OpenShift Enterprise 3.1 vs kubernetes

a Containerized Application Platform
@SamuelTerburg
OpenShift “Specialist” Solution Architect
March 2016
OpenShift Enterprise

• Docker
• Kubernetes added-value
• OpenShift added-value
• Demo
• Q & A
Agenda

RED HAT OPENSHIFT ENTERPRISE
Image BImage A
Images & Containers
4
●Docker “Image”
• Unified Packaging format
• Like “war” or “tar.gz”
• For any type of Application
• Portable
●Docker “Container”
• Runtime
• Isolation Hardware
Container
APP A
Image
Host Minimal OS
Container
APP B
Image
Container
APP C
Image
Docker Engine
Docker Registry
RHEL
JDK
Jboss-EAP
Libs A Libs B
App A App B
docker pull <image>

Evolution
5
Hardware
Host OS
LIBS A LIBS B LIBS..
APP A APP B
Hardware
Guest OS
LIBS A
APP A
Hypervisor
Guest OS
LIBS B
APP B
Guest OS
LIBS C
APP C
Hardware
Container
LIBS A
APP A
Host Minimal OS
Container
LIBS B
APP B
Container
LIBS C
APP C
Traditional Virtual Containershared system isolation process isolation

Linux Kernel
App1 App2 App3
Isolation, not Virtualization
• Kernel Namespaces
• Process
• Network
• IPC
• Mount
• User
• Resource Limits
• Cgroups
• Security
• SELinux

Container Orchestration
- Kubernetes

We need more than just packing and isolation

Kubernetes – Container Orchestration at Scale
Greek for “Helmsman”; also the root of the word “Governor” and “cybernetic”
• Container Cluster Manager
- Inspired by the technology that runs Google
• Runs anywhere
- Public cloud
- Private cloud
- Bare metal
• Strong ecosystem
- Partners: Red Hat, VMware, CoreOS..
- Community: clients, integration

Kubernetes Cluster
Registry
Master
Node
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
Image
Core Concepts
• Pod
•
• Labels & Selectors
•
• ReplicationController
•
• Service
•
• Persistent Volumes
•
etcd
SkyDNS
Replication
Controller
APIDev/Ops
Visitor
Router
Policies
Logging
ELK

Pods
POD Definition:
• Group of Containers
• Related to each other
• Same namespace
• Emphemeral
Examples:
• Wordpress
• MySQL
• Wordpress + MySQL
• ELK
• Nginx+Logstash
• Auth-Proxy+PHP
• App + data-load

Kubernetes Cluster
Master
Node
Node
Pod
Node
Pod
Replication Controller
etcd
Replication
Controller
APIDev/Ops
kind: ReplicationController
metadata:
name: nginx
spec:
replicas: 2
selector:
app: nginx
template:
metadata:
name: nginx
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:v2.2
ports:
- containerPort: 80
“nginx”
RC Object
• Pod Scaling
• Pod Monitoring
• Rolling updates
# kubectl create –f nginx-rc.yaml

Kubernetes Cluster
MySQL
DB
MySQL
Service
Service Definition:
• Load-Balanced Virtual-IP (layer 4)
• Abstraction layer for your App
• Enables Service Discovery
• DNS
• ENV
Examples:
• frontend
• database
• api
172.16.0.1:3386
PHP
10.1.0.1:3306
10.2.0.1:3306
db.project.cluster.local
Visitor
<?php
mysql_connect(getenv(“db_host”))
mysql_connect(“db:3306”)
?>

MySQL
MySQL
Service
PHP
10.1.0.1:3306
10.2.0.1:3306
Master
Node
etcd
SkyDNS
APIDev/Ops
“DB”
Service Object
Kube
Proxy
IPTables
Kube
Proxy
IPTables
3. Register
Service
2. Watch
Changes
Redirect
3. Update
Rule
2. Watch
Changes
- apiVersion: v1
kind: Service
metadata:
labels:
app: MySQL
role: BE
phase: DEV
name: MySQL
spec:
ports:
- name: mysql-data
port: 3386
protocol: TCP
targetPort: 3306
selector:
app: MySQL
role: BE
sessionAffinity: None
type: ClusterIP
1. Create
Object
1. Register
Pod Object

Pod
Service
Pod
Pod
Labels & Selectors
- apiVersion: v1
kind: Service
metadata:
labels:
app: MyApp
role: BE
phase: DEV
name: MyApp
spec:
ports:
- name: 80-tcp
port: 80
protocol: TCP
targetPort: 8080
selector:
app: MyApp
role: BE
sessionAffinity: None
type: ClusterIP
Role: FE
Phase: Dev
Role: BE
Phase: DEV
Role: BE
Phase: TST
Role: BEthink SQL ‘select ... where ...’
- apiVersion: v1
kind: Pod
metadata:
labels:
app: MyApp
role: BE
phase: DEV
name: MyApp

MySQL
Service
MySQL
Ingress / Router
• Router Definition:
• Layer 7 Load-Balancer /
Reverse Proxy
• SSL/TLS Termination
• Name based Virtual Hosting
• Context Path based Routing
• Customizable (image)
• HA-Proxy
• F5 Big-IP
Examples:
• https://www.mysite.nl/myapp1/
• http://www.mysite.nl/myapp2
172.16.0.1:3386
PHP
10.1.0.1:3306
10.2.0.1:3306
db.project.cluster.local
Visitor
Router https://mysite.nl/service1/apiVersion:
extensions/v1beta1
kind: Ingress
metadata:
name: mysite
spec:
rules:
- host: www.mysite.nl
http:
paths:
- path: /foo
backend:
serviceName: s1
servicePort: 80
- path: /bar
backend:
serviceName: s2
servicePort: 80

Kubernetes Cluster
Node
Storage
Pod
Volume
Node
Pod
Pod
Persistent Storage
for Ops:
• Google
• AWS EBS
• OpenStack's Cinder
• Ceph
• GlusterFS
• NFS
• iSCSI
• FibreChannel
• EmptyDir
for Dev:
• “Claim”
kind: PersistentVolume
metadata:
name: pv0003
spec:
capacity:
storage: 8Gi
accessModes:
- ReadWriteOnce
nfs:
path: /tmp
server: 172.17.0.2
kind: PersistentVolumeClaim
metadata:
name: myclaim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 8Gi

Persistent Volume Claim
23
Storage
Provider(s)
Ops Dev
Persistent Volume Farm Projects Claim and Mount
Project: ABC
Project: XYZ
10G
SSD
40G
pod
pod
5G
SSD
10G pod
pod

• Each Host = 256 IPs
• Each POD = 1 IP
Programmable Infra:
• GCE / GKE
• AWS
• OpenStack
• Nuage
Networking
Overlay Networks:
• Flannel
• Weave
• OpenShift-SDN
• Open vSwitch

Kubernetes Cluster
Master
Node
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
Hosting Platform
• Scheduling
• Lifecycle and health
• Discovery
• Monitoring
• Auth{n,z}
• Scaling
etcd
SkyDNS
Replication
Controller
APIDev/Ops
Router
Policies
Registry
Image
Visitor
Logging
ELK

OpenShift as a Development Platform
• Project spaces
• Build tools
• Integration with your IDE

We need more than just Orchestration !
Self Service
-Templates
- Web Console
Multi-Language
Automation
- Deploy
- Build
DevOps
Collaboration
Secure
- Namespaced
- RBAC
Scalable
- Integrated LB
Open Source
Enterprise
- Authentication
- Web Console
- Central Logging

We need more than just Orchestration
Self Service
-Templates
- Web Console
Multi-Language
Automation
- Deploy
- Build
DevOps
Collaboration
Secure
- Namespaced
- RBAC
Scalable
- Integrated LB
Open Source
Enterprise
- Authentication
- Web Console
- Central Logging
OpenShift is Red Hat’s Container Application Platform (PaaS)

Kubernetes Embedded
https://master:8443/api = Kubernetes API
/oapi = OpenShift API
/console = OpenShift WebConsole
OpenShift:
• 1 Binary for Master
• 1 Binary for Node
• 1 Binary for Client
• Docker-image
• Vagrant-image
Kubernetes:
• ApiServer, Controller, Scheduler, Etcd
• KubeProxy, Kubelet
• Kubectl

Project Namespaces
Project
• Sandboxed Environment
• Network VXLan
• Authorization Policies
• Resource Quotas
• Ops in Control, Dev Freedom
oc new-project Project-Dev
oc policy add-role-to-user admin scientist1
oc new-app
--source=https://gitlab/MyJavaApp
--docker-image=jboss-eap
Project “Prod” Project “Dev” Project
Global Services
OpenShift Platform
APP A
Image
APP C
Image
App
• Images run in Containers
• Grouped together as a Service
• Defined as Template

Kubernetes Cluster
Master
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
Kubernetes
Hosting Architecture
etcd
SkyDNS
Replication
Controller
APIDev/Ops
Ingress
Policies
Registry
Image
VisitorLogging
ELK

OpenShift Cluster
Master
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
OpenShift
PaaS Architecture
etcd
SkyDNS
Replication
Controller
APIDev/Ops
Router
Deploy
Build
Policies
config
Registry
Image
VisitorLogging
EFK
• Added “Build”
• Added “Deployment”
• s/ELK/EFK/g
• s/Ingress/Router/g
• Added Policies + tools
• Added WebConsole
• OpenShift-SDN isolation
Web
Console

OpenShift Cluster
Master
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
OpenShift
Build & Deploy Architecture
etcd
SkyDNS
Replication
Controller
APIDev/Ops
Router
Deploy
Build
Policies
config
kind: "BuildConfig“
metadata:
name: “myApp-build“
spec:
source:
type: "Git“
git:
uri: "git://gitlab/project/hello.git“
dockerfile: “jboss-eap-6“
strategy:
type: "Source“
sourceStrategy:
from:
kind: "Image“
name: “jboss-eap-6:latest“
output:
to:
kind: “Image“
name: “myApp:latest“
triggers:
- type: "GitHub“
github:
secret: "secret101“
- type: "ImageChange“
# oc start-build myApp-build
Registry
Image
VisitorLogging
EFK

Code
Deploy
Build
Can configure different
deployment strategies
like A/B, Rolling upgrade,
Automated base updates,
and more.
Can configure triggers for
automated deployments,
builds, and more.
Build & Deploy an Image
Source
2
Image Builder
Image
Developer
SCM
Container Image
Builder Images
• Jboss-EAP
• PHP
• Python
• Ruby
• Jenkins
• Customer
• C++ / Go
• S2I (bash) scripts
Triggers
• Image Change (tagging)
• Code Change (webhook)
• Config Change

OpenShift Cluster
Master
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
OpenShift
Build & Deploy Architecture
etcd
SkyDNS
Replication
Controller
APIDev/Ops
Router
Deploy
Build
Policies
kind: “DeploymentConfig“
metadata:
name: “myApp“
spec:
replicas: 2
selector:
app: nginx
template:
metadata:
name: nginx
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
triggers:
- type: "ImageChange“
from:
kind: “Image”
name: “nginx:latest
# oc deploy myApp --latest
Registry
Image
VisitorLogging
EFK

Continuous Integration Pipeline example
Source Build Deploy
:test
:test
Deploy
:test-fw
Test Tag
:uat
Deploy
:uat
commit webhook
registry
ImageChange
registry
ImageChange
Approve Tag
:prod
Deploy
:prod
registry
ImageChange
ITIL
container

Template
OpenShift
MySQL
Service
MySQL
PHP
RouterapiVersion: v1
kind: Template
metadata:
name: redis-template
annotations:
description: "Description“
iconClass: "icon-redis“
tags: "database,nosql“
objects:
- apiVersion: v1
kind: Pod
…
parameters:
- description: Password
from: '[A-Z0-9]{8}‘
generate: expression
name: REDIS_PASSWORD
labels:
redis: master
apiVersion: v1
kind: List
Items:
- apiVersion: v1
kind: Pod
…
- apiVersion: v1
kind: Service
…
Kubernetes
curl –s https://get.helm.sh | bash
helm update
helm search redis
helm install redis
Deis Helm

Setup
yum install docker-engine
docker run openshift/origin
helm update

Setup
helm update
docker run -d --name "ose" --privileged --net=host --pid=host
-v /:/rootfs:ro
-v /var/run:/var/run:rw
-v /sys:/sys:ro
-v /var/lib/docker:/var/lib/docker:rw
-v /var/lib/origin/openshift.local.volumes:/var/lib/origin/openshift.local.volumes:z
-v /var/lib/origin/openshift.local.config:/var/lib/origin/openshift.local.config:z
-v /var/lib/origin/openshift.local.etcd:/var/lib/origin/openshift.local.etcd:z
openshift3/ose start
--master="https://${OSE_MASTER_IP}:8443"
--etcd-dir="/var/lib/origin/openshift.local.etcd"
--hostname=`hostname`
--cors-allowed-origins=.*
helm update

Setup Client
helm update
docker run –entrypoint=cat openshift/origin /usr/bin/oc >/usr/local/bin/oc
ln –s /var/lib/origin/openshift.local.config/admin.kubectl ~/.kubectl

OpenShift's Added Value
50
Container runtime environment
Container orchestration
Container Development
Enterprise Management & Integration
User Experience
Docker
Kubernetes
Minimal OSAtomic
Deploy
Run
Host
OpenShift
Enterprise
Build
- Idm (LDAP,SSO)
- Web-Console
- JBoss xPaas images
- Eclipse & Jenkins integrations
- Router
- Logging & Metrics
- SDN

• JBoss EAP
• JBoss Web Server /
Tomcat
• JBoss Developer Studio
• Fuse
• A-MQ
• Data Virtualization
• Business Process
Management *
• Business Rules
Management System
• Red Hat Mobile /
FeedHenry *
Application
Container Services
Integration
Services
Business
Process Services
Mobile
Services
* Coming Soon
Our JBoss Middleware xPaas Service Catalog

CloudForms Management

RED HAT CLOUD SUITE FOR APPLICATIONS
Cloud Management – Alternative Virtualization – OpenStack – Containers – Development

Questions?
plus.google.com/+RedHat
nl.linkedin.com/in/samuelterburg
youtube.com/user/RedHatVideos
facebook.com/redhatinc
twitter.com/SamuelTerburg

OpenShift Enterprise 3.1 vs kubernetes

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (20)

Ähnlich wie OpenShift Enterprise 3.1 vs kubernetes

Ähnlich wie OpenShift Enterprise 3.1 vs kubernetes (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

OpenShift Enterprise 3.1 vs kubernetes