Professional Documents
Culture Documents
My OpenShift Technical Overview - May 2018
My OpenShift Technical Overview - May 2018
TECHNICAL OVERVIEW
Justin Pittman
Solution Architect - ISVs
North America
May 2018
Self-Service Standards-based
Multi-language Web-scale
Multi-tenant Secure
SERVICE LAYER
C C C
CI/CD DATA STORE
RHEL RHEL RHEL
EXISTING C C C C
HEALTH/SCALING
AUTOMATION
TOOLSETS
C
RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL
INFRASTRUCTURE APPLICATIONS
Hypervisor
Hardware
Hardware
Application Application
OS dependencies OS dependencies
Operating System
Container Host
Application Application
Clear ownership boundary Dev
IT Ops OS dependencies between Dev and IT Ops OS dependencies
(and Dev, sort of)
drives DevOps adoption
Operating System and fosters agility Container Host
IT Ops
Infrastructure Infrastructure
Image Layer 3
Application Layer
Any OCI-compliant
Optimized for container from any Improve Security and
Kubernetes OCI registry Performance at scale
(including docker)
Container
C Cc
Image
C C C
C C C C
Pod C
C C
c
C C C
C C C C
RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL
API/AUTHENTICATION
RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL
API/AUTHENTICATION
DATA STORE
RHEL RHEL RHEL
RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL
PHYSICAL
PHYSICAL
VIRTUALVIRTUAL
PRIVATEPRIVATEPUBLIC PUBLICHYBRID HYBRID
API/AUTHENTICATION
DATA STORE
RHEL RHEL RHEL
RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL
API/AUTHENTICATION
DATA STORE
RHEL RHEL RHEL
RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL
C C
DATA STORE
RHEL RHEL RHEL
RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL
C C
DATA STORE
RHEL RHEL RHEL
HEALTH/SCALING
RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL
SERVICE LAYER
C C C
DATA STORE
RHEL RHEL RHEL
HEALTH/SCALING C C C C
C
RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL
SERVICE LAYER
C C C
DATA STORE
RHEL RHEL RHEL
HEALTH/SCALING C C C C
C
RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL
SERVICE LAYER
C C C
DATA STORE
RHEL RHEL RHEL
HEALTH/SCALING C C C C
C
RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL
SERVICE LAYER
C C C
CI/CD DATA STORE
RHEL RHEL RHEL
EXISTING C C C C
HEALTH/SCALING
AUTOMATION
TOOLSETS
C
RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL
API/AUTHENTICATION
C C C
DATA STORE
RHEL RHEL RHEL
C C
HEALTH/SCALING c
RED HAT
ENTERPRISE LINUX RHEL RHEL RHEL
API/AUTHENTICATION
C C C
DATA STORE
RHEL RHEL RHEL
C C
HEALTH/SCALING c
RED HAT
ENTERPRISE LINUX RHEL RHEL RHEL
API/AUTHENTICATION
C C C
DATA STORE
RHEL RHEL RHEL
C C
HEALTH/SCALING c
RED HAT
ENTERPRISE LINUX RHEL RHEL RHEL
API/AUTHENTICATION
C C C
DATA STORE
RHEL RHEL RHEL
C C
HEALTH/SCALING c
RED HAT
ENTERPRISE LINUX RHEL RHEL RHEL
c c
API/AUTHENTICATION
C C C
DATA STORE
RHEL RHEL RHEL
C C
HEALTH/SCALING
RED HAT
ENTERPRISE LINUX RHEL RHEL
ROUTER
INTERNAL TRAFFIC
SERVICE
Canary Deployments
POD
EGRESS
EXTERNAL
POD EGRESS SERVICE ROUTER SERVICE
INTERNAL-IP:8080
POD
IP1 Whitelist: IP1
NODE
IP1
POD
OPENSHIFT
KUBERNETES CNI
Contrail
OpenShift Essentials Cisco VMware Open
Flannel Nuage (OpenCont Big Switch
Plugin (Calico) Contiv NSX-T Daylight
Plugin* Plugin rail) Plugin
Plugin Plugin Plugin Plugin
DEFAULT Plugin
* Flannel is minimally verified and is supported only and exactly as deployed in the OpenShift on OpenStack reference architecture
NODE NODE
172.16.1.10 172.16.1.20
IP Network
MULTI-TENANT NETWORK
NODE NODE
●
●
Project-level network isolation
Multicast support
POD POD
✓ POD POD
✓ ✓ matchLabels:
color: purple
POD POD ingress:
- ports:
- protocol: tcp
port: 8080
NODE
veth0
POD 1
10.1.15.2/24
br0
vxlan0 eth0
10.1.15.1/24
192.168.0.100
veth1
POD 2
10.1.15.3/24
NODE 2
veth0 br0
POD 2 vxlan0 eth0
10.1.20.2/24 10.1.20.1/24
192.168.0.200
Container
NODE 1 to Container on Different Hosts
POD 1
veth0 br0
tun0 eth0
External
10.1.15.2/24 10.1.15.1/24 Host
192.168.0.100
etcd
NODE 2 flanneld
Flannel is minimally verified and is supported only and exactly as deployed in the OpenShift
on OpenStack reference architecture https://access.redhat.com/articles/2743631
● Access control
○ Cluster administrators can view all logs
○ Users can only view logs for their projects
NODE
ADMIN
NODE
RHEL
POD POD APPLICATION LOGS
POD POD
FLUENTD
ELASTIC ELASTIC
ELASTIC ELASTIC
RHEL ELASTICSEARCH KIBANA
POD POD
USER
RHEL
NODE
RED HAT
POD POD CLOUDFORMS
CONTAINER METRICS
FLUENTD
NODE
POD POD API OPENSHIFT
HEAPSTER HAWKULAR
WEB CONSOLE
POD POD
FLUENTD
NODE
RHEL USER
POD POD CUSTOM
DASHBOARDS
POD POD ELASTIC
CADVISOR
ELASTIC
CASSANDRA
RHEL
POD POD
RHEL
OpenStack
NFS iSCSI Azure Disk AWS EBS FlexVolume
Cinder
register PV Ceph
iSCSI GlusterFS NFSP NFSP NFSP
RBD
PV PV V V V
PV
Admin
create claim
Slow Azure
Azure-Disk Provisioner
provision
Admin Fastest NetApp
PV
NetApp-Flash Provisioner
Pod
RHGS RHGS POD POD RHGS POD POD POD POD POD
☑ Open ticket
☑ Wait for allocation
☑ Receive credentials
☑ Add to app
☑ Deploy app
SERVICE SERVICE
CONSUMER PROVIDER
AWS AWS
Service AWS
Broker Services
apiVersion: servicecatalog.k8s.io/v1alpha1
kind: Broker
metadata:
name: asb-broker
spec:
url: https://asb-1338-ansible-service-broker.10.2.2.15.nip.io
create binding
OpenShift Registry
Docker Hub
Red Hat
Container Catalog
mediawiki-apb
postgresql-apb
Discover and list
OpenShift
APBs from the
Service Catalog configured image
registries
OpenShift
Ansible Broker
OpenShift Registry
Docker Hub
Red Hat
Container Catalog
run it with the broker
mediawiki-apb
action as a parameter
postgresql-apb
OpenShift
Service Catalog
APB
OpenShift
Container
Ansible Broker (postgresql)
OpenShift Registry
Docker Hub
Red Hat
Container Catalog
provision.yaml
mediawiki-apb
playbook to create a
postgresql-apb
PostgreSQL container
OpenShift
Service Catalog
APB Postgre
OpenShift
Ansible SQL
Container
Service Broker
Ansible (postgresql) Container
OpenShift Registry
Docker Hub
Red Hat
Container Catalog
bind.yaml
mediawiki-apb
playbook to create
postgresql-apb
database user
OpenShift
Service Catalog
APB Postgre
OpenShift SQL
Container
Ansible Broker (postgresql) Container
MediaWiki
Container
OpenShift Registry
Docker Hub
Red Hat
Container Catalog
away and Service Broker
mediawiki-apb
creates a binding for
postgresql-apb
the PostgreSQL service
OpenShift
Service Catalog
Postgre
OpenShift SQL
Ansible Broker Container
MediaWiki
create binding Container
OpenShift Registry
Docker Hub
Red Hat
Container Catalog
a secret for the binding,
mediawiki-apb
containing the database
postgresql-apb
credentials
OpenShift
Service Catalog
Postgre
OpenShift SQL
Ansible Broker Container
MediaWiki
Container
mount binding secret
MediaWiki container
OpenShift Registry
Docker Hub
Red Hat
Container Catalog
uses the credentials in
mediawiki-apb
the secret to connect
postgresql-apb
to the PostgreSQL
OpenShift
Service Catalog
database
Postgre
OpenShift SQL
Ansible Broker Container
MediaWiki
Container
mount binding secret
Registries
Compatible Docker
AWS ECR
provision.yaml playbook
s3-apb
to interact with CFN and
rds-apb
create RDS instance
OpenShift
Service Catalog
APB AWS
OpenShift Cloud
AWS
Container RDS
Ansible Broker (rds) Formation
OpenShift on Microsoft Azure Business Process Management with JBoss BPMS on OpenShift
OpenShift on Red Hat Virtualization Build and Deployment of Java Applications on OpenShift
OpenShift on HPE Servers with Ansible Tower Building Microservices on OpenShift with Fuse Integration...
OpenShift on VMware vCenter 6 with Gluster JFrog Artifactory on OpenShift Container Platform
Deploying an OpenShift Distributed Architecture Spring Boot Microservices on Red Hat OpenShift
OpenShift Architecture and Deployment Guide API Management with Red Hat 3scale on OpenShift
(OpenShift)
Developer
Source-to-Image
BUILD IMAGE (S2I)
DEPLOY Application
Container
deploy
(OpenShift)
Source-to-Image
BUILD IMAGE (S2I)
DEPLOY Application
Container
deploy
(OpenShift)
Image
PUSH Registry
(Build Infra)
DEPLOY Application
Container
deploy
(Openshift)
BUILD STAGE 1
BUILD STAGE 3
BUILD STAGE 2
Use Source-to-Image to build app binaries and deploy on lean vanilla runtimes
Use your choice of build tool like Gradle and deploy to official images like the JDK image
Custom
Scratch
Go S2I
Image
Builder Image
BUILDS
● Webhook triggers: build the app image whenever the code changes
● Image trigger: build the app image whenever the base language or app runtime changes
● Build hooks: test the app image before pushing it to an image registry
DEPLOYMENTS
● Deployment triggers: redeploy app containers whenever configuration changes or the
image changes in the OpenShift integrated registry or upstream registries
physical
virtual
private cloud
dev source CI/CD container
repository engine
public cloud
OPENSHIFT
EXISTING
S2I
run job CI/CD INFRA build Build
APP APP
APPLICATION
IMAGE
OPENSHIFT
CI/CD PIPELINE
(JENKINS)
IMAGE BUILD
& DEPLOY
INTEGRATED INTEGRATED
IMAGE IMAGE
REGISTRY REGISTRY
OPENSHIFT OPENSHIFT
CLUSTER CLUSTER
OPENSHIFT
CI/CD PIPELINE
(JENKINS)
IMAGE BUILD PROMOTE
& DEPLOY TO TEST
INTEGRATED INTEGRATED
IMAGE IMAGE
REGISTRY REGISTRY
OPENSHIFT OPENSHIFT
CLUSTER CLUSTER
OPENSHIFT
CI/CD PIPELINE
(JENKINS)
IMAGE BUILD PROMOTE PROMOTE
& DEPLOY TO TEST TO UAT
INTEGRATED INTEGRATED
IMAGE IMAGE
REGISTRY REGISTRY
OPENSHIFT OPENSHIFT
CLUSTER CLUSTER
☒
OPENSHIFT
CI/CD PIPELINE
(JENKINS)
☑
IMAGE BUILD PROMOTE PROMOTE
& DEPLOY TO TEST TO UAT
INTEGRATED INTEGRATED
IMAGE IMAGE
REGISTRY REGISTRY
OPENSHIFT OPENSHIFT
CLUSTER CLUSTER
GO
LIVE?
☒
OPENSHIFT
☑
CI/CD PIPELINE
(JENKINS)
IMAGE BUILD PROMOTE PROMOTE PROMOTE
& DEPLOY TO TEST TO UAT TO PROD
INTEGRATED INTEGRATED
IMAGE IMAGE
REGISTRY REGISTRY
OPENSHIFT OPENSHIFT
CLUSTER CLUSTER
Local
Bootstrap Develop Verify Git Push Pipeline
Deploy
Local
Bootstrap Develop Verify Git Push Pipeline
Deploy
BOOTSTRAP
● Pick your programming language and application runtime of choice
● Create the project skeleton from scratch or use a generator such as
○ Maven archetypes
○ Quickstarts and Templates
○ OpenShift Generator
○ Spring Initializr
Local
Bootstrap Develop Verify Git Push Pipeline
Deploy
DEVELOP
● Pick your framework of choice such as Java EE, Spring, Ruby on Rails, Django, Express, ...
● Develop your application code using your editor or IDE of choice
● Build and test your application code locally using your build tools
● Create or generate OpenShift templates or Kubernetes objects
Local
Bootstrap Develop Verify Git Push Pipeline
Deploy
LOCAL DEPLOY
● Deploy your code on a local OpenShift cluster
○ Red Hat Container Development Kit (CDK), minishift and oc cluster
● Red Hat CDK provides a standard RHEL-based development environment
● Use binary deploy, maven or CLI rsync to push code or app binary directly into
containers
Local
Bootstrap Develop Verify Git Push Pipeline
Deploy
VERIFY
● Verify your code is working as expected
● Run any type of tests that are required with or without other components (database, etc)
● Based on the test results, change code, deploy, verify and repeat
Local
Bootstrap Develop Verify Git Push Pipeline
Deploy
GIT PUSH
● Push the code and configuration to the Git repository
● If using Fork & Pull Request workflow, create a Pull Request
● If using code review workflow, participate in code review discussions
Local
Bootstrap Develop Verify Git Push Pipeline
Deploy
PIPELINE
● Pushing code to the Git repository triggers one or multiple deployment pipelines
● Design your pipelines based on your development workflow e.g. test the pull request
● Failure in the pipeline? Go back to the code and start again
Real Time
Integration Messaging Data Grid
Decision
LAUNCH
Policy Enforcement
Data
Plane
App App App App
linkedin.com/company/red-hat twitter.com/RedHatNews
youtube.com/user/RedHatVideos