_presentation. 2024 código jorcpdf
JORC_Review_presentation. 2024 código jorcpdfJORC_Review_presentation. 2024 código jorcpdf
JORC_Review_presentation. 2024 código jorcpdf
 
Human_assault project using jetson nano new
Human_assault project using jetson nano newHuman_assault project using jetson nano new
Human_assault project using jetson nano new
 
Agricultural Profitability through Resilience: Smallholder Farmers' Strategie...
Agricultural Profitability through Resilience: Smallholder Farmers' Strategie...Agricultural Profitability through Resilience: Smallholder Farmers' Strategie...
Agricultural Profitability through Resilience: Smallholder Farmers' Strategie...
 
Cisco Intersight Technical OverView.pptx
Cisco Intersight Technical OverView.pptxCisco Intersight Technical OverView.pptx
Cisco Intersight Technical OverView.pptx
 
Digital Image Processing - Module 4 Chapter 2
Digital Image Processing - Module 4 Chapter 2Digital Image Processing - Module 4 Chapter 2
Digital Image Processing - Module 4 Chapter 2
 
Basic information about the indian constitutions and professional ethics
Basic information about the indian constitutions and professional ethicsBasic information about the indian constitutions and professional ethics
Basic information about the indian constitutions and professional ethics
 
charting the development of the autonomous train
charting the development of the autonomous traincharting the development of the autonomous train
charting the development of the autonomous train
 
Indian Railway Signalling concepts and basics.pdf
Indian Railway Signalling concepts and basics.pdfIndian Railway Signalling concepts and basics.pdf
Indian Railway Signalling concepts and basics.pdf
 
UNIT 1 - INTRODUCTION ON DISASTER MANAGEMENT.ppt
UNIT 1 - INTRODUCTION ON DISASTER MANAGEMENT.pptUNIT 1 - INTRODUCTION ON DISASTER MANAGEMENT.ppt
UNIT 1 - INTRODUCTION ON DISASTER MANAGEMENT.ppt
 
Kerong Gas Gas Recovery System Catalogue.pdf
Kerong Gas Gas Recovery System Catalogue.pdfKerong Gas Gas Recovery System Catalogue.pdf
Kerong Gas Gas Recovery System Catalogue.pdf
 
Red Hat Enterprise Linux Administration 9.0 RH124 pdf
Red Hat Enterprise Linux Administration 9.0 RH124 pdfRed Hat Enterprise Linux Administration 9.0 RH124 pdf
Red Hat Enterprise Linux Administration 9.0 RH124 pdf
 
the potential for the development of autonomous aircraft
the potential for the development of autonomous aircraftthe potential for the development of autonomous aircraft
the potential for the development of autonomous aircraft
 
NOVEC 1230 Fire Suppression System Presentation
NOVEC 1230 Fire Suppression System PresentationNOVEC 1230 Fire Suppression System Presentation
NOVEC 1230 Fire Suppression System Presentation
 
Updated Limitations of Simplified Methods for Evaluating the Potential for Li...
Updated Limitations of Simplified Methods for Evaluating the Potential for Li...Updated Limitations of Simplified Methods for Evaluating the Potential for Li...
Updated Limitations of Simplified Methods for Evaluating the Potential for Li...
 
TestRigor - Element Location Rules and UI Grid system
TestRigor - Element Location Rules and UI Grid systemTestRigor - Element Location Rules and UI Grid system
TestRigor - Element Location Rules and UI Grid system
 
Modified O-RAN 5G Edge Reference Architecture using RNN
Modified O-RAN 5G Edge Reference Architecture using RNNModified O-RAN 5G Edge Reference Architecture using RNN
Modified O-RAN 5G Edge Reference Architecture using RNN
 
LOCAL-BUDGET-CIRCULAR-NO-158-DATED-JULY-11-2024.pdf
LOCAL-BUDGET-CIRCULAR-NO-158-DATED-JULY-11-2024.pdfLOCAL-BUDGET-CIRCULAR-NO-158-DATED-JULY-11-2024.pdf
LOCAL-BUDGET-CIRCULAR-NO-158-DATED-JULY-11-2024.pdf
 
李易峰祝绪丹做爱视频流出【网芷:ht28.co】可爱学生妹>>>[网趾:ht28.co】]<<<
李易峰祝绪丹做爱视频流出【网芷:ht28.co】可爱学生妹>>>[网趾:ht28.co】]<<<李易峰祝绪丹做爱视频流出【网芷:ht28.co】可爱学生妹>>>[网趾:ht28.co】]<<<
李易峰祝绪丹做爱视频流出【网芷:ht28.co】可爱学生妹>>>[网趾:ht28.co】]<<<
 

openshift technical overview - Flow of openshift containerisatoin

  • 1. OPENSHIFT CONTAINER PLATFORM TECHNICAL OVERVIEW Presenter Presenter’s title Date
  • 5. WHAT ARE CONTAINERS? It Depends Who You Ask ● Application processes on a shared kernel ● Simpler, lighter, and denser than VMs ● Portable across different environments ● Package apps with all dependencies ● Deploy to any environment in seconds ● Easily accessed and shared INFRASTRUCTURE 5 OPENSHIFT TECHNICAL OVERVIEW APPLICATIONS
  • 6. VIRTUAL MACHINES AND CONTAINERS VIRTUAL MACHINES CONTAINERS virtual machines are isolated apps are not containers are isolated so are the apps VM App App App App OS Dependencies Kernel Hypervisor Hardware Container App OS deps Container App OS deps Container App OS deps Container App OS deps Container Host (Kernel) Hardware 6 OPENSHIFT TECHNICAL OVERVIEW
  • 7. Container Host Container Application OS dependencies Virtual Machine Application OS dependencies Operating System VIRTUAL MACHINES AND CONTAINERS VM Isolation Complete OS Static Compute Static Memory High Resource Usage Container Isolation Shared Kernel Burstable Compute Burstable Memory Low Resource Usage 7 OPENSHIFT TECHNICAL OVERVIEW
  • 8. VIRTUAL MACHINES AND CONTAINERS Container Host Container Application OS dependencies Dev IT Ops Infrastructure Virtual Machine Application OS dependencies Operating System IT Ops (and Dev, sort of) Infrastructure Clear ownership boundary between Dev and IT Ops drives DevOps adoption and fosters agility Optimized for stability Optimized for agility 8 OPENSHIFT TECHNICAL OVERVIEW
  • 9. Virtual machines are NOT portable across hypervisor and do NOT provide portable packaging for applications APPLICATION PORTABILITY WITH VM VM Type X Application OS dependencies Operating System BARE METAL PRIVATE CLOUD PUBLIC CLOUD VIRTUALIZATION LAPTOP Application 9 OPENSHIFT TECHNICAL OVERVIEW OS dependencies Operating System VM Type Y Application OS dependencies Operating System VM Type Z Application OS dependencies Operating System Guest VM Application OS dependencies Operating System
  • 10. APPLICATION PORTABILITY WITH CONTAINERS LAPTOP Container Application OS dependencies Guest VM RHEL BARE METAL Container Application OS dependencies RHEL VIRTUALIZATION Container Application OS dependencies Virtual Machine RHEL PRIVATE CLOUD Container Application OS dependencies Virtual Machine RHEL PUBLIC CLOUD Container Application OS dependencies Virtual Machine RHEL RHEL Containers + RHEL Host = Guaranteed Portability Across Any Infrastructure 10 OPENSHIFT TECHNICAL OVERVIEW
  • 11. Base Image Image Layer 1 Image Layer 2 Image Layer 3 Application Layer Java Runtime Layer OS Update Layer Base RHEL Container Image Layers 11 OPENSHIFT TECHNICAL OVERVIEW Example Container Image RAPID SECURITY PATCHING USING CONTAINER IMAGE LAYERING
  • 12. A lightweight, OCI-compliant container runtime Available in OpenShift Online (soon) Tech Preview in OCP 3.7, GA in OCP 3.8 Optimized for Kubernetes 12 OPENSHIFT TECHNICAL OVERVIEW Any OCI-compliant container from any OCI registry (including docker) Improve Security and Performance at scale
  • 14. YOUR CHOICE OF INFRASTRUCTURE 14 OPENSHIFT TECHNICAL OVERVIEW
  • 15. NODES RHEL INSTANCES WHERE APPS RUN 15 OPENSHIFT TECHNICAL OVERVIEW
  • 16. APPS RUN IN CONTAINERS 16 OPENSHIFT TECHNICAL OVERVIEW
  • 17. PODS ARE THE UNIT OF ORCHESTRATION 17 OPENSHIFT TECHNICAL OVERVIEW
  • 18. MASTERS ARE THE CONTROL PLANE 18 OPENSHIFT TECHNICAL OVERVIEW
  • 19. API AND AUTHENTICATION 19 OPENSHIFT TECHNICAL OVERVIEW
  • 20. DESIRED AND CURRENT STATE 20 OPENSHIFT TECHNICAL OVERVIEW
  • 21. INTEGRATED CONTAINER REGISTRY 21 OPENSHIFT TECHNICAL OVERVIEW
  • 22. ORCHESTRATION AND SCHEDULING 22 OPENSHIFT TECHNICAL OVERVIEW
  • 23. PLACEMENT BY POLICY 23 OPENSHIFT TECHNICAL OVERVIEW
  • 24. AUTOSCALING PODS 24 OPENSHIFT TECHNICAL OVERVIEW
  • 25. SERVICE DISCOVERY 25 OPENSHIFT TECHNICAL OVERVIEW
  • 26. PERSISTENT DATA IN CONTAINERS 26 OPENSHIFT TECHNICAL OVERVIEW
  • 27. ROUTING AND LOAD-BALANCING 27 OPENSHIFT TECHNICAL OVERVIEW
  • 28. ACCESS VIA WEB, CLI, IDE AND API 28 OPENSHIFT TECHNICAL OVERVIEW
  • 31. AUTO-HEALING FAILED PODS 31 OPENSHIFT TECHNICAL OVERVIEW
  • 32. AUTO-HEALING FAILED CONTAINERS 32 OPENSHIFT TECHNICAL OVERVIEW
  • 33. AUTO-HEALING FAILED CONTAINERS 33 OPENSHIFT TECHNICAL OVERVIEW
  • 34. AUTO-HEALING FAILED CONTAINERS 34 OPENSHIFT TECHNICAL OVERVIEW
  • 35. AUTO-HEALING FAILED CONTAINERS 35 OPENSHIFT TECHNICAL OVERVIEW
  • 37. BUILT-IN SERVICE DISCOVERY INTERNAL LOAD-BALANCING 37 OPENSHIFT TECHNICAL OVERVIEW
  • 38. BUILT-IN SERVICE DISCOVERY INTERNAL LOAD-BALANCING 38 OPENSHIFT TECHNICAL OVERVIEW
  • 39. ROUTE EXPOSES SERVICES EXTERNALLY 39 OPENSHIFT TECHNICAL OVERVIEW
  • 40. ● Pluggable routing architecture ○ HAProxy Router ○ F5 Router ● Multiple-routers with traffic sharding ● Router supported protocols ○ HTTP/HTTPS ○ WebSockets ○ TLS with SNI ● Non-standard ports via cloud load-balancers, external IP, and NodePort ROUTING AND EXTERNAL LOAD-BALANCING 40 OPENSHIFT TECHNICAL OVERVIEW
  • 41. ROUTE SPLIT TRAFFIC Split Traffic Between Multiple Services For A/B Testing, Blue/Green and Canary Deployments 41 OPENSHIFT TECHNICAL OVERVIEW
  • 42. ● NodePort binds a service to a unique port on all the nodes ● Traffic received on any node redirects to a node with the running service ● Ports in 30K-60K range which usually differs from the service ● Firewall rules must allow traffic to all nodes on the specific port EXTERNAL TRAFFIC TO A SERVICE ON A RANDOM PORT WITH NODEPORT 42 OPENSHIFT TECHNICAL OVERVIEW
  • 43. EXTERNAL TRAFFIC TO A SERVICE ON ANY PORT WITH INGRESS 43 OPENSHIFT TECHNICAL OVERVIEW ● Access a service with an external IP on any TCP/UDP port, such as ○ Databases ○ Message Brokers ● Automatic IP allocation from a predefined pool using Ingress IP Self-Service ● IP failover pods provide high availability for the IP pool
  • 44. CONTROL OUTGOING TRAFFIC SOURCE IP WITH EGRESS ROUTER 44 OPENSHIFT TECHNICAL OVERVIEW
  • 45. ● Built-in internal DNS to reach services by name ● Split DNS is supported via SkyDNS ○ Master answers DNS queries for internal services ○ Other nameservers serve the rest of the queries ● Software Defined Networking (SDN) for a unified cluster network to enable pod-to-pod communication ● OpenShift follows the Kubernetes Container Networking Interface (CNI) plug-in model OPENSHIFT NETWORKING 45 OPENSHIFT TECHNICAL OVERVIEW
  • 46. OPENSHIFT NETWORK PLUGINS * Flannel is minimally verified and is supported only and exactly as deployed in the OpenShift on OpenStack reference architecture 46 OPENSHIFT TECHNICAL OVERVIEW
  • 47. OPENSHIFT NETWORKING 47 OPENSHIFT TECHNICAL OVERVIEW
  • 48. FLAT NETWORK (Default) ● All pods can communicate with each other across projects MULTI-TENANT NETWORK ● Project-level network isolation ● Multicast support ● Egress network policies NETWORK POLICY (Tech Preview) ● Granular policy-based isolation OPENSHIFT SDN NODE POD POD POD POD NODE POD POD POD POD 48 OPENSHIFT TECHNICAL OVERVIEW
  • 49. OPENSHIFT SDN - NETWORK POLICY 49 OPENSHIFT TECHNICAL OVERVIEW Example Policies ● Allow all traffic inside the project ● Allow traffic from green to gray ● Allow traffic to purple on 8080 apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: allow-to-purple-on-8080 spec: podSelector: matchLabels: color: purple ingress: - ports: - protocol: tcp port: 8080
  • 50. Container to Container on the Same Host OPENSHIFT SDN - OVS PACKET FLOW 50 OPENSHIFT TECHNICAL OVERVIEW
  • 51. OPENSHIFT SDN - OVS PACKET FLOW 51 OPENSHIFT TECHNICAL OVERVIEW Container to Container on the Different Hosts
  • 52. Container Connects to External Host OPENSHIFT SDN - OVS PACKET FLOW 52 OPENSHIFT TECHNICAL OVERVIEW
  • 53. OPENSHIFT SDN WITH FLANNEL FOR OPENSTACK Flannel is minimally verified and is supported only and exactly as deployed in the OpenShift on OpenStack reference architecture https://access.redhat.com/articles/2743631 53 OPENSHIFT TECHNICAL OVERVIEW
  • 55. ● EFK stack to aggregate logs for hosts and applications ○ Elasticsearch: an object store to store all logs ○ Fluentd: gathers logs and sends to Elasticsearch. ○ Kibana: A web UI for Elasticsearch. ● Access control ○ Cluster administrators can view all logs ○ Users can only view logs for their projects ● Ability to send logs elsewhere ○ External elasticsearch, Splunk, etc CENTRAL LOG MANAGEMENT WITH EFK 55 OPENSHIFT TECHNICAL OVERVIEW
  • 56. CENTRAL LOG MANAGEMENT WITH EFK ELASTIC ELASTIC NODE OD POD RHEL FLUENTD OD POD RHEL FLUENTD RHEL POD POD NODE P POD POD NODE P POD POD POD POD FLUENTD ELASTIC ELASTIC ELASTIC ELASTIC ELASTIC ELASTIC 56 OPENSHIFT TECHNICAL OVERVIEW
  • 57. CONTAINER METRICS 57 OPENSHIFT TECHNICAL OVERVIEW
  • 58. NODE POD POD RHEL POD POD FLUENTD CONTAINER METRICS NODE POD POD RHEL POD POD FLUENTD RHEL NODE POD POD POD POD CADVISOR ELASTIC ELASTIC 58 OPENSHIFT TECHNICAL OVERVIEW
  • 60. TEN LAYERS OF CONTAINER SECURITY 60 OPENSHIFT TECHNICAL OVERVIEW Container Host & Multi-tenancy Container Content Container Registry Building Containers Deploying Container Container Platform Network Isolation Storage API Management Federated Clusters
  • 61. ● Secure mechanism for holding sensitive data e.g. ○ Passwords and credentials ○ SSH Keys ○ Certificates ● Secrets are made available as ○ Environment variables ○ Volume mounts ○ Interaction with external systems ● Encrypted in transit ● Never rest on the nodes 61 OPENSHIFT TECHNICAL OVERVIEW SECRET MANAGEMENT
  • 63. ● Persistent Volume (PV) is tied to a piece of network storage ● Provisioned by an administrator (static or dynamically) ● Allows admins to describe storage and users to request storage ● Assigned to pods based on the requested size, access mode, labels and type 63 OPENSHIFT TECHNICAL OVERVIEW PERSISTENT STORAGE NFS GlusterFS OpenStack Cinder Ceph RBD AWSEBS GCE Persistent Disk iSCSI Fiber Channel Azure Disk Azure File FlexVolume VMWare vSphere VMDK
  • 64. PERSISTENT STORAGE 64 OPENSHIFT TECHNICAL OVERVIEW
  • 65. DYNAMIC VOLUME PROVISIONING 65 OPENSHIFT TECHNICAL OVERVIEW
  • 66. ● Containerized Red Hat Gluster Storage ● Native integration with OpenShift ● Unified Orchestration using Kubernetes for applications and storage ● Greater control & ease of use for developers ● Lower TCO through convergence ● Single vendor Support CONTAINER-NATIVE STORAGE 66 OPENSHIFT TECHNICAL OVERVIEW
  • 67. NODE NODE NODE CONTAINER-NATIVE STORAGE NODE POD POD POD POD POD POD POD POD POD POD POD POD POD MASTER 67 OPENSHIFT TECHNICAL OVERVIEW
  • 69. WHY A SERVICE BROKER? 69 OPENSHIFT TECHNICAL OVERVIEW Manual, Time-consuming and Inconsistent
  • 70. A multi-vendor project to standardize how services are consumed on cloud-native platforms across service providers 70 OPENSHIFT TECHNICAL OVERVIEW
  • 71. WHAT IS A SERVICE BROKER? 71 OPENSHIFT TECHNICAL OVERVIEW Automated, Standard and Consistent
  • 72. OPENSHIFT SERVICE CATALOG 72 OPENSHIFT TECHNICAL OVERVIEW
  • 73. SERVICE BROKER CONCEPTS SERVICE CONSUMER SERVICE PROVIDER SERVICE CATALOG 73 OPENSHIFT TECHNICAL OVERVIEW SERVICE BROKER SERVICE: an offering that can be used by an app e.g. database PLAN: a specific flavor of a service e.g. Gold Tier SERVICE INSTANCE: an instance of the offering PROVISION: creating a service instance BIND: associate a service instance and its credentials to an app
  • 74. ● Deploy service broker on or off OpenShift ● Register the broker referring to the deployed broker 74 OPENSHIFT TECHNICAL OVERVIEW ● Register the broker services by creating ServiceClass resources (the service broker might automatically perform this step) HOW TO ADD A SERVICE BROKER apiVersion: servicecatalog.k8s.io/v1alpha1 kind: Broker metadata: name: asb-broker spec: url: https://asb-1338-ansible-service-broker.10.2.2.15.nip.io
  • 75. ● Exposes Templates and Instant Apps in the Service Catalog ● Pulled from openshift namespace by default ● Multiple namespaces can be configured for template discovery 75 OPENSHIFT TECHNICAL OVERVIEW TEMPLATE SERVICE BROKER
  • 76. TEMPLATE SERVER BROKER PROVISIONING Template Service Broker Node.js Container openshift namespace 76 OPENSHIFT TECHNICAL OVERVIEW nodejs-template OpenShift Service Catalog Service Broker creates a the objects from the template
  • 77. TEMPLATE SERVICE BROKER BINDING Template Service Broker Node.js Container openshift namespace 77 OPENSHIFT TECHNICAL OVERVIEW nodejs-template OpenShift Service Catalog create binding Service Broker creates a binding and secret for any credentials (config map, secret, etc) created by the template
  • 78. OPENSHIFT ANSIBLE BROKER 78 OPENSHIFT TECHNICAL OVERVIEW ● Use Ansible on OpenShift ○ Deploy containerized applications ○ Provision external services (e.g. Oracle database) ○ Provision cloud services (e.g. AWS RDS) ○ Orchestrate multi-service solutions ○ Conditional logic for control on deployments (e.g. database is initialized) ● Leverage existing Ansible playbooks ● Anything you can do with Ansible, you can do with OAB
  • 79. ● Lightweight application definition ● Packaged as a container image ● Embedded Ansible runtime ● Metadata for parameters ● Named playbooks for actions ● Leverage existing Ansible playbooks ● Registry is queried to discover APBs 79 OPENSHIFT TECHNICAL OVERVIEW ANSIBLE PLAYBOOK BUNDLES (APB) Ansible Playbook Bundle (Container Image) Ansible Runtime ├─ roles ├─ playbooks │ ├─ provision.yaml │ ├─ unprovision.yaml │ ├─ bind.yaml │ └─ unbind.yaml └─ apb.yaml
  • 80. OpenShift Ansible Broker Red Hat Container Catalog Docker Hub OpenShift Registry mediawiki-apb 80 OPENSHIFT TECHNICAL OVERVIEW postgresql-apb Discover and list APBs from the configured image registries OpenShift Service Catalog OPENSHIFT ANSIBLE BROKER PROVISIONING
  • 81. OpenShift Ansible Broker APB Container (postgresql) oc run postgresql-apb provision $vars Pull APB image and run it with the broker action as a parameter Red Hat Container Catalog 81 OPENSHIFT TECHNICAL OVERVIEW Docker Hub OpenShift Registry mediawiki-apb postgresql-apb OpenShift Service Catalog OPENSHIFT ANSIBLE BROKER PROVISIONING
  • 82. Ansible Service Broker APB Container (postgresql) oc run postgresql-apb provision $vars ansible-playbook provision.yaml $vars Postgre SQL Container APB container runs provision.yaml playbook to create a PostgreSQL container Red Hat Container Catalog mediawiki-apb postgresql-apb OpenShift Service Catalog OpenShift Ansible Broker Postgre SQL Container Red Hat Container Catalog 82 OPENSHIFT TECHNICAL OVERVIEW Docker Hub OpenShift Registry mediawiki-apb postgresql-apb OPENSHIFT ANSIBLE BROKER PROVISIONING
  • 83. OpenShift Ansible Broker APB Container (postgresql) Postgre SQL Container APB container runs bind.yaml playbook to create database user oc run postgresql-apb bind $vars ansible-playbook bind.yaml $vars Red Hat Container Catalog 83 OPENSHIFT TECHNICAL OVERVIEW Docker Hub OpenShift Registry mediawiki-apb postgresql-apb MediaWiki Container OpenShift Service Catalog OPENSHIFT ANSIBLE BROKER BINDING
  • 84. OpenShift Ansible Broker Postgre SQL Container APB container goes away and Service Broker creates a binding for the PostgreSQL service Red Hat Container Catalog Docker Hub OpenShift Registry mediawiki-apb postgresql-apb create binding 84 OPENSHIFT TECHNICAL OVERVIEW MediaWiki Container OpenShift Service Catalog OPENSHIFT ANSIBLE BROKER BINDING
  • 85. OpenShift Ansible Broker Postgre SQL Container Red Hat Container Catalog Docker Hub OpenShift Registry mediawiki-apb postgresql-apb MediaWiki Container OpenShift Service Catalog mount binding secret 85 OPENSHIFT TECHNICAL OVERVIEW Service Catalog creates a secret for the binding, containing the database credentials OPENSHIFT ANSIBLE BROKER BINDING
  • 86. OpenShift Ansible Broker Postgre SQL Container MediaWiki container uses the credentials in the secret to connect to the PostgreSQL database Red Hat Container Catalog Docker Hub OpenShift Registry mediawiki-apb postgresql-apb MediaWiki Container OpenShift Service Catalog mount binding secret 86 OPENSHIFT TECHNICAL OVERVIEW OPENSHIFT ANSIBLE BROKER BINDING
  • 87. ● Targets Top 10 AWS Services ● Uses Ansible Playbook Bundles ● Available in OpenShift 3.7 AWS SERVICE BROKER SQS SNS DynamoDB Redshift SES S3 RDS EMR AWSBatch ElastiCache Route 53 87 OPENSHIFT TECHNICAL OVERVIEW
  • 88. AWS PROVISIONING AWS RDS Compatible Docker Registries oc run rds-apb provision $vars ansible-playbook provision.yaml $vars APB container runs provision.yaml playbook to interact with CFN and create RDS instance OpenShift Service Catalog APB Container (rds) OpenShift Ansible Broker AWSECR s3-apb rds-apb AWS Cloud Formation 88 OPENSHIFT TECHNICAL OVERVIEW
  • 90. TOP CHALLENGES OF RUNNING CONTAINERS AT SCALE SERVICE HEALTH SECURITY & COMPLIANCE FINANCIAL MANAGEMENT OPERATIONAL EFFICIENCY 90 OPENSHIFT TECHNICAL OVERVIEW
  • 92. ● CloudForms continuously discovers your infrastructure in near real time. ● CloudForms discovers and visualizes relationships between infra components ● CloudForms cross references inventory across technologies. ● CloudForms offers custom automation via control policy or UI extensions OPERATIONAL EFFICIENCY 92 OPENSHIFT TECHNICAL OVERVIEW
  • 94. ● CloudForms monitors resource consumption and shows trends ● CloudForms alerts on performance thresholds or other events ● CloudForms offers right-sizing recommendations ● CloudForms enforces configuration and tracks it over time. SERVICE HEALTH 94 OPENSHIFT TECHNICAL OVERVIEW
  • 95. SERVICE HEALTH 95 OPENSHIFT TECHNICAL OVERVIEW
  • 96. ● CloudForms finds and marks nodes non-compliant with policy. ● CloudForms allows reporting on container provenance. ● CloudForms scans container images using OpenSCAP. ● CloudForms tracks genealogy between images and containers. SECURITY & COMPLIANCE 96 OPENSHIFT TECHNICAL OVERVIEW
  • 97. SECURITY & COMPLIANCE 97 OPENSHIFT TECHNICAL OVERVIEW
  • 98. ● Define cost models for infrastructure and understand your cost. ● Rate schedules per platform and per tenant with multi-tiered and multi-currency support ● CloudForms shows top users for CPU, memory, as well as cost. ● Chargeback/showback to projects based on container utilization. FINANCIAL MANAGEMENT 98 OPENSHIFT TECHNICAL OVERVIEW
  • 99. FINANCIAL MANAGEMENT 99 OPENSHIFT TECHNICAL OVERVIEW
  • 101. Application Release Strategies with OpenShift Building Polyglot Microservices on OpenShift Building JBoss EAP 6 Microservices on OpenShift Building JBoss EAP 7 Microservices on OpenShift Business Process Management with JBoss BPMS on OpenShift Build and Deployment of Java Applications on OpenShift Building Microservices on OpenShift with Fuse Integration... JFrog Artifactory on OpenShift Container Platform Spring Boot Microservices on Red Hat OpenShift API Management with Red Hat 3scale on OpenShift OpenShift on VMware vCenter OpenShift on Red Hat OpenStack Platform OpenShift on Amazon Web Services OpenShift on Google Cloud Platform OpenShift on Microsoft Azure OpenShift on Red Hat Virtualization OpenShift on HPE Servers with Ansible Tower OpenShift on VMware vCenter 6 with Gluster Deploying an OpenShift Distributed Architecture OpenShift Architecture and Deployment Guide OpenShift Scaling, Performance, and Capacity Planning 101 OPENSHIFT TECHNICAL OVERVIEW REFERENCE ARCHITECTURES
  • 103. BUILD AND DEPLOY CONTAINER IMAGES DEPLOY YOUR SOURCE CODE DEPLOY YOUR CONTAINER IMAGE DEPLOY YOUR APP BINARY 103 OPENSHIFT TECHNICAL OVERVIEW
  • 104. DEPLOY SOURCE CODE WITH SOURCE-TO-IMAGE (S2I) User/Tool Does OpenShift Does 104 OPENSHIFT TECHNICAL OVERVIEW
  • 105. DEPLOY APP BINARY WITH SOURCE-TO-IMAGE (S2I) User/Tool Does OpenShift Does 105 OPENSHIFT TECHNICAL OVERVIEW
  • 106. DEPLOY DOCKER IMAGE User/Tool Does OpenShift Does 106 OPENSHIFT TECHNICAL OVERVIEW
  • 107. BUILD IMAGES IN MULTIPLE STAGES 107 OPENSHIFT TECHNICAL OVERVIEW
  • 108. EXAMPLE: USE ANY RUNTIME IMAGE WITH SOURCE-TO-IMAGE BUILDS Use Source-to-Image to build app binaries and deploy on lean vanilla runtimes read more on https://blog.openshift.com/chaining-builds/ 108 OPENSHIFT TECHNICAL OVERVIEW
  • 109. EXAMPLE: USE ANY BUILD TOOL WITH OFFICIAL RUNTIME IMAGES Use your choice of build tool like Gradle and deploy to official images like the JDK image read more on https://blog.openshift.com/chaining-builds/ 109 OPENSHIFT TECHNICAL OVERVIEW
  • 110. EXAMPLE: SMALL LEAN RUNTIMES Build the app binary and deploy on small scratch images read more on https://blog.openshift.com/chaining-builds/ 110 OPENSHIFT TECHNICAL OVERVIEW
  • 112. CI/CD WITH BUILD AND DEPLOYMENTS 112 OPENSHIFT TECHNICAL OVERVIEW BUILDS ● Webhook triggers: build the app image whenever the code changes ● Image trigger: build the app image whenever the base language or app runtime changes ● Build hooks: test the app image before pushing it to an image registry DEPLOYMENTS ● Deployment triggers: redeploy app containers whenever configuration changes or the image changes in the OpenShift integrated registry or upstream registries
  • 113. CONTINUOUS DELIVERY WITH CONTAINERS 113 OPENSHIFT TECHNICAL OVERVIEW
  • 114. OPENSHIFT LOVES CI/CD JENKINS-AS-A SERVICE ON OPENSHIFT HYBRID JENKINS INFRA WITH OPENSHIFT EXISTING CI/CD DEPLOY TO OPENSHIFT 114 OPENSHIFT TECHNICAL OVERVIEW
  • 115. JENKINS-AS-A-SERVICE ON OPENSHIFT ● Certified Jenkins images with pre-configured plugins ○ Provided out-of-the-box ○ Follows Jenkins 1.x and 2.x LTS versions ● Jenkins S2I Builder for customizing the image ○ Install Plugins ○ Configure Jenkins ○ Configure Build Jobs ● OpenShift plugins to integrate authentication with OpenShift and also CI/CD pipelines ● Dynamically deploys Jenkins slave containers 115 OPENSHIFT TECHNICAL OVERVIEW
  • 116. ● Scale existing Jenkins infrastructure by dynamically provisioning Jenkins slaves on OpenShift ● Use Kubernetes plug-in on existing Jenkin servers HYBRID JENKINS INFRA WITH OPENSHIFT 116 OPENSHIFT TECHNICAL OVERVIEW
  • 117. ● Existing CI/CD infrastructure outside OpenShift performs operations against OpenShift ○ OpenShift Pipeline Jenkins Plugin for Jenkins ○ OpenShift CLI for integrating other CI Engines with OpenShift ● Without disrupting existing processes, can be combined with previous alternative EXISTING CI/CD DEPLOY TO OPENSHIFT 117 OPENSHIFT TECHNICAL OVERVIEW
  • 118. OPENSHIFT PIPELINES ● OpenShift Pipelines allow defining a CI/CD workflow via a Jenkins pipeline which can be started, monitored, and managed similar to other builds ● Dynamic provisioning of Jenkins slaves ● Auto-provisioning of Jenkins server ● OpenShift Pipeline strategies ○ Embedded Jenkinsfile ○ Jenkinsfile from a Git repository apiVersion: v1 kind: BuildConfig metadata: name: app-pipeline spec: strategy: type: JenkinsPipeline jenkinsPipelineStrategy: jenkinsfile: |- node('maven') { stage('build app') { git url: 'https://git/app.git' sh "mvn package" } stage('build image') { sh "oc start-build app --from-file=target/app.jar } stage('deploy') { openshiftDeploy deploymentConfig: 'app' } } 118 OPENSHIFT TECHNICAL OVERVIEW
  • 120. CONTINUOUS DELIVERY PIPELINE ● ● ● 120 OPENSHIFT TECHNICAL OVERVIEW
  • 121. CONTINUOUS DELIVERY PIPELINE 121 OPENSHIFT TECHNICAL OVERVIEW
  • 122. CONTINUOUS DELIVERY PIPELINE 122 OPENSHIFT TECHNICAL OVERVIEW
  • 123. CONTINUOUS DELIVERY PIPELINE 123 OPENSHIFT TECHNICAL OVERVIEW
  • 124. ServiceNow JIRA Service Desk Zendeks BMC Remedy CONTINUOUS DELIVERY PIPELINE ☒ ☑ 124 OPENSHIFT TECHNICAL OVERVIEW
  • 125. CONTINUOUS DELIVERY PIPELINE ☒ ☑ 125 OPENSHIFT TECHNICAL OVERVIEW
  • 127. LOCAL DEVELOPMENT WORKFLOW 127 OPENSHIFT TECHNICAL OVERVIEW
  • 128. BOOTSTRAP ● Pick your programming language and application runtime of choice ● Create the project skeleton from scratch or use a generator such as ○ Maven archetypes ○ Quickstarts and Templates ○ OpenShift Generator ○ Spring Initializr LOCAL DEVELOPMENT WORKFLOW 128 OPENSHIFT TECHNICAL OVERVIEW
  • 129. DEVELOP ● Pick your framework of choice such as Java EE, Spring, Ruby on Rails, Django, Express, ... ● Develop your application code using your editor or IDE of choice ● Build and test your application code locally using your build tools ● Create or generate OpenShift templates or Kubernetes objects LOCAL DEVELOPMENT WORKFLOW 129 OPENSHIFT TECHNICAL OVERVIEW
  • 130. LOCAL DEPLOY ● Deploy your code on a local OpenShift cluster ○ Red Hat Container Development Kit (CDK), minishift and oc cluster ● Red Hat CDK provides a standard RHEL-based development environment ● Use binary deploy, maven or CLI rsync to push code or app binary directly into containers LOCAL DEVELOPMENT WORKFLOW 130 OPENSHIFT TECHNICAL OVERVIEW
  • 131. VERIFY ● Verify your code is working as expected ● Run any type of tests that are required with or without other components (database, etc) ● Based on the test results, change code, deploy, verify and repeat LOCAL DEVELOPMENT WORKFLOW 131 OPENSHIFT TECHNICAL OVERVIEW
  • 132. GIT PUSH ● Push the code and configuration to the Git repository ● If using Fork & Pull Request workflow, create a Pull Request ● If using code review workflow, participate in code review discussions LOCAL DEVELOPMENT WORKFLOW 132 OPENSHIFT TECHNICAL OVERVIEW
  • 133. PIPELINE ● Pushing code to the Git repository triggers one or multiple deployment pipelines ● Design your pipelines based on your development workflow e.g. test the pull request ● Failure in the pipeline? Go back to the code and start again LOCAL DEVELOPMENT WORKFLOW 133 OPENSHIFT TECHNICAL OVERVIEW
  • 135. A PLATFORM THAT GROWS WITH YOUR BUSINESS Web Application Data Virtualization Intelligent Process Micro services API Management Single Sign-On Java EE Application Mobile Integration Messaging Data Grid Real Time Decision 135 OPENSHIFT TECHNICAL OVERVIEW
  • 136. CrunchyData GitLab Iron.io Couchbase Sonatype EnterpriseDB NuoDB Fujitsu and many more TRUE POLYGLOT PLATFORM LANGUAGES 136 OPENSHIFT TECHNICAL OVERVIEW DATABASES WEBSERVERS MIDDLEWARE
  • 137. SUPPORTED MICROSERVICES RUNTIMES TESTED AND VERIFIED MICROSERVICES FRAMEWORKS Reactive Eclipse Vert.x MicroProfile WildFly Swarm Server-side JS Node.js Java EE JBoss EAP Java EE Web Embedded Tomcat Modern, Cloud-Native Application Runtimes and an Opinionated Developer Experience 137 OPENSHIFT TECHNICAL OVERVIEW LAUNCH Spring Boot Netflix Hystrix Netflix Ribbon
  • 139. WHAT YOU NEED FOR MICROSERVICES? 139 OPENSHIFT TECHNICAL OVERVIEW Visibility & Reporting Resilience & Fault Tolerance Routing & Traffic Control Identity & Security Policy Enforcement
  • 140. WHAT YOU NEED FOR MICROSERVICES? Visibility & Reporting Resilience & Fault Tolerance Routing & Traffic Control Identity & Security Policy Enforcement Istio 140 OPENSHIFT TECHNICAL OVERVIEW
  • 141. Control Plane WHAT IS ISTIO? a service mesh to connect, manage, and secure microservices Pilot Mixer Auth Data Plane Pod Envoy App Pod Envoy App Pod Envoy App Pod Envoy App 141 OPENSHIFT TECHNICAL OVERVIEW