OpenShift Taiwan Vol.1 Technology Overview

1. OpenShift Taiwan Meetup vol.1
Technology Overview
Jason Peng
OpenShift Taiwan雜工
2018/10/03
WIFI: High Five 5 (B1)
PW: 27685388

2. 2
Self-Service
Multi-language
Automation
Collaboration
Multi-tenant
Standards-based
Web-scale
Open Source
Enterprise Grade
Secure

3. 3
ANY
CONTAINER
Amazon Web Services Microsoft Azure Google CloudOpenStackDatacenterLaptop
ANY
INFRASTRUCTURE
APPLICATION LIFECYCLE MANAGEMENT
ENTERPRISE CONTAINER HOST
CONTAINER ORCHESTRATION AND MANAGEMENT
(KUBERNETES)
OPENSHIFT CONTAINER PLATFORM

4. GENERAL DISTRIBUTION
KUBERNETES DONE RIGHT IS HARD
INSTALL HARDENDEPLOY OPERATE
● Templating
● Validation
● OS Setup
● Identity & Security Access
● App Monitoring & Alerts
● Storage & Persistence
● Egress, Ingress & Integration
● Host Container Images
● Build/Deploy Methodology
● Platform Monitoring & Alerts
● Metering & Chargeback
● Platform Security Hardening
● Image Hardening
● Security Certifications
● Network Policy
● Disaster Recovery
● Resource Segmentation
● OS Upgrade & Patch
● Platform Upgrade & Patch
● Image Upgrade & Patch
● App Upgrade & Patch
● Security Patches
● Continuous Security Scanning
● Multi-environment Rollout
● Enterprise Container Registry
● Cluster & App Elasticity
● Monitor, Alert, Remediate
● Log Aggregation
of enterprise users identify
complexity of implementation and
operations as the top blocker to adoption
Source: The New Stack, The State of the Kubernetes Ecosystem, August 2017
75%

5. CONFIDENTIAL - FOR INTERNAL USE ONLY
5
CONFIDENTIAL - FOR INTERNAL
USE ONLY

6. CONFIDENTIAL - FOR INTERNAL USE ONLY
6
CONFIDENTIAL - FOR INTERNAL
USE ONLY
THE CLOUD-NATIVE APP DEV
CHALLENGE

7. GENERAL DISTRIBUTION
Security fixes
100s of defect and performance fixes
200+ validated integrations
Middleware integrations
(container images, storage, networking, cloud services, etc)
Certified Kubernetes
OPENSHIFT IS KUBERNETES
FOR THE ENTERPRISE
Kubernetes
Release
OpenShift
Release
1-3 months
hardening

8. 8
OpenShift grows with Kubernetes altogether
1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 1.9 ……
K8S 1.0
K8S 1.0
2015 2016 2017 2018
K8S 1.8
K8S 1.6
K8S 1.9

9. LINUX CONTAINERS

10. IT的技術革新

11. 容器改變了 - 應用開發、基礎架構運維、協作流程

12. 12
什麼是容器？
這要看你問的對象是誰
● 多個沙箱應用執行於一個分享的
Linux OS 核心上
● 比起虛擬機上的應用，更簡單、輕
量、集中
● 可容易的在多環境中搬遷移動
● 封裝應用所需要的相依組件入單一包
裝中
● 以秒級速度部署至任何環境、促使
CI/CD流程
● 容易存取與分享容器化組件
IT運維 應用開發
✓輕量、節約
✓易於管理
✓簡化、可靠
✓可重現
✓平行開發
✓協作、分工

13. 13
THE SOLUTION
I.T. OPERATIONSDEVELOPERS

14. 14
VIRTUAL MACHINES AND CONTAINERS
VIRTUAL MACHINES CONTAINERS
VM isolates the hardware Container isolates the process
VM
OS Dependencies
Kernel
Hypervisor
Hardware
App App App App
Container Host (Kernel)
Container
App
OS deps
Container
App
OS deps
Container
App
OS deps
Container
App
OS deps
Hypervisor
Hardware

15. 15
Virtual Machine
Application
OS dependencies
Operating System
VIRTUAL MACHINES AND CONTAINERS
VM Isolation
Complete OS
Static Compute
Static Memory
High Resource Usage
Container Isolation
Shared Kernel
Burstable Compute
Burstable Memory
Low Resource Usage
Container Host
Container
Application
OS dependencies

16. 16
VIRTUAL MACHINES AND CONTAINERS
Container Host
Container
Application
OS dependencies
Dev
IT Ops
Infrastructure
Virtual Machine
Application
OS dependencies
Operating System
IT Ops
(and Dev, sort of)
Infrastructure
Clear ownership boundary
between Dev and IT Ops
drives DevOps adoption
and fosters agility
Optimized for stability
Optimized for agility

17. 17
Virtual machines are NOT portable across hypervisor and
do NOT provide portable packaging for applications
APPLICATION PORTABILITY WITH VM
VM Type X
Application
OS dependencies
Operating System
BARE METAL PRIVATE CLOUD PUBLIC CLOUDVIRTUALIZATIONLAPTOP
Application
OS dependencies
Operating System
VM Type Y
Application
OS dependencies
Operating System
VM Type Z
Application
OS dependencies
Operating System
Guest VM
Application
OS dependencies
Operating System

18. 18
APPLICATION PORTABILITY WITH CONTAINERS
LAPTOP
Container
Application
OS dependencies
Guest VM
Linux
BARE METAL
Container
Application
OS dependencies
Linux
VIRTUALIZATION
Container
Application
OS dependencies
Virtual Machine
Linux
PRIVATE CLOUD
Container
Application
OS dependencies
Virtual Machine
Linux
PUBLIC CLOUD
Container
Application
OS dependencies
Virtual Machine
Linux
Linux Containers + Linux Host = Guaranteed Portability
Across Any Infrastructure

19. 19
Base Image
Image Layer 1
Image Layer 2
Image Layer 3
Base RHEL
OS Update Layer
Java Runtime Layer
Application Layer
Container Image Layers Example Container Image
RAPID SECURITY PATCHING USING
CONTAINER IMAGE LAYERING

20. A lightweight, OCI-compliant container runtime
20
Minimal and Secure
Architecture
Optimized for
Kubernetes
Runs any
OCI-compliant image
(including docker)
Optional runtime in OpenShift 3.10,
default OpenShift 3.11+

21. OPENSHIFT CONCEPTS OVERVIEW

22. 22
A container is the smallest compute unit
CONTAINER

23. 23
containers are created from
container images
CONTAINER
CONTAINER
IMAGE
BINARY RUNTIME

24. 24
IMAGE REGISTRY
container images are stored in
an image registry
CONTAINER
CONTAINER
IMAGE
CONTAINER
IMAGE
CONTAINER
IMAGE
CONTAINER
IMAGE
CONTAINER
IMAGE
CONTAINER
IMAGE

25. 25
an image repository contains all versions of an
image in the image registry
IMAGE REGISTRY
frontend:latest
frontend:2.0
frontend:1.1
frontend:1.0
CONTAINER
IMAGE
mongo:latest
mongo:3.7
mongo:3.6
mongo:3.4
CONTAINER
IMAGE
myregistry/frontend myregistry/mongo

26. 26
PODPOD
containers are wrapped in pods which are
units of deployment and management
CONTAINER CONTAINERCONTAINER
IP: 10.1.0.11 IP: 10.1.0.55

27. 27
pods configuration is defined
in a deployment
image name
replicas
labels
cpu
memory
storage
POD
CONTAINER
POD
CONTAINER
POD
CONTAINER
DEPLOYMENT

28. 28
services provide internal load-balancing and
service discovery across pods
POD
CONTAINER
POD
CONTAINER
POD
CONTAINER
BACKEND SERVICE
POD
CONTAINER
role: backend
role: backendrole: backendrole: backendrole: frontend
10.110.1.11 10.120.2.22 10.130.3.3310.140.4.44
172.30.170.110

29. 29
apps can talk to each other via services
Invoke
Backend API
POD
CONTAINER
POD
CONTAINER
POD
CONTAINER
BACKEND SERVICE
POD
CONTAINER
role: backend
role: backendrole: backendrole: backendrole: frontend
10.110.1.11 10.120.2.22 10.130.3.3310.140.4.44
172.30.170.110

30. 30
POD
routes add services to the external load-balancer and
provide readable urls for the app
CONTAINER
POD
CONTAINER
POD
CONTAINER
BACKEND SERVICE
ROUTE
app-prod.mycompany.com
> curl http://app-prod.mycompany.com

31. 31
projects isolate apps across environments,
teams, groups and departments
POD
C
POD
C
POD
C
PAYMENT DEV
POD
C
POD
C
POD
C
PAYMENT PROD
POD
C
POD
C
POD
C
CATALOG
POD
C
POD
C
POD
C
INVENTORY
❌
❌❌

32. OPENSHIFT ARCHITECTURE

33. 33
YOUR CHOICE OF INFRASTRUCTURE
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID

34. NODES RHEL INSTANCES WHERE APPS RUN
34
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID

35. RHEL
NODE
c
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
C
C
C C
C
C
C CC C
APPS RUN IN CONTAINERS
35
Container
Image
Container
Pod

36. 36
PODS ARE THE UNIT OF ORCHESTRATION
RHEL
NODE
c
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
C
C
C C
C
C
C CC C

37. RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
37
MASTERS ARE THE CONTROL PLANE
RED HAT
ENTERPRISE LINUX
MASTER
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID

38. RHEL
NODE
RHEL
NODE
RHEL
NODE
38
API AND AUTHENTICATION
RHEL
NODE
RHEL
NODE
RHEL
NODE
RED HAT
ENTERPRISE LINUX
MASTER
API/AUTHENTICATION
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID

39. RHEL
NODE
RHEL
NODE
RHEL
NODE
39
DESIRED AND CURRENT STATE
RHEL
NODE
RHEL
NODE
RHEL
NODE
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
RED HAT
ENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID

40. 40
INTEGRATED CONTAINER REGISTRY
RHEL
NODE
RHEL
NODE
RHEL
RHEL
NODE
RHEL
NODE
RHEL
RHEL
NODE
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
RED HAT
ENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
NODE
REGISTRY
RHEL

41. 41
ORCHESTRATION AND SCHEDULING
RHEL
NODE
RHEL
NODE
RHEL
RHEL
NODE
RHEL
NODE
RHEL
RHEL
NODE
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
RED HAT
ENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
SCHEDULER
NODE
REGISTRY
RHEL

42. 42
PLACEMENT BY POLICY
RHEL
NODE
RHEL
NODE
RHEL
NODE
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
RED HAT
ENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
SCHEDULER
REGISTRY
RHEL
NODE
RHEL
NODE
C
C
RHEL
NODE
c
C
C

43. RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
C
C
RHEL
NODE
c
C
C
43
AUTOSCALING PODS
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
RED HAT
ENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
SCHEDULER
REGISTRY
HEALTH/SCALING

44. 44
SERVICE DISCOVERY
SERVICE LAYER
REGISTRY
RHEL
NODE
C
C
RHEL
NODE
C C
RHEL
NODE
c
C
C
RHEL
NODE
C C
RHEL
NODE
C
RHEL
NODE
C
RED HAT
ENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
SCHEDULER
HEALTH/SCALING
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID

45. 45
PERSISTENT DATA IN CONTAINERS
SERVICE LAYER
PERSISTENT
STORAGE
REGISTRY
RHEL
NODE
C
C
RHEL
NODE
C C
RHEL
NODE
c
C
C
RHEL
NODE
C C
RHEL
NODE
C
RHEL
NODE
C
RED HAT
ENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
SCHEDULER
HEALTH/SCALING
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID

46. 46
ROUTING AND LOAD-BALANCING
SERVICE LAYER
ROUTING LAYER
PERSISTENT
STORAGE
REGISTRY
RHEL
NODE
C
C
RHEL
NODE
C C
RHEL
NODE
c
C
C
RHEL
NODE
C C
RHEL
NODE
C
RHEL
NODE
C
RED HAT
ENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
SCHEDULER
HEALTH/SCALING
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID

47. 47
ACCESS VIA WEB, CLI, IDE AND API
EXISTING
AUTOMATION
TOOLSETS
SCM
(GIT)
CI/CD
SERVICE LAYER
ROUTING LAYER
PERSISTENT
STORAGE
REGISTRY
RHEL
NODE
C
C
RHEL
NODE
C C
RHEL
NODE
c
C
C
RHEL
NODE
C C
RHEL
NODE
C
RHEL
NODE
C
RED HAT
ENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
SCHEDULER
HEALTH/SCALING
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID

48. OPENSHIFT INSTALLATION
ARCHITECTURES

49. 49
PROOF-OF-CONCEPT ARCHITECTURE
Application
Traffic
Dev and Ops
User
INFRAMASTER
NODE NODE
An infrastructure node is a node that is dedicated to infrastructure
pods such as router, image registry, metrics, and logs

50. 50
APP HIGH-AVAILABILITY ARCHITECTURE
ENTERPRISE
LOAD-BALANCER
Application
Traffic
Dev and Ops
User
INFRAMASTER INFRA
NODE NODE NODE NODE

51. 51
FULL HIGH-AVAILABILITY ARCHITECTURE
ENTERPRISE LOAD-BALANCER
Application
TrafficDev and Ops
User
NODE
MASTER MASTER INFRAMASTER INFRA
NODE NODE NODE NODENODE
INFRA
NODE

52. Oh, by the way, How about CoreOS ?

53. 53
OPENSHIFT CONTAINER PLATFORM
Automated Operations*
Kubernetes
Red Hat Enterprise Linux or Red Hat CoreOS
Application
Services
CaaS PaaSBest IT Ops Experience Best Developer Experience
*coming soon
Cluster
Services
Developer
Services
Middleware, Service Mesh, Functions, ISV Metrics, Chargeback, Registry, Logging Dev Tools, Automated Builds, CI/CD, IDE

54. 54
AUTOMATED OPERATIONS
Infra provisioning
Embedded OS
Full-stack deployment
On-premises and cloud
Unified experience
Secure defaults
Network isolation
Signing and policies
Audit and logs
Multi-cluster aware
Monitoring and alerts
Zero downtime upgrades
Full-stack patch & upgrade
Vulnerability scanning
INSTALL HARDENDEPLOY OPERATE
AUTOMATED OPERATIONS
Fully automated day-1 and day-2 operations for Kubernetes

55. Learning Materials

56. 56
入門第一站-OpenShift Learn：https://learn.openshift.com/
玩轉入口-OpenShift Online：https://manage.openshift.com/
參考連結

57. Application Release Strategies with OpenShift
Building Polyglot Microservices on OpenShift
Building JBoss EAP 6 Microservices on OpenShift
Building JBoss EAP 7 Microservices on OpenShift
Business Process Management with JBoss BPMS on OpenShift
Build and Deployment of Java Applications on OpenShift
Building Microservices on OpenShift with Fuse Integration...
JFrog Artifactory on OpenShift Container Platform
Spring Boot Microservices on Red Hat OpenShift
API Management with Red Hat 3scale on OpenShift
App CI/CD on OCP with Jenkins
OpenShift on VMware vCenter
OpenShift on Red Hat OpenStack Platform
OpenShift on Amazon Web Services
OpenShift on Google Cloud Platform
OpenShift on Microsoft Azure
OpenShift on Red Hat Virtualization
OpenShift on HPE Servers with Ansible Tower
OpenShift on VMware vCenter 6 with Gluster
Deploying an OpenShift Distributed Architecture
OpenShift Architecture and Deployment Guide
OpenShift Scaling, Performance, and Capacity Planning
57
REFERENCE ARCHITECTURES

58. OPENSHIFT
COMMONS
400+ member organizations 55+ countries
11
Special Interest Groups
Operators, Machine Learning,
Gov, EDU, OpenStack, Ops,
and more
Peer-to-peer network
and knowledge sharing
Weekly live virtual briefings,
global face-to-face gatherings,
and a vibrant Slack community
Participants
include:
Over 400
more
Where Enterprise, Vendors, Users, and Contributors
come together to collaborate on Red Hat OpenShift
70+
Code Contributors
Organizations actively
contributing to OpenShift
open source code
https://commons.openshift.org/

59. Thank You~
https://plus.google.com/+OpenShift
https://www.youtube.com/openshift
https://www.facebook.com/OpenShi
ft.TW