OpenShift 101

Transcript

1. Bruno Russi Lautenschlager Transformation Architect LATAM OpenShift 101

2. Red Hat OpenShift and Kubernetes core concepts 2

3. 3 A container is the smallest compute unit Red Hat

   OpenShift Concepts CONTAINER

4. 4 Containers are created from container images Red Hat OpenShift

   Concepts BINARY RUNTIME CONTAINER CONTAINER IMAGE

5. 5 Container images are stored in an image registry Red

   Hat OpenShift Concepts CONTAINER REGISTRY CONTAINER

6. 6 An image repository contains all versions of an image

   in the image registry Red Hat OpenShift Concepts IMAGE REGISTRY frontend:latest frontend:2.0 frontend:1.1 frontend:1.0 mongo:latest mongo:3.7 mongo:3.6 mongo:3.4 myregistry/frontend myregistry/mongo

7. 7 Everything runs in pods Red Hat OpenShift Concepts 10.140.4.44

   CONTAINER CONTAINER IMAGE POD

8. 8 Containers are wrapped in pods which are units of

   deployment and management Red Hat OpenShift Concepts 10.140.4.44 10.15.6.55 POD POD

9. 9 ReplicationControllers & ReplicaSets ensure a specified number of pods

   are running at any given time Red Hat OpenShift Concepts image name replicas labels cpu memory storage ReplicaSet ReplicationController ... 1 2 N POD POD POD

10. 10 Deployments and DeploymentConfigurations define how to roll out new

    versions of Pods Red Hat OpenShift Concepts image name replicas labels version strategy Deployment DeploymentConfig v1 v2 POD POD

11. 11 A daemonset ensures that all (or some) nodes run

    a copy of a pod Red Hat OpenShift Concepts foo = bar Node image name replicas labels cpu memory storage DaemonSet foo = bar Node foo = baz Node ✓ ✓ POD POD

12. 12 Dev Configmaps allow you to decouple configuration artifacts from

    image content Red Hat OpenShift Concepts appconfig.conf MYCONFIG=true ConfigMap Prod appconfig.conf MYCONFIG=false ConfigMap POD POD

13. 13 Secrets provide a mechanism to hold sensitive information such

    as passwords Red Hat OpenShift Concepts The etcd datastore can be encrypted for additional security https://docs.openshift.com/container-platform/4.6/security/encrypting-etcd.html Dev hash.pw ZGV2Cg== ConfigMap Prod hash.pw cHJvZAo= ConfigMap POD POD

14. 14 Services provide internal load-balancing and service discovery across pods

    Red Hat OpenShift & Kubernetes Concepts 10.110.1.11 10.120.2.22 10.130.3.33 10.140.4.44 POD POD POD POD role: frontend role: backend role: backend role: backend role: backend SERVICE “backend”

15. 15 Apps can talk to each other via services Red

    Hat OpenShift & Kubernetes Concepts POD POD POD POD 10.110.1.11 10.120.2.22 10.130.3.33 10.140.4.44 role: frontend role: backend role: backend role: backend role: backend SERVICE “backend”

16. 16 Routes make services accessible to clients outside the environment

    via real-world urls Red Hat OpenShift Concepts > curl http://app-prod.mycompany.com app-prod.mycompany.com POD POD POD role: frontend role: frontend role: frontend role: backend SERVICE “frontend” Route

17. 17 Persistent Volume and Claims Red Hat OpenShift Concepts My

    app is stateful. PersistentVolumeClaim PersistentVolume POD 2Gi 2Gi

18. 18 Readiness probe Red Hat OpenShift Concepts ready?

19. 19 Liveness probe Red Hat OpenShift Concepts alive?

20. 20 Projects isolate apps across environments, teams, groups and departments

    Red Hat OpenShift Concepts PAYMENT DEV PAYMENT PROD CATALOG INVENTORY ❌ ❌ ❌ POD POD POD POD POD POD POD POD POD POD POD POD

21. Red Hat OpenShift Architecture 21

22. 22 Your choice of infrastructure Red Hat OpenShift | Architectural

    Overview STORAGE NETWORK COMPUTE

23. 23 Workers run workloads Red Hat OpenShift | Architectural Overview

    STORAGE NETWORK COMPUTE COMPUTE COMPUTE

24. 24 Control plane nodes control the cluster Red Hat OpenShift

    | Architectural Overview STORAGE NETWORK COMPUTE CONTROL PLANE

25. 25 State of everything Red Hat OpenShift | Architectural Overview

    STORAGE NETWORK COMPUTE etcd CONTROL PLANE

26. 26 The core Kubernetes components Red Hat OpenShift | Architectural

    Overview STORAGE NETWORK COMPUTE Kubernetes Services etcd Kubernetes API server Scheduler Cluster Management CONTROL PLANE

27. 27 Internal and support infrastructure services Red Hat OpenShift |

    Architectural Overview STORAGE NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd Monitoring | Logging |Tuned |SDN | DNS | Kubelet CONTROL PLANE

28. 28 The core Red Hat OpenShift components Red Hat OpenShift

    | Architectural Overview STORAGE NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd OpenShift API server Operator Lifecycle Management Web Console CONTROL PLANE Red Hat OpenShift Services

29. 29 Run on all hosts Red Hat OpenShift | Architectural

    Overview STORAGE NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd COMPUTE COMPUTE Monitoring | Logging | Tuned SDN | DNS | Kubelet Monitoring | Logging | Tuned SDN | DNS | Kubelet CONTROL PLANE Red Hat OpenShift Services

30. 30 Cluster monitoring Red Hat OpenShift | Architectural Overview STORAGE

    NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd COMPUTE COMPUTE Prometheus | Grafana Alertmanager Prometheus | Grafana Alertmanager Monitoring | Logging | Tuned SDN | DNS | Kubelet Monitoring | Logging | Tuned SDN | DNS | Kubelet CONTROL PLANE Red Hat OpenShift Services

31. 31 Integrated routing Red Hat OpenShift | Architectural Overview STORAGE

    NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd COMPUTE COMPUTE Router Router Prometheus | Grafana Alertmanager Prometheus | Grafana Alertmanager Monitoring | Logging | Tuned SDN | DNS | Kubelet Monitoring | Logging | Tuned SDN | DNS | Kubelet CONTROL PLANE Red Hat OpenShift Services

32. 32 Integrated image registry Red Hat OpenShift | Architectural Overview

    STORAGE NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd COMPUTE COMPUTE Registry Registry Router Router Prometheus | Grafana Alertmanager Prometheus | Grafana Alertmanager Monitoring | Logging | Tuned SDN | DNS | Kubelet Monitoring | Logging | Tuned SDN | DNS | Kubelet CONTROL PLANE Red Hat OpenShift Services

33. 33 Log aggregation Red Hat OpenShift | Architectural Overview STORAGE

    NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd COMPUTE COMPUTE Kibana | Elasticsearch Kibana | Elasticsearch Registry Registry Router Router Prometheus | Grafana Alertmanager Prometheus | Grafana Alertmanager Monitoring | Logging | Tuned SDN | DNS | Kubelet Monitoring | Logging | Tuned SDN | DNS | Kubelet CONTROL PLANE Red Hat OpenShift Services

34. 34 Normal cluster operations Red Hat OpenShift | Architectural Overview

    STORAGE NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd COMPUTE COMPUTE CONTROL PLANE Red Hat OpenShift Services

35. 35 Auto-healing failed pods Red Hat OpenShift | Architectural Overview

    STORAGE NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd COMPUTE COMPUTE CONTROL PLANE Red Hat OpenShift Services

36. 36 Auto-healing failed pods Red Hat OpenShift | Architectural Overview

    STORAGE NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd COMPUTE COMPUTE CONTROL PLANE Red Hat OpenShift Services

37. 37 Auto-healing failed nodes Red Hat OpenShift | Architectural Overview

    STORAGE NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd COMPUTE COMPUTE CONTROL PLANE Red Hat OpenShift Services

38. 38 Auto-healing failed nodes Red Hat OpenShift | Architectural Overview

    STORAGE NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd COMPUTE COMPUTE CONTROL PLANE Red Hat OpenShift Services

39. 39 Dev and Ops via web, cli, API, and IDE

    Red Hat OpenShift | Architectural Overview EXISTING AUTOMATION TOOLSETS SCM (GIT) CI/CD STORAGE NETWORK COMPUTE Developers Admins Red Hat OpenShift Services Infrastructure Services Kubernetes Services etcd COMPUTE COMPUTE Kibana | Elasticsearch Kibana | Elasticsearch Registry Registry Router Router Prometheus | Grafana Alertmanager Prometheus | Grafana Alertmanager Monitoring | Logging | Tuned SDN | DNS | Kubelet Monitoring | Logging | Tuned SDN | DNS | Kubelet CONTROL PLANE

40. Runtime, Build, Synchronize RHEL CoreOS OCI tooling to create, run,

    and manage, Linux Containers with a cluster-friendly life cycle skopeo A lightweight OCI-compliant runtime • Minimal and secure architecture • Optimized for Kubernetes • Run any OCI-compliant container image (including docker) A docker-compatible CLI for containers • Remote management API via Varlink • Image/container tagging • Advanced namespace isolation Inspect, push/pull, and sign OCI images • Inspect image manifests • Transfer images between registries

41. BROAD ECOSYSTEM OF WORKLOADS CRI-O, Kubernetes, and OpenShift CRI-O 1.24

    Kubernetes 1.24 OpenShift 4.11 CRI-O tracks and versions identical to Kubernetes, simplifying support permutations

42. Learning, Training and Resources 42

43. Openshift Learning, Documentation, and Resources Red Hat Openshift Documentation •

    Openshift Documentation (4.11) • Openshift Docs - Deploying Containerized Applications • Openshift TV - Youtube, Twitch Red Hat Developer Sandbox • Red Hat Developer Sandbox (Helm, Eclipse Che, Openshift)

44. Red Hat Developer, Kubernetes, and Openshift Training • DO288: Red

    Hat OpenShift Development II: Containerizing Applications • EX288: Red Hat Certified Specialist in OpenShift Application Development exam • AD183: Red Hat Application Development I: Programming in Java EE • EX183: Red Hat Certified Enterprise Application Developer exam • DO378: Red Hat Cloud-Native Microservices Development with Quarkus • DO328: Building Resilient Microservices with Istio and Red Hat OpenShift Service Mesh • DO180: Red Hat OpenShift I: Containers & Kubernetes • EX180: Red Hat Red Hat Certified Specialist in Containers and Kubernetes exam

45. Openshift TV

46. linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHat OPEN INNOVATION LABS 46 red.ht/labs Thank

    you.