Kubernetes and OpenShift: Same, same, different

Transcript

1. OpenShift and Kubernetes: Same, Same, Different Josh Wood Developer Advocate

   October 2018

2. Formerly: DocOps, CoreOS Josh Wood Developer Advocate, Kubernetes and OpenShift

   • [email protected] • @joshixisjosh9 • github.com/joshix • speakerdeck.com/joshix
3. None
4. None
5. None
6. None

7. OpenShift is specifically designed to bring developers and operations teams

   together.

8. K8s bets era: OpenShift v3 & etc. OpenShift Cartridge A

   bit of history... ... ‘14 June 6: K8s commits OpenShift has roots older than Kubernetes This accounts for some of their differences ‘15 July ‘15: K8s v1.0 ‘16

9. Elements Kubernetes (blue) and OpenShift (red) Abstractions Route Deployment Configuration

   Build Configuration Image Stream Integrated Registry Pod Replication Controller* Service Ingress Persistent Volume Claim Persistent Volume

10. Kubernetes terms and concepts Distributed systems oriented Kubernetes is a

    container cluster orchestrator. It has a proliferation of words: • Control Plane and Controller - same • Node - same • Pod - yup • Deployment - different, but key concept • Service - “” • Ingress and Ingress Controller- different, but

11. Kubernetes terms and concepts Control Plane The control plane implements

    loop(s), checking that actual state == desired state • Controller - a control plane member implementing state reconciliation • The default control plane schedules pods onto cluster Nodes

12. Kubernetes terms and concepts Pod A Pod groups one or

    more containers together to share resources • Pod is the unit of scaling, or replication: kubectl scale depl/name --replicas=3

13. Kubernetes terms and concepts Deployment A Deployment represents a running

    application • ReplicaSet: group of Pods • Deployment Controller implements the state loop

14. Kubernetes terms and concepts Service A Service defines a logical

    set of Pods and a manner for accessing them • By default, a Service provides an endpoint on the cluster network (not external access) • Usually a Service chooses Pods based on a label selector (eg, `role=frontend`)

15. Kubernetes terms and concepts Ingress Ingress is a collection of

    rules about external access to a Service • Load balancing, SSL termination and name-based virtual hosting • Typically HTTP at L7 (but depends on the …) • Ingress Controller required

16. OpenShift things Application developer oriented OpenShift adds abstractions and tooling

    to make a PaaS-like experience • Application Oriented: The Deployment config • Intelligent security, config defaults: multi-tenant, elaborated on the RBAC core in k8s • Integrated container registry, base for • Build configurations • Image streams: of image tags from the registry - can trigger rebuild of apps atop those base images • Deployment Configuration: ties together application items • Route: Getting external traffic to the App

17. OpenShift build tools Building and deploying app containers on the

    cluster OpenShift promotes build elements to first-class abstractions on the platform • Integrated container registry • Software catalog • Build configuration • Image stream: Tagged images, source in registry, rollbacks to arbitrary points on that stream, rebuild apps when FROM is updated

18. OpenShift web console and oc Managing apps on the cluster

    OpenShift promotes some new elements. These tools know about them • Web console built around the Project -> App • Graphical tools for native k8s things like volume claims, etc • oc: CLI tool • odo: CLI tool for developers

19. Elements Kubernetes (blue) and OpenShift (red) Abstractions Route Deployment Configuration

    Build Configuration Image Stream Integrated Registry Pod Replication Controller* Service Ingress Persistent Volume Claim Persistent Volume

20. OpenShift Project Namespace ready for work Projects draw on the

    Kubernetes namespace, which isolates resources and access • Intelligent RBAC defaults and user role • Project defines and seals an “application” • … in a way flexible enough for various architectures • Projects enable multi-tenant use of an OpenShift cluster with access privileges determined by the identity of the user or the team they belong to

21. OpenShift Deployment Config Developer application handle Deployment Configs bundle application

    resources from multiple K8s and OpenShift components • A deployment config: • Contains one or more application Pods (and thus their containers) • … again, in a way flexible enough for various architectures • Lists services related by selectors • Built on the kubernetes Replication Controller (rather than ReplicaSet) • Knows how to build my app! • Tracks build config, build output (including pipelines), other development keys

22. OpenShift Route Real world external traffic The OpenShift Route(r) •

    Routes predate Ingress resource/controllers • And remain considerably easier to think about and use • OpenShift admins define Routers -- effectively, edge routing between the cluster SDN and the real world where your customers live • HAProxy: L7 is in the box • Easy TLS, edge or pass through

23. OpenShift and Kubernetes Where to get them and how OpenShift

    • https://learn.openshift.com • OpenShift Online Starter • OpenShift Online Pro, Dedicated (our VMs, managed) • OpenShift is Software: • OpenShift Container Platform (on prem/your VMs) • OKD (formerly OpenShift Origin) • Minishift: local dev on your laptop

24. OpenShift and Kubernetes Conclusions OpenShift makes it easier for devs

    to get distributed system benefits • Deployment choices reduced: SDN, Ingress controller and LB costs • But what about Layer 4? • What about site specific SDN concerns? • Kubernetes flexibility: • Define alternative implementations • OpenShift Routers: can be replaced, or • Kubernetes Ingress

25. Formerly: DocOps, CoreOS Josh Wood Developer Advocate, Kubernetes and OpenShift

    • [email protected] • @joshixisjosh9 • github.com/joshix • speakerdeck.com/joshix
26. None