Openshift Enterprise: A Containerized Application Platform
Openshift Enterprise: A Containerized Application Platform
Openshift Enterprise: A Containerized Application Platform
@SamuelTerburg
OpenShift “Specialist” Solution Architect
March 2016
Agenda
• Docker
• Kubernetes added-value
• OpenShift added-value
• Demo
• Q&A
Container Technology
- Docker
Docker Registry
Images & Containers Image A Image B
App A App B
Libs A Libs B
Jboss-EAP
JDK
RHEL
Traditional
shared
Virtual
system isolation
Container
process isolation
• Kernel Namespaces
• Process
• Network
• IPC
App1 App2 App3 • Mount
• User
• Resource Limits
• Cgroups
Linux Kernel • Security
• SELinux
• Runs anywhere
- Public cloud
- Private cloud
- Bare metal
• Strong ecosystem
- Partners: Red Hat, VMware, CoreOS..
- Community: clients, integration
Visitor
Logging
Core Concepts ELK Kubernetes Cluster
Router
Registry
Service
• Pod Image
•
POD Definition:
• Group of Containers
• Related to each other
• Same namespace
• Emphemeral
Examples:
• Wordpress
• MySQL
• Wordpress + MySQL
• ELK
• Nginx+Logstash
• Auth-Proxy+PHP
• App + data-load
Replication Controller Kubernetes Cluster
• Pod Scaling
kind: ReplicationController
metadata: • Pod Monitoring
name: nginx • Rolling updates
spec:
replicas: 2
selector: Master
app: nginx Replication
template: Pod Pod
Controller
metadata:
name: nginx Dev/Ops API Node Node
labels:
app: nginx
spec: “nginx” etcd
RC Object
containers:
- name: nginx
image: nginx:v2.2
ports: Node
- containerPort: 80
172.16.0.1:3386
DB
db.project.cluster.local
Service Definition:
• Load-Balanced Virtual-IP (layer 4)
• Abstraction layer for your App PHP
• Enables Service Discovery
MySQL
• DNS MySQL
• ENV 10.1.0.1:3306
<?php 10.2.0.1:3306
mysql_connect(getenv(“db_host”))
Examples: mysql_connect(“db:3306”)
• frontend ?>
• database
• api
3. Update
Service Rule
Redirect
- apiVersion: v1
kind: Service 2. Watch
metadata: Changes
labels: Kube Kube
IPTables IPTables
Proxy Proxy
app: MySQL
role: BE Master PHP
1. Create
phase: DEV Object
name: MySQL MySQL
MySQL
spec: 10.1.0.1:3306
ports: Dev/Ops API 10.2.0.1:3306
- name: mysql-data
port: 3386 “DB” etcd
Service Object
protocol: TCP
targetPort: 3306 SkyDNS
selector:
2. Watch Node
app: MySQL 1. Register
Changes
role: BE Pod Object
sessionAffinity: None 3. Register
type: ClusterIP Service
Labels & Selectors
think SQL ‘select ... where ...’ Role: BE
- apiVersion: v1 - apiVersion: v1
kind: Service kind: Pod
Service
metadata: metadata: Role: FE
labels: labels: Phase: Dev
app: MyApp app: MyApp
role: BE role: BE Pod
phase: DEV phase: DEV
name: MyApp Pod
name: MyApp Pod
spec:
ports: Role: BE
Phase: TST Role: BE
- name: 80-tcp
Phase: DEV
port: 80
protocol: TCP
targetPort: 8080
selector:
app: MyApp
role: BE
sessionAffinity: None
type: ClusterIP
Visitor
Ingress / Router
apiVersion: Router https://mysite.nl/service1/
extensions/v1beta1
kind: Ingress 172.16.0.1:3386
metadata: Service
db.project.cluster.local
• Router Definition: name: mysite
• Layer 7 Load-Balancer / spec:
Reverse Proxy rules:
PHP
- host: www.mysite.nl
• SSL/TLS Termination http: MySQL
• Name based Virtual Hosting paths: MySQL
• Context Path based Routing - path: /foo 10.1.0.1:3306
10.2.0.1:3306
• Customizable (image) backend:
serviceName: s1
• HA-Proxy
servicePort: 80
• F5 Big-IP - path: /bar
backend:
Examples: serviceName: s2
servicePort: 80
• https://www.mysite.nl/myapp1/
• http://www.mysite.nl/myapp2
Persistent Storage kind: PersistentVolume Kubernetes Cluster
metadata:
name: pv0003
for Ops: spec:
• Google capacity:
• AWS EBS storage: 8Gi
accessModes:
• OpenStack's Cinder - ReadWriteOnce
• Ceph nfs: Pod
path: /tmp Pod
• GlusterFS server: 172.17.0.2 Pod
• NFS
• iSCSI Node Node
kind: PersistentVolumeClaim
• FibreChannel metadata:
• EmptyDir name: myclaim
spec:
accessModes:
Volume
for Dev: - ReadWriteOnce
resources:
• “Claim” requests:
Storage
storage: 8Gi
Persistent Volume Claim
Ops Dev
Persistent Volume Farm Projects Claim and Mount
Project: ABC
pod
5G
SSD
10G pod
Storage
Provider(s)
Project: XYZ
pod
10G
SSD
40G pod
etcd
SkyDNS
Volume
Policies
Storage
Node
OpenShift as a Development Platform
• Project spaces
• Build tools
• Integration with your IDE
We need more than just Orchestration !
Secure
Self Service
- Namespaced
-Templates
- RBAC
- Web Console
Scalable
Multi-Language - Integrated LB
Secure
Self Service
- Namespaced
-Templates
- RBAC
- Web Console
Scalable
Multi-Language - Integrated LB
OpenShift: Kubernetes:
• 1 Binary for Master • ApiServer, Controller, Scheduler, Etcd
• 1 Binary for Node • KubeProxy, Kubelet
• 1 Binary for Client • Kubectl
• Docker-image
• Vagrant-image
Project Namespaces
Project Project “Prod” Project “Dev” Project
• Sandboxed Environment Global Services
• Network VXLan
• Authorization Policies
APP A APP C
• Resource Quotas Image Image
• Ops in Control, Dev Freedom
Image Service
Pod
Replication Pod
Controller Pod
Dev/Ops API Node Node
etcd
SkyDNS
Volume
Policies
Storage
Master
Logging
OpenShift Visitor
EFK
PaaS Architecture OpenShift Cluster
Router
Registry
• Added “Build”
• Added “Deployment” Build Image Service
• s/ELK/EFK/g config
• s/Ingress/Router/g
Deploy
• Added Policies + tools Pod
• Added WebConsole Replication Pod
Controller Pod
Web
Dev/Ops API Node Node
Console
• OpenShift-SDN isolation etcd
SkyDNS
Volume
Policies
Storage
Master
Logging
OpenShift Visitor
EFK
Build & Deploy Architecture OpenShift Cluster
kind: "BuildConfig“ Router
metadata: Registry
name: “myApp-build“
spec: Build Image Service
source:
type: "Git“ config
git:
uri: "git://gitlab/project/hello.git“ Deploy
dockerfile: “jboss-eap-6“ Pod
strategy:
Replication Pod
type: "Source“
sourceStrategy: Controller Pod
from:
kind: "Image“ Dev/Ops API Node Node
name: “jboss-eap-6:latest“
output:
to: etcd
kind: “Image“
name: “myApp:latest“ SkyDNS
triggers:
- type: "GitHub“ Volume
github: Policies
secret: "secret101“ Storage
- type: "ImageChange“ Master
# oc start-build myApp-build
Can configure triggers for
automated deployments,
Code
Builder Images
• Jboss-EAP Developer
• PHP
• Python
• Ruby Source
• Jenkins
Customer
Build 2
• Image Builder
• C++ / Go
Image
• S2I (bash) scripts
ln –s /var/lib/origin/openshift.local.config/admin.kubectl
docker run openshift/origin ~/.kubectl
* Coming Soon
CloudForms Management
nl.linkedin.com/in/samuelterburg twitter.com/SamuelTerburg
youtube.com/user/RedHatVideos