3. 3
ANY
CONTAINER
Amazon Web Services Microsoft Azure Google CloudOpenStackDatacenterLaptop
ANY
INFRASTRUCTURE
APPLICATION LIFECYCLE MANAGEMENT
ENTERPRISE CONTAINER HOST
CONTAINER ORCHESTRATION AND MANAGEMENT
(KUBERNETES)
OPENSHIFT CONTAINER PLATFORM
4. GENERAL DISTRIBUTION
KUBERNETES DONE RIGHT IS HARD
INSTALL HARDENDEPLOY OPERATE
● Templating
● Validation
● OS Setup
● Identity & Security Access
● App Monitoring & Alerts
● Storage & Persistence
● Egress, Ingress & Integration
● Host Container Images
● Build/Deploy Methodology
● Platform Monitoring & Alerts
● Metering & Chargeback
● Platform Security Hardening
● Image Hardening
● Security Certifications
● Network Policy
● Disaster Recovery
● Resource Segmentation
● OS Upgrade & Patch
● Platform Upgrade & Patch
● Image Upgrade & Patch
● App Upgrade & Patch
● Security Patches
● Continuous Security Scanning
● Multi-environment Rollout
● Enterprise Container Registry
● Cluster & App Elasticity
● Monitor, Alert, Remediate
● Log Aggregation
of enterprise users identify
complexity of implementation and
operations as the top blocker to adoption
Source: The New Stack, The State of the Kubernetes Ecosystem, August 2017
75%
5. CONFIDENTIAL - FOR INTERNAL USE ONLY
5
CONFIDENTIAL - FOR INTERNAL
USE ONLY
6. CONFIDENTIAL - FOR INTERNAL USE ONLY
6
CONFIDENTIAL - FOR INTERNAL
USE ONLY
THE CLOUD-NATIVE APP DEV
CHALLENGE
7. GENERAL DISTRIBUTION
Security fixes
100s of defect and performance fixes
200+ validated integrations
Middleware integrations
(container images, storage, networking, cloud services, etc)
Certified Kubernetes
OPENSHIFT IS KUBERNETES
FOR THE ENTERPRISE
Kubernetes
Release
OpenShift
Release
1-3 months
hardening
14. 14
VIRTUAL MACHINES AND CONTAINERS
VIRTUAL MACHINES CONTAINERS
VM isolates the hardware Container isolates the process
VM
OS Dependencies
Kernel
Hypervisor
Hardware
App App App App
Container Host (Kernel)
Container
App
OS deps
Container
App
OS deps
Container
App
OS deps
Container
App
OS deps
Hypervisor
Hardware
15. 15
Virtual Machine
Application
OS dependencies
Operating System
VIRTUAL MACHINES AND CONTAINERS
VM Isolation
Complete OS
Static Compute
Static Memory
High Resource Usage
Container Isolation
Shared Kernel
Burstable Compute
Burstable Memory
Low Resource Usage
Container Host
Container
Application
OS dependencies
16. 16
VIRTUAL MACHINES AND CONTAINERS
Container Host
Container
Application
OS dependencies
Dev
IT Ops
Infrastructure
Virtual Machine
Application
OS dependencies
Operating System
IT Ops
(and Dev, sort of)
Infrastructure
Clear ownership boundary
between Dev and IT Ops
drives DevOps adoption
and fosters agility
Optimized for stability
Optimized for agility
17. 17
Virtual machines are NOT portable across hypervisor and
do NOT provide portable packaging for applications
APPLICATION PORTABILITY WITH VM
VM Type X
Application
OS dependencies
Operating System
BARE METAL PRIVATE CLOUD PUBLIC CLOUDVIRTUALIZATIONLAPTOP
Application
OS dependencies
Operating System
VM Type Y
Application
OS dependencies
Operating System
VM Type Z
Application
OS dependencies
Operating System
Guest VM
Application
OS dependencies
Operating System
18. 18
APPLICATION PORTABILITY WITH CONTAINERS
LAPTOP
Container
Application
OS dependencies
Guest VM
Linux
BARE METAL
Container
Application
OS dependencies
Linux
VIRTUALIZATION
Container
Application
OS dependencies
Virtual Machine
Linux
PRIVATE CLOUD
Container
Application
OS dependencies
Virtual Machine
Linux
PUBLIC CLOUD
Container
Application
OS dependencies
Virtual Machine
Linux
Linux Containers + Linux Host = Guaranteed Portability
Across Any Infrastructure
19. 19
Base Image
Image Layer 1
Image Layer 2
Image Layer 3
Base RHEL
OS Update Layer
Java Runtime Layer
Application Layer
Container Image Layers Example Container Image
RAPID SECURITY PATCHING USING
CONTAINER IMAGE LAYERING
20. A lightweight, OCI-compliant container runtime
20
Minimal and Secure
Architecture
Optimized for
Kubernetes
Runs any
OCI-compliant image
(including docker)
Optional runtime in OpenShift 3.10,
default OpenShift 3.11+
24. 24
IMAGE REGISTRY
container images are stored in
an image registry
CONTAINER
CONTAINER
IMAGE
CONTAINER
IMAGE
CONTAINER
IMAGE
CONTAINER
IMAGE
CONTAINER
IMAGE
CONTAINER
IMAGE
25. 25
an image repository contains all versions of an
image in the image registry
IMAGE REGISTRY
frontend:latest
frontend:2.0
frontend:1.1
frontend:1.0
CONTAINER
IMAGE
mongo:latest
mongo:3.7
mongo:3.6
mongo:3.4
CONTAINER
IMAGE
myregistry/frontend myregistry/mongo
26. 26
PODPOD
containers are wrapped in pods which are
units of deployment and management
CONTAINER CONTAINERCONTAINER
IP: 10.1.0.11 IP: 10.1.0.55
27. 27
pods configuration is defined
in a deployment
image name
replicas
labels
cpu
memory
storage
POD
CONTAINER
POD
CONTAINER
POD
CONTAINER
DEPLOYMENT
28. 28
services provide internal load-balancing and
service discovery across pods
POD
CONTAINER
POD
CONTAINER
POD
CONTAINER
BACKEND SERVICE
POD
CONTAINER
role: backend
role: backendrole: backendrole: backendrole: frontend
10.110.1.11 10.120.2.22 10.130.3.3310.140.4.44
172.30.170.110
29. 29
apps can talk to each other via services
Invoke
Backend API
POD
CONTAINER
POD
CONTAINER
POD
CONTAINER
BACKEND SERVICE
POD
CONTAINER
role: backend
role: backendrole: backendrole: backendrole: frontend
10.110.1.11 10.120.2.22 10.130.3.3310.140.4.44
172.30.170.110
30. 30
POD
routes add services to the external load-balancer and
provide readable urls for the app
CONTAINER
POD
CONTAINER
POD
CONTAINER
BACKEND SERVICE
ROUTE
app-prod.mycompany.com
> curl http://app-prod.mycompany.com
31. 31
projects isolate apps across environments,
teams, groups and departments
POD
C
POD
C
POD
C
PAYMENT DEV
POD
C
POD
C
POD
C
PAYMENT PROD
POD
C
POD
C
POD
C
CATALOG
POD
C
POD
C
POD
C
INVENTORY
❌
❌❌
39. RHEL
NODE
RHEL
NODE
RHEL
NODE
39
DESIRED AND CURRENT STATE
RHEL
NODE
RHEL
NODE
RHEL
NODE
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
RED HAT
ENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
45. 45
PERSISTENT DATA IN CONTAINERS
SERVICE LAYER
PERSISTENT
STORAGE
REGISTRY
RHEL
NODE
C
C
RHEL
NODE
C C
RHEL
NODE
c
C
C
RHEL
NODE
C C
RHEL
NODE
C
RHEL
NODE
C
RED HAT
ENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
SCHEDULER
HEALTH/SCALING
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
46. 46
ROUTING AND LOAD-BALANCING
SERVICE LAYER
ROUTING LAYER
PERSISTENT
STORAGE
REGISTRY
RHEL
NODE
C
C
RHEL
NODE
C C
RHEL
NODE
c
C
C
RHEL
NODE
C C
RHEL
NODE
C
RHEL
NODE
C
RED HAT
ENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
SCHEDULER
HEALTH/SCALING
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
47. 47
ACCESS VIA WEB, CLI, IDE AND API
EXISTING
AUTOMATION
TOOLSETS
SCM
(GIT)
CI/CD
SERVICE LAYER
ROUTING LAYER
PERSISTENT
STORAGE
REGISTRY
RHEL
NODE
C
C
RHEL
NODE
C C
RHEL
NODE
c
C
C
RHEL
NODE
C C
RHEL
NODE
C
RHEL
NODE
C
RED HAT
ENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
SCHEDULER
HEALTH/SCALING
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
53. 53
OPENSHIFT CONTAINER PLATFORM
Automated Operations*
Kubernetes
Red Hat Enterprise Linux or Red Hat CoreOS
Application
Services
CaaS PaaSBest IT Ops Experience Best Developer Experience
*coming soon
Cluster
Services
Developer
Services
Middleware, Service Mesh, Functions, ISV Metrics, Chargeback, Registry, Logging Dev Tools, Automated Builds, CI/CD, IDE
54. 54
AUTOMATED OPERATIONS
Infra provisioning
Embedded OS
Full-stack deployment
On-premises and cloud
Unified experience
Secure defaults
Network isolation
Signing and policies
Audit and logs
Multi-cluster aware
Monitoring and alerts
Zero downtime upgrades
Full-stack patch & upgrade
Vulnerability scanning
INSTALL HARDENDEPLOY OPERATE
AUTOMATED OPERATIONS
Fully automated day-1 and day-2 operations for Kubernetes
57. Application Release Strategies with OpenShift
Building Polyglot Microservices on OpenShift
Building JBoss EAP 6 Microservices on OpenShift
Building JBoss EAP 7 Microservices on OpenShift
Business Process Management with JBoss BPMS on OpenShift
Build and Deployment of Java Applications on OpenShift
Building Microservices on OpenShift with Fuse Integration...
JFrog Artifactory on OpenShift Container Platform
Spring Boot Microservices on Red Hat OpenShift
API Management with Red Hat 3scale on OpenShift
App CI/CD on OCP with Jenkins
OpenShift on VMware vCenter
OpenShift on Red Hat OpenStack Platform
OpenShift on Amazon Web Services
OpenShift on Google Cloud Platform
OpenShift on Microsoft Azure
OpenShift on Red Hat Virtualization
OpenShift on HPE Servers with Ansible Tower
OpenShift on VMware vCenter 6 with Gluster
Deploying an OpenShift Distributed Architecture
OpenShift Architecture and Deployment Guide
OpenShift Scaling, Performance, and Capacity Planning
57
REFERENCE ARCHITECTURES
58. OPENSHIFT
COMMONS
400+ member organizations 55+ countries
11
Special Interest Groups
Operators, Machine Learning,
Gov, EDU, OpenStack, Ops,
and more
Peer-to-peer network
and knowledge sharing
Weekly live virtual briefings,
global face-to-face gatherings,
and a vibrant Slack community
Participants
include:
Over 400
more
Where Enterprise, Vendors, Users, and Contributors
come together to collaborate on Red Hat OpenShift
70+
Code Contributors
Organizations actively
contributing to OpenShift
open source code
https://commons.openshift.org/