Upgrade to Pro — share decks privately, control downloads, hide ads and more …

OpenShift 4.7 update 抜粋

OpenShift 4.7 update 抜粋

本家の OpenShift Update セミナーから面白そうなトピックを抜粋して国内向けに解説した時の資料です。

Yuhki Hanada

June 03, 2021
Tweet

More Decks by Yuhki Hanada

Other Decks in Technology

Transcript

  1. 1 今日のセッションの目的 • 「ふわっと」 OpenShift 4.7の新機能をウォークスルーしてみます。 • なんとなく流し聞いてもらって、心に引っかかった所を後から調べてみる、ご質問頂け ると幸いです。 •

    細かい話が多く、眠くなる可能性があるのでご注意下さい。 • 「この機能についてちょっと知ってる」という人はコメント歓迎です。 • 15分に1度くらいは、数分立ち止まる予定です。
  2. What's new in OpenShift 4.7 外部向け公開資料 https://speakerdeck.com/redhatopenshift/whats-new-in-openshift-container- platform-4-dot-7 https://www.youtube.com/watch?v=74q5nO-VCRc YouTube

    に「OpenShift」というチャネルがあります。 資料は Speaker Deck に公開 (内容は Red Hat社内向けと同じ。OCP 4.6 以降、同時に行われている)
  3. What's new in OpenShift 4.7 英語 YouTube視聴のコツ Youtube の自動生成英語字幕 の精度は結構高くなってます

    が、この手のライブ配信での 字幕は得意ではありません。 目で字幕を追い続けると逆に こんがらがりますが、リスニ ングに集中して、分からない 単語が出てきた時に、たまに 目を落とすような使い方をす るとはかどると思います。 ※逆に英語が良く聞こえる時は、字幕を読むのが結構難しくなったりするので、個人によって用法は異なると思います。
  4. What's new in OpenShift 4.7 NEW INSTALLER PLATFORMS WORKLOAD STABILITY

    CORE PLATFORM Assisted Installer AWS Commercial Cloud Services Scheduling Profiles Descheduler Operator OVN-IPsec CIS OpenShift benchmark OpenShift GitOps OpenShift Pipelines Helm 3.5 GA OpenShift 4.7 5
  5. What's next in OpenShift Q4CY2020 OpenShift Roadmap APP DEV PLATFORM

    APP DEV •Kiali integration with Dev Console •Pipelines as code •Jenkins Operator GA •OpenShift Builds v2 & Buildpacks GA •Application version model for Operators •Operator Maturity increase via SDK •Dynamic Plugins for the OCP Console •Azure China & AWS China •Alibaba, AWS Outposts, Equinix Metal, & Microsoft Hyper-V •Edge: Single node lightweight Kube cluster •Enable user namespaces Additional Windows Containers capabilities* •Priority and Fairness for APIserver •Ingress v2 + Contour •Operator metering lean architecture •Network Topology and Analysis Tooling •SmartNIC Integrations •Cost management integration to SWAtch / RH marketplace for subscriptions visibility OpenShift 4.9+ HOSTED •Cost mgmt integration to Subs Watch, ACM •ROSA AWS console integration •Cluster Suspend / Resume H2 2021+ •OpenShift Serverless (Functions GA) •OpenShift Pipelines GA •OpenShift Builds v2 & Buildpacks TP •OpenShift GitOps (Argo CD) GA •Simplify access to RHEL content in builds •Enhanced GitOps bootstrapping with kam •Console internationalization GA •Foundation for User Preferences •Application environments in Dev Console •Better Operator version & update mgmt OpenShift 4.8 •OSD consumption billing, autoscaling •Expanded ROSA and OSD Add-ons •ARO government region (MAG) support Q2 2021 •Azure Stack Hub and RHCOS for IBM Cloud •IPv6 (single/dual stack on control plane) •Enhanced Userspace Interface API & Library •Additional Windows Containers capabilities* •Support TLS 1.3 for Ingress •External DNS Management •OVN Egress Router (GA) •HAProxy 2.2 •ipfailover Support •Cost management: support for GCP, air- gapped HOSTED PLATFORM APP DEV •OpenShift Pipelines TP •OpenShift Serverless (Functions DP) •OpenShift GitOps (Argo CD) TP •Monitor application workloads •Foundation for Console internationalization •QuickStarts Extensible •Service Binding GA OpenShift 4.7 •GA of Red Hat OpenShift Service on AWS (ROSA) •OSD CCS 60-day free trial •ROSA and OSD log forwarding •ARO Azure Portal integration Q1 2021 •AWS C2S Region •GCP: Customer-managed disk encryption keys •GA Userspace Interface API & Library •Additional Windows Containers capabilities* •Network Enhancements derived from OVN •IPSec Support •FPGA Support (pilot) •OpenShift Update Service GA •Cost management: new onboarding UX •New LUKS, SW RAID, and multipath options HOSTED PLATFORM
  6. What's new in OpenShift 4.7 Kubernetes 1.20 Statistics • 11

    weeks cadence (Sep 25 to Dec 9) • 42 enhancements: ◦ Stable: 11 ; Beta: 15 ; Alpha: 16 • Contributions ◦ from 967 companies ◦ 1335 individuals ◦ 44 of first time contributors ◦ 26 countries Major Themes and Features • Kubectl Debug Graduates to Beta • Alpha: Graceful node shutdown • Volume Snapshot Goes Stable • Beta: API Priority and Fairness • Alpha: IPv4/IPv6 dual stack (reimplementation) • GA: Process PID Limiting for Stability • Exec Probe Timeout Handling CRI-O 1.20 Kubernetes 1.20 OpenShift 4.7 Blog: https://www.openshift.com/blog/kubernetes-1.20-whats-new 7 ・OCP 4.7のベースは Kubernetes 1.20 ・1.20 は、12/8のリリース ・OCP 4.7 は、2/24 GA
  7. What's next in OpenShift Q3CY2020 9 OpenShift on Bare-metal Assisted

    installer Hosted on Cloud.redhat.com Making OpenShift on Bare Metal easy Full stack automation Simplified flow - boot machines with ISO media and register them to installation web service Cluster managed LB/DNS Minimum prerequisites No dedicated bootstrap node 3 nodes cluster (M/W) No DHCP hostname allocation Jumpstart VIPs allocation Pre-install Validations Minimum host resources requirements Network connectivity/address matrix NTP sync/Chrony config Installation disk selection/IO speed Smart defaults Auto CIDR generation (based on available networks) Auto node role assignment Progress monitor and error handling End to end progress monitoring/Log collection PM: Moran Goldboim/Ramon Acedo Rodriguez ・クラウド上のコンソール (cloud.redhat.com) から、インストールを行う手法。 ・BareMetal 用。Bare Metal をもっと簡単に。 ・Node を 生成した ISOイメージでブートして登 録するだけ。 ・Tech Preview. ・bootstrap ノード用HWリソースが不要 ・インストーラー用の端末も不要 ・Load Balancer も不要 ・インターネット接続は必要
  8. HPA based on Memory General Availability apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler

    metadata: name: resize-hpa namespace: resize spec: scaleTargetRef: apiVersion: apps/v1beta1 kind: Deployment name: image-resizer minReplicas: 2 maxReplicas: 10 metrics: - type: Resource resource: name: memory targetAverageUtilization: 60 Automatically scale pod based on Memory* utilization Product Manager: Gaurav Singh *Note: HPA based on CPU was already GAed in OSP 4.3 Load Balancer MyAPP1 Reques t MyAPP2 300 request 300 request Memory usage % = 90 Memory usage % = 90 desiredReplicas= 6 [currentReplicas * ( currentMetricValue / desiredMetricValue )] currentMetricValue = 90 desiredMetricValue = 60 MyAPP3 600 request MyAPP4 MyAPP5 MyAPP6 In the above example when pod resource consumption is 60% of pod request value new pods is provisioned based on desireReplica count https://docs.openshift.com/container-platform/4.7/nodes/pods/nodes-pods-autoscaling.html これまでも CPU による Horizontal のスケールアップはで きたが、Memory の使用量によるスケールアップが追加。
  9. Scheduling Profiles Technology Preview Product Manager: Gaurav Singh LowNodeUtilization Spread

    pods evenly across nodes HighNodeUtilization Pack as many pods as possible on to as few nodes NoScoring Quickest scheduling cycle by disabling all score plugins Customize default out of box behaviour of openshift scheduler with Scheduling Profiles *Note: in OSP 4.7 customer can use both policy API and profiles but going forward policy API will be depreciated to profiles Extension points Scheduling profile Scheduling plugin Extension points Scheduling plugin Add more Scheduling plugins Pre Build Profile Build your own Profile Scheduling profile : Openshift-scheduler can have only one profile Scheduling plugin : Implements one or more extension points Extension point : Plugins that define the scheduling logic NoScoring は、最適なスケジューリングよりも速く起動し たい場合に使用する。 ・“Scheduling Profiles”は、Kubernetes 1.18でリリース。 1.19から[beta] ・“Scheduling Profiles” を簡単に使えるように、デフォル トで3種類の profile を用意したのがこの機能。 ・User が Pod のスケジューリング機能を拡張可能 ・OpenShift としてテンプレの Profile を3つ用意
  10. Descheduler Operator General Availability apiVersion: operator.openshift.io/v1beta1 kind: KubeDescheduler metadata: name:

    cluster namespace: openshift-kube-descheduler- operator spec: deschedulingIntervalSeconds: 1800 profiles: - <Profile: Select one or more profiles from the table on the left> Product Manager: Gaurav Singh AffinityAndTaints Evicts pods that violate node and pod affinity, and node taints TopologyAndDuplicates Evicts duplicate pods and balance distribution of pods LifecycleAndUtilization Evicts low utilized pods from node marked as high utilization nodes. Evicts pods base on “PodLifeTime” Evict pods that are scheduled on less desired nodes in a cluster based on profiles. Profiles* *Note: in OSP 4.7 customer can use both descheduling strategies and profiles but going forward strategies will be depreciated to profiles Descheduler の機能がGA マニュアルはこちら 2.10. Descheduler を使用した Pod のエビクト 4.7 | Red Hat Customer Portal
  11. 補則 ユーザーストーリー ストーリー1 私はシステム管理者として、実行中のポッドがノードの taint、affinity、ポッド間のアフィニテ ィを尊重していることを確認したいと思っています。私はこれを確実にするために AffinityAndTaints プロファイルを有効にしています。 ストーリー2 システム管理者としては、ポッドがスケジュールされた後に

    affinity と taint が変更されるリス クは低いのですが、それらがクラスタのノード間で均等に分散されるようにしたいと思っていま す。また、ノードの利用率をバランスよく保ちたいです。そこで、私はTopologyAndDuplicates とLifecycleAndUtilizationの両方を有効にしています。 https://github.com/openshift/enhancements/blob/master/enhancements/scheduling/descheduler-profiles.md ・どんな使用例があるの? ・GitHubより、ユーザーストーリー
  12. OVN IPSec • Ensure that OVN data plane (Geneve) traffic

    between pods on different nodes is confidential, authenticated, and has not been tampered with. • Uses Libreswan and IPSec in the kernel • Currently IPv4-only • Each node has a unique IPsec connection to each other node in the cluster. ◦ Node private keys: valid for 5yr and rotate at 4.5yr (at cluster update) ◦ CA-signed keys: valid for 10yr, do not rotate currently • Encrypted internode traffic includes that from: ◦ hostnetwork-pod -> pod ◦ pod -> pod • The following internode traffic is NOT IPSec encrypted: ◦ Control plane traffic (already TLS encrypted) ◦ pod -> hostnetwork-pod ◦ hostnetwork-pod -> hostnetwork-pod spec: defaultNetwork: type: OVNKubernetes ovnKubernetesConfig: ipsecConfig: {} Product Manager: Marc Curry IPSec is enabled by updating the Cluster Network Operator configuration during installation (details in Notes section): これで IPSec が Enable される。 {} は今後の機能拡張用 ※ hostnetwork を使った Pod は、基本的に使用しない 方が良い。NodePort Service 等を利用する。 Pod 間の通信を暗号化する機能。
  13. What's new in OpenShift 4.7 OpenShift GitOps Product Manager: Siamak

    Sadeghianfar • Multi-cluster GitOps config management with Argo CD ◦ One-click Argo CD install through OLM for cluster configs ◦ Restricted Argo CD instances for app deployment • Support for clusters with restricted networks • Deployments guide for Argo CD • Opinionated GitOps bootstrapping with GitOps Application Manager CLI kind: Application metadata: name: payroll-dev spec: destination: namespace: payroll-dev server: https://kubernetes.default.svc source: repoURL: https://github.com/myorg/payroll.git path: config $ kam bootstrap $ kam environment add stage Tech Preview 一言で言うと、Argo CD
  14. Security and Compliance OpenShift Compliance Operator CIS Benchmark, Red Hat

    ACM Integration Checks inspired by the CIS Kubernetes benchmark are now available. These work for both OCP 4.7 and OCP 4.6 (For 4.6, apply RHSA-2021:0190) The CIS OpenShift Benchmark will be released to the CIS Kubernetes community for comment in January. The OpenShift 4 Hardening Guide is available from Red Hat now until the CIS OpenShift Benchmark is published. Red Hat Advanced Cluster Manager 2.2 integrates with the OpenShift Compliance Operator Product Manager: Kirsten Newcomer What's new in OpenShift 4.7 ・”OpenShift 4 Hardening Guide” は、Customer Portal にリンクがあ るが、クリックすると、RedHatイン トラのリンクに飛ばされる。Share は可能と書いてある。 https://www.cisecurity.org/bench mark/kubernetes/
  15. What's new in OpenShift 4.7 YouTube (163) Cost Management for

    OpenShift | Sergio Ocón-Cárdenas (Red Hat) | OpenShift Commons Briefing – YouTube GitHub GitHub - project-koku/koku-metrics-operator: Operator to obtain OCP usage data and upload it to koku. 補則:Cost Management • OpenShift 4.4 で GA • cloud.redaht.com 上の SaaSサービス • OpenShift Operator Metering (deprecated) を置き換える予定。 • OCP専用サービスというわけではなく、AWS / Azure のコスト管理にも使える 補則
  16. What's new in OpenShift 4.7 Cost Management Updates • New

    onboarding user experience for OCP Clusters ◦ New operator, no longer requires Operator Metering ▪ Significantly reduced resource consumption (by 1.000x) ◦ Certified version will be available during the OCP 4.7 timeframe ◦ Only one configuration YAML file ◦ Level 2 operator ◦ Support for air-gapped clusters coming soon Community Operator Red Hat Operator Naming Koku Metrics Operator Cost management metrics operator Location In Cluster Operator Hub In Cluster Operator Hub Availability Today Q1/2 2021 Air-gapped support Q2 2021 Q2 2021 19 ・OpenShift 用の Metrics データを吸 い上げて koku に送る Operator ・現状は Community 版だけで、Red Hat サポート版は未リリース ・Q1/Q2に出る予定
  17. What's new in OpenShift 4.7 Cost Management Updates • Tag

    ingestion filtering ◦ Now you can restrict which tags are available in reports • Cost model enhancements ◦ Label-based rates (i.e. use tags to differentiate prices for “gold”, “silver” and “bronze”) ◦ Support for default rates • RBAC enhancements ◦ Visibility fine tuning ▪ Limit user access to specific resources ◦ You can now create sources without org admin privileges with the right role 20 ・細々とした改良 元々、以下の事ができる ・Cost Modelの作成(Metrix で得られた値に、コ ストのレートを指定できる) ・tagを付けて複数の Project をまとめる事ができ る。
  18. What's new in OpenShift 4.7 Traditional and Kubernetes-native CI/CD OpenShift

    Builds Product Manager: Siamak Sadeghianfar OpenShift OpenShift Pipelines OpenShift GitOps Build container images from source code using Kubernetes tools A Comprehensive DevOps Platform for Hybrid Cloud Declarative GitOps for multi-cluster continuous delivery 22 ・これらのコンポーネントは、OpenShiftに含まれています。 ・OSS製品のパッケージになっており、 OpenShift Builds / OpenShift Pipelines / OpenShift GitOps と名前が付けられています。
  19. What's new in OpenShift 4.7 Traditional CI/CD Cloud-Native CI/CD •

    モノリシック • 集中管理 • 既存のIT投資 • Serverless • Cross-functionalチーム • Kubernetes-native 補則:OpenShift Pipeline OpenShift Git Repo Build App(WAR) Code Analysis Unit Test Archive App Build Image Deploy Dev Integration Test Promote Staging Deploy Staging Archive Repo Build Config Dev Project Staging Project Container Registry Jenkins Pipeline (Jenkins Slave) Build Config (Embedded Definition) oc start-build PIPELINE RUN PIPELINE Build JAR Code analysis Build app image Deploy to DEV cluster Integration Tests Deploy to STAGE cluster Container Registry git url registry url dev cluster cred stage cluster cred DEV Cluste r STAGE Cluste r OpenShift Pipelines Cloud-Native CI/CD with Tekton on OpenShift OpenShift には、標準で Jenkins / Tekton (OpenShift Pipeline) が含まれており、開発者が DevOps を実現する ための環境を簡単にセットアップできます。 補則資料: 既存の Jenkins に続いて TEKTON
  20. What's new in OpenShift 4.7 OpenShift GitOps (new add-on) Product

    Manager: Siamak Sadeghianfar • Enable teams to adopt a declarative GitOps approach to multi-cluster configuration and continuous delivery • OpenShift GitOps is complementary to OpenShift Pipelines and includes ◦ Argo CD ◦ GitOps Application Manager CLI ◦ Integrated into Dev Console (App Stages) • Included in OpenShift SKUs Desired State Cluster State Observe State Take Action OpenShift GitOps 24 補則:OpenShift GitOps ・OCP 4.6で Tech Preview 開始 ・OCP 4.7 でも Tech Preview ・OCP 4.8 で GA予定 ・OpenShift UI との統合 ・CLIを提供 (kam コマンド) 補則:OpenShift GitOps Tech Preview OpenShift GitOps Argo CD (Community)
  21. What's new in OpenShift 4.7 • Reduced pipeline privileges (controllers

    as nonroot, pipelines as anyuid • Cluster-wide proxy configs passed to TaskRuns pods • HTTPS support for webhooks (TLS in EventListeners) • EventListener can be shared across multiple namespaces to reduce resource consumption • Image digest published as result in buildah and S2I tasks • Pipeline UX enhancements highlights in Dev Console ◦ Metrics tab: pipeline execution metrics ◦ TaskRuns tab: list of TaskRuns created by a PipelineRun ◦ Events tab: related PipelineRun, TaskRun and Pod events ◦ Download PipelineRun logs Tech Preview Product Manager: Siamak Sadeghianfar OpenShift Pipelines 1.3 25 ・TEKTION は、4.6 で Tech Preview ・細々とした改善
  22. What's new in OpenShift 4.7 • GitHub partnerships (press release)

    • Interact with OpenShift from GitHub workflows • Verified OpenShift actions on GitHub Marketplace ◦ OpenShift client (oc) ◦ OpenShift login ◦ S2I build ◦ Buildah builds ◦ Push image to registry • More actions and GitHub Runner to come... Red Hat GitHub Actions GitHub Integration Blog: Deploying to OpenShift using GitHub Actions | Demo Product Manager: William Markito GitHub の Marketplace に Red Hat 提供の GitHub Action を公開
  23. What's new in OpenShift 4.7 28 WHAT’S NEW IN QUAY

    3.4 • All Quay / Clair images • All Operator Images • All Operator Bundles • Gated by Subscription • All upstream images remain on quay.io/projectquay Official Red Hat Quay images Download now via Red Hat Container Catalog Product Manager: Daniel Messer ・Quay は、2月に 3.4 がリリースさ れました。
  24. What's new in OpenShift 4.7 Batteries-included Quay Deployment 29 Quay

    Clair PostgreSQL DB Redis DB Mirroring Workers Route Horizontal Auto-Scaling Config Editor Operator Object Storage* Mandatory Component Optional Component Quay Operator 3.4 can now update deployments to a newer version and will also migrate existing deployments managed by the Quay Operator 3.3 Quay Operator can now deploy a complete Quay installation with all required services managed by the Operator and supported by Red Hat. * based on local storage provided by non-HA NooBaa S3 endpoint (included in subscription) WHAT’S NEW IN QUAY 3.4 Product Manager: Daniel Messer ・Operator のインストールで、Quay のコンポーネントを全てインストール できるように。 ・Optional のモジュールは、オプトア ウトできる。 ・ストレージは OCSを使ったり、外部 のS3を使ったり選択できる。
  25. 30 Clair v4 is the newest version of Clair after

    a complete refactoring in order to make several big enhancements possible. This includes: • Support for programming language package managers (python) • immutable data model & new manifest-oriented API • Air-Gapped Deployments Clair v4 General Availability v4 Learn more about Clair v4 here: Red Hat Quay Technical Deck WHAT’S NEW IN QUAY 3.4 Product Manager: Daniel Messer ・Clair が ver 4 になりました。
  26. What's new in OpenShift 4.7 Product Manager: Christian Heidenreich OpenShift

    Logging 5.0 32 What Commencing as part of OpenShift 4.7, Red Hat OpenShift Logging is provided as an installable component, with a distinct release cycle from the core OpenShift Container Platform. Note: • No separate SKU. • No changes to the support process. • The changes are mostly about how and how often we deliver Logging but does not impact our current features. Why Better alignment with other layered products such as Service Mesh, Serverless, Pipelines, and others. • More choice to how you want to consume Logging through OLM channels (stable, tech-preview, specific release version). • Feature- vs time-based releases. • Smoother upgrade experience, logging built & tested to run on multiple OCP versions. Benefits Impact Almost none. We do not change any features, the process you use to receive support, EUS support. How Next time you upgrade Logging, choose one of the newer channels available from 4.7 onwards. ・OpenShift 4.7 から、「OpenShift Logging」のリリースサイクルが独立します。 ・バージョンは 5.0 からスタートします。(OpenShift 4.6では、Cluster Logging の バージョンは 4.6で、OpenShift と一致し ていた) ・サポートについては変更はありません。SKU もわかれません(OpenShiftに含まれたまま) ・OpenShift Logging を構成する Operator も2種類のまま(バージョンは両方とも 5.0)
  27. What's new in OpenShift 4.7 API Performance Dashboard Product Manager:

    Marc Curry • New "API Performance" grafana dashboard that visualizes kube-apiserver and openshift-apiserver metrics • Useful histogram of metrics that can be used to better understand API load characterization and debug issues • Metrics include: ◦ request rate by resource and verb, read vs write, status and instance ◦ request: duration, dropped, terminated, in-flight ◦ priority and fairness measurements ◦ TLS handshake error rates ◦ etcd object count ◦ ...and many others 34 ・API server の Performance が見れるダッシュボードができた。 ・”request rate by resource and verb” の例 “clusterroles-GET” や “Pods-GET” 等。 ・ Request にかかった時間なども見る事ができる。
  28. What's new in OpenShift 4.7 Preparing for HAProxy 2.2 in

    OpenShift 4.8 “Public Service Announcement” for an upcoming change in OpenShift 4.8: • OpenShift 4.8 will update to HAProxy 2.2, which down-cases HTTP header names by default (for example, “Host: xyz.com” is transformed to “host: xyz.com”), as permitted by the HTTP protocol standard, and as required by HAProxy’s HTX feature for HTTP/2. • In OpenShift 4.7, for legacy applications that are sensitive to the capitalization of HTTP header names, the IngressController will have a new API field, spec.httpHeaders.headerNameCaseAdjustments, to accommodate these legacy applications until they can be fixed. • The new API will be backported to OpenShift 4.6, and allows the cluster administrator to specify rules for transforming the case of HTTP header names in HTTP/1 requests. • Cluster administrators and application developers need to be aware of the change and configure IngressControllers and Routes with this new configuration, if necessary, before upgrading to OpenShift 4.8. Product Manager: Marc Curry For more information about the change, including why it was made and how to specify Header name transformation rules, view the enhancement proposal. ・HTTP1.1 は、大文字小文字両方 ok で、アプリケーションは両方を処理で きるべきだったが、 HTTP2では小文字のみになっている。 ・HA Proxy 2.2 では、HTTP 1.1 でも小文字化がデフォルトになる。 ・小文字化を避けるために、新しいAPI Field を追加。 ・このAPIは 4.6 に backport される予定。 ・HA Proxy の HTTP Representation(HTX) が、HTTP2 に 必要で Header の小文字化を引き起こす。 ・OCP 4.4 では、HTTP2を使用してない時には off にする対 策を入れていた ・HAProxy 2.2 では HTXを off にできなくなる。
  29. What's new in OpenShift 4.7 Storage updates OCP STORAGE OCP

    Supported AWS EBS Fibre Channel Azure File & Disk HostPath GCE PD Local Volume VMware vSphere Disk Raw Block NFS iSCSI Supported via OCS File , Block, Raw Block, Object Supported via OSP Cinder • CSI Operators ◦ Cinder CSI ◦ Google Persistent Disk CSI (Tech Preview) • CSI Capabilities ◦ Snapshot ◦ Snapshot validation • Other ◦ Environment check for VMware storage ◦ Report usage of storage subsystems ◦ Configurable timeouts for E2E tests 39 Product Manager: Duncan Hardie ・CSI snapshot が GA ・upstream が 幾つかのintree のドライバーを非推奨にしはじめ ている。今後の課題になる可能性がある。 ・Cinder CSI が GA ・CSI driver の基本リリース方針としては、Tech Preview Release の次のリリースでGA
  30. What's new in OpenShift 4.7 • Vault (Key Management System)

    integration for encryption • Data protection ◦ Multi-cluster block async replication (TP) ◦ Stretch cluster with arbiter ◦ Mutli-cluster Metro DR - Dev Preview • Flexible failure domain • Local object caching for AI/ML • Guided tours for better user experience OpenShift Container Storage updates OCP STORAGE Out of the box support Block, File, Object Platforms AWS Azure Bare metal RHV (Tech Preview) VMWare Google Cloud (Tech Preview) IBM Z/Power OSP (Tech Preview) Deployment modes Disconnected environment and Proxied environments 40 Product Manager: Duncan Hardie ・HashiCorp の Vault と連携した暗号化。 ・非同期 Replication が Tech Preview ・Metro DR が Dev Preview (近距離の同期 Replication)
  31. 42 Windows Machine Config Operator: Now Generally Available WMCB CNI

    Kubelet Kube-proxy Hybrid-overlay Payload Windows machine config operator Watches Windows MachineSet Windows machine Kube-proxy CNI Hybrid-overlay Kubelet Windows virtual machine Windows machine config bootstrapper (WMCB) Configures Installs operator Results in creation of virtual machines Cluster admin On cluster OperatorHub Cluster admin Copy binaries configure services Product Manager: Anand Chandramohan ・Windows ノードのサポート ・具体的にはMachine Config Operator が対応
  32. New Platform Added: vSphere IPI 43 vSphere IPI Support for

    vSphere IPI in Windows Community Operator Support in Red Hat certified operator will be available end of Q1, 2021 Community Operator Red Hat Operator Location In Cluster OperatorHub Red Hat Catalog/ Marketplace Platforms supported AWS, Azure, vSphere IPI AWS, Azure Refresh cycle Every 1-2 sprints Every OCP Y stream Product Manager: Anand Chandramohan Community 版の Machine Config Operator は、vSphere IPI までサポート Red Hat 版の Machine Config Operator の vSphere IPI のサポートは、2021 / Q1終わり予定(そろそろ?)
  33. 補則: Windows コンテナ • OpenShift は、Windows Server 2019 をサポート •

    Windows のコンテナは、グラフィカルな環境をサポートする事を意図してないので注意 • Windows の Registry に依存するような作りになっている場合いは、Multi node にスケールする時に問 題が出る可能性がある。 • OpenShift 4.6以上が必要 • Windows コンテナのベースイメージには、「.Net Core」と「.Net Framework」がある。 .Net Core は、Windows / Linux / Mac 上で動作する .Net Framework のサブセット .Net Framework は、Windows 上で動くアプリケーションを作成するためのフレームワーク https://docs.microsoft.com/en-us/dotnet/architecture/microservices/ .Net Core / .Net Framework