OPENSHIFT CONTAINER PLATFORM

TECHNICAL OVERVIEW

Justin Pittman
Solution Architect - ISVs
North America
May 2018
 Self-Service Standards-based

Multi-language Web-scale

Automation Open Source

Collaboration Enterprise Grade

Multi-tenant Secure

2 OPENSHIFT TECHNICAL OVERVIEW

 OPENSHIFT ARCHITECTURE
ROUTING LAYER

SERVICE LAYER

NODE NODE NODE PERSISTENT

SCM
MASTER STORAGE
(GIT)
C Cc
API/AUTHENTICATION

C C C
CI/CD DATA STORE
RHEL RHEL RHEL

SCHEDULER NODE NODE NODE REGISTRY

EXISTING C C C C
HEALTH/SCALING
AUTOMATION
TOOLSETS

C
RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL

PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID

3 OPENSHIFT TECHNICAL OVERVIEW

LINUX CONTAINERS
 WHAT ARE CONTAINERS?
It Depends Who You Ask

INFRASTRUCTURE APPLICATIONS

● Application processes on a shared kernel ● Package apps with all dependencies

● Simpler, lighter, and denser than VMs ● Deploy to any environment in seconds
● Portable across different environments ● Easily accessed and shared

5 OPENSHIFT TECHNICAL OVERVIEW

 VIRTUAL MACHINES AND CONTAINERS
VIRTUAL MACHINES CONTAINERS

VM Container Container Container Container

App App App App

App App App App

OS Dependencies OS deps OS deps OS deps OS deps

Kernel Container Host (Kernel)

Hypervisor
Hardware
Hardware

virtual machines are isolated containers are isolated

apps are not so are the apps

6 OPENSHIFT TECHNICAL OVERVIEW

 VIRTUAL MACHINES AND CONTAINERS
Virtual Machine Container

Application Application

OS dependencies OS dependencies

Operating System
Container Host

VM Isolation Container Isolation

Complete OS Shared Kernel
Static Compute Burstable Compute
Static Memory Burstable Memory
High Resource Usage Low Resource Usage

7 OPENSHIFT TECHNICAL OVERVIEW

 VIRTUAL MACHINES AND CONTAINERS

Virtual Machine Container

Application Application
Clear ownership boundary Dev
IT Ops OS dependencies between Dev and IT Ops OS dependencies
(and Dev, sort of)
drives DevOps adoption
Operating System and fosters agility Container Host
IT Ops
Infrastructure Infrastructure

Optimized for stability

Optimized for agility

8 OPENSHIFT TECHNICAL OVERVIEW

 APPLICATION PORTABILITY WITH VM

Virtual machines are NOT portable across hypervisor and

do NOT provide portable packaging for applications

Guest VM VM Type X VM Type Y VM Type Z

Application Application Application Application

Application
OS dependencies OS dependencies OS dependencies OS dependencies
OS dependencies

Operating System Operating System Operating System Operating System

Operating System

LAPTOP BARE METAL VIRTUALIZATION PRIVATE CLOUD PUBLIC CLOUD

9 OPENSHIFT TECHNICAL OVERVIEW

 APPLICATION PORTABILITY WITH CONTAINERS

RHEL Containers + RHEL Host = Guaranteed Portability

Across Any Infrastructure

Container Container Container Container Container

Application Application Application Application Application

OS dependencies OS dependencies OS dependencies OS dependencies OS dependencies

RHEL RHEL RHEL RHEL

RHEL
Guest VM Virtual Machine Virtual Machine Virtual Machine

LAPTOP BARE METAL VIRTUALIZATION PRIVATE CLOUD PUBLIC CLOUD

10 OPENSHIFT TECHNICAL OVERVIEW

 RAPID SECURITY PATCHING USING
CONTAINER IMAGE LAYERING

Image Layer 3
Application Layer

Image Layer 2 Java Runtime Layer

Image Layer 1 OS Update Layer

Base Image Base RHEL

Container Image Layers Example Container Image

11 OPENSHIFT TECHNICAL OVERVIEW

 A lightweight, OCI-compliant container runtime

Any OCI-compliant
Optimized for container from any Improve Security and
Kubernetes OCI registry Performance at scale
(including docker)

Available in OpenShift Online (soon)

Tech Preview in OCP 3.7, GA in OCP 3.8

12 OPENSHIFT TECHNICAL OVERVIEW

OPENSHIFT ARCHITECTURE
 YOUR CHOICE OF INFRASTRUCTURE

PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID

14 OPENSHIFT TECHNICAL OVERVIEW

 NODES RHEL INSTANCES WHERE APPS RUN

NODE NODE NODE

RHEL RHEL RHEL

NODE NODE NODE

RHEL RHEL RHEL

PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID

15 OPENSHIFT TECHNICAL OVERVIEW

 APPS RUN IN CONTAINERS

NODE NODE NODE

Container
C Cc
Image
C C C

RHEL RHEL RHEL

Container
NODE NODE NODE

C C C C

Pod C

RHEL RHEL RHEL

16 OPENSHIFT TECHNICAL OVERVIEW

 PODS ARE THE UNIT OF ORCHESTRATION

NODE NODE NODE

C C
c

C C C

RHEL RHEL RHEL

NODE NODE NODE

C C C C

RHEL RHEL RHEL

17 OPENSHIFT TECHNICAL OVERVIEW

 MASTERS ARE THE CONTROL PLANE

NODE NODE NODE

MASTER

RHEL RHEL RHEL

NODE NODE NODE

RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL

PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID

18 OPENSHIFT TECHNICAL OVERVIEW

 API AND AUTHENTICATION

NODE NODE NODE

MASTER

API/AUTHENTICATION

RHEL RHEL RHEL

NODE NODE NODE

RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL

PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID

19 OPENSHIFT TECHNICAL OVERVIEW

 DESIRED AND CURRENT STATE

NODE NODE NODE

MASTER

API/AUTHENTICATION

DATA STORE
RHEL RHEL RHEL

NODE NODE NODE

RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL

PHYSICAL
PHYSICAL
VIRTUALVIRTUAL
PRIVATEPRIVATEPUBLIC PUBLICHYBRID HYBRID

20 OPENSHIFT TECHNICAL OVERVIEW

 INTEGRATED CONTAINER REGISTRY

NODE NODE NODE

MASTER

API/AUTHENTICATION

DATA STORE
RHEL RHEL RHEL

NODE NODE NODE REGISTRY

RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL

PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID

21 OPENSHIFT TECHNICAL OVERVIEW

 ORCHESTRATION AND SCHEDULING

NODE NODE NODE

MASTER

API/AUTHENTICATION

DATA STORE
RHEL RHEL RHEL

SCHEDULER NODE NODE NODE REGISTRY

RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL

PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID

22 OPENSHIFT TECHNICAL OVERVIEW

 PLACEMENT BY POLICY

NODE NODE NODE

MASTER
C Cc
API/AUTHENTICATION

C C
DATA STORE
RHEL RHEL RHEL

SCHEDULER NODE NODE NODE REGISTRY

RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL

PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID

23 OPENSHIFT TECHNICAL OVERVIEW

 AUTOSCALING PODS

NODE NODE NODE

MASTER
C Cc
API/AUTHENTICATION

C C
DATA STORE
RHEL RHEL RHEL

SCHEDULER NODE NODE NODE REGISTRY

HEALTH/SCALING

RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL

PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID

24 OPENSHIFT TECHNICAL OVERVIEW

 SERVICE DISCOVERY

SERVICE LAYER

NODE NODE NODE

MASTER
C Cc
API/AUTHENTICATION

C C C
DATA STORE
RHEL RHEL RHEL

SCHEDULER NODE NODE NODE REGISTRY

HEALTH/SCALING C C C C

C
RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL

PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID

25 OPENSHIFT TECHNICAL OVERVIEW

 PERSISTENT DATA IN CONTAINERS

SERVICE LAYER

NODE NODE NODE PERSISTENT

MASTER STORAGE
C Cc
API/AUTHENTICATION

C C C
DATA STORE
RHEL RHEL RHEL

SCHEDULER NODE NODE NODE REGISTRY

HEALTH/SCALING C C C C

C
RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL

PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID

26 OPENSHIFT TECHNICAL OVERVIEW

 ROUTING AND LOAD-BALANCING
ROUTING LAYER

SERVICE LAYER

NODE NODE NODE PERSISTENT

MASTER STORAGE
C Cc
API/AUTHENTICATION

C C C
DATA STORE
RHEL RHEL RHEL

SCHEDULER NODE NODE NODE REGISTRY

HEALTH/SCALING C C C C

C
RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL

PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID

27 OPENSHIFT TECHNICAL OVERVIEW

 ACCESS VIA WEB, CLI, IDE AND API
ROUTING LAYER

SERVICE LAYER

NODE NODE NODE PERSISTENT

SCM
MASTER STORAGE
(GIT)
C Cc
API/AUTHENTICATION

C C C
CI/CD DATA STORE
RHEL RHEL RHEL

SCHEDULER NODE NODE NODE REGISTRY

EXISTING C C C C
HEALTH/SCALING
AUTOMATION
TOOLSETS

C
RED HAT
ENTERPRISE LINUX
RHEL RHEL RHEL

PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID

28 OPENSHIFT TECHNICAL OVERVIEW

TECHNICAL DEEP DIVE
 MONITORING
APPLICATION HEALTH
 AUTO-HEALING FAILED PODS
NODE NODE NODE
MASTER

API/AUTHENTICATION

C C C
DATA STORE
RHEL RHEL RHEL

SCHEDULER NODE NODE NODE

C C
HEALTH/SCALING c

RED HAT
ENTERPRISE LINUX RHEL RHEL RHEL

31 OPENSHIFT TECHNICAL OVERVIEW

 AUTO-HEALING FAILED CONTAINERS
NODE NODE NODE
MASTER

API/AUTHENTICATION

C C C
DATA STORE
RHEL RHEL RHEL

SCHEDULER NODE NODE NODE

C C
HEALTH/SCALING c

RED HAT
ENTERPRISE LINUX RHEL RHEL RHEL

32 OPENSHIFT TECHNICAL OVERVIEW

 AUTO-HEALING FAILED CONTAINERS
NODE NODE NODE
MASTER

API/AUTHENTICATION

C C C
DATA STORE
RHEL RHEL RHEL

SCHEDULER NODE NODE NODE

C C
HEALTH/SCALING c

RED HAT
ENTERPRISE LINUX RHEL RHEL RHEL

33 OPENSHIFT TECHNICAL OVERVIEW

 AUTO-HEALING FAILED CONTAINERS
NODE NODE NODE
MASTER

API/AUTHENTICATION

C C C
DATA STORE
RHEL RHEL RHEL

SCHEDULER NODE NODE NODE

C C
HEALTH/SCALING c

RED HAT
ENTERPRISE LINUX RHEL RHEL RHEL

34 OPENSHIFT TECHNICAL OVERVIEW

 AUTO-HEALING FAILED CONTAINERS
NODE NODE NODE
MASTER

c c

API/AUTHENTICATION

C C C
DATA STORE
RHEL RHEL RHEL

SCHEDULER NODE NODE

C C
HEALTH/SCALING

RED HAT
ENTERPRISE LINUX RHEL RHEL

35 OPENSHIFT TECHNICAL OVERVIEW

NETWORKING
 BUILT-IN SERVICE DISCOVERY
INTERNAL LOAD-BALANCING

SERVICE Name: payroll-frontend

IP: 172.10.1.23
app=payroll role=frontend Port: 8080

POD POD POD

app=payroll app=payroll

role=frontend role=frontend app=payroll

version=1.0 version=1.0 role=backend

37 OPENSHIFT TECHNICAL OVERVIEW

 BUILT-IN SERVICE DISCOVERY
INTERNAL LOAD-BALANCING

SERVICE Name: payroll-frontend

IP: 172.10.1.23
app=payroll role=frontend Port: 8080

POD POD POD POD

app=payroll app=payroll app=payroll

role=frontend role=frontend role=frontend app=payroll

version=2.0 version=1.0 version=1.0 role=backend

38 OPENSHIFT TECHNICAL OVERVIEW

 ROUTE EXPOSES SERVICES EXTERNALLY
EXTERNAL TRAFFIC

ROUTER

INTERNAL TRAFFIC
SERVICE

POD POD POD

39 OPENSHIFT TECHNICAL OVERVIEW

 ROUTING AND EXTERNAL LOAD-BALANCING
● Pluggable routing architecture
○ HAProxy Router
○ F5 Router

● Multiple-routers with traffic sharding

● Router supported protocols
○ HTTP/HTTPS
○ WebSockets
○ TLS with SNI

● Non-standard ports via cloud load-balancers,

external IP, and NodePort

40 OPENSHIFT TECHNICAL OVERVIEW

 ROUTE SPLIT TRAFFIC

Split Traffic Between ROUTE

Multiple Services For A/B 90% traffic 10% traffic

Testing, Blue/Green and

SERVICE A SERVICE B

Canary Deployments

App A App A App B App B

41 OPENSHIFT TECHNICAL OVERVIEW

 EXTERNAL TRAFFIC TO A SERVICE
ON A RANDOM PORT WITH NODEPORT

● NodePort binds a service to a CLIENT

unique port on all the nodes connect

192.10.0.10:31421
192.10.0.11:31421
● Traffic received on any node 192.10.0.12:31421

redirects to a node with the SERVICE

running service INT IP: 172.1.0.20:90

● Ports in 30K-60K range which

usually differs from the service
POD POD POD
● Firewall rules must allow traffic to 10.1.0.1:90 10.1.0.2:90 10.1.0.3:90

all nodes on the specific port

NODE NODE NODE
192.10.0.10 192.10.0.11 192.10.0.12

42 OPENSHIFT TECHNICAL OVERVIEW

 EXTERNAL TRAFFIC TO A SERVICE
ON ANY PORT WITH INGRESS

● Access a service with an external CLIENT

IP on any TCP/UDP port, such as connect

200.1.0.10:90
○ Databases
○ Message Brokers SERVICE

EXT IP: 200.1.0.10:90

● Automatic IP allocation from a INT IP: 172.1.0.20:90

predefined pool using Ingress IP

Self-Service
POD POD POD
● IP failover pods provide high
10.1.0.1:90 10.1.0.2:90 10.1.0.3:90
availability for the IP pool
NODE NODE NODE
192.10.0.10 192.10.0.11 192.10.0.12

43 OPENSHIFT TECHNICAL OVERVIEW

 CONTROL OUTGOING TRAFFIC
SOURCE IP WITH EGRESS ROUTER

POD

EGRESS
EXTERNAL
POD EGRESS SERVICE ROUTER SERVICE
INTERNAL-IP:8080
POD
IP1 Whitelist: IP1
NODE
IP1
POD

44 OPENSHIFT TECHNICAL OVERVIEW

 OPENSHIFT NETWORKING
● Built-in internal DNS to reach services by name

● Split DNS is supported via SkyDNS

○ Master answers DNS queries for internal services
○ Other nameservers serve the rest of the queries

● Software Defined Networking (SDN) for a unified

cluster network to enable pod-to-pod communication

● OpenShift follows the Kubernetes

Container Networking Interface (CNI) plug-in model

45 OPENSHIFT TECHNICAL OVERVIEW

 OPENSHIFT NETWORK PLUGINS

OPENSHIFT
KUBERNETES CNI

Contrail
OpenShift Essentials Cisco VMware Open
Flannel Nuage (OpenCont Big Switch
Plugin (Calico) Contiv NSX-T Daylight
Plugin* Plugin rail) Plugin
Plugin Plugin Plugin Plugin
DEFAULT Plugin

Certified Plugin Validated Plugin In-Progress

* Flannel is minimally verified and is supported only and exactly as deployed in the OpenShift on OpenStack reference architecture

46 OPENSHIFT TECHNICAL OVERVIEW

 OPENSHIFT NETWORKING

POD POD VxLAN Overlay POD POD

10.1.2.1 10.1.4.1 10.1.2.2 10.1.4.2
Network

NODE NODE
172.16.1.10 172.16.1.20

IP Network

47 OPENSHIFT TECHNICAL OVERVIEW

 OPENSHIFT SDN

FLAT NETWORK (Default)

● All pods can communicate with PROJECT A PROJECT B PROJECT C
each other across projects DEFAULT NAMESPACE

MULTI-TENANT NETWORK
NODE NODE

●
●
Project-level network isolation
Multicast support
POD POD
✓ POD POD

● Egress network policies POD POD POD POD

NETWORK POLICY (Tech Preview)

● Granular policy-based isolation Multi-Tenant Network

48 OPENSHIFT TECHNICAL OVERVIEW

 OPENSHIFT SDN - NETWORK POLICY

PROJECT A PROJECT B Example Policies

● Allow all traffic inside the project
● Allow traffic from green to gray
POD
8080
✓ POD ● Allow traffic to purple on 8080
5432

POD POD apiVersion: extensions/v1beta1

kind: NetworkPolicy
✓ metadata:
name: allow-to-purple-on-8080
POD POD spec:
podSelector:

✓ ✓ matchLabels:
color: purple
POD POD ingress:
- ports:
- protocol: tcp
port: 8080

49 OPENSHIFT TECHNICAL OVERVIEW

 OPENSHIFT SDN - OVS PACKET FLOW
Container to Container on the Same Host

NODE

veth0
POD 1
10.1.15.2/24

br0
vxlan0 eth0
10.1.15.1/24
192.168.0.100
veth1
POD 2
10.1.15.3/24

50 OPENSHIFT TECHNICAL OVERVIEW

 OPENSHIFT SDN - OVS PACKET FLOW
Container to Container on the Different
Hosts
NODE 1

veth0 br0 eth0

POD 1 vxlan0
10.1.15.2/24 10.1.15.1/24
192.168.0.100

NODE 2

veth0 br0
POD 2 vxlan0 eth0
10.1.20.2/24 10.1.20.1/24
192.168.0.200

51 OPENSHIFT TECHNICAL OVERVIEW

 OPENSHIFT SDN - OVS PACKET FLOW
Container Connects to External Host

Container
NODE 1 to Container on Different Hosts

POD 1
veth0 br0
tun0 eth0
External
10.1.15.2/24 10.1.15.1/24 Host
192.168.0.100

52 OPENSHIFT TECHNICAL OVERVIEW

 OPENSHIFT SDN WITH
FLANNEL FOR OPENSTACK
NODE 1

veth0 docker0 Routing

POD 1 eth0
10.1.15.2/24 10.1.15.1/24 Table
192.168.0.100
flanneld

etcd

NODE 2 flanneld

veth0 docker0 Routing

POD 2 eth0
10.1.20.2/24 10.1.20.1/24 Table
192.168.0.200

Flannel is minimally verified and is supported only and exactly as deployed in the OpenShift
on OpenStack reference architecture https://access.redhat.com/articles/2743631

53 OPENSHIFT TECHNICAL OVERVIEW

LOGGING & METRICS
 CENTRAL LOG MANAGEMENT WITH EFK
● EFK stack to aggregate logs for hosts and applications
○ Elasticsearch: an object store to store all logs
○ Fluentd: gathers logs and sends to Elasticsearch.
○ Kibana: A web UI for Elasticsearch.

● Access control
○ Cluster administrators can view all logs
○ Users can only view logs for their projects

● Ability to send logs elsewhere

○ External elasticsearch, Splunk, etc

55 OPENSHIFT TECHNICAL OVERVIEW

 CENTRAL LOG MANAGEMENT WITH EFK

NODE

POD POD OPERATION LOGS

FLUENTD
NODE
ELASTIC ELASTIC
POD POD ELASTIC ELASTIC
ELASTICSEARCH KIBANA
POD POD
FLUENTD

ADMIN
NODE
RHEL
POD POD APPLICATION LOGS

POD POD
FLUENTD

ELASTIC ELASTIC
ELASTIC ELASTIC
RHEL ELASTICSEARCH KIBANA
POD POD
USER

RHEL

56 OPENSHIFT TECHNICAL OVERVIEW

 CONTAINER METRICS

57 OPENSHIFT TECHNICAL OVERVIEW

 CONTAINER METRICS

NODE

RED HAT
POD POD CLOUDFORMS
CONTAINER METRICS
FLUENTD

NODE
POD POD API OPENSHIFT
HEAPSTER HAWKULAR
WEB CONSOLE
POD POD
FLUENTD

NODE
RHEL USER
POD POD CUSTOM
DASHBOARDS
POD POD ELASTIC
CADVISOR

ELASTIC
CASSANDRA
RHEL
POD POD

RHEL

58 OPENSHIFT TECHNICAL OVERVIEW

SECURITY
 TEN LAYERS OF CONTAINER SECURITY

Container Host & Multi-tenancy Federated Clusters

Container Platform API Management

Network Isolation Deploying Container

Container Registry Container Content

Storage Building Containers

60 OPENSHIFT TECHNICAL OVERVIEW

 SECRET MANAGEMENT
● Secure mechanism for holding sensitive data e.g.
MASTER
○ Passwords and credentials
○ SSH Keys
Distributed Store
○ Certificates

● Secrets are made available as

○ Environment variables
○ Volume mounts
○ Interaction with external systems NODE
Container Container
● Encrypted in transit

● Never rest on the nodes

61 OPENSHIFT TECHNICAL OVERVIEW

PERSISTENT STORAGE
 PERSISTENT STORAGE
● Persistent Volume (PV) is tied to a piece of network storage
● Provisioned by an administrator (static or dynamically)
● Allows admins to describe storage and users to request storage
● Assigned to pods based on the requested size, access mode, labels and type

OpenStack
NFS iSCSI Azure Disk AWS EBS FlexVolume
Cinder

GCE Persistent VMWare

GlusterFS Ceph RBD Fiber Channel Azure File
Disk vSphere VMDK

63 OPENSHIFT TECHNICAL OVERVIEW

 PERSISTENT STORAGE

POOL OF PERSISTENT VOLUMES

register PV Ceph
iSCSI GlusterFS NFSP NFSP NFSP
RBD
PV PV V V V
PV

Admin

PROJECT Pod Pod Pod

create claim

claim claim claim

User

64 OPENSHIFT TECHNICAL OVERVIEW

 DYNAMIC VOLUME PROVISIONING

Slow Azure
Azure-Disk Provisioner

define StorageClass AWS

Fast
AWS-SSD Provisioner

provision
Admin Fastest NetApp
PV
NetApp-Flash Provisioner

Pod

create claim: Fastest OpenShift

PV Controller
bound
claim
User

65 OPENSHIFT TECHNICAL OVERVIEW

 CONTAINER-NATIVE STORAGE
● Containerized Red Hat Gluster Storage
● Native integration with OpenShift
● Unified Orchestration using Kubernetes for
applications and storage APPLICATION APPLICATION APPLICATION
CONTAINER CONTAINER CONTAINER
● Greater control & ease of use for developers
STORAGE STORAGE STORAGE
● Lower TCO through convergence CONTAINER CONTAINER CONTAINER

● Single vendor Support DISTRIBUTED, SECURE, SCALE-OUT STORAGE

CLUSTER

66 OPENSHIFT TECHNICAL OVERVIEW

 CONTAINER-NATIVE STORAGE
MASTER

NODE NODE NODE NODE

RHGS RHGS POD POD RHGS POD POD POD POD POD

POD POD POD

POD POD POD

67 OPENSHIFT TECHNICAL OVERVIEW

SERVICE BROKER
 WHY A SERVICE BROKER?

☑ Open ticket
☑ Wait for allocation
☑ Receive credentials
☑ Add to app
☑ Deploy app
SERVICE SERVICE
CONSUMER PROVIDER

Manual, Time-consuming and Inconsistent

69 OPENSHIFT TECHNICAL OVERVIEW

 A multi-vendor project to
standardize how services
are consumed on
cloud-native platforms
across service providers

70 OPENSHIFT TECHNICAL OVERVIEW

 WHAT IS A SERVICE BROKER?

SERVICE SERVICE SERVICE SERVICE

CONSUMER CATALOG BROKER PROVIDER

Automated, Standard and Consistent

71 OPENSHIFT TECHNICAL OVERVIEW

 OPENSHIFT SERVICE CATALOG
OpenShift OPENSHIFT OpenShift
Template Templates
Broker

OpenShift ANSIBLE Ansible

Ansible Playbook
Broker Bundles

AWS AWS
Service AWS
Broker Services

Other OTHER COMPATIBLE SERVICES

Other
Service
Services
OPENSHIFT SERVICE CATALOG Brokers
OCP 3.6 TECH PREVIEW
OCP 3.7 GA

72 OPENSHIFT TECHNICAL OVERVIEW

 SERVICE BROKER CONCEPTS

SERVICE: an offering that can be used by an app e.g. database

PLAN: a specific flavor of a service e.g. Gold Tier

SERVICE INSTANCE: an instance of the offering

SERVICE SERVICE SERVICE SERVICE
CONSUMER CATALOG BROKER PROVIDER
PROVISION: creating a service instance

BIND: associate a service instance and its credentials to an app

73 OPENSHIFT TECHNICAL OVERVIEW

 HOW TO ADD A SERVICE BROKER
● Deploy service broker on or off OpenShift

● Register the broker referring to the deployed broker

apiVersion: servicecatalog.k8s.io/v1alpha1
kind: Broker
metadata:
name: asb-broker
spec:
url: https://asb-1338-ansible-service-broker.10.2.2.15.nip.io

● Register the broker services by creating ServiceClass resources

(the service broker might automatically perform this step)

74 OPENSHIFT TECHNICAL OVERVIEW

 TEMPLATE SERVICE BROKER
● Exposes Templates and Instant Apps in the Service Catalog

● Pulled from openshift namespace by default

● Multiple namespaces can be configured for template discovery

75 OPENSHIFT TECHNICAL OVERVIEW

 TEMPLATE SERVER BROKER
PROVISIONING

openshift Service Broker creates a

namespace
the objects from the
nodejs-template
template
OpenShift
Service Catalog

Template Service Node.js

Broker Container

76 OPENSHIFT TECHNICAL OVERVIEW

 TEMPLATE SERVICE BROKER
BINDING
Service Broker creates a
binding and secret for
openshift
namespace any credentials (config
nodejs-template map, secret, etc) created
OpenShift by the template
Service Catalog

Template Service Node.js

Broker Container

create binding

77 OPENSHIFT TECHNICAL OVERVIEW

 OPENSHIFT ANSIBLE BROKER
● Use Ansible on OpenShift

○ Deploy containerized applications

○ Provision external services (e.g. Oracle database)
○ Provision cloud services (e.g. AWS RDS)
○ Orchestrate multi-service solutions
○ Conditional logic for control on deployments (e.g. database is initialized)

● Leverage existing Ansible playbooks

● Anything you can do with Ansible, you can do with OAB

78 OPENSHIFT TECHNICAL OVERVIEW

 ANSIBLE PLAYBOOK BUNDLES (APB)
● Lightweight application definition

● Packaged as a container image ├─ roles

├─ playbooks
│ ├─ provision.yaml
● Embedded Ansible runtime │ ├─ unprovision.yaml
│ ├─ bind.yaml
● Metadata for parameters │ └─ unbind.yaml
└─ apb.yaml
● Named playbooks for actions
Ansible Runtime
● Leverage existing Ansible playbooks
Ansible Playbook Bundle
● Registry is queried to discover APBs (Container Image)

79 OPENSHIFT TECHNICAL OVERVIEW

 OPENSHIFT ANSIBLE BROKER
PROVISIONING

OpenShift Registry
Docker Hub
Red Hat
Container Catalog

mediawiki-apb

postgresql-apb
Discover and list
OpenShift
APBs from the
Service Catalog configured image
registries
OpenShift
Ansible Broker

80 OPENSHIFT TECHNICAL OVERVIEW

 OPENSHIFT ANSIBLE BROKER
PROVISIONING

Pull APB image and

OpenShift Registry
Docker Hub
Red Hat
Container Catalog
run it with the broker
mediawiki-apb
action as a parameter
postgresql-apb

OpenShift
Service Catalog

APB
OpenShift
Container
Ansible Broker (postgresql)

oc run postgresql-apb provision $vars

81 OPENSHIFT TECHNICAL OVERVIEW

 OPENSHIFT ANSIBLE BROKER
PROVISIONING

APB container runs

OpenShift Registry
Docker Hub
Red Hat
Container Catalog
provision.yaml
mediawiki-apb
playbook to create a
postgresql-apb
PostgreSQL container
OpenShift
Service Catalog

APB Postgre
OpenShift
Ansible SQL
Container
Service Broker
Ansible (postgresql) Container

oc run postgresql-apb provision $vars ansible-playbook provision.yaml $vars

82 OPENSHIFT TECHNICAL OVERVIEW

 OPENSHIFT ANSIBLE BROKER
BINDING

APB container runs

OpenShift Registry
Docker Hub
Red Hat
Container Catalog
bind.yaml
mediawiki-apb
playbook to create
postgresql-apb
database user
OpenShift
Service Catalog

APB Postgre
OpenShift SQL
Container
Ansible Broker (postgresql) Container

oc run postgresql-apb bind $vars ansible-playbook bind.yaml $vars

MediaWiki
Container

83 OPENSHIFT TECHNICAL OVERVIEW

 OPENSHIFT ANSIBLE BROKER
BINDING

APB container goes

OpenShift Registry
Docker Hub
Red Hat
Container Catalog
away and Service Broker
mediawiki-apb
creates a binding for
postgresql-apb
the PostgreSQL service
OpenShift
Service Catalog

Postgre
OpenShift SQL
Ansible Broker Container

MediaWiki
create binding Container

84 OPENSHIFT TECHNICAL OVERVIEW

 OPENSHIFT ANSIBLE BROKER
BINDING

Service Catalog creates

OpenShift Registry
Docker Hub
Red Hat
Container Catalog
a secret for the binding,
mediawiki-apb
containing the database
postgresql-apb
credentials
OpenShift
Service Catalog

Postgre
OpenShift SQL
Ansible Broker Container

MediaWiki
Container
mount binding secret

85 OPENSHIFT TECHNICAL OVERVIEW

 OPENSHIFT ANSIBLE BROKER
BINDING

MediaWiki container

OpenShift Registry
Docker Hub
Red Hat
Container Catalog
uses the credentials in
mediawiki-apb
the secret to connect
postgresql-apb
to the PostgreSQL
OpenShift
Service Catalog
database
Postgre
OpenShift SQL
Ansible Broker Container

MediaWiki
Container
mount binding secret

86 OPENSHIFT TECHNICAL OVERVIEW

 AWS SERVICE BROKER
● Targets Top 10 AWS Services

● Uses Ansible Playbook Bundles

● Available in OpenShift 3.7

SQS SNS DynamoDB Redshift SES S3

RDS EMR AWS Batch ElastiCache Route 53

87 OPENSHIFT TECHNICAL OVERVIEW

 AWS PROVISIONING

APB container runs

Registries
Compatible Docker
AWS ECR
provision.yaml playbook
s3-apb
to interact with CFN and
rds-apb
create RDS instance
OpenShift
Service Catalog

APB AWS
OpenShift Cloud
AWS
Container RDS
Ansible Broker (rds) Formation

oc run rds-apb provision $vars ansible-playbook provision.yaml $vars

88 OPENSHIFT TECHNICAL OVERVIEW

OPERATIONAL
MANAGEMENT
 TOP CHALLENGES OF
RUNNING CONTAINERS AT SCALE

OPERATIONAL SERVICE SECURITY FINANCIAL

EFFICIENCY HEALTH & COMPLIANCE MANAGEMENT

90 OPENSHIFT TECHNICAL OVERVIEW

 Operational Management
Across the Stack
● Real-time discovery
● Visualize relationships
● Monitoring and alerts
● Vulnerability scanning
● Security compliance
● Workflow and policy
● Automation
● Chargeback

91 OPENSHIFT TECHNICAL OVERVIEW

 OPERATIONAL EFFICIENCY

● CloudForms continuously discovers your

infrastructure in near real time.
● CloudForms discovers and visualizes
relationships between infra components

● CloudForms cross references inventory

across technologies.

● CloudForms offers custom automation via

control policy or UI extensions

92 OPENSHIFT TECHNICAL OVERVIEW

 OPERATIONAL EFFICIENCY

93 OPENSHIFT TECHNICAL OVERVIEW

 SERVICE HEALTH

● CloudForms monitors resource

consumption and shows trends
● CloudForms alerts on performance
thresholds or other events
● CloudForms offers right-sizing
recommendations
● CloudForms enforces configuration and
tracks it over time.

94 OPENSHIFT TECHNICAL OVERVIEW

 SERVICE HEALTH

95 OPENSHIFT TECHNICAL OVERVIEW

 SECURITY & COMPLIANCE

● CloudForms finds and marks nodes

non-compliant with policy.
● CloudForms allows reporting on container
provenance.
● CloudForms scans container images using
OpenSCAP.
● CloudForms tracks genealogy between
images and containers.

96 OPENSHIFT TECHNICAL OVERVIEW

 SECURITY & COMPLIANCE

97 OPENSHIFT TECHNICAL OVERVIEW

 FINANCIAL MANAGEMENT

● Define cost models for infrastructure and

understand your cost.
● Rate schedules per platform and per tenant
with multi-tiered and multi-currency
support

● CloudForms shows top users for CPU,

memory, as well as cost.
● Chargeback/showback to projects based on
container utilization.

98 OPENSHIFT TECHNICAL OVERVIEW

 FINANCIAL MANAGEMENT

99 OPENSHIFT TECHNICAL OVERVIEW

 REFERENCE
ARCHITECTURES
 REFERENCE ARCHITECTURES
OpenShift on VMware vCenter Application Release Strategies with OpenShift

OpenShift on Red Hat OpenStack Platform Building Polyglot Microservices on OpenShift

OpenShift on Amazon Web Services Building JBoss EAP 6 Microservices on OpenShift

OpenShift on Google Cloud Platform Building JBoss EAP 7 Microservices on OpenShift

OpenShift on Microsoft Azure Business Process Management with JBoss BPMS on OpenShift

OpenShift on Red Hat Virtualization Build and Deployment of Java Applications on OpenShift

OpenShift on HPE Servers with Ansible Tower Building Microservices on OpenShift with Fuse Integration...

OpenShift on VMware vCenter 6 with Gluster JFrog Artifactory on OpenShift Container Platform

Deploying an OpenShift Distributed Architecture Spring Boot Microservices on Red Hat OpenShift

OpenShift Architecture and Deployment Guide API Management with Red Hat 3scale on OpenShift

OpenShift Scaling, Performance, and Capacity Planning

101 OPENSHIFT TECHNICAL OVERVIEW

BUILD AND DEPLOY
CONTAINER IMAGES
 BUILD AND DEPLOY CONTAINER IMAGES

DEPLOY YOUR DEPLOY YOUR DEPLOY YOUR

SOURCE CODE APP BINARY CONTAINER IMAGE

103 OPENSHIFT TECHNICAL OVERVIEW

 DEPLOY SOURCE CODE WITH
SOURCE-TO-IMAGE (S2I)
Git code

BUILD APP Repository

(OpenShift)
Developer

Source-to-Image
BUILD IMAGE (S2I)

(OpenShift) Builder Image

Image Registry

DEPLOY Application
Container
deploy

(OpenShift)

User/Tool Does OpenShift Does

104 OPENSHIFT TECHNICAL OVERVIEW

 DEPLOY APP BINARY WITH
SOURCE-TO-IMAGE (S2I)
Application build
Binary
BUILD APP (e.g. WAR)

(Build Infra) Existing Build

Process

Source-to-Image
BUILD IMAGE (S2I)

(OpenShift) Builder Image

Image Registry

DEPLOY Application
Container
deploy

(OpenShift)

User/Tool Does OpenShift Does

105 OPENSHIFT TECHNICAL OVERVIEW

 DEPLOY DOCKER IMAGE
build
Application
BUILD IMAGE Image

(Build Infra) Existing Image

Build Process

Image
PUSH Registry
(Build Infra)

DEPLOY Application
Container
deploy

(Openshift)

User/Tool Does OpenShift Does

106 OPENSHIFT TECHNICAL OVERVIEW

 BUILD IMAGES IN MULTIPLE STAGES

BUILD STAGE 1

BUILD STAGE 3

BUILD STAGE 2

107 OPENSHIFT TECHNICAL OVERVIEW

 EXAMPLE: USE ANY RUNTIME IMAGE WITH
SOURCE-TO-IMAGE BUILDS

Use Source-to-Image to build app binaries and deploy on lean vanilla runtimes

WILDFLY S2I BUILD app.war DOCKER BUILD

WildFly S2I WildFly

Builder Runtime
Image Image

read more on https://blog.openshift.com/chaining-builds/

108 OPENSHIFT TECHNICAL OVERVIEW

 EXAMPLE: USE ANY BUILD TOOL WITH
OFFICIAL RUNTIME IMAGES

Use your choice of build tool like Gradle and deploy to official images like the JDK image

CUSTOM GRADLE BUILD app.war DOCKER BUILD

Custom Red Hat

Gradle S2I OpenJDK
Builder Image Image

read more on https://blog.openshift.com/chaining-builds/

109 OPENSHIFT TECHNICAL OVERVIEW

 EXAMPLE: SMALL LEAN RUNTIMES

Build the app binary and deploy on small scratch images

CUSTOM GO BUILD app DOCKER BUILD

Custom
Scratch
Go S2I
Image
Builder Image

read more on https://blog.openshift.com/chaining-builds/

110 OPENSHIFT TECHNICAL OVERVIEW

CONTINUOUS INTEGRATION (CI)
CONTINUOUS DELIVERY (CD)
 CI/CD WITH BUILD AND DEPLOYMENTS

BUILDS
● Webhook triggers: build the app image whenever the code changes
● Image trigger: build the app image whenever the base language or app runtime changes
● Build hooks: test the app image before pushing it to an image registry

DEPLOYMENTS
● Deployment triggers: redeploy app containers whenever configuration changes or the
image changes in the OpenShift integrated registry or upstream registries

112 OPENSHIFT TECHNICAL OVERVIEW

 CONTINUOUS DELIVERY WITH CONTAINERS

physical

virtual

private cloud
dev source CI/CD container
repository engine

public cloud

113 OPENSHIFT TECHNICAL OVERVIEW

 OPENSHIFT LOVES CI/CD

JENKINS-AS-A SERVICE HYBRID JENKINS INFRA EXISTING CI/CD

ON OPENSHIFT WITH OPENSHIFT DEPLOY TO OPENSHIFT

114 OPENSHIFT TECHNICAL OVERVIEW

 JENKINS-AS-A-SERVICE ON OPENSHIFT
● Certified Jenkins images with pre-configured plugins Plugins
Jobs
○ Provided out-of-the-box Configuration
○ Follows Jenkins 1.x and 2.x LTS versions

● Jenkins S2I Builder for customizing the image

○ Install Plugins Jenkins
○ Configure Jenkins (S2I)

○ Configure Build Jobs

Jenkins
Image
● OpenShift plugins to integrate authentication with
OpenShift and also CI/CD pipelines
Custom
Jenkins
● Dynamically deploys Jenkins slave containers Image

115 OPENSHIFT TECHNICAL OVERVIEW

 HYBRID JENKINS INFRA WITH OPENSHIFT

● Scale existing Jenkins infrastructure by dynamically provisioning Jenkins slaves on OpenShift

● Use Kubernetes plug-in on existing Jenkin servers

JENKINS JENKINS build

SLAVE SLAVE
run job JENKINS
APP APP
Run Job Run Job deploy
MASTER

OPENSHIFT

116 OPENSHIFT TECHNICAL OVERVIEW

 EXISTING CI/CD DEPLOY TO OPENSHIFT

● Existing CI/CD infrastructure outside OpenShift performs operations against OpenShift

○ OpenShift Pipeline Jenkins Plugin for Jenkins
○ OpenShift CLI for integrating other CI Engines with OpenShift

● Without disrupting existing processes, can be combined with previous alternative

EXISTING
S2I
run job CI/CD INFRA build Build
APP APP

Jenkins, Bamboo, deploy

TeamCity, etc
OPENSHIFT

117 OPENSHIFT TECHNICAL OVERVIEW

 OPENSHIFT PIPELINES

● OpenShift Pipelines allow defining a apiVersion: v1

CI/CD workflow via a Jenkins pipeline kind: BuildConfig
metadata: Provision a
which can be started, monitored, and name: app-pipeline
Jenkins slave for
spec:
managed similar to other builds strategy: running Maven
type: JenkinsPipeline
jenkinsPipelineStrategy:
● Dynamic provisioning of Jenkins slaves jenkinsfile: |-
node('maven') {
stage('build app') {
● Auto-provisioning of Jenkins server git url: 'https://git/app.git'
sh "mvn package"
● OpenShift Pipeline strategies }
stage('build image') {
○ Embedded Jenkinsfile sh "oc start-build app --from-file=target/app.jar
}
○ Jenkinsfile from a Git repository stage('deploy') {
openshiftDeploy deploymentConfig: 'app'
}
}

118 OPENSHIFT TECHNICAL OVERVIEW

 OpenShift
Pipelines in
Web Console

119 OPENSHIFT TECHNICAL OVERVIEW

 CONTINUOUS DELIVERY PIPELINE
ARTIFACT
DEV TEAM GIT SERVER
REPOSITORY

● S2I build from source code

JENKINS
IMAGE BUILD ● S2I build from app binary
● Existing docker container image
build process

APPLICATION
IMAGE

120 OPENSHIFT TECHNICAL OVERVIEW

 CONTINUOUS DELIVERY PIPELINE
DEVELOPER GIT SERVER ARTIFACT REPOSITORY

OPENSHIFT
CI/CD PIPELINE
(JENKINS)
IMAGE BUILD
& DEPLOY

INTEGRATED INTEGRATED
IMAGE IMAGE
REGISTRY REGISTRY

OPENSHIFT OPENSHIFT
CLUSTER CLUSTER

NON-PROD DEV PROD

121 OPENSHIFT TECHNICAL OVERVIEW

 CONTINUOUS DELIVERY PIPELINE
DEVELOPER GIT SERVER ARTIFACT REPOSITORY

OPENSHIFT
CI/CD PIPELINE
(JENKINS)
IMAGE BUILD PROMOTE
& DEPLOY TO TEST

INTEGRATED INTEGRATED
IMAGE IMAGE
REGISTRY REGISTRY

OPENSHIFT OPENSHIFT
CLUSTER CLUSTER

NON-PROD DEV TEST PROD

122 OPENSHIFT TECHNICAL OVERVIEW

 CONTINUOUS DELIVERY PIPELINE
DEVELOPER GIT SERVER ARTIFACT REPOSITORY

OPENSHIFT
CI/CD PIPELINE
(JENKINS)
IMAGE BUILD PROMOTE PROMOTE
& DEPLOY TO TEST TO UAT

INTEGRATED INTEGRATED
IMAGE IMAGE
REGISTRY REGISTRY

OPENSHIFT OPENSHIFT
CLUSTER CLUSTER

NON-PROD DEV TEST UAT PROD

123 OPENSHIFT TECHNICAL OVERVIEW

 CONTINUOUS DELIVERY PIPELINE
ServiceNow
DEVELOPER GIT SERVER ARTIFACT REPOSITORY RELEASE MANAGER
JIRA Service Desk
GO Zendeks
LIVE? BMC Remedy

☒
OPENSHIFT
CI/CD PIPELINE
(JENKINS)
☑
IMAGE BUILD PROMOTE PROMOTE
& DEPLOY TO TEST TO UAT

INTEGRATED INTEGRATED
IMAGE IMAGE
REGISTRY REGISTRY

OPENSHIFT OPENSHIFT
CLUSTER CLUSTER

NON-PROD DEV TEST UAT PROD

124 OPENSHIFT TECHNICAL OVERVIEW

 CONTINUOUS DELIVERY PIPELINE
DEVELOPER GIT SERVER ARTIFACT REPOSITORY RELEASE MANAGER

GO
LIVE?

☒
OPENSHIFT
☑
CI/CD PIPELINE
(JENKINS)
IMAGE BUILD PROMOTE PROMOTE PROMOTE
& DEPLOY TO TEST TO UAT TO PROD

INTEGRATED INTEGRATED
IMAGE IMAGE
REGISTRY REGISTRY

OPENSHIFT OPENSHIFT
CLUSTER CLUSTER

NON-PROD DEV TEST UAT PROD

125 OPENSHIFT TECHNICAL OVERVIEW

DEVELOPER WORKFLOW
 LOCAL DEVELOPMENT WORKFLOW

Local
Bootstrap Develop Verify Git Push Pipeline
Deploy

127 OPENSHIFT TECHNICAL OVERVIEW

 LOCAL DEVELOPMENT WORKFLOW

Local
Bootstrap Develop Verify Git Push Pipeline
Deploy

BOOTSTRAP
● Pick your programming language and application runtime of choice
● Create the project skeleton from scratch or use a generator such as
○ Maven archetypes
○ Quickstarts and Templates
○ OpenShift Generator
○ Spring Initializr

128 OPENSHIFT TECHNICAL OVERVIEW

 LOCAL DEVELOPMENT WORKFLOW

Local
Bootstrap Develop Verify Git Push Pipeline
Deploy

DEVELOP
● Pick your framework of choice such as Java EE, Spring, Ruby on Rails, Django, Express, ...
● Develop your application code using your editor or IDE of choice
● Build and test your application code locally using your build tools
● Create or generate OpenShift templates or Kubernetes objects

129 OPENSHIFT TECHNICAL OVERVIEW

 LOCAL DEVELOPMENT WORKFLOW

Local
Bootstrap Develop Verify Git Push Pipeline
Deploy

LOCAL DEPLOY
● Deploy your code on a local OpenShift cluster
○ Red Hat Container Development Kit (CDK), minishift and oc cluster
● Red Hat CDK provides a standard RHEL-based development environment
● Use binary deploy, maven or CLI rsync to push code or app binary directly into
containers

130 OPENSHIFT TECHNICAL OVERVIEW

 LOCAL DEVELOPMENT WORKFLOW

Local
Bootstrap Develop Verify Git Push Pipeline
Deploy

VERIFY
● Verify your code is working as expected
● Run any type of tests that are required with or without other components (database, etc)
● Based on the test results, change code, deploy, verify and repeat

131 OPENSHIFT TECHNICAL OVERVIEW

 LOCAL DEVELOPMENT WORKFLOW

Local
Bootstrap Develop Verify Git Push Pipeline
Deploy

GIT PUSH
● Push the code and configuration to the Git repository
● If using Fork & Pull Request workflow, create a Pull Request
● If using code review workflow, participate in code review discussions

132 OPENSHIFT TECHNICAL OVERVIEW

 LOCAL DEVELOPMENT WORKFLOW

Local
Bootstrap Develop Verify Git Push Pipeline
Deploy

PIPELINE
● Pushing code to the Git repository triggers one or multiple deployment pipelines
● Design your pipelines based on your development workflow e.g. test the pull request
● Failure in the pipeline? Go back to the code and start again

133 OPENSHIFT TECHNICAL OVERVIEW

APPLICATION SERVICES
 A PLATFORM THAT GROWS WITH YOUR BUSINESS

Web Data Intelligent Micro

Application Virtualization Process services

API Single Java EE

Mobile
Management Sign-On Application

Real Time
Integration Messaging Data Grid
Decision

135 OPENSHIFT TECHNICAL OVERVIEW

 TRUE POLYGLOT PLATFORM
Third-party
.NET
LANGUAGES Java NodeJS Python PHP Perl Ruby Language
Core Runtimes

DATABASES MySQL PostgreSQL MongoDB Redis ...and virtually Third-party

Databases
CrunchyData

any docker GitLab

Iron.io
Apache
image Third-party
Phusion Couchbase
WEB SERVERS HTTP
Server
nginx Varnish Passenger Tomcat
out there! App
Runtimes Sonatype
EnterpriseDB
JBoss NuoDB
Spring Wildfly JBoss JBoss JBoss Third-party
Vert.x Web Middleware
Boot Swarm EAP A-MQ Fuse
Server Fujitsu
MIDDLEWARE and many more

3SCALE JBoss JBoss JBoss JBoss RH Third-party

RH SSO Middleware
API mgmt BRMS BPMS Data Virt Data Grid Mobile

136 OPENSHIFT TECHNICAL OVERVIEW

 TESTED AND VERIFIED MICROSERVICES FRAMEWORKS

LAUNCH

Spring Boot Netflix Hystrix Netflix Ribbon

SUPPORTED MICROSERVICES RUNTIMES

Reactive MicroProfile Server-side JS Java EE Java EE Web

Eclipse Vert.x WildFly Swarm Node.js JBoss EAP Embedded Tomcat

Modern, Cloud-Native Application Runtimes and

an Opinionated Developer Experience

137 OPENSHIFT TECHNICAL OVERVIEW

 MICROSERVICES
INFRASTRUCTURE:
ISTIO SERVICE MESH
 WHAT YOU NEED FOR MICROSERVICES?

Visibility & Reporting

Resilience & Fault Tolerance

Routing & Traffic Control

Identity & Security

Policy Enforcement

139 OPENSHIFT TECHNICAL OVERVIEW

 WHAT YOU NEED FOR MICROSERVICES?

Visibility & Reporting

Resilience & Fault Tolerance

Routing & Traffic Control

Identity & Security

Istio
Policy Enforcement

140 OPENSHIFT TECHNICAL OVERVIEW

 WHAT IS ISTIO?
a service mesh to connect, manage, and secure microservices

Control Pilot Mixer Auth

Plane

Envoy Envoy Envoy Envoy

Data
Plane
App App App App

Pod Pod Pod Pod

OCP 3.8 TECH PREVIEW

141 OPENSHIFT TECHNICAL OVERVIEW

THANK YOU
plus.google.com/+RedHat facebook.com/redhatinc

linkedin.com/company/red-hat twitter.com/RedHatNews

youtube.com/user/RedHatVideos