openshift enterprise 3.1 vs kubernetes

a Containerized Application Platform

@SamuelTerburgOpenShift “Specialist” Solution ArchitectMarch 2016

OpenShift Enterprise

• Docker• Kubernetes added-value• OpenShift added-value• Demo• Q & A

Agenda

Container Technology- Docker

RED HAT OPENSHIFT ENTERPRISE

Image BImage AImages & Containers

4

●Docker “Image”• Unified Packaging format

• Like “war” or “tar.gz”• For any type of

Application• Portable

●Docker “Container”• Runtime• Isolation

Hardware

Container

APP AImage

Host Minimal OS

Container

APP BImage

Container

APP CImage

Docker Engine

Docker Registry

RHELJDK

Jboss-EAPLibs A Libs BApp A App B

docker pull <image>


Evolution

5

Hardware

Host OS

LIBS A LIBS B LIBS..

APP A APP B

Hardware

Guest OSLIBS A

APP A

Hypervisor

Guest OSLIBS B

APP B

Guest OSLIBS C

APP C

Hardware

Container

LIBS A

APP A

Host Minimal OS

Container

LIBS B

APP B

Container

LIBS C

APP C

Traditional Virtual Containershared system isolation process isolation


Linux Kernel

App1 App2 App3

Isolation, not Virtualization• Kernel Namespaces

• Process• Network• IPC• Mount• User

• Resource Limits• Cgroups

• Security• SELinux

Container Orchestration- Kubernetes

We need more than just packing and isolation

Kubernetes – Container Orchestration at ScaleGreek for “Helmsman”; also the root of the word “Governor” and “cybernetic”

• Container Cluster Manager- Inspired by the technology that runs Google

• Runs anywhere- Public cloud- Private cloud- Bare metal

• Strong ecosystem- Partners: Red Hat, VMware, CoreOS..- Community: clients, integration

Kubernetes Cluster

Registry

Master

Node

Node

Storage

Pod

Volume

Node

Service

Pod

Pod

Image

Core Concepts

Pod•

• Labels & Selectors•

• ReplicationController•

• Service•

• Persistent Volumes•

etcd

SkyDNS

ReplicationController

APIDev/Ops

Visitor

Router

Policies

Logging

ELK

Pods

POD Definition:• Group of Containers• Related to each other• Same namespace• Emphemeral

Examples:• Wordpress• MySQL• Wordpress + MySQL• ELK• Nginx+Logstash• Auth-Proxy+PHP• App + data-load

Kubernetes Cluster

Master

Node

Node

Pod

Node

Pod

Replication Controller

etcd


APIDev/Ops

kind: ReplicationControllermetadata: name: nginxspec: replicas: 2 selector: app: nginxtemplate: metadata: name: nginx labels: app: nginx spec: containers: - name: nginx image: nginx:v2.2 ports: - containerPort: 80

“nginx”RC Object

• Pod Scaling• Pod Monitoring• Rolling updates

# kubectl create –f nginx-rc.yaml

Kubernetes Cluster

MySQL

DB

MySQL

Service

Service Definition:• Load-Balanced Virtual-IP (layer 4)• Abstraction layer for your App• Enables Service Discovery

• DNS • ENV

Examples:• frontend• database• api

172.16.0.1:3386

PHP

10.1.0.1:330610.2.0.1:3306

db.project.cluster.local

Visitor

<?php mysql_connect(getenv(“db_host”)) mysql_connect(“db:3306”)?>

MySQLMySQL

Service

PHP

10.1.0.1:330610.2.0.1:3306

Master

Node

etcd

SkyDNS

APIDev/Ops

“DB”Service Object

KubeProxy IPTables Kube

Proxy IPTables

3. Register Service

2. Watch Changes

Redirect3. Update Rule

2. Watch Changes

- apiVersion: v1 kind: Service metadata: labels: app: MySQL role: BE phase: DEV name: MySQL spec: ports: - name: mysql-data port: 3386 protocol: TCP targetPort: 3306 selector: app: MySQL role: BE sessionAffinity: None type: ClusterIP

1. Create Object

1. Register Pod Object

Pod

Service

Pod

Pod

Labels & Selectors- apiVersion: v1 kind: Service metadata: labels: app: MyApp role: BE phase: DEV name: MyApp spec: ports: - name: 80-tcp port: 80 protocol: TCP targetPort: 8080 selector: app: MyApp role: BE sessionAffinity: None type: ClusterIP

Role: FEPhase: Dev

Role: BEPhase: DEV

Role: BEPhase: TST

Role: BEthink SQL ‘select ... where ...’- apiVersion: v1 kind: Pod metadata: labels: app: MyApp role: BE phase: DEV name: MyApp

MySQL

Service

MySQL

Ingress / Router

• Router Definition:• Layer 7 Load-Balancer /

Reverse Proxy• SSL/TLS Termination• Name based Virtual Hosting• Context Path based Routing• Customizable (image)

• HA-Proxy• F5 Big-IP

Examples:• https://www.mysite.nl/myapp1/• http://www.mysite.nl/myapp2

172.16.0.1:3386

PHP

10.1.0.1:330610.2.0.1:3306

db.project.cluster.local

Visitor

Router https://mysite.nl/service1/apiVersion: extensions/v1beta1kind: Ingressmetadata: name: mysitespec: rules: - host: www.mysite.nl http: paths: - path: /foo backend: serviceName: s1 servicePort: 80 - path: /bar backend: serviceName: s2 servicePort: 80

Kubernetes Cluster

Node

Storage

Pod

Volume

Node

Pod

Pod

Persistent Storage

for Ops:• Google• AWS EBS• OpenStack's Cinder• Ceph• GlusterFS• NFS• iSCSI• FibreChannel• EmptyDir

for Dev:• “Claim”

kind: PersistentVolumemetadata: name: pv0003spec: capacity: storage: 8Gi accessModes: - ReadWriteOnce nfs: path: /tmp server: 172.17.0.2

kind: PersistentVolumeClaimmetadata: name: myclaimspec: accessModes: - ReadWriteOnce resources: requests: storage: 8Gi


Persistent Volume Claim

23

StorageProvider(s)

Ops Dev

Persistent Volume Farm Projects Claim and Mount

Project: ABC

Project: XYZ10GSSD

40G

pod

pod

5GSSD

10G pod

pod


• Each Host = 256 IPs• Each POD = 1 IP

Programmable Infra:• GCE / GKE• AWS• OpenStack• Nuage

Networking

Overlay Networks:• Flannel• Weave• OpenShift-SDN• Open vSwitch

Kubernetes Cluster

Master

Node

Node

Storage

Pod

Volume

Node

Service

Pod

Pod

Hosting Platform

• Scheduling• Lifecycle and health• Discovery• Monitoring• Auth{n,z}• Scaling

etcd

SkyDNS


APIDev/Ops

Router

Policies

Registry

Image

VisitorLogging

ELK

OpenShift as a Development Platform• Project spaces• Build tools• Integration with your IDE


We need more than just Orchestration !

Self Service -Templates

- Web Console

Multi-Language

Automation- Deploy

- Build

DevOpsCollaboration

Secure- Namespaced- RBAC

Scalable- Integrated LB

Open Source

Enterprise- Authentication- Web Console- Central Logging


We need more than just Orchestration

Self Service -Templates

- Web Console

Multi-Language

Automation- Deploy

- Build

DevOpsCollaboration

Secure- Namespaced- RBAC

Scalable- Integrated LB

Open Source

Enterprise- Authentication- Web Console- Central Logging

OpenShift is Red Hat’s Container Application Platform (PaaS)

Kubernetes Embedded

https://master:8443/api = Kubernetes API /oapi = OpenShift API

/console = OpenShift WebConsole

OpenShift:• 1 Binary for Master• 1 Binary for Node• 1 Binary for Client

• Docker-image• Vagrant-image

Kubernetes:• ApiServer, Controller, Scheduler, Etcd• KubeProxy, Kubelet• Kubectl

Project NamespacesProject

• Sandboxed Environment• Network VXLan• Authorization Policies• Resource Quotas • Ops in Control, Dev

Freedom

oc new-project Project-Devoc policy add-role-to-user admin scientist1oc new-app --source=https://gitlab/MyJavaApp --docker-image=jboss-eap

Project “Prod” Project “Dev” ProjectGlobal Services

OpenShift Platform

APP AImage

APP CImage

App• Images run in Containers• Grouped together as a

Service• Defined as Template

Kubernetes Cluster

Master

Node

Storage

Pod

Volume

Node

Service

Pod

Pod

KubernetesHosting Architecture

etcd

SkyDNS


APIDev/Ops

Ingress

Policies

Registry

Image

VisitorLogging

ELK

OpenShift Cluster

Master

Node

Storage

Pod

Volume

Node

Service

Pod

Pod

OpenShift PaaS Architecture

etcd

SkyDNS


APIDev/Ops

Router

Deploy

Build

Policies

config

Registry

Image

VisitorLogging

EFK

• Added “Build”• Added “Deployment”• s/ELK/EFK/g• s/Ingress/Router/g• Added Policies + tools• Added WebConsole

• OpenShift-SDN isolation

WebConsole

OpenShift Cluster

Master

Node

Storage

Pod

Volume

Node

Service

Pod

Pod

OpenShiftBuild & Deploy Architecture

etcd

SkyDNS


APIDev/Ops

Router

Deploy

Build

Policies

config

kind: "BuildConfig“metadata: name: “myApp-build“spec: source: type: "Git“ git: uri: "git://gitlab/project/hello.git“ dockerfile: “jboss-eap-6“ strategy: type: "Source“ sourceStrategy: from: kind: "Image“ name: “jboss-eap-6:latest“ output: to: kind: “Image“ name: “myApp:latest“ triggers: - type: "GitHub“ github: secret: "secret101“ - type: "ImageChange“

# oc start-build myApp-build

Registry

Image

VisitorLogging

EFK

Code

Deploy

Build

Can configure different deployment strategies like A/B, Rolling upgrade, Automated base updates, and more.

Can configure triggers for automated deployments, builds, and more. Build & Deploy an Image

Source2

Image BuilderImage

Developer

SCM

Container Image

Builder Images• Jboss-EAP• PHP• Python• Ruby• Jenkins• Customer

• C++ / Go• S2I (bash) scripts

Triggers• Image Change (tagging)• Code Change (webhook)• Config Change

OpenShift Cluster

Master

Node

Storage

Pod

Volume

Node

Service

Pod

Pod

OpenShiftBuild & Deploy Architecture

etcd

SkyDNS


APIDev/Ops

Router

Deploy

Build

Policies

kind: “DeploymentConfig“metadata: name: “myApp“spec: replicas: 2 selector: app: nginx template: metadata: name: nginx labels: app: nginx spec: containers: - name: nginx image: nginx:latest ports: - containerPort: 80 triggers: - type: "ImageChange“ from: kind: “Image” name: “nginx:latest

# oc deploy myApp --latest

Registry

Image

VisitorLogging

EFK


Continuous Integration Pipeline example

Source Build Deploy

:test:test

Deploy:test-fw

Test Tag:uat

Deploy:uat

commit webhookregistry

ImageChange

registry

ImageChangeApprove Tag

:prod

Deploy:prod

registry

ImageChange

ITIL

container

Template

OpenShift

MySQL

Service

MySQL

PHP

RouterapiVersion: v1kind: Templatemetadata: name: redis-template annotations: description: "Description“ iconClass: "icon-redis“ tags: "database,nosql“objects: - apiVersion: v1 kind: Pod …parameters: - description: Password from: '[A-Z0-9]{8}‘ generate: expression name: REDIS_PASSWORD labels: redis: master

apiVersion: v1kind: ListItems: - apiVersion: v1 kind: Pod … - apiVersion: v1 kind: Service …

Kubernetescurl –s https://get.helm.sh | bash

helm updatehelm search redishelm install redis

Deis Helm

Setup

yum install docker-engine

docker run openshift/origin

curl –s https://get.helm.sh | bashhelm update

Setup





docker run -d --name "ose" --privileged --net=host --pid=host \ -v /:/rootfs:ro \ -v /var/run:/var/run:rw \ -v /sys:/sys:ro \ -v /var/lib/docker:/var/lib/docker:rw \ -v /var/lib/origin/openshift.local.volumes:/var/lib/origin/openshift.local.volumes:z \ -v /var/lib/origin/openshift.local.config:/var/lib/origin/openshift.local.config:z \ -v /var/lib/origin/openshift.local.etcd:/var/lib/origin/openshift.local.etcd:z \ openshift3/ose start \ --master="https://${OSE_MASTER_IP}:8443" \ --etcd-dir="/var/lib/origin/openshift.local.etcd" \ --hostname=`hostname` \ --cors-allowed-origins=.*


Setup Client




docker run –entrypoint=cat openshift/origin /usr/bin/oc >/usr/local/bin/oc

ln –s /var/lib/origin/openshift.local.config/admin.kubectl ~/.kubectl


OpenShift's Added Value

50

Container runtime environment

Container orchestration

Container Development

Enterprise Management & Integration

User Experience

Docker

Kubernetes

Minimal OSAtomic

Deploy

Run

Host

OpenShiftEnterprise

Build- Idm (LDAP,SSO)- Web-Console- JBoss xPaas images- Eclipse & Jenkins integrations- Router- Logging & Metrics- SDN

• JBoss EAP• JBoss Web Server /

Tomcat• JBoss Developer Studio

• Fuse• A-MQ• Data Virtualization

• Business Process Management *

• Business Rules Management System

• Red Hat Mobile / FeedHenry *

Application Container Services

IntegrationServices

BusinessProcess Services

MobileServices

* Coming Soon

Our JBoss Middleware xPaas Service Catalog


CloudForms Management


RED HAT CLOUD SUITE FOR APPLICATIONSCloud Management – Alternative Virtualization – OpenStack – Containers – Development


Questions?plus.google.com/+RedHat

nl.linkedin.com/in/samuelterburg

youtube.com/user/RedHatVideos

facebook.com/redhatinc

twitter.com/SamuelTerburg

openshift enterprise 3.1 vs kubernetes

Internet