OpenShift Enterprise

a Containerized Application Platform

@SamuelTerburg
OpenShift Specialist Solution Architect
March 2016
 Agenda

Docker
Kubernetes added-value
OpenShift added-value
Demo
Q&A
Container Technology
- Docker
 Docker Registry
Images & Containers Image A Image B
App A App B
Libs A Libs B
Jboss-EAP
JDK
RHEL

Docker Image docker pull <image> Container Container Container

Unified Packaging format

Like war or tar.gz APP A APP B APP C

For any type of Image Image Image
Application

Portable
Docker Engine

Docker Container Host Minimal OS

Runtime Hardware

Isolation
RED HAT OPENSHIFT ENTERPRISE 4
 Evolution

Traditional
shared
Virtual
system isolation
Container
process isolation

APP A APP B APP C Container Container Container

APP A APP B
LIBS A LIBS B LIBS C APP A APP B APP C
LIBS A LIBS B LIBS.. Guest OS Guest OS Guest OS LIBS A LIBS B LIBS C
Host OS Hypervisor Host Minimal OS
Hardware Hardware Hardware

RED HAT OPENSHIFT ENTERPRISE 5

 Isolation, not Virtualization

Kernel Namespaces

Process

Network

IPC
App1 App2 App3
Mount

User

Resource Limits

Cgroups
Linux Kernel
Security

SELinux

RED HAT OPENSHIFT ENTERPRISE

Container Orchestration
- Kubernetes
We need more than just packing and isolation
Kubernetes Container Orchestration at Scale
Greek for Helmsman; also the root of the word Governor and cybernetic

Container Cluster Manager

- Inspired by the technology that runs Google

Runs anywhere
- Public cloud
- Private cloud
- Bare metal

Strong ecosystem
- Partners: Red Hat, VMware, CoreOS..
- Community: clients, integration
 Visitor
Logging
Core Concepts ELK Kubernetes Cluster
Router

Registry
Service
Pod Image

Labels & Selectors Master Pod

Replication Pod
Controller Pod

ReplicationController
Dev/Ops API Node Node

Service etcd

Persistent Volumes SkyDNS

Volume
Policies
Storage
Node
 Pods

POD Definition:
Group of Containers
Related to each other
Same namespace
Emphemeral

Examples:
Wordpress
MySQL
Wordpress + MySQL
ELK
Nginx+Logstash
Auth-Proxy+PHP
App + data-load
 Replication Controller Kubernetes Cluster
Pod Scaling
kind: ReplicationController
metadata:
Pod Monitoring
name: nginx Rolling updates
spec:
replicas: 2
selector: Master
app: nginx Replication
template: Pod Pod
Controller
metadata:
name: nginx Dev/Ops API Node Node
labels:
app: nginx
nginx etcd
spec: RC Object
containers:
- name: nginx
image: nginx:v2.2
ports: Node
- containerPort: 80

# kubectl create f nginx-rc.yaml

 Visitor
Service Kubernetes Cluster

172.16.0.1:3386
DB
db.project.cluster.local
Service Definition:
Load-Balanced Virtual-IP (layer 4)
Abstraction layer for your App PHP
Enables Service Discovery
MySQL
DNS MySQL
ENV 10.1.0.1:3306
<?php 10.2.0.1:3306
mysql_connect(getenv(db_host))
Examples: mysql_connect(db:3306)
frontend ?>
database
api
 3. Update
Service Rule Redirect

- apiVersion: v1
kind: Service 2. Watch
metadata: Changes
labels: Kube
Proxy
IPTables
Kube
Proxy
IPTables
app: MySQL
role: BE Master PHP
1. Create
phase: DEV Object
name: MySQL MySQL
MySQL
spec: 10.1.0.1:3306
ports: Dev/Ops API 10.2.0.1:3306
- name: mysql-data
port: 3386 DB etcd
protocol: TCP Service Object

targetPort: 3306 SkyDNS

selector:
2. Watch Node
app: MySQL 1. Register
Changes
role: BE Pod Object
sessionAffinity: None 3. Register
type: ClusterIP Service
 Labels & Selectors
think SQL select ... where ... Role: BE
- apiVersion: v1 - apiVersion: v1
kind: Service kind: Pod
Service
metadata: metadata: Role: FE
labels: labels: Phase: Dev
app: MyApp app: MyApp
role: BE role: BE Pod
phase: DEV phase: DEV
name: MyApp Pod
name: MyApp Pod
spec:
ports: Role: BE
Phase: TST Role: BE
- name: 80-tcp
Phase: DEV
port: 80
protocol: TCP
targetPort: 8080
selector:
app: MyApp
role: BE
sessionAffinity: None
type: ClusterIP
 Visitor
Ingress / Router
apiVersion: Router https://mysite.nl/service1/
extensions/v1beta1
kind: Ingress 172.16.0.1:3386
metadata: Service
db.project.cluster.local
Router Definition: name: mysite
Layer 7 Load-Balancer / spec:
Reverse Proxy rules:
PHP
- host: www.mysite.nl
SSL/TLS Termination
http: MySQL
Name based Virtual Hosting paths: MySQL
Context Path based Routing - path: /foo 10.1.0.1:3306
10.2.0.1:3306
Customizable (image) backend:
HA-Proxy serviceName: s1
servicePort: 80
F5 Big-IP - path: /bar
backend:
Examples: serviceName: s2
servicePort: 80
https://www.mysite.nl/myapp1/
http://www.mysite.nl/myapp2
 Persistent Storage kind: PersistentVolume Kubernetes Cluster
metadata:
name: pv0003
for Ops: spec:

Google capacity:

AWS EBS storage: 8Gi

accessModes:

OpenStack's Cinder - ReadWriteOnce

Ceph nfs: Pod

path: /tmp Pod

GlusterFS server: 172.17.0.2 Pod

NFS

iSCSI Node Node

kind: PersistentVolumeClaim

FibreChannel metadata:

EmptyDir name: myclaim

spec:
accessModes:
Volume
for Dev: - ReadWriteOnce
resources: Storage

Claim requests:
storage: 8Gi
 Persistent Volume Claim

Ops Dev
Persistent Volume Farm Projects Claim and Mount

Project: ABC
pod
5G
SSD
10G pod
Storage
Provider(s)
Project: XYZ
pod
10G
SSD
40G pod

RED HAT OPENSHIFT ENTERPRISE 23

 Networking

Each Host = 256 IPs

Each POD = 1 IP

Programmable Infra: Overlay Networks:

GCE / GKE
Flannel

AWS
Weave

OpenStack
OpenShift-SDN

Nuage
Open vSwitch

RED HAT OPENSHIFT ENTERPRISE

 Visitor
Logging
Hosting Platform ELK Kubernetes Cluster
Router
Scheduling Registry
Lifecycle and health Service
Discovery Image
Monitoring
Auth{n,z} Master Pod
Replication
Scaling Controller
Pod
Pod
Dev/Ops API Node Node

etcd

SkyDNS
Volume
Policies
Storage
Node
OpenShift as a Development
Platform
Project spaces
Build tools
Integration with your IDE
 We need more than just Orchestration !

Secure
Self Service
- Namespaced
-Templates
- RBAC
- Web Console
Scalable
Multi-Language - Integrated LB

Automation Open Source

- Deploy
- Build
Enterprise
DevOps - Authentication
Collaboration - Web Console
- Central Logging

RED HAT OPENSHIFT ENTERPRISE

 OpenShift
We is Red
need more Hats
than justContainer Application Platform (PaaS)
Orchestration

Secure
Self Service
- Namespaced
-Templates
- RBAC
- Web Console
Scalable
Multi-Language - Integrated LB

Automation Open Source

- Deploy
- Build
Enterprise
DevOps - Authentication
Collaboration - Web Console
- Central Logging

RED HAT OPENSHIFT ENTERPRISE

Kubernetes Embedded

https://master:8443/api = Kubernetes API

/oapi = OpenShift API
/console = OpenShift WebConsole

OpenShift: Kubernetes:
1 Binary for Master ApiServer, Controller, Scheduler, Etcd
1 Binary for Node KubeProxy, Kubelet
1 Binary for Client Kubectl

Docker-image
Vagrant-image
 Project Namespaces
Project Project Prod Project Dev Project
Sandboxed Environment Global Services
Network VXLan
Authorization Policies
APP A APP C
Resource Quotas Image Image
Ops in Control, Dev
Freedom
App OpenShift Platform
Images run in Containers
Grouped together as a oc new-project Project-Dev
Service oc policy add-role-to-user admin scientist1
Defined as Template oc new-app
--source=https://gitlab/MyJavaApp
--docker-image=jboss-eap
 Logging Visitor
Kubernetes ELK
Hosting Architecture Ingress
Kubernetes Cluster
Registry

Image Service

Pod
Replication Pod
Controller Pod
Dev/Ops API Node Node

etcd

SkyDNS
Volume
Policies
Storage
Master
OpenShift Logging Visitor

PaaS Architecture EFK

OpenShift Cluster
Router
Registry
Added Build
Added Deployment Build Image Service
s/ELK/EFK/g config
s/Ingress/Router/g
Deploy
Added Policies + tools Pod
Added WebConsole Replication Pod
Controller Pod
Web
Dev/Ops API Node Node
Console
OpenShift-SDN isolation etcd

SkyDNS
Volume
Policies
Storage
Master
OpenShift Logging Visitor

Build & Deploy Architecture EFK

OpenShift Cluster
kind: "BuildConfig Router
metadata: Registry
name: myApp-build
spec: Build Image Service
source:
type: "Git config
git:
uri: "git://gitlab/project/hello.git Deploy
dockerfile: jboss-eap-6 Pod
strategy:
Replication Pod
type: "Source
sourceStrategy: Controller Pod
from:
kind: "Image Dev/Ops API Node Node
name: jboss-eap-6:latest
output:
to: etcd
kind: Image
name: myApp:latest
SkyDNS
triggers:
- type: "GitHub Volume
github: Policies
secret: "secret101 Storage
- type: "ImageChange Master
# oc start-build myApp-build
 Can configure triggers for
automated deployments,

Build & Deploy an Image SCM

builds, and more.

Code
Builder Images

Jboss-EAP Developer

PHP

Python

Ruby Source

Jenkins
Customer
Build 2

Image Builder

C++ / Go
Image

S2I (bash) scripts

Triggers Can configure different

deployment strategies
Image Change (tagging)
Deploy

Container Image like A/B, Rolling upgrade,

Code Change (webhook) Automated base updates,
and more.

Config Change
OpenShift Logging Visitor

Build & Deploy Architecture EFK

OpenShift Cluster
kind: DeploymentConfig Router
metadata: Registry
name: myApp
spec: Build Image Service
replicas: 2
selector:
app: nginx
template: Deploy
metadata: Pod
name: nginx
Replication Pod
labels:
app: nginx Controller Pod
spec:
containers: Dev/Ops API Node Node
- name: nginx
image: nginx:latest
ports: etcd
- containerPort: 80
triggers:
SkyDNS
- type: "ImageChange
from: Volume
kind: Image Policies
name: nginx:latest Storage
Master
# oc deploy myApp --latest
Continuous Integration Pipeline example
registry
commit webhook ImageChange
Source Build Deploy
:test container registry
:test
Deploy Test Tag
:test-fw :uat
ImageChange ITIL registry
Deploy Approve Tag
:uat :prod
ImageChange
Deploy
:prod

RED HAT OPENSHIFT ENTERPRISE

Template
apiVersion: v1 apiVersion: v1 Router
kind: List kind: Template
Items: metadata:
- apiVersion: v1 name: redis-template Service
kind: Pod annotations:
description: "Description
- apiVersion: v1 iconClass: "icon-redis
kind: Service tags: "database,nosql
objects: PHP
- apiVersion: v1
Kubernetes kind: Pod MySQL
MySQL
curl s https://get.helm.sh | bash parameters:
- description: Password
helm update from: '[A-Z0-9]{8}
helm search redis generate: expression
helm install redis name: REDIS_PASSWORD
labels:
redis: master

Deis Helm OpenShift

Demo
 Setup
yum install docker-engine

docker run openshift/origin

curl s https://get.helm.sh | bash

helm update
 Setup
yum install docker-engine

docker run -d openshift/origin

--name "ose" --privileged --net=host --pid=host \
-v /:/rootfs:ro \
curl s-vhttps://get.helm.sh
/var/run:/var/run:rw| bash
\
helm update
-v /sys:/sys:ro \
-v /var/lib/docker:/var/lib/docker:rw \
-v /var/lib/origin/openshift.local.volumes:/var/lib/origin/openshift.local.volumes:z \
-v /var/lib/origin/openshift.local.config:/var/lib/origin/openshift.local.config:z \
-v /var/lib/origin/openshift.local.etcd:/var/lib/origin/openshift.local.etcd:z \
openshift3/ose start \
--master="https://${OSE_MASTER_IP}:8443" \
--etcd-dir="/var/lib/origin/openshift.local.etcd" \
--hostname=`hostname` \
--cors-allowed-origins=.*

curl s https://get.helm.sh | bash

helm update
 Setup Client
yum install
docker run docker-engine
entrypoint=cat openshift/origin /usr/bin/oc >/usr/local/bin/oc

docker
ln s /var/lib/origin/openshift.local.config/admin.kubectl
run openshift/origin ~/.kubectl

curl s https://get.helm.sh | bash

helm update
 OpenShift's Added Value

OpenShift User Experience

Build
- Idm (LDAP,SSO)
Enterprise - Web-Console
- JBoss xPaas images
Enterprise Management & Integration - Eclipse & Jenkins integrations
- Router
- Logging & Metrics
Container Development - SDN

Kubernetes Container orchestration Deploy

Docker Container runtime environment Run

Atomic Minimal OS Host

RED HAT OPENSHIFT ENTERPRISE 50

 Our JBoss Middleware xPaas Service Catalog

Application Integration Business Mobile

Container Services Services Process Services Services

JBoss EAP Fuse Business Process Red Hat Mobile /

JBoss Web Server / A-MQ Management * FeedHenry *
Tomcat Data Virtualization Business Rules
JBoss Developer Studio Management System

* Coming Soon
 CloudForms Management

RED HAT OPENSHIFT ENTERPRISE

 RED HAT CLOUD SUITE FOR APPLICATIONS
Cloud Management Alternative Virtualization OpenStack Containers Development

RED HAT OPENSHIFT ENTERPRISE

 Questions?
plus.google.com/+RedHat facebook.com/redhatinc

nl.linkedin.com/in/samuelterburg twitter.com/SamuelTerburg

youtube.com/user/RedHatVideos

RED HAT OPENSHIFT ENTERPRISE