openshift enterprise 3.1 vs kubernetes
TRANSCRIPT
a Containerized Application Platform
@SamuelTerburgOpenShift “Specialist” Solution ArchitectMarch 2016
OpenShift Enterprise
• Docker• Kubernetes added-value• OpenShift added-value• Demo• Q & A
Agenda
Container Technology- Docker
RED HAT OPENSHIFT ENTERPRISE
Image BImage AImages & Containers
4
●Docker “Image”• Unified Packaging format
• Like “war” or “tar.gz”• For any type of
Application• Portable
●Docker “Container”• Runtime• Isolation
Hardware
Container
APP AImage
Host Minimal OS
Container
APP BImage
Container
APP CImage
Docker Engine
Docker Registry
RHELJDK
Jboss-EAPLibs A Libs BApp A App B
docker pull <image>
RED HAT OPENSHIFT ENTERPRISE
Evolution
5
Hardware
Host OS
LIBS A LIBS B LIBS..
APP A APP B
Hardware
Guest OSLIBS A
APP A
Hypervisor
Guest OSLIBS B
APP B
Guest OSLIBS C
APP C
Hardware
Container
LIBS A
APP A
Host Minimal OS
Container
LIBS B
APP B
Container
LIBS C
APP C
Traditional Virtual Containershared system isolation process isolation
RED HAT OPENSHIFT ENTERPRISE
Linux Kernel
App1 App2 App3
Isolation, not Virtualization• Kernel Namespaces
• Process• Network• IPC• Mount• User
• Resource Limits• Cgroups
• Security• SELinux
Container Orchestration- Kubernetes
We need more than just packing and isolation
Kubernetes – Container Orchestration at ScaleGreek for “Helmsman”; also the root of the word “Governor” and “cybernetic”
• Container Cluster Manager- Inspired by the technology that runs Google
• Runs anywhere- Public cloud- Private cloud- Bare metal
• Strong ecosystem- Partners: Red Hat, VMware, CoreOS..- Community: clients, integration
Kubernetes Cluster
Registry
Master
Node
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
Image
Core Concepts
Pod•
• Labels & Selectors•
• ReplicationController•
• Service•
• Persistent Volumes•
etcd
SkyDNS
ReplicationController
APIDev/Ops
Visitor
Router
Policies
Logging
ELK
Pods
POD Definition:• Group of Containers• Related to each other• Same namespace• Emphemeral
Examples:• Wordpress• MySQL• Wordpress + MySQL• ELK• Nginx+Logstash• Auth-Proxy+PHP• App + data-load
Kubernetes Cluster
Master
Node
Node
Pod
Node
Pod
Replication Controller
etcd
ReplicationController
APIDev/Ops
kind: ReplicationControllermetadata: name: nginxspec: replicas: 2 selector: app: nginxtemplate: metadata: name: nginx labels: app: nginx spec: containers: - name: nginx image: nginx:v2.2 ports: - containerPort: 80
“nginx”RC Object
• Pod Scaling• Pod Monitoring• Rolling updates
# kubectl create –f nginx-rc.yaml
Kubernetes Cluster
MySQL
DB
MySQL
Service
Service Definition:• Load-Balanced Virtual-IP (layer 4)• Abstraction layer for your App• Enables Service Discovery
• DNS • ENV
Examples:• frontend• database• api
172.16.0.1:3386
PHP
10.1.0.1:330610.2.0.1:3306
db.project.cluster.local
Visitor
<?php mysql_connect(getenv(“db_host”)) mysql_connect(“db:3306”)?>
MySQLMySQL
Service
PHP
10.1.0.1:330610.2.0.1:3306
Master
Node
etcd
SkyDNS
APIDev/Ops
“DB”Service Object
KubeProxy IPTables Kube
Proxy IPTables
3. Register Service
2. Watch Changes
Redirect3. Update Rule
2. Watch Changes
- apiVersion: v1 kind: Service metadata: labels: app: MySQL role: BE phase: DEV name: MySQL spec: ports: - name: mysql-data port: 3386 protocol: TCP targetPort: 3306 selector: app: MySQL role: BE sessionAffinity: None type: ClusterIP
1. Create Object
1. Register Pod Object
Pod
Service
Pod
Pod
Labels & Selectors- apiVersion: v1 kind: Service metadata: labels: app: MyApp role: BE phase: DEV name: MyApp spec: ports: - name: 80-tcp port: 80 protocol: TCP targetPort: 8080 selector: app: MyApp role: BE sessionAffinity: None type: ClusterIP
Role: FEPhase: Dev
Role: BEPhase: DEV
Role: BEPhase: TST
Role: BEthink SQL ‘select ... where ...’- apiVersion: v1 kind: Pod metadata: labels: app: MyApp role: BE phase: DEV name: MyApp
MySQL
Service
MySQL
Ingress / Router
• Router Definition:• Layer 7 Load-Balancer /
Reverse Proxy• SSL/TLS Termination• Name based Virtual Hosting• Context Path based Routing• Customizable (image)
• HA-Proxy• F5 Big-IP
Examples:• https://www.mysite.nl/myapp1/• http://www.mysite.nl/myapp2
172.16.0.1:3386
PHP
10.1.0.1:330610.2.0.1:3306
db.project.cluster.local
Visitor
Router https://mysite.nl/service1/apiVersion: extensions/v1beta1kind: Ingressmetadata: name: mysitespec: rules: - host: www.mysite.nl http: paths: - path: /foo backend: serviceName: s1 servicePort: 80 - path: /bar backend: serviceName: s2 servicePort: 80
Kubernetes Cluster
Node
Storage
Pod
Volume
Node
Pod
Pod
Persistent Storage
for Ops:• Google• AWS EBS• OpenStack's Cinder• Ceph• GlusterFS• NFS• iSCSI• FibreChannel• EmptyDir
for Dev:• “Claim”
kind: PersistentVolumemetadata: name: pv0003spec: capacity: storage: 8Gi accessModes: - ReadWriteOnce nfs: path: /tmp server: 172.17.0.2
kind: PersistentVolumeClaimmetadata: name: myclaimspec: accessModes: - ReadWriteOnce resources: requests: storage: 8Gi
RED HAT OPENSHIFT ENTERPRISE
Persistent Volume Claim
23
StorageProvider(s)
Ops Dev
Persistent Volume Farm Projects Claim and Mount
Project: ABC
Project: XYZ10GSSD
40G
pod
pod
5GSSD
10G pod
pod
RED HAT OPENSHIFT ENTERPRISE
• Each Host = 256 IPs• Each POD = 1 IP
Programmable Infra:• GCE / GKE• AWS• OpenStack• Nuage
Networking
Overlay Networks:• Flannel• Weave• OpenShift-SDN• Open vSwitch
Kubernetes Cluster
Master
Node
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
Hosting Platform
• Scheduling• Lifecycle and health• Discovery• Monitoring• Auth{n,z}• Scaling
etcd
SkyDNS
ReplicationController
APIDev/Ops
Router
Policies
Registry
Image
VisitorLogging
ELK
OpenShift as a Development Platform• Project spaces• Build tools• Integration with your IDE
RED HAT OPENSHIFT ENTERPRISE
We need more than just Orchestration !
Self Service -Templates
- Web Console
Multi-Language
Automation- Deploy
- Build
DevOpsCollaboration
Secure- Namespaced- RBAC
Scalable- Integrated LB
Open Source
Enterprise- Authentication- Web Console- Central Logging
RED HAT OPENSHIFT ENTERPRISE
We need more than just Orchestration
Self Service -Templates
- Web Console
Multi-Language
Automation- Deploy
- Build
DevOpsCollaboration
Secure- Namespaced- RBAC
Scalable- Integrated LB
Open Source
Enterprise- Authentication- Web Console- Central Logging
OpenShift is Red Hat’s Container Application Platform (PaaS)
Kubernetes Embedded
https://master:8443/api = Kubernetes API /oapi = OpenShift API
/console = OpenShift WebConsole
OpenShift:• 1 Binary for Master• 1 Binary for Node• 1 Binary for Client
• Docker-image• Vagrant-image
Kubernetes:• ApiServer, Controller, Scheduler, Etcd• KubeProxy, Kubelet• Kubectl
Project NamespacesProject
• Sandboxed Environment• Network VXLan• Authorization Policies• Resource Quotas • Ops in Control, Dev
Freedom
oc new-project Project-Devoc policy add-role-to-user admin scientist1oc new-app --source=https://gitlab/MyJavaApp --docker-image=jboss-eap
Project “Prod” Project “Dev” ProjectGlobal Services
OpenShift Platform
APP AImage
APP CImage
App• Images run in Containers• Grouped together as a
Service• Defined as Template
Kubernetes Cluster
Master
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
KubernetesHosting Architecture
etcd
SkyDNS
ReplicationController
APIDev/Ops
Ingress
Policies
Registry
Image
VisitorLogging
ELK
OpenShift Cluster
Master
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
OpenShift PaaS Architecture
etcd
SkyDNS
ReplicationController
APIDev/Ops
Router
Deploy
Build
Policies
config
Registry
Image
VisitorLogging
EFK
• Added “Build”• Added “Deployment”• s/ELK/EFK/g• s/Ingress/Router/g• Added Policies + tools• Added WebConsole
• OpenShift-SDN isolation
WebConsole
OpenShift Cluster
Master
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
OpenShiftBuild & Deploy Architecture
etcd
SkyDNS
ReplicationController
APIDev/Ops
Router
Deploy
Build
Policies
config
kind: "BuildConfig“metadata: name: “myApp-build“spec: source: type: "Git“ git: uri: "git://gitlab/project/hello.git“ dockerfile: “jboss-eap-6“ strategy: type: "Source“ sourceStrategy: from: kind: "Image“ name: “jboss-eap-6:latest“ output: to: kind: “Image“ name: “myApp:latest“ triggers: - type: "GitHub“ github: secret: "secret101“ - type: "ImageChange“
# oc start-build myApp-build
Registry
Image
VisitorLogging
EFK
Code
Deploy
Build
Can configure different deployment strategies like A/B, Rolling upgrade, Automated base updates, and more.
Can configure triggers for automated deployments, builds, and more. Build & Deploy an Image
Source2
Image BuilderImage
Developer
SCM
Container Image
Builder Images• Jboss-EAP• PHP• Python• Ruby• Jenkins• Customer
• C++ / Go• S2I (bash) scripts
Triggers• Image Change (tagging)• Code Change (webhook)• Config Change
OpenShift Cluster
Master
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
OpenShiftBuild & Deploy Architecture
etcd
SkyDNS
ReplicationController
APIDev/Ops
Router
Deploy
Build
Policies
kind: “DeploymentConfig“metadata: name: “myApp“spec: replicas: 2 selector: app: nginx template: metadata: name: nginx labels: app: nginx spec: containers: - name: nginx image: nginx:latest ports: - containerPort: 80 triggers: - type: "ImageChange“ from: kind: “Image” name: “nginx:latest
# oc deploy myApp --latest
Registry
Image
VisitorLogging
EFK
RED HAT OPENSHIFT ENTERPRISE
Continuous Integration Pipeline example
Source Build Deploy
:test:test
Deploy:test-fw
Test Tag:uat
Deploy:uat
commit webhookregistry
ImageChange
registry
ImageChangeApprove Tag
:prod
Deploy:prod
registry
ImageChange
ITIL
container
Template
OpenShift
MySQL
Service
MySQL
PHP
RouterapiVersion: v1kind: Templatemetadata: name: redis-template annotations: description: "Description“ iconClass: "icon-redis“ tags: "database,nosql“objects: - apiVersion: v1 kind: Pod …parameters: - description: Password from: '[A-Z0-9]{8}‘ generate: expression name: REDIS_PASSWORD labels: redis: master
apiVersion: v1kind: ListItems: - apiVersion: v1 kind: Pod … - apiVersion: v1 kind: Service …
Kubernetescurl –s https://get.helm.sh | bash
helm updatehelm search redishelm install redis
Deis Helm
Demo
Setup
yum install docker-engine
docker run openshift/origin
curl –s https://get.helm.sh | bashhelm update
Setup
yum install docker-engine
docker run openshift/origin
curl –s https://get.helm.sh | bashhelm update
yum install docker-engine
docker run -d --name "ose" --privileged --net=host --pid=host \ -v /:/rootfs:ro \ -v /var/run:/var/run:rw \ -v /sys:/sys:ro \ -v /var/lib/docker:/var/lib/docker:rw \ -v /var/lib/origin/openshift.local.volumes:/var/lib/origin/openshift.local.volumes:z \ -v /var/lib/origin/openshift.local.config:/var/lib/origin/openshift.local.config:z \ -v /var/lib/origin/openshift.local.etcd:/var/lib/origin/openshift.local.etcd:z \ openshift3/ose start \ --master="https://${OSE_MASTER_IP}:8443" \ --etcd-dir="/var/lib/origin/openshift.local.etcd" \ --hostname=`hostname` \ --cors-allowed-origins=.*
curl –s https://get.helm.sh | bashhelm update
Setup Client
yum install docker-engine
docker run openshift/origin
curl –s https://get.helm.sh | bashhelm update
docker run –entrypoint=cat openshift/origin /usr/bin/oc >/usr/local/bin/oc
ln –s /var/lib/origin/openshift.local.config/admin.kubectl ~/.kubectl
RED HAT OPENSHIFT ENTERPRISE
OpenShift's Added Value
50
Container runtime environment
Container orchestration
Container Development
Enterprise Management & Integration
User Experience
Docker
Kubernetes
Minimal OSAtomic
Deploy
Run
Host
OpenShiftEnterprise
Build- Idm (LDAP,SSO)- Web-Console- JBoss xPaas images- Eclipse & Jenkins integrations- Router- Logging & Metrics- SDN
• JBoss EAP• JBoss Web Server /
Tomcat• JBoss Developer Studio
• Fuse• A-MQ• Data Virtualization
• Business Process Management *
• Business Rules Management System
• Red Hat Mobile / FeedHenry *
Application Container Services
IntegrationServices
BusinessProcess Services
MobileServices
* Coming Soon
Our JBoss Middleware xPaas Service Catalog
RED HAT OPENSHIFT ENTERPRISE
CloudForms Management
RED HAT OPENSHIFT ENTERPRISE
RED HAT CLOUD SUITE FOR APPLICATIONSCloud Management – Alternative Virtualization – OpenStack – Containers – Development
RED HAT OPENSHIFT ENTERPRISE
Questions?plus.google.com/+RedHat
nl.linkedin.com/in/samuelterburg
youtube.com/user/RedHatVideos
facebook.com/redhatinc
twitter.com/SamuelTerburg