This document provides an overview of OpenShift Container Platform. It describes OpenShift's architecture including containers, pods, services, routes and the master control plane. It also covers key OpenShift features like self-service administration, automation, security, logging, monitoring, networking and integration with external services.
OpenShift 4, the smarter Kubernetes platformKangaroot
OpenShift 4 introduces automated installation, patching, and upgrades for every layer of the container stack from the operating system through application services.
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftDevOps.com
Administrators and developers are increasingly seeking ways to improve application time to market and improve maintainability. Containers and Red Hat® OpenShift® have quickly become the de facto solution for agile development and application deployment.
Red Hat Training has developed a course that provides the gateway to container adoption by understanding the potential of DevOps using a container-based architecture. Orchestrating a container-based architecture with Kubernetes and Red Hat® OpenShift® improves application reliability and scalability, decreases developer overhead, and facilitates continuous integration and continuous deployment.
In this webinar, our expert will cover:
An overview of container and OpenShift architecture.
How to manage containers and container images.
Deploying containerized applications with Red Hat OpenShift.
An outline of Red Hat OpenShift training offerings.
OpenShift 4, the smarter Kubernetes platformKangaroot
OpenShift 4 introduces automated installation, patching, and upgrades for every layer of the container stack from the operating system through application services.
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftDevOps.com
Administrators and developers are increasingly seeking ways to improve application time to market and improve maintainability. Containers and Red Hat® OpenShift® have quickly become the de facto solution for agile development and application deployment.
Red Hat Training has developed a course that provides the gateway to container adoption by understanding the potential of DevOps using a container-based architecture. Orchestrating a container-based architecture with Kubernetes and Red Hat® OpenShift® improves application reliability and scalability, decreases developer overhead, and facilitates continuous integration and continuous deployment.
In this webinar, our expert will cover:
An overview of container and OpenShift architecture.
How to manage containers and container images.
Deploying containerized applications with Red Hat OpenShift.
An outline of Red Hat OpenShift training offerings.
In this session, Diógenes gives an introduction of the basic concepts that make OpenShift, giving special attention to its relationship with Linux containers and Kubernetes.
Free GitOps Workshop + Intro to Kubernetes & GitOpsWeaveworks
Follow along in this free workshop and experience GitOps!
AGENDA:
Welcome - Tamao Nakahara, Head of DX (Weaveworks)
Introduction to Kubernetes & GitOps - Mark Emeis, Principal Engineer (Weaveworks)
Weave Gitops Overview - Tamao Nakahara
Free Gitops Workshop - David Harris, Product Manager (Weaveworks)
If you're new to Kubernetes and GitOps, we'll give you a brief introduction to both and how GitOps is the natural evolution of Kubernetes.
Weave GitOps Core is a continuous delivery product to run apps in any Kubernetes. It is free and open source, and you can get started today!
https://www.weave.works/product/gitops-core
If you’re stuck, also come talk to us at our Slack channel! #weave-gitops http://bit.ly/WeaveGitOpsSlack (If you need to invite yourself to the Slack, visit https://slack.weave.works/)
In this session, we will discuss the architecture of a Kubernetes cluster. we will go through all the master and worker components of a kubernetes cluster. We will also discuss the basic terminology of Kubernetes cluster such as Pods, Deployments, Service etc. We will also cover networking inside Kuberneets. In the end, we will discuss options available for the setup of a Kubernetes cluster.
Service Discovery in kubernetes is all about how services of kubernetes get discovered internally and externally. How does a single POD communicate to another POD the within the cluster and how does a user request reach to a specific POD in the cluster? These are some questions that are answered by this TOPIC.
In occasione del Containers & Cloud-Native Roadshow 2019 il Cloud Engineer Domenico Pastore ha fornito una panoramica sui concetti chiave, sui benefici e sulle opportunità offerte dall’adozione dei container Linux e di tecnologie open source come Red Hat OpenShift e Gluster.
I punti trattati durante la presentazione sono:
- I container Linux
- Differenze tra virtual machine e container
- Architettura di Red Hat OpenShift
- Container native storage
Per saperne di più, scaricate le slide e guardate il video della presentazione su https://www.par-tec.it/containers-landscape-review
In this session, Diógenes gives an introduction of the basic concepts that make OpenShift, giving special attention to its relationship with Linux containers and Kubernetes.
Free GitOps Workshop + Intro to Kubernetes & GitOpsWeaveworks
Follow along in this free workshop and experience GitOps!
AGENDA:
Welcome - Tamao Nakahara, Head of DX (Weaveworks)
Introduction to Kubernetes & GitOps - Mark Emeis, Principal Engineer (Weaveworks)
Weave Gitops Overview - Tamao Nakahara
Free Gitops Workshop - David Harris, Product Manager (Weaveworks)
If you're new to Kubernetes and GitOps, we'll give you a brief introduction to both and how GitOps is the natural evolution of Kubernetes.
Weave GitOps Core is a continuous delivery product to run apps in any Kubernetes. It is free and open source, and you can get started today!
https://www.weave.works/product/gitops-core
If you’re stuck, also come talk to us at our Slack channel! #weave-gitops http://bit.ly/WeaveGitOpsSlack (If you need to invite yourself to the Slack, visit https://slack.weave.works/)
In this session, we will discuss the architecture of a Kubernetes cluster. we will go through all the master and worker components of a kubernetes cluster. We will also discuss the basic terminology of Kubernetes cluster such as Pods, Deployments, Service etc. We will also cover networking inside Kuberneets. In the end, we will discuss options available for the setup of a Kubernetes cluster.
Service Discovery in kubernetes is all about how services of kubernetes get discovered internally and externally. How does a single POD communicate to another POD the within the cluster and how does a user request reach to a specific POD in the cluster? These are some questions that are answered by this TOPIC.
In occasione del Containers & Cloud-Native Roadshow 2019 il Cloud Engineer Domenico Pastore ha fornito una panoramica sui concetti chiave, sui benefici e sulle opportunità offerte dall’adozione dei container Linux e di tecnologie open source come Red Hat OpenShift e Gluster.
I punti trattati durante la presentazione sono:
- I container Linux
- Differenze tra virtual machine e container
- Architettura di Red Hat OpenShift
- Container native storage
Per saperne di più, scaricate le slide e guardate il video della presentazione su https://www.par-tec.it/containers-landscape-review
OpenStack is a free and open-source software platform for cloud computing, mostly deployed as an infrastructure-as-a-service (IaaS). OpenDaylight is an open source project under the Linux Foundation with the goal of furthering the adoption and innovation of SDN through the creation of a common industry supported platform.
In this session, I will talk about how OpenStack and OpenDaylight can be combined together to solve real world business cases and networking needs. We will cover:
- What is OpenDaylight
- Use cases for OpenDaylight with OpenStack
- The OpenDaylight NetVirt project
- How OpenDaylight interacts with OpenStack
- The future of OpenDaylight, and how we see it help solving challenges in the networking industry such as NFV, container networking and physical network fabric management -- the open source way.
OpenShift is Red Hat's Platform-as-a-Service (PaaS) that lets developers quickly develop, host, and scale Docker container-based applications. OpenShift enables a uniform and standardised approach to container management across all hosting options including AWS/EC2 and other private/public cloud and on/off-premise variants. At this session, you will learn how Red Hat's enterprise clients are using OpenShift to enable their digital transformation initiatives. Examples will cover how realising a hybrid cloud strategy can simplify and reduce the risk of migrating and transitioning application workloads to containers in the cloud.
Alex Smith, Solutions Architect, Amazon Web Services, ASEAN
Stephen Bylo, Senior Solution Architect, Red Hat Asia Pacific Pte Ltd
We hosted a live workshop on Sep 22, 2015. These are the slides requested by the audience. If you want to hear the replay AND see the live demonstration, follow the link below.
Open NX-OS: Maximize Programmability with NX-API REST
http://cs.co/9008BKHIi
Thanks for watching, Robb, @robbboyd
Helpful links:
Nexus Programmability Guide:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/programmability/guide/b_Cisco_Nexus_9000_Series_NX-OS_Programmability_Guide_7x.html
NX API REST Object Model Specification: http://developer.cisco.com
Chef Enterprise Agent (Supermarket): http://supermarket.chef.io
Cisco Chef Cookbook GitHub: https://github.com/cisco/cisco-network-chef-cookbook
Puppet Enterprise Agent (Puppetforge): http://forge.puppetlabs.com
Cisco Puppet Module GitHub: https://github.com/cisco/cisco-network-puppet-module
Cisco Software Repository: https://devhub.cisco.com/artifactory/open-nxos
Nexus 3/9K Datacenter GitHub Repository (NX-API, Ansible, NXAPI REST Scripting Examples, etc): http://github.com/datacenter/nexus9000
Custom Application Integration SDK: http://devhub.cisco.com/artifactory/open-nxos
Virtual vN9K, Please contact your Cisco AM to request access currently
This talk will give you an overview on OpenStack Networking. We will first go through a little bit of theory on the challenges that traditional Networking has in OpenStack, and in cloud environments in general. We will then explore the options given to us by the OpenStack community and ecosystem. After this we will go into more implementation details of OpenSource implementations of programatic overlays, traditional bridging, and some of the commercially available plugins.
This is my latest OpenStack Networking presentation. I presented it at OSDC 2014. It includes a lot of backup slides with CLI outputs that show how ML2 with the OVS agent creates GRE based overlay networks and logical routers
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...Amil Baba Dawood bangali
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
Overview of the fundamental roles in Hydropower generation and the components involved in wider Electrical Engineering.
This paper presents the design and construction of hydroelectric dams from the hydrologist’s survey of the valley before construction, all aspects and involved disciplines, fluid dynamics, structural engineering, generation and mains frequency regulation to the very transmission of power through the network in the United Kingdom.
Author: Robbie Edward Sayers
Collaborators and co editors: Charlie Sims and Connor Healey.
(C) 2024 Robbie E. Sayers
Saudi Arabia stands as a titan in the global energy landscape, renowned for its abundant oil and gas resources. It's the largest exporter of petroleum and holds some of the world's most significant reserves. Let's delve into the top 10 oil and gas projects shaping Saudi Arabia's energy future in 2024.
About
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Technical Specifications
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
Key Features
Indigenized remote control interface card suitable for MAFI system CCR equipment. Compatible for IDM8000 CCR. Backplane mounted serial and TCP/Ethernet communication module for CCR remote access. IDM 8000 CCR remote control on serial and TCP protocol.
• Remote control: Parallel or serial interface
• Compatible with MAFI CCR system
• Copatiable with IDM8000 CCR
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
Application
• Remote control: Parallel or serial interface.
• Compatible with MAFI CCR system.
• Compatible with IDM8000 CCR.
• Compatible with Backplane mount serial communication.
• Compatible with commercial and Defence aviation CCR system.
• Remote control system for accessing CCR and allied system over serial or TCP.
• Indigenized local Support/presence in India.
• Easy in configuration using DIP switches.
Hierarchical Digital Twin of a Naval Power SystemKerry Sado
A hierarchical digital twin of a Naval DC power system has been developed and experimentally verified. Similar to other state-of-the-art digital twins, this technology creates a digital replica of the physical system executed in real-time or faster, which can modify hardware controls. However, its advantage stems from distributing computational efforts by utilizing a hierarchical structure composed of lower-level digital twin blocks and a higher-level system digital twin. Each digital twin block is associated with a physical subsystem of the hardware and communicates with a singular system digital twin, which creates a system-level response. By extracting information from each level of the hierarchy, power system controls of the hardware were reconfigured autonomously. This hierarchical digital twin development offers several advantages over other digital twins, particularly in the field of naval power systems. The hierarchical structure allows for greater computational efficiency and scalability while the ability to autonomously reconfigure hardware controls offers increased flexibility and responsiveness. The hierarchical decomposition and models utilized were well aligned with the physical twin, as indicated by the maximum deviations between the developed digital twin hierarchy and the hardware.
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Dr.Costas Sachpazis
Terzaghi's soil bearing capacity theory, developed by Karl Terzaghi, is a fundamental principle in geotechnical engineering used to determine the bearing capacity of shallow foundations. This theory provides a method to calculate the ultimate bearing capacity of soil, which is the maximum load per unit area that the soil can support without undergoing shear failure. The Calculation HTML Code included.
Explore the innovative world of trenchless pipe repair with our comprehensive guide, "The Benefits and Techniques of Trenchless Pipe Repair." This document delves into the modern methods of repairing underground pipes without the need for extensive excavation, highlighting the numerous advantages and the latest techniques used in the industry.
Learn about the cost savings, reduced environmental impact, and minimal disruption associated with trenchless technology. Discover detailed explanations of popular techniques such as pipe bursting, cured-in-place pipe (CIPP) lining, and directional drilling. Understand how these methods can be applied to various types of infrastructure, from residential plumbing to large-scale municipal systems.
Ideal for homeowners, contractors, engineers, and anyone interested in modern plumbing solutions, this guide provides valuable insights into why trenchless pipe repair is becoming the preferred choice for pipe rehabilitation. Stay informed about the latest advancements and best practices in the field.
5. OPENSHIFT TECHNICAL OVERVIEW
5
WHAT ARE CONTAINERS?
It Depends Who You Ask
● Application processes on a shared kernel
● Simpler, lighter, and denser than VMs
● Portable across different environments
● Package apps with all dependencies
● Deploy to any environment in seconds
● Easily accessed and shared
INFRASTRUCTURE APPLICATIONS
6. OPENSHIFT TECHNICAL OVERVIEW
6
VIRTUAL MACHINES AND CONTAINERS
VIRTUAL MACHINES CONTAINERS
virtual machines are isolated
apps are not
containers are isolated
so are the apps
VM
OS Dependencies
Kernel
Hypervisor
Hardware
App App App App
Hardware
Container Host (Kernel)
Container
App
OS deps
Container
App
OS deps
Container
App
OS deps
Container
App
OS deps
7. OPENSHIFT TECHNICAL OVERVIEW
7
Container Host
Container
Application
OS dependencies
Virtual Machine
Application
OS dependencies
Operating System
VIRTUAL MACHINES AND CONTAINERS
VM Isolation
Complete OS
Static Compute
Static Memory
High Resource Usage
Container Isolation
Shared Kernel
Burstable Compute
Burstable Memory
Low Resource Usage
8. OPENSHIFT TECHNICAL OVERVIEW
8
VIRTUAL MACHINES AND CONTAINERS
Container Host
Container
Application
OS dependencies
Dev
IT Ops
Infrastructure
Virtual Machine
Application
OS dependencies
Operating System
IT Ops
(and Dev, sort of)
Infrastructure
Clear ownership boundary
between Dev and IT Ops
drives DevOps adoption
and fosters agility
Optimized for stability
Optimized for agility
9. OPENSHIFT TECHNICAL OVERVIEW
9
Virtual machines are NOT portable across hypervisor and
do NOT provide portable packaging for applications
APPLICATION PORTABILITY WITH VM
VM Type X
Application
OS dependencies
Operating System
BARE METAL PRIVATE CLOUD PUBLIC CLOUD
VIRTUALIZATION
LAPTOP
Application
OS dependencies
Operating System
VM Type Y
Application
OS dependencies
Operating System
VM Type Z
Application
OS dependencies
Operating System
Guest VM
Application
OS dependencies
Operating System
10. OPENSHIFT TECHNICAL OVERVIEW
10
APPLICATION PORTABILITY WITH CONTAINERS
LAPTOP
Container
Application
OS dependencies
Guest VM
RHEL
BARE METAL
Container
Application
OS dependencies
RHEL
VIRTUALIZATION
Container
Application
OS dependencies
Virtual Machine
RHEL
PRIVATE CLOUD
Container
Application
OS dependencies
Virtual Machine
RHEL
PUBLIC CLOUD
Container
Application
OS dependencies
Virtual Machine
RHEL
RHEL Containers + RHEL Host = Guaranteed Portability
Across Any Infrastructure
11. OPENSHIFT TECHNICAL OVERVIEW
11
Base Image
Image Layer 1
Image Layer 2
Image Layer 3
Base RHEL
OS Update Layer
Java Runtime Layer
Application Layer
Container Image Layers Example Container Image
RAPID SECURITY PATCHING USING
CONTAINER IMAGE LAYERING
12. OPENSHIFT TECHNICAL OVERVIEW
A lightweight, OCI-compliant container runtime
12
Available in OpenShift Online (soon)
Tech Preview in OCP 3.7, GA in OCP 3.8
Optimized for
Kubernetes
Any OCI-compliant
container from any
OCI registry
(including docker)
Improve Security and
Performance at scale
42. OPENSHIFT TECHNICAL OVERVIEW
● NodePort binds a service to a
unique port on all the nodes
● Traffic received on any node
redirects to a node with the
running service
● Ports in 30K-60K range which
usually differs from the service
● Firewall rules must allow traffic to
all nodes on the specific port
42
EXTERNAL TRAFFIC TO A SERVICE
ON A RANDOM PORT WITH NODEPORT
43. OPENSHIFT TECHNICAL OVERVIEW
43
EXTERNAL TRAFFIC TO A SERVICE
ON ANY PORT WITH INGRESS
● Access a service with an external
IP on any TCP/UDP port, such as
○ Databases
○ Message Brokers
● Automatic IP allocation from a
predefined pool using Ingress IP
Self-Service
● IP failover pods provide high
availability for the IP pool
45. OPENSHIFT TECHNICAL OVERVIEW
45
● Built-in internal DNS to reach services by name
● Split DNS is supported via SkyDNS
○ Master answers DNS queries for internal services
○ Other nameservers serve the rest of the queries
● Software Defined Networking (SDN) for a unified
cluster network to enable pod-to-pod communication
● OpenShift follows the Kubernetes
Container Networking Interface (CNI) plug-in model
OPENSHIFT NETWORKING
46. OPENSHIFT TECHNICAL OVERVIEW
46
OPENSHIFT NETWORK PLUGINS
* Flannel is minimally verified and is supported only and exactly as deployed in the OpenShift on OpenStack reference architecture
48. OPENSHIFT TECHNICAL OVERVIEW
FLAT NETWORK (Default)
● All pods can communicate with
each other across projects
MULTI-TENANT NETWORK
● Project-level network isolation
● Multicast support
● Egress network policies
NETWORK POLICY (Tech Preview)
● Granular policy-based isolation
48
OPENSHIFT SDN
NODE
POD POD
POD
POD
NODE
POD POD
POD
POD
49. OPENSHIFT TECHNICAL OVERVIEW
49
OPENSHIFT SDN - NETWORK POLICY
Example Policies
● Allow all traffic inside the project
● Allow traffic from green to gray
● Allow traffic to purple on 8080
apiVersion: extensions/v1beta1
kind: NetworkPolicy
metadata:
name: allow-to-purple-on-8080
spec:
podSelector:
matchLabels:
color: purple
ingress:
- ports:
- protocol: tcp
port: 8080
53. OPENSHIFT TECHNICAL OVERVIEW
53
OPENSHIFT SDN WITH
FLANNEL FOR OPENSTACK
Flannel is minimally verified and is supported only and exactly as deployed in the OpenShift
on OpenStack reference architecture https://access.redhat.com/articles/2743631
55. OPENSHIFT TECHNICAL OVERVIEW
55
● EFK stack to aggregate logs for hosts and applications
○ Elasticsearch: an object store to store all logs
○ Fluentd: gathers logs and sends to Elasticsearch.
○ Kibana: A web UI for Elasticsearch.
● Access control
○ Cluster administrators can view all logs
○ Users can only view logs for their projects
● Ability to send logs elsewhere
○ External elasticsearch, Splunk, etc
CENTRAL LOG MANAGEMENT WITH EFK
56. OPENSHIFT TECHNICAL OVERVIEW
CENTRAL LOG MANAGEMENT WITH EFK
ELASTIC
ELASTIC
56
RHEL
NODE
POD POD
POD
POD
FLUENTD
RHEL
NODE
POD POD
POD
POD
FLUENTD
RHEL
NODE
POD POD
POD
POD
FLUENTD
ELASTIC
ELASTIC
ELASTIC
ELASTIC
ELASTIC
ELASTIC
60. OPENSHIFT TECHNICAL OVERVIEW
60
TEN LAYERS OF CONTAINER SECURITY
Container Host & Multi-tenancy
Container Content
Container Registry
Building Containers
Deploying Container
Container Platform
Network Isolation
Storage
API Management
Federated Clusters
61. OPENSHIFT TECHNICAL OVERVIEW
● Secure mechanism for holding sensitive data e.g.
○ Passwords and credentials
○ SSH Keys
○ Certificates
● Secrets are made available as
○ Environment variables
○ Volume mounts
○ Interaction with external systems
● Encrypted in transit
● Never rest on the nodes
61
SECRET MANAGEMENT
63. OPENSHIFT TECHNICAL OVERVIEW
63
● Persistent Volume (PV) is tied to a piece of network storage
● Provisioned by an administrator (static or dynamically)
● Allows admins to describe storage and users to request storage
● Assigned to pods based on the requested size, access mode, labels and type
PERSISTENT STORAGE
NFS
GlusterFS
OpenStack
Cinder
Ceph RBD
AWS EBS
GCE Persistent
Disk
iSCSI
Fiber Channel
Azure Disk
Azure File
FlexVolume
VMWare
vSphere VMDK
66. OPENSHIFT TECHNICAL OVERVIEW
66
● Containerized Red Hat Gluster Storage
● Native integration with OpenShift
● Unified Orchestration using Kubernetes for
applications and storage
● Greater control & ease of use for developers
● Lower TCO through convergence
● Single vendor Support
CONTAINER-NATIVE STORAGE
73. OPENSHIFT TECHNICAL OVERVIEW
73
SERVICE BROKER CONCEPTS
SERVICE
CONSUMER
SERVICE
PROVIDER
SERVICE
CATALOG
SERVICE
BROKER
SERVICE: an offering that can be used by an app e.g. database
PLAN: a specific flavor of a service e.g. Gold Tier
SERVICE INSTANCE: an instance of the offering
PROVISION: creating a service instance
BIND: associate a service instance and its credentials to an app
74. OPENSHIFT TECHNICAL OVERVIEW
● Deploy service broker on or off OpenShift
● Register the broker referring to the deployed broker
● Register the broker services by creating ServiceClass resources
(the service broker might automatically perform this step)
74
HOW TO ADD A SERVICE BROKER
apiVersion: servicecatalog.k8s.io/v1alpha1
kind: Broker
metadata:
name: asb-broker
spec:
url: https://asb-1338-ansible-service-broker.10.2.2.15.nip.io
75. OPENSHIFT TECHNICAL OVERVIEW
75
● Exposes Templates and Instant Apps in the Service Catalog
● Pulled from openshift namespace by default
● Multiple namespaces can be configured for template discovery
TEMPLATE SERVICE BROKER
76. OPENSHIFT TECHNICAL OVERVIEW
76
TEMPLATE SERVER BROKER
PROVISIONING
Template Service
Broker
Node.js
Container
openshift
namespace
nodejs-template
OpenShift
Service Catalog
Service Broker creates a
the objects from the
template
77. OPENSHIFT TECHNICAL OVERVIEW
77
TEMPLATE SERVICE BROKER
BINDING
Template Service
Broker
Node.js
Container
openshift
namespace
nodejs-template
OpenShift
Service Catalog
create binding
Service Broker creates a
binding and secret for
any credentials (config
map, secret, etc) created
by the template
78. OPENSHIFT TECHNICAL OVERVIEW
78
OPENSHIFT ANSIBLE BROKER
● Use Ansible on OpenShift
○ Deploy containerized applications
○ Provision external services (e.g. Oracle database)
○ Provision cloud services (e.g. AWS RDS)
○ Orchestrate multi-service solutions
○ Conditional logic for control on deployments (e.g. database is initialized)
● Leverage existing Ansible playbooks
● Anything you can do with Ansible, you can do with OAB
79. OPENSHIFT TECHNICAL OVERVIEW
79
● Lightweight application definition
● Packaged as a container image
● Embedded Ansible runtime
● Metadata for parameters
● Named playbooks for actions
● Leverage existing Ansible playbooks
● Registry is queried to discover APBs
ANSIBLE PLAYBOOK BUNDLES (APB)
Ansible Playbook Bundle
(Container Image)
Ansible Runtime
├─ roles
├─ playbooks
│ ├─ provision.yaml
│ ├─ unprovision.yaml
│ ├─ bind.yaml
│ └─ unbind.yaml
└─ apb.yaml
80. OPENSHIFT TECHNICAL OVERVIEW
80
OpenShift
Ansible Broker
Red Hat
Container Catalog
Docker
Hub
OpenShift
Registry
mediawiki-apb
postgresql-apb
Discover and list
APBs from the
configured image
registries
OpenShift
Service Catalog
OPENSHIFT ANSIBLE BROKER
PROVISIONING
81. OPENSHIFT TECHNICAL OVERVIEW
81
OpenShift
Ansible Broker
APB
Container
(postgresql)
oc run postgresql-apb provision $vars
Pull APB image and
run it with the broker
action as a parameter
Red Hat
Container Catalog
Docker
Hub
OpenShift
Registry
mediawiki-apb
postgresql-apb
OpenShift
Service Catalog
OPENSHIFT ANSIBLE BROKER
PROVISIONING
82. OPENSHIFT TECHNICAL OVERVIEW
82
Ansible
Service Broker
APB
Container
(postgresql)
oc run postgresql-apb provision $vars ansible-playbook provision.yaml $vars
Postgre
SQL
Container
APB container runs
provision.yaml
playbook to create a
PostgreSQL container
Red Hat
Container Catalog
Docker
Hub
OpenShift
Registry
mediawiki-apb
postgresql-apb
OpenShift
Service Catalog
OpenShift
Service Catalog
OpenShift
Ansible Broker
Postgre
SQL
Container
Red Hat
Container Catalog
Docker
Hub
OpenShift
Registry
mediawiki-apb
postgresql-apb
OPENSHIFT ANSIBLE BROKER
PROVISIONING
83. OPENSHIFT TECHNICAL OVERVIEW
83
OpenShift
Ansible Broker
APB
Container
(postgresql)
Postgre
SQL
Container
APB container runs
bind.yaml
playbook to create
database user
oc run postgresql-apb bind $vars ansible-playbook bind.yaml $vars
Red Hat
Container Catalog
Docker
Hub
OpenShift
Registry
mediawiki-apb
postgresql-apb
MediaWiki
Container
OpenShift
Service Catalog
OPENSHIFT ANSIBLE BROKER
BINDING
84. OPENSHIFT TECHNICAL OVERVIEW
84
OpenShift
Ansible Broker
Postgre
SQL
Container
APB container goes
away and Service Broker
creates a binding for
the PostgreSQL service
Red Hat
Container Catalog
Docker
Hub
OpenShift
Registry
mediawiki-apb
postgresql-apb
create binding
MediaWiki
Container
OpenShift
Service Catalog
OPENSHIFT ANSIBLE BROKER
BINDING
85. OPENSHIFT TECHNICAL OVERVIEW
85
OpenShift
Ansible Broker
Postgre
SQL
Container
Red Hat
Container Catalog
Docker
Hub
OpenShift
Registry
mediawiki-apb
postgresql-apb
MediaWiki
Container
OpenShift
Service Catalog
mount binding secret
Service Catalog creates
a secret for the binding,
containing the database
credentials
OPENSHIFT ANSIBLE BROKER
BINDING
86. OPENSHIFT TECHNICAL OVERVIEW
86
OpenShift
Ansible Broker
Postgre
SQL
Container
MediaWiki container
uses the credentials in
the secret to connect
to the PostgreSQL
database
Red Hat
Container Catalog
Docker
Hub
OpenShift
Registry
mediawiki-apb
postgresql-apb
MediaWiki
Container
OpenShift
Service Catalog
mount binding secret
OPENSHIFT ANSIBLE BROKER
BINDING
87. OPENSHIFT TECHNICAL OVERVIEW
87
● Targets Top 10 AWS Services
● Uses Ansible Playbook Bundles
● Available in OpenShift 3.7
AWS SERVICE BROKER
SQS
RDS
DynamoDB
AWS Batch
S3
SNS
EMR
Redshift SES
ElastiCache Route 53
88. OPENSHIFT TECHNICAL OVERVIEW
88
AWS PROVISIONING
AWS
RDS
Compatible
Docker
Registries
oc run rds-apb provision $vars ansible-playbook provision.yaml $vars
APB container runs
provision.yaml playbook
to interact with CFN and
create RDS instance
OpenShift
Service Catalog
APB
Container
(rds)
OpenShift
Ansible Broker
AWS ECR
s3-apb
rds-apb
AWS
Cloud
Formation
90. OPENSHIFT TECHNICAL OVERVIEW
90
TOP CHALLENGES OF
RUNNING CONTAINERS AT SCALE
SERVICE
HEALTH
SECURITY
& COMPLIANCE
FINANCIAL
MANAGEMENT
OPERATIONAL
EFFICIENCY
92. OPENSHIFT TECHNICAL OVERVIEW
● CloudForms continuously discovers your
infrastructure in near real time.
● CloudForms discovers and visualizes
relationships between infra components
● CloudForms cross references inventory
across technologies.
● CloudForms offers custom automation via
control policy or UI extensions
92
OPERATIONAL EFFICIENCY
94. OPENSHIFT TECHNICAL OVERVIEW
● CloudForms monitors resource
consumption and shows trends
● CloudForms alerts on performance
thresholds or other events
● CloudForms offers right-sizing
recommendations
● CloudForms enforces configuration and
tracks it over time.
94
SERVICE HEALTH
98. OPENSHIFT TECHNICAL OVERVIEW
● Define cost models for infrastructure and
understand your cost.
● Rate schedules per platform and per tenant
with multi-tiered and multi-currency
support
● CloudForms shows top users for CPU,
memory, as well as cost.
● Chargeback/showback to projects based on
container utilization.
98
FINANCIAL MANAGEMENT
101. OPENSHIFT TECHNICAL OVERVIEW
Application Release Strategies with OpenShift
Building Polyglot Microservices on OpenShift
Building JBoss EAP 6 Microservices on OpenShift
Building JBoss EAP 7 Microservices on OpenShift
Business Process Management with JBoss BPMS on OpenShift
Build and Deployment of Java Applications on OpenShift
Building Microservices on OpenShift with Fuse Integration...
JFrog Artifactory on OpenShift Container Platform
Spring Boot Microservices on Red Hat OpenShift
API Management with Red Hat 3scale on OpenShift
OpenShift on VMware vCenter
OpenShift on Red Hat OpenStack Platform
OpenShift on Amazon Web Services
OpenShift on Google Cloud Platform
OpenShift on Microsoft Azure
OpenShift on Red Hat Virtualization
OpenShift on HPE Servers with Ansible Tower
OpenShift on VMware vCenter 6 with Gluster
Deploying an OpenShift Distributed Architecture
OpenShift Architecture and Deployment Guide
OpenShift Scaling, Performance, and Capacity Planning
101
REFERENCE ARCHITECTURES
108. OPENSHIFT TECHNICAL OVERVIEW
108
EXAMPLE: USE ANY RUNTIME IMAGE WITH
SOURCE-TO-IMAGE BUILDS
Use Source-to-Image to build app binaries and deploy on lean vanilla runtimes
read more on https://blog.openshift.com/chaining-builds/
109. OPENSHIFT TECHNICAL OVERVIEW
109
EXAMPLE: USE ANY BUILD TOOL WITH
OFFICIAL RUNTIME IMAGES
Use your choice of build tool like Gradle and deploy to official images like the JDK image
read more on https://blog.openshift.com/chaining-builds/
110. OPENSHIFT TECHNICAL OVERVIEW
110
EXAMPLE: SMALL LEAN RUNTIMES
Build the app binary and deploy on small scratch images
read more on https://blog.openshift.com/chaining-builds/
112. OPENSHIFT TECHNICAL OVERVIEW
CI/CD WITH BUILD AND DEPLOYMENTS
112
BUILDS
● Webhook triggers: build the app image whenever the code changes
● Image trigger: build the app image whenever the base language or app runtime changes
● Build hooks: test the app image before pushing it to an image registry
DEPLOYMENTS
● Deployment triggers: redeploy app containers whenever configuration changes or the
image changes in the OpenShift integrated registry or upstream registries
115. OPENSHIFT TECHNICAL OVERVIEW
115
JENKINS-AS-A-SERVICE ON OPENSHIFT
● Certified Jenkins images with pre-configured plugins
○ Provided out-of-the-box
○ Follows Jenkins 1.x and 2.x LTS versions
● Jenkins S2I Builder for customizing the image
○ Install Plugins
○ Configure Jenkins
○ Configure Build Jobs
● OpenShift plugins to integrate authentication with
OpenShift and also CI/CD pipelines
● Dynamically deploys Jenkins slave containers
116. OPENSHIFT TECHNICAL OVERVIEW
● Scale existing Jenkins infrastructure by dynamically provisioning Jenkins slaves on OpenShift
● Use Kubernetes plug-in on existing Jenkin servers
116
HYBRID JENKINS INFRA WITH OPENSHIFT
117. OPENSHIFT TECHNICAL OVERVIEW
● Existing CI/CD infrastructure outside OpenShift performs operations against OpenShift
○ OpenShift Pipeline Jenkins Plugin for Jenkins
○ OpenShift CLI for integrating other CI Engines with OpenShift
● Without disrupting existing processes, can be combined with previous alternative
117
EXISTING CI/CD DEPLOY TO OPENSHIFT
118. OPENSHIFT TECHNICAL OVERVIEW
118
OPENSHIFT PIPELINES
● OpenShift Pipelines allow defining a
CI/CD workflow via a Jenkins pipeline
which can be started, monitored, and
managed similar to other builds
● Dynamic provisioning of Jenkins slaves
● Auto-provisioning of Jenkins server
● OpenShift Pipeline strategies
○ Embedded Jenkinsfile
○ Jenkinsfile from a Git repository
apiVersion: v1
kind: BuildConfig
metadata:
name: app-pipeline
spec:
strategy:
type: JenkinsPipeline
jenkinsPipelineStrategy:
jenkinsfile: |-
node('maven') {
stage('build app') {
git url: 'https://git/app.git'
sh "mvn package"
}
stage('build image') {
sh "oc start-build app --from-file=target/app.jar
}
stage('deploy') {
openshiftDeploy deploymentConfig: 'app'
}
}
128. OPENSHIFT TECHNICAL OVERVIEW
BOOTSTRAP
● Pick your programming language and application runtime of choice
● Create the project skeleton from scratch or use a generator such as
○ Maven archetypes
○ Quickstarts and Templates
○ OpenShift Generator
○ Spring Initializr
128
LOCAL DEVELOPMENT WORKFLOW
129. OPENSHIFT TECHNICAL OVERVIEW
129
DEVELOP
● Pick your framework of choice such as Java EE, Spring, Ruby on Rails, Django, Express, ...
● Develop your application code using your editor or IDE of choice
● Build and test your application code locally using your build tools
● Create or generate OpenShift templates or Kubernetes objects
LOCAL DEVELOPMENT WORKFLOW
130. OPENSHIFT TECHNICAL OVERVIEW
130
LOCAL DEPLOY
● Deploy your code on a local OpenShift cluster
○ Red Hat Container Development Kit (CDK), minishift and oc cluster
● Red Hat CDK provides a standard RHEL-based development environment
● Use binary deploy, maven or CLI rsync to push code or app binary directly into
containers
LOCAL DEVELOPMENT WORKFLOW
131. OPENSHIFT TECHNICAL OVERVIEW
131
VERIFY
● Verify your code is working as expected
● Run any type of tests that are required with or without other components (database, etc)
● Based on the test results, change code, deploy, verify and repeat
LOCAL DEVELOPMENT WORKFLOW
132. OPENSHIFT TECHNICAL OVERVIEW
132
GIT PUSH
● Push the code and configuration to the Git repository
● If using Fork & Pull Request workflow, create a Pull Request
● If using code review workflow, participate in code review discussions
LOCAL DEVELOPMENT WORKFLOW
133. OPENSHIFT TECHNICAL OVERVIEW
PIPELINE
● Pushing code to the Git repository triggers one or multiple deployment pipelines
● Design your pipelines based on your development workflow e.g. test the pull request
● Failure in the pipeline? Go back to the code and start again
133
LOCAL DEVELOPMENT WORKFLOW
135. OPENSHIFT TECHNICAL OVERVIEW
135
A PLATFORM THAT GROWS WITH YOUR BUSINESS
Data
Virtualization
Real Time
Decision
Intelligent
Process
Integration Messaging Data Grid
Java EE
Application
Web
Application
Single
Sign-On
Mobile
API
Management
Micro
services
139. OPENSHIFT TECHNICAL OVERVIEW
139
WHAT YOU NEED FOR MICROSERVICES?
Visibility & Reporting
Resilience & Fault Tolerance
Routing & Traffic Control
Identity & Security
Policy Enforcement
140. OPENSHIFT TECHNICAL OVERVIEW
140
WHAT YOU NEED FOR MICROSERVICES?
Visibility & Reporting
Resilience & Fault Tolerance
Routing & Traffic Control
Identity & Security
Policy Enforcement
Istio
141. OPENSHIFT TECHNICAL OVERVIEW
Control
Plane
141
WHAT IS ISTIO?
a service mesh to connect, manage, and secure microservices
Pilot Mixer Auth
Data
Plane
Pod
Envoy
App
Pod
Envoy
App
Pod
Envoy
App
Pod
Envoy
App