Red Hat OpenShift 4

Robert Bohne
SR. SPECIALIST SOLUTION ARCHITECT | OPENSHIFT
Twitter: @RobertBohne

1
 Trusted enterprise Kubernetes
● Trusted Host, Content, Platform
● Full Stack Automated Install
● Over the Air Updates & Day 2 Mgt

A cloud-like experience, everywhere

● Hybrid, Multi-Cluster Management
● Operator Framework
● Operator Hub & Certified ISVs

Empowering developers to innovate

● Developer Tools
● Cloud-Native CI/CD
● Serverless
● Service Mesh

2
 RED HAT OPENSHIFT 4

The New Platform Boundary

OpenShift 4 is aware of the entire infrastructure and
brings the Operating System under management

OpenShift & Kubernetes

AUTOMATED OPERATIONS kernel modules
certificates & security settings
device drivers
container runtime config
KUBERNETES network interfaces
allowed maintenance windows
security groups
software defined networking
RHEL | RHEL CoreOS Nodes & Operating System

3
 RED HAT OPENSHIFT 4

Installation Experiences

OPENSHIFT CONTAINER PLATFORM OPENSHIFT DEDICATED

Full Stack Automated Pre-existing Hosted By Red Hat

Simplified opinionated “Best
Practices” for cluster provisioning
Fully automated installation and
updates including host container
OS.
Infrastructure
Customer managed resources & Get a powerful cluster with no
infrastructure provisioning maintenance required
Plug into existing DNS and security Managed by Red Hat engineers
boundaries
Free your team from the distraction
of operations

4
 Demo
$ ./openshift-install --dir ./demo create cluster
? SSH Public Key /Users/demo/.ssh/id_rsa.pub
? Platform aws
? Region us-west-2
? Base Domain example.com
? Cluster Name demo
? Pull Secret [? for help]
*************************************************************
INFO Creating cluster...
INFO Waiting up to 30m0s for the Kubernetes API...
INFO API v1.11.0+c69f926354 up
INFO Waiting up to 30m0s for the bootstrap-complete event...
INFO Destroying the bootstrap resources...
INFO Waiting up to 10m0s for the openshift-console route to be created...
INFO Install complete!
INFO Run 'export KUBECONFIG=<your working directory>/auth/kubeconfig' to
manage the cluster with 'oc', the OpenShift CLI.
INFO The cluster is ready when 'oc login -u kubeadmin -p <provided>'
succeeds (wait a few minutes).
INFO Access the OpenShift web-console here:
https://console-openshift-console.apps.demo.example.com
INFO Login to the console with user: kubeadmin, password: <provided>
 RED HAT OPENSHIFT 4

Provider Roadmap

Full Stack Automation Pre-existing Infrastructure

Bare Metal
4.1*

4.2 Bare Metal

On RHHI**

4.3 (tentative)

* Requires Internet connectivity; support for cluster proxy &

disconnected installation/updating not planned until 4.2
** On qualified hardware stack

6
 OPENSHIFT PLATFORM

Full Stack Automated Deployments

Day 1: openshift-install - Day 2: Operators

User managed

Operator managed Control Plane Worker Nodes

OCP Cluster Resources

OCP Cluster
openshift-install deployed
RH
RHCoreOS
CoreOS RH
RHCoreOS
CoreOS
RHEL CoreOS RHEL CoreOS

Cloud Resources Cloud Resources

Product Manager: Katherine Dubé Generally Available

 OPENSHIFT PLATFORM
Full Stack Automated Deployments
Simplified Cluster Creation
Designed to easily provision a “best practices” OpenShift
cluster
● New CLI-based installer with interactive guided workflow that
allows for customization at each step
● Installer takes care of provisioning the underlying
Infrastructure significantly reducing deployment complexity
● Leverages RHEL CoreOS for all node types enabling full stack
automation of installation and updates of both platform and
host OS content
Faster Install
The installer typically finishes within 30 minutes
● Only minimal user input needed with all non-essential install
config options now handled by component operator CRD’s
● 4.1 provides support for AWS deployments with additional
provider support planned in future releases
● See the OpenShift documentation for more details
Product Manager: Katherine Dubé Generally Available
$ ./openshift-install --dir ./demo create cluster
? SSH Public Key /Users/demo/.ssh/id_rsa.pub
? Platform aws
? Region us-west-2
? Base Domain example.com
? Cluster Name demo
? Pull Secret [? for help]
*************************************************************
INFO Creating cluster...
INFO Waiting up to 30m0s for the Kubernetes API...
INFO API v1.11.0+c69f926354 up
INFO Waiting up to 30m0s for the bootstrap-complete event...
INFO Destroying the bootstrap resources...
INFO Waiting up to 10m0s for the openshift-console route to be created...
INFO Install complete!
INFO Run 'export KUBECONFIG=<your working directory>/auth/kubeconfig' to
manage the cluster with 'oc', the OpenShift CLI.
INFO The cluster is ready when 'oc login -u kubeadmin -p <provided>'
succeeds (wait a few minutes).
INFO Access the OpenShift web-console here:
https://console-openshift-console.apps.demo.example.com
INFO Login to the console with user: kubeadmin, password: <provided>
 OPENSHIFT PLATFORM

Deploying to Pre-existing Infrastructure

Day 1: openshift-install - Day 2: Operators + Customer Managed Infra & Workers

User managed

Operator managed Control Plane Worker Nodes

OCP Cluster Resources

openshift-install deployed

OCP Cluster
Note: Control plane nodes
must run RHEL CoreOS!
RH
RHCoreOS
CoreOS RHEL
RHEL CoreOS RHEL 7
CoreOS
Customer deployed
Cloud Resources Cloud Resources

Product Manager: Katherine Dubé Generally Available

 OPENSHIFT PLATFORM

Deploying to Pre-existing Infrastructure

Customized OpenShift Deployments
Enables OpenShift to be deployed to user managed resources and
$ cat ./demo/install-config.yaml
pre-existing infrastructure. apiVersion: v1
baseDomain: example.com
● Customers are responsible for provisioning all infrastructure compute:
objects including networks, load balancers, DNS, hardware/VMs - name: worker
replicas: 0
and performing host OS installation controlPlane:
● Deployments can be performed both on-premise and to the name: master
...
public cloud
$ ./openshift-install --dir ./demo create ignition-config
● OpenShift installer handles generating cluster assets (such as INFO Consuming "Install Config" from target directory
node ignition configs and kubeconfig) and aids with cluster $ ./openshift-install --dir ./demo wait-for bootstrap-complete
bring-up by monitoring for bootstrap-complete and INFO Waiting up to 30m0s for the Kubernetes API at
https://api.demo.example.com:6443...
cluster-ready events INFO API v1.11.0+c69f926354 up
● While RHEL CoreOS is mandatory for the control plane, either INFO Waiting up to 30m0s for the bootstrap-complete event...
$ ./openshift-install --dir ./demo wait-for cluster-ready
RHEL CoreOS or RHEL 7 can be used for the worker/infra nodes
INFO Waiting up to 30m0s for the cluster at
● Node auto-scaling can be setup for providers with OpenShift https://api.demo.example.com:6443 to initialize...
Machine API support INFO Install complete!

● See the OpenShift documentation for more details

Product Manager: Katherine Dubé Generally Available

 RED HAT OPENSHIFT 4

Red Hat Enterprise Linux CoreOS

Minimal Linux distribution

Optimized for running

containers

Decreased attack surface

Over-the-air automated
updates
Immutable foundation for
OpenShift clusters
Ignition-based Metal and
Cloud host configuration

11
 RED HAT OPENSHIFT 4

Over-the-Air Updates

● Retrieves list of available updates

● Admin selects the target version
● OpenShift is updated over the air
● Auto-update support

12
 RED HAT OPENSHIFT 4

Kubernetes Machine API Operator

Using Kubernetes To Provision Kubernetes Clusters

13
 RED HAT OPENSHIFT 4

Unified Hybrid Cloud

● Multi-cluster management
○ New clusters on AWS, Azure, GCP, vSphere,
OpenStack, and bare metal
○ Register existing clusters
○ Including OpenShift Dedicated

● Management operations
○ Install new clusters
○ View all registered clusters
cloud.redhat.com
○ Update clusters

AWS GCP Azure On-Prem

14
 Trusted enterprise Kubernetes
● Trusted Host, Content, Platform
● Full Stack Automated Install
● Over the Air Updates & Day 2 Mgt

A cloud-like experience, everywhere

● Hybrid, Multi-Cluster Management
● Operator Framework
● Operator Hub & Certified ISVs

Empowering developers to innovate

● Developer Tools
● Cloud-Native CI/CD
● Serverless
● Service Mesh

15
 RED HAT OPENSHIFT 4
Evolution of Self-Service Backend Workloads
● Containerized ● Virtualized
● External to the cluster
● Cloud storage ready
● Replicated
● Backup
● Automated updates
16
● Containerized
● Container storage ready
● Replicated
● Backup
● Automated updates
● Enhanced observability
● Customization
● Local development
● Fully Open Source
● Any Kubernetes
● Certified on OpenShift
 RED HAT OPENSHIFT 4

OperatorHub.io Ecosystem

The public registry for finding

Kubernetes Operator backed
services

17
 RED HAT OPENSHIFT 4

OperatorHub in OpenShift

The embedded registry for

Community and Certified
Operators from Red Hat and
Partners, tested and verified on
OpenShift 4

18
 RED HAT OPENSHIFT 4

Operator Framework

Operators codify operational

knowledge and workflows to
automate life cycle
management of containerized
applications with Kubernetes
LIFE CYCLE
SDK METERING
MANAGEMENT

19
 RED HAT OPENSHIFT 4

Operators as a First-Class Citizen

Deployment

Role

OPERATOR ClusterRole
YourOperator v1.1.2
Bundle LIFECYCLE MANAGER

RoleBinding

Operator Deployment
ClusterRoleBinding
Custom Resource
Definitions
RBAC ServiceAccount
API Dependencies
Update Path CustomResourceDefinitio
Metadata n

20
 RED HAT OPENSHIFT 4

Operator Lifecycle Management

Operator Catalog Version

YourOperator v1.2.2

YourOperator v1.2.0
OPERATOR
LIFECYCLE MANAGER
YourOperator v1.1.3

Subscription for
YourOperator
YourOperator v1.1.2

Time

21
 BROAD ECOSYSTEM OF WORKLOADS

Services ready for your developers

New Developer Catalog aggregates apps
● Blended view of Operators, Templates and Broker
backed services
● Operators can expose multiple CRDs. Example:
○ MongoDBReplicaSet
○ MongoDBSharded Cluster
○ MongoDBStandalone
● Developers can’t see any of the admin screens

Self-service is key for productivity

● Developers with access can change settings and test out
new services at any time

Generally Available
 Trusted enterprise Kubernetes
● Trusted Host, Content, Platform
● Full Stack Automated Install
● Over the Air Updates & Day 2 Mgt

A cloud-like experience, everywhere

● Hybrid, Multi-Cluster Management
● Operator Framework
● Operator Hub & Certified ISVs

Empowering developers to innovate

● Developer Tools
● Cloud-Native CI/CD
● Serverless
● Service Mesh

23
 RED HAT OPENSHIFT 4

A developer-focused command-line tool for rapid

development iterations on OpenShift

$ odo create $ odo push $ odo watch

Create app from Build and deploy app from Sync local changes to
supported runtimes current directory running pods on OpenShift

24
 RED HAT OPENSHIFT 4

Developer Web Console

25
 RED HAT OPENSHIFT 4

Cloud-native CI/CD with OpenShift Pipelines

● Based on Tekton Pipelines

● Built for cloud-native apps
● Containers as building blocks
● Deploy to multiple platforms
● Available in OperatorHub

26
 RED HAT OPENSHIFT 4

OpenShift Serverless

● Familiar to Kubernetes users. Native

● Scale to 0 or to N based on demand
● Applications, functions and containers
● Powerful eventing model
● Multiple event sources
● No vendor lock in
● Available in OperatorHub

27
 RED HAT OPENSHIFT 4

OpenShift Service Mesh

● A dedicated network for service to

service communications
● Observability and distributed tracing
● Policy-driven security
● Routing rules & chaos engineering
● Powerful visualization & monitoring
● Available in OperatorHub

28
 RED HAT OPENSHIFT 4

CodeReady Workspaces

● Web-based Eclipse Che IDE

● Developer workspaces in pods
● Bundled development stacks
● Available in OperatorHub

29

Q2 CY2019
OpenShift 4.1
● Serverless w/ Knative Dev Preview
● OpenShift Pipelines (Tekton) Dev Preview
DEV
● CodeReady Workspaces
● CodeReady Containers Alpha
● Developer CLI (odo) Beta
● OperatorHub
APP
● Operator Lifecycle Manager
● Service Mesh (~2 month after)
● Kubernetes 1.12 with CRI-O runtime
PLATFORM
● RHEL CoreOS, RHEL7
● Automated Installer for AWS
● Pre-existing Infra Installer for Bare Metal,
VMware, AWS
● Automated, one-click updates
● Multus (Kubernetes multi-network)
● Quay v3
● Universal Hybrid Cloud (UHC)
● OCP Cluster Subscription Management
HOSTED
● OpenShift on Azure by MSFT and RHT
● OpenShift Dedicated consumption
30 pricing
2019 Roadmap
Q3 CY2019 Q4 CY2019
OpenShift 4.2 OpenShift 4.3
● Developer Console GA ● Serverless w/ Knative GA
DEV
● Serverless w/ Knative Tech Preview ● OpenShift Pipelines (Tekton) GA
DEV
● OpenShift Pipelines (Tekton) Tech Preview
● CodeReady Containers GA
● Developer CLI (odo) GA ● Metering for Services
● Windows Containers
APP
● GPU metering
● OperatorHub Enhancements
APP
● Operator Deployment Field Forms
● Application Binding with Operators
● Application Migration Console ● Kubernetes 1.15 w/ CRI-O runtime
● Automated Installer for IBM Cloud, Alibaba,
● Kubernetes 1.14 w/ CRI-O runtime RHV, Bare Metal Hardware Appliance
PLATFORM
● Disconnected Install and Update ● Pre-existing Infra Installer for Azure, OSP,
PLATFORM ● Automated Installer for Azure, OSP, GCP GCP
● OVN Tech Preview ● OVN GA w/ Windows Networking
● FIPS Integration
● Federation Workload API
● Automated App cert rotation
● OpenShift Container Storage 4.2
● UHC Multi-Cluster deployment ● UHC Subscription Mgmt Consumption
HOSTED
HOSTED
● Proactive Support Operator Improvements
Demo