OPENSHIFT CONTAINER PLATFORM TECHNICAL OVERVIEW
Presenter Presenter’s title Date Self-Service Standards-based
Multi-language Web-scale
Automation Open Source
Collaboration Enterprise Grade
Multi-tenant Secure
2 OPENSHIFT TECHNICAL OVERVIEW OPENSHIFT ARCHITECTURE
c
3 OPENSHIFT TECHNICAL OVERVIEW LINUX CONTAINERS WHAT ARE CONTAINERS? It Depends Who You Ask
INFRASTRUCTURE APPLICATIONS
● Application processes on a shared kernel ● Package apps with all dependencies ● Simpler, lighter, and denser than VMs ● Deploy to any environment in seconds ● Portable across different environments ● Easily accessed and shared
5 OPENSHIFT TECHNICAL OVERVIEW VIRTUAL MACHINES AND CONTAINERS
VIRTUAL MACHINES CONTAINERS
VM Container Container Container Container
App App App App App App App App
OS Dependencies OS deps OS deps OS deps OS deps
Kernel Container Host (Kernel)
Hypervisor Hardware Hardware
virtual machines are isolated containers are isolated apps are not so are the apps
6 OPENSHIFT TECHNICAL OVERVIEW VIRTUAL MACHINES AND CONTAINERS
Virtual Machine Container
Application Application
OS dependencies OS dependencies
Operating System Container Host
VM Isolation Container Isolation Complete OS Shared Kernel Static Compute Burstable Compute Static Memory Burstable Memory High Resource Usage Low Resource Usage
7 OPENSHIFT TECHNICAL OVERVIEW VIRTUAL MACHINES AND CONTAINERS
Virtual Machine Container
Application Clear ownership boundary Application Dev IT Ops OS dependencies between Dev and IT Ops OS dependencies (and Dev, sort of) drives DevOps adoption Operating System and fosters agility Container Host IT Ops Infrastructure Infrastructure
Optimized for stability Optimized for agility
8 OPENSHIFT TECHNICAL OVERVIEW APPLICATION PORTABILITY WITH VM
Virtual machines are NOT portable across hypervisor and do NOT provide portable packaging for applications
Guest VM VM Type X VM Type Y VM Type Z
Application Application Application Application Application OS dependencies OS dependencies OS dependencies OS dependencies OS dependencies
Operating System Operating System Operating System Operating System Operating System
LAPTOP BARE METAL VIRTUALIZATION PRIVATE CLOUD PUBLIC CLOUD
9 OPENSHIFT TECHNICAL OVERVIEW APPLICATION PORTABILITY WITH CONTAINERS
RHEL Containers + RHEL Host = Guaranteed Portability Across Any Infrastructure
Container Container Container Container Container
Application Application Application Application Application
OS dependencies OS dependencies OS dependencies OS dependencies OS dependencies
RHEL RHEL RHEL RHEL RHEL Guest VM Virtual Machine Virtual Machine Virtual Machine
LAPTOP BARE METAL VIRTUALIZATION PRIVATE CLOUD PUBLIC CLOUD
10 OPENSHIFT TECHNICAL OVERVIEW RAPID SECURITY PATCHING USING CONTAINER IMAGE LAYERING
Image Layer 3 Application Layer
Image Layer 2 Java Runtime Layer
Image Layer 1 OS Update Layer
Base Image Base RHEL
Container Image Layers Example Container Image
11 OPENSHIFT TECHNICAL OVERVIEW A lightweight, OCI-compliant container runtime
Any OCI-compliant Optimized for container from any Improve Security and Kubernetes OCI registry Performance at scale (including docker)
Available in OpenShift Online (soon) Tech Preview in OCP 3.7, GA in OCP 3.8
12 OPENSHIFT TECHNICAL OVERVIEW OPENSHIFT ARCHITECTURE YOUR CHOICE OF INFRASTRUCTURE
14 OPENSHIFT TECHNICAL OVERVIEW NODES RHEL INSTANCES WHERE APPS RUN
15 OPENSHIFT TECHNICAL OVERVIEW APPS RUN IN CONTAINERS
c
16 OPENSHIFT TECHNICAL OVERVIEW PODS ARE THE UNIT OF ORCHESTRATION
c
17 OPENSHIFT TECHNICAL OVERVIEW MASTERS ARE THE CONTROL PLANE
18 OPENSHIFT TECHNICAL OVERVIEW API AND AUTHENTICATION
19 OPENSHIFT TECHNICAL OVERVIEW DESIRED AND CURRENT STATE
20 OPENSHIFT TECHNICAL OVERVIEW INTEGRATED CONTAINER REGISTRY
21 OPENSHIFT TECHNICAL OVERVIEW ORCHESTRATION AND SCHEDULING
22 OPENSHIFT TECHNICAL OVERVIEW PLACEMENT BY POLICY
c
23 OPENSHIFT TECHNICAL OVERVIEW AUTOSCALING PODS
c
24 OPENSHIFT TECHNICAL OVERVIEW SERVICE DISCOVERY
c
25 OPENSHIFT TECHNICAL OVERVIEW PERSISTENT DATA IN CONTAINERS
c
26 OPENSHIFT TECHNICAL OVERVIEW ROUTING AND LOAD-BALANCING
c
27 OPENSHIFT TECHNICAL OVERVIEW ACCESS VIA WEB, CLI, IDE AND API
c
28 OPENSHIFT TECHNICAL OVERVIEW TECHNICAL DEEP DIVE MONITORING APPLICATION HEALTH AUTO-HEALING FAILED PODS
c
c
31 OPENSHIFT TECHNICAL OVERVIEW AUTO-HEALING FAILED CONTAINERS
c
c
32 OPENSHIFT TECHNICAL OVERVIEW AUTO-HEALING FAILED CONTAINERS
c
c
33 OPENSHIFT TECHNICAL OVERVIEW AUTO-HEALING FAILED CONTAINERS
c
c
34 OPENSHIFT TECHNICAL OVERVIEW AUTO-HEALING FAILED CONTAINERS
c c
35 OPENSHIFT TECHNICAL OVERVIEW NETWORKING BUILT-IN SERVICE DISCOVERY INTERNAL LOAD-BALANCING
37 OPENSHIFT TECHNICAL OVERVIEW BUILT-IN SERVICE DISCOVERY INTERNAL LOAD-BALANCING
38 OPENSHIFT TECHNICAL OVERVIEW ROUTE EXPOSES SERVICES EXTERNALLY
39 OPENSHIFT TECHNICAL OVERVIEW ROUTING AND EXTERNAL LOAD-BALANCING
● Pluggable routing architecture ○ HAProxy Router ○ F5 Router
● Multiple-routers with traffic sharding ● Router supported protocols ○ HTTP/HTTPS ○ WebSockets ○ TLS with SNI
● Non-standard ports via cloud load-balancers, external IP, and NodePort
40 OPENSHIFT TECHNICAL OVERVIEW ROUTE SPLIT TRAFFIC
Split Traffic Between Multiple Services For A/B Testing, Blue/Green and Canary Deployments
41 OPENSHIFT TECHNICAL OVERVIEW EXTERNAL TRAFFIC TO A SERVICE ON A RANDOM PORT WITH NODEPORT
● NodePort binds a service to a unique port on all the nodes
● Traffic received on any node redirects to a node with the running service
● Ports in 30K-60K range which usually differs from the service
● Firewall rules must allow traffic to all nodes on the specific port
42 OPENSHIFT TECHNICAL OVERVIEW EXTERNAL TRAFFIC TO A SERVICE ON ANY PORT WITH INGRESS
● Access a service with an external IP on any TCP/UDP port, such as ○ Databases ○ Message Brokers
● Automatic IP allocation from a predefined pool using Ingress IP Self-Service
● IP failover pods provide high availability for the IP pool
43 OPENSHIFT TECHNICAL OVERVIEW CONTROL OUTGOING TRAFFIC SOURCE IP WITH EGRESS ROUTER
44 OPENSHIFT TECHNICAL OVERVIEW OPENSHIFT NETWORKING
● Built-in internal DNS to reach services by name
● Split DNS is supported via SkyDNS ○ Master answers DNS queries for internal services ○ Other nameservers serve the rest of the queries
● Software Defined Networking (SDN) for a unified cluster network to enable pod-to-pod communication
● OpenShift follows the Kubernetes Container Networking Interface (CNI) plug-in model
45 OPENSHIFT TECHNICAL OVERVIEW OPENSHIFT NETWORK PLUGINS
* Flannel is minimally verified and is supported only and exactly as deployed in the OpenShift on OpenStack reference architecture
46 OPENSHIFT TECHNICAL OVERVIEW OPENSHIFT NETWORKING
47 OPENSHIFT TECHNICAL OVERVIEW OPENSHIFT SDN
FLAT NETWORK (Default)
● All pods can communicate with each other across projects
MULTI-TENANT NETWORK NODE NODE
● Project-level network isolation POD POD POD POD ● Multicast support
● Egress network policies POD POD POD POD
NETWORK POLICY (Tech Preview)
● Granular policy-based isolation
48 OPENSHIFT TECHNICAL OVERVIEW OPENSHIFT SDN - NETWORK POLICY
Example Policies ● Allow all traffic inside the project ● Allow traffic from green to gray ● Allow traffic to purple on 8080
apiVersion: extensions/v1beta1 kind: NetworkPolicy metadata: name: allow-to-purple-on-8080 spec: podSelector: matchLabels: color: purple ingress: - ports: - protocol: tcp port: 8080
49 OPENSHIFT TECHNICAL OVERVIEW OPENSHIFT SDN - OVS PACKET FLOW
Container to Container on the Same Host
50 OPENSHIFT TECHNICAL OVERVIEW OPENSHIFT SDN - OVS PACKET FLOW
Container to Container on the Different Hosts
51 OPENSHIFT TECHNICAL OVERVIEW OPENSHIFT SDN - OVS PACKET FLOW
Container Connects to External Host
52 OPENSHIFT TECHNICAL OVERVIEW OPENSHIFT SDN WITH FLANNEL FOR OPENSTACK
Flannel is minimally verified and is supported only and exactly as deployed in the OpenShift on OpenStack reference architecture https://access.redhat.com/articles/2743631
53 OPENSHIFT TECHNICAL OVERVIEW LOGGING & METRICS CENTRAL LOG MANAGEMENT WITH EFK
● EFK stack to aggregate logs for hosts and applications
○ Elasticsearch: an object store to store all logs
○ Fluentd: gathers logs and sends to Elasticsearch.
○ Kibana: A web UI for Elasticsearch.
● Access control
○ Cluster administrators can view all logs
○ Users can only view logs for their projects
● Ability to send logs elsewhere
○ External elasticsearch, Splunk, etc
55 OPENSHIFT TECHNICAL OVERVIEW CENTRAL LOG MANAGEMENT WITH EFK
NODE
POD POD NODE ELASTIC ELASTIC POD POD FLUENTD ELASTIC ELASTIC
POD POD RHELNODE
POD POD FLUENTD
POD POD ELASTIC ELASTIC RHEL ELASTIC ELASTIC
POD POD FLUENTD
RHEL
56 OPENSHIFT TECHNICAL OVERVIEW CONTAINER METRICS
57 OPENSHIFT TECHNICAL OVERVIEW CONTAINER METRICS
NODE
POD POD NODE
POD POD FLUENTD
POD POD RHELNODE
POD POD FLUENTD
POD POD ELASTIC ELASTIC RHEL
POD POD CADVISOR
RHEL
58 OPENSHIFT TECHNICAL OVERVIEW SECURITY TEN LAYERS OF CONTAINER SECURITY
Container Host & Multi-tenancy Federated Clusters
Container Platform API Management
Network Isolation Deploying Container
Container Registry Container Content
Storage Building Containers
60 OPENSHIFT TECHNICAL OVERVIEW SECRET MANAGEMENT
● Secure mechanism for holding sensitive data e.g. ○ Passwords and credentials ○ SSH Keys ○ Certificates
● Secrets are made available as ○ Environment variables ○ Volume mounts ○ Interaction with external systems
● Encrypted in transit
● Never rest on the nodes
61 OPENSHIFT TECHNICAL OVERVIEW PERSISTENT STORAGE PERSISTENT STORAGE
● Persistent Volume (PV) is tied to a piece of network storage ● Provisioned by an administrator (static or dynamically) ● Allows admins to describe storage and users to request storage ● Assigned to pods based on the requested size, access mode, labels and type
OpenStack NFS iSCSI Azure Disk AWS EBS FlexVolume Cinder
GCE Persistent VMWare GlusterFS Ceph RBD Fiber Channel Azure File Disk vSphere VMDK
63 OPENSHIFT TECHNICAL OVERVIEW PERSISTENT STORAGE
64 OPENSHIFT TECHNICAL OVERVIEW DYNAMIC VOLUME PROVISIONING
65 OPENSHIFT TECHNICAL OVERVIEW CONTAINER-NATIVE STORAGE
● Containerized Red Hat Gluster Storage
● Native integration with OpenShift
● Unified Orchestration using Kubernetes for applications and storage
● Greater control & ease of use for developers
● Lower TCO through convergence
● Single vendor Support
66 OPENSHIFT TECHNICAL OVERVIEW CONTAINER-NATIVE STORAGE
MASTER
NODE NODE NODE NODE
POD POD POD POD POD POD POD
POD POD POD
POD POD POD
67 OPENSHIFT TECHNICAL OVERVIEW SERVICE BROKER WHY A SERVICE BROKER?
Manual, Time-consuming and Inconsistent
69 OPENSHIFT TECHNICAL OVERVIEW A multi-vendor project to standardize how services are consumed on cloud-native platforms across service providers
70 OPENSHIFT TECHNICAL OVERVIEW WHAT IS A SERVICE BROKER?
Automated, Standard and Consistent
71 OPENSHIFT TECHNICAL OVERVIEW OPENSHIFT SERVICE CATALOG
72 OPENSHIFT TECHNICAL OVERVIEW SERVICE BROKER CONCEPTS
SERVICE: an offering that can be used by an app e.g. database
PLAN: a specific flavor of a service e.g. Gold Tier
SERVICE INSTANCE: an instance of the offering
SERVICE SERVICE SERVICE SERVICE PROVISION: creating a service instance CONSUMER CATALOG BROKER PROVIDER
BIND: associate a service instance and its credentials to an app
73 OPENSHIFT TECHNICAL OVERVIEW HOW TO ADD A SERVICE BROKER
● Deploy service broker on or off OpenShift
● Register the broker referring to the deployed broker
apiVersion: servicecatalog.k8s.io/v1alpha1 kind: Broker metadata: name: asb-broker spec: url: https://asb-1338-ansible-service-broker.10.2.2.15.nip.io
● Register the broker services by creating ServiceClass resources (the service broker might automatically perform this step)
74 OPENSHIFT TECHNICAL OVERVIEW TEMPLATE SERVICE BROKER
● Exposes Templates and Instant Apps in the Service Catalog
● Pulled from openshift namespace by default
● Multiple namespaces can be configured for template discovery
75 OPENSHIFT TECHNICAL OVERVIEW TEMPLATE SERVER BROKER PROVISIONING
openshift Service Broker creates a namespace the objects from the nodejs-template template OpenShift Service Catalog
Template Service Node.js Broker Container
76 OPENSHIFT TECHNICAL OVERVIEW TEMPLATE SERVICE BROKER BINDING
Service Broker creates a binding and secret for openshift namespace any credentials (config nodejs-template map, secret, etc) created
OpenShift by the template Service Catalog
Template Service Node.js Broker Container
create binding
77 OPENSHIFT TECHNICAL OVERVIEW OPENSHIFT ANSIBLE BROKER
● Use Ansible on OpenShift
○ Deploy containerized applications ○ Provision external services (e.g. Oracle database) ○ Provision cloud services (e.g. AWS RDS) ○ Orchestrate multi-service solutions ○ Conditional logic for control on deployments (e.g. database is initialized)
● Leverage existing Ansible playbooks
● Anything you can do with Ansible, you can do with OAB
78 OPENSHIFT TECHNICAL OVERVIEW ANSIBLE PLAYBOOK BUNDLES (APB)
● Lightweight application definition
● Packaged as a container image ├─ roles ├─ playbooks │ ├─ provision.yaml ● Embedded Ansible runtime │ ├─ unprovision.yaml │ ├─ bind.yaml ● Metadata for parameters │ └─ unbind.yaml └─ apb.yaml ● Named playbooks for actions Ansible Runtime ● Leverage existing Ansible playbooks Ansible Playbook Bundle ● Registry is queried to discover APBs (Container Image)
79 OPENSHIFT TECHNICAL OVERVIEW OPENSHIFT ANSIBLE BROKER PROVISIONING OpenShift Registry Docker Hub Red Hat Container Catalog
mediawiki-apb
postgresql-apb Discover and list APBs from the OpenShift Service Catalog configured image registries OpenShift
Ansible Broker
80 OPENSHIFT TECHNICAL OVERVIEW OPENSHIFT ANSIBLE BROKER PROVISIONING OpenShift Registry Docker Hub Red Hat Pull APB image and Container Catalog run it with the broker
mediawiki-apb action as a parameter postgresql-apb
OpenShift Service Catalog
OpenShift APB Container Ansible Broker (postgresql)
oc run postgresql-apb provision $vars
81 OPENSHIFT TECHNICAL OVERVIEW OPENSHIFT ANSIBLE BROKER PROVISIONING OpenShift Registry Docker Hub Red Hat APB container runs Container Catalog provision.yaml
mediawiki-apb playbook to create a
postgresql-apb PostgreSQL container OpenShift Service Catalog
Postgre AnsibleOpenShift APB Container SQL ServiceAnsible Broker (postgresql) Container
oc run postgresql-apb provision $vars ansible-playbook provision.yaml $vars
82 OPENSHIFT TECHNICAL OVERVIEW OPENSHIFT ANSIBLE BROKER BINDING OpenShift Registry Docker Hub Red Hat APB container runs Container Catalog bind.yaml
mediawiki-apb playbook to create
postgresql-apb database user OpenShift Service Catalog
Postgre OpenShift APB Container SQL Ansible Broker (postgresql) Container
oc run postgresql-apb bind $vars ansible-playbook bind.yaml $vars
MediaWiki Container
83 OPENSHIFT TECHNICAL OVERVIEW OPENSHIFT ANSIBLE BROKER BINDING OpenShift Registry Docker Hub Red Hat APB container goes Container Catalog
away and Service Broker mediawiki-apb creates a binding for
postgresql-apb the PostgreSQL service OpenShift Service Catalog
Postgre OpenShift SQL Ansible Broker Container
MediaWiki create binding Container
84 OPENSHIFT TECHNICAL OVERVIEW OPENSHIFT ANSIBLE BROKER BINDING OpenShift Registry Docker Hub Red Hat Service Catalog creates Container Catalog
a secret for the binding, mediawiki-apb containing the database
postgresql-apb credentials OpenShift Service Catalog
Postgre OpenShift SQL Ansible Broker Container
MediaWiki mount binding secret Container
85 OPENSHIFT TECHNICAL OVERVIEW OPENSHIFT ANSIBLE BROKER BINDING OpenShift Registry Docker Hub Red Hat MediaWiki container Container Catalog
uses the credentials in mediawiki-apb the secret to connect
postgresql-apb to the PostgreSQL OpenShift Service Catalog database
Postgre OpenShift SQL Ansible Broker Container
MediaWiki mount binding secret Container
86 OPENSHIFT TECHNICAL OVERVIEW AWS SERVICE BROKER
● Targets Top 10 AWS Services
● Uses Ansible Playbook Bundles
● Available in OpenShift 3.7
SQS SNS DynamoDB Redshift SES S3
RDS EMR AWS Batch ElastiCache Route 53
87 OPENSHIFT TECHNICAL OVERVIEW AWS PROVISIONING Registries Compatible Docker AWS ECR APB container runs
provision.yaml playbook s3-apb to interact with CFN and rds-apb create RDS instance OpenShift Service Catalog
AWS OpenShift APB AWS Container Cloud RDS Ansible Broker (rds) Formation
oc run rds-apb provision $vars ansible-playbook provision.yaml $vars
88 OPENSHIFT TECHNICAL OVERVIEW OPERATIONAL MANAGEMENT
TOP CHALLENGES OF RUNNING CONTAINERS AT SCALE
OPERATIONAL SERVICE SECURITY FINANCIAL EFFICIENCY HEALTH & COMPLIANCE MANAGEMENT
90 OPENSHIFT TECHNICAL OVERVIEW ● ● ● ● ● ● ● ●
91 OPENSHIFT TECHNICAL OVERVIEW OPERATIONAL EFFICIENCY
● CloudForms continuously discovers your infrastructure in near real time. ● CloudForms discovers and visualizes relationships between infra components
● CloudForms cross references inventory across technologies.
● CloudForms offers custom automation via control policy or UI extensions
92 OPENSHIFT TECHNICAL OVERVIEW OPERATIONAL EFFICIENCY
93 OPENSHIFT TECHNICAL OVERVIEW SERVICE HEALTH
● CloudForms monitors resource consumption and shows trends ● CloudForms alerts on performance thresholds or other events ● CloudForms offers right-sizing recommendations ● CloudForms enforces configuration and tracks it over time.
94 OPENSHIFT TECHNICAL OVERVIEW SERVICE HEALTH
95 OPENSHIFT TECHNICAL OVERVIEW SECURITY & COMPLIANCE
● CloudForms finds and marks nodes non-compliant with policy. ● CloudForms allows reporting on container provenance. ● CloudForms scans container images using OpenSCAP. ● CloudForms tracks genealogy between images and containers.
96 OPENSHIFT TECHNICAL OVERVIEW SECURITY & COMPLIANCE
97 OPENSHIFT TECHNICAL OVERVIEW FINANCIAL MANAGEMENT
● Define cost models for infrastructure and understand your cost. ● Rate schedules per platform and per tenant with multi-tiered and multi-currency support
● CloudForms shows top users for CPU, memory, as well as cost. ● Chargeback/showback to projects based on container utilization.
98 OPENSHIFT TECHNICAL OVERVIEW FINANCIAL MANAGEMENT
99 OPENSHIFT TECHNICAL OVERVIEW REFERENCE ARCHITECTURES REFERENCE ARCHITECTURES
OpenShift on VMware vCenter Application Release Strategies with OpenShift
OpenShift on Red Hat OpenStack Platform Building Polyglot Microservices on OpenShift
OpenShift on Amazon Web Services Building JBoss EAP 6 Microservices on OpenShift
OpenShift on Google Cloud Platform Building JBoss EAP 7 Microservices on OpenShift
OpenShift on Microsoft Azure Business Process Management with JBoss BPMS on OpenShift
OpenShift on Red Hat Virtualization Build and Deployment of Java Applications on OpenShift
OpenShift on HPE Servers with Ansible Tower Building Microservices on OpenShift with Fuse Integration...
OpenShift on VMware vCenter 6 with Gluster JFrog Artifactory on OpenShift Container Platform
Deploying an OpenShift Distributed Architecture Spring Boot Microservices on Red Hat OpenShift
OpenShift Architecture and Deployment Guide API Management with Red Hat 3scale on OpenShift
OpenShift Scaling, Performance, and Capacity Planning
101 OPENSHIFT TECHNICAL OVERVIEW BUILD AND DEPLOY CONTAINER IMAGES BUILD AND DEPLOY CONTAINER IMAGES
DEPLOY YOUR DEPLOY YOUR DEPLOY YOUR SOURCE CODE APP BINARY CONTAINER IMAGE
103 OPENSHIFT TECHNICAL OVERVIEW DEPLOY SOURCE CODE WITH SOURCE-TO-IMAGE (S2I)
User/Tool Does OpenShift Does
104 OPENSHIFT TECHNICAL OVERVIEW DEPLOY APP BINARY WITH SOURCE-TO-IMAGE (S2I)
User/Tool Does OpenShift Does
105 OPENSHIFT TECHNICAL OVERVIEW DEPLOY DOCKER IMAGE
User/Tool Does OpenShift Does
106 OPENSHIFT TECHNICAL OVERVIEW BUILD IMAGES IN MULTIPLE STAGES
107 OPENSHIFT TECHNICAL OVERVIEW EXAMPLE: USE ANY RUNTIME IMAGE WITH SOURCE-TO-IMAGE BUILDS
Use Source-to-Image to build app binaries and deploy on lean vanilla runtimes
read more on https://blog.openshift.com/chaining-builds/
108 OPENSHIFT TECHNICAL OVERVIEW EXAMPLE: USE ANY BUILD TOOL WITH OFFICIAL RUNTIME IMAGES
Use your choice of build tool like Gradle and deploy to official images like the JDK image
read more on https://blog.openshift.com/chaining-builds/
109 OPENSHIFT TECHNICAL OVERVIEW EXAMPLE: SMALL LEAN RUNTIMES
Build the app binary and deploy on small scratch images
read more on https://blog.openshift.com/chaining-builds/
110 OPENSHIFT TECHNICAL OVERVIEW CONTINUOUS INTEGRATION (CI) CONTINUOUS DELIVERY (CD) CI/CD WITH BUILD AND DEPLOYMENTS
BUILDS
● Webhook triggers: build the app image whenever the code changes ● Image trigger: build the app image whenever the base language or app runtime changes ● Build hooks: test the app image before pushing it to an image registry
DEPLOYMENTS
● Deployment triggers: redeploy app containers whenever configuration changes or the image changes in the OpenShift integrated registry or upstream registries
112 OPENSHIFT TECHNICAL OVERVIEW CONTINUOUS DELIVERY WITH CONTAINERS
113 OPENSHIFT TECHNICAL OVERVIEW OPENSHIFT LOVES CI/CD
JENKINS-AS-A SERVICE HYBRID JENKINS INFRA EXISTING CI/CD ON OPENSHIFT WITH OPENSHIFT DEPLOY TO OPENSHIFT
114 OPENSHIFT TECHNICAL OVERVIEW JENKINS-AS-A-SERVICE ON OPENSHIFT
● Certified Jenkins images with pre-configured plugins ○ Provided out-of-the-box ○ Follows Jenkins 1.x and 2.x LTS versions
● Jenkins S2I Builder for customizing the image ○ Install Plugins ○ Configure Jenkins ○ Configure Build Jobs
● OpenShift plugins to integrate authentication with OpenShift and also CI/CD pipelines
● Dynamically deploys Jenkins slave containers
115 OPENSHIFT TECHNICAL OVERVIEW HYBRID JENKINS INFRA WITH OPENSHIFT
● Scale existing Jenkins infrastructure by dynamically provisioning Jenkins slaves on OpenShift
● Use Kubernetes plug-in on existing Jenkin servers
116 OPENSHIFT TECHNICAL OVERVIEW EXISTING CI/CD DEPLOY TO OPENSHIFT
● Existing CI/CD infrastructure outside OpenShift performs operations against OpenShift ○ OpenShift Pipeline Jenkins Plugin for Jenkins ○ OpenShift CLI for integrating other CI Engines with OpenShift
● Without disrupting existing processes, can be combined with previous alternative
117 OPENSHIFT TECHNICAL OVERVIEW OPENSHIFT PIPELINES
● OpenShift Pipelines allow defining a apiVersion: v1 CI/CD workflow via a Jenkins pipeline kind: BuildConfig metadata: which can be started, monitored, and name: app-pipeline spec: managed similar to other builds strategy: type: JenkinsPipeline jenkinsPipelineStrategy: ● Dynamic provisioning of Jenkins slaves jenkinsfile: |- node('maven') { stage('build app') { ● Auto-provisioning of Jenkins server git url: 'https://git/app.git' sh "mvn package" ● OpenShift Pipeline strategies } stage('build image') { ○ Embedded Jenkinsfile sh "oc start-build app --from-file=target/app.jar } ○ Jenkinsfile from a Git repository stage('deploy') { openshiftDeploy deploymentConfig: 'app' } }
118 OPENSHIFT TECHNICAL OVERVIEW 119 OPENSHIFT TECHNICAL OVERVIEW CONTINUOUS DELIVERY PIPELINE
● ● ●
120 OPENSHIFT TECHNICAL OVERVIEW CONTINUOUS DELIVERY PIPELINE
121 OPENSHIFT TECHNICAL OVERVIEW CONTINUOUS DELIVERY PIPELINE
122 OPENSHIFT TECHNICAL OVERVIEW CONTINUOUS DELIVERY PIPELINE
123 OPENSHIFT TECHNICAL OVERVIEW CONTINUOUS DELIVERY PIPELINE
ServiceNow JIRA Service Desk Zendeks BMC Remedy
☒ ☑
124 OPENSHIFT TECHNICAL OVERVIEW CONTINUOUS DELIVERY PIPELINE
☒ ☑
125 OPENSHIFT TECHNICAL OVERVIEW DEVELOPER WORKFLOW LOCAL DEVELOPMENT WORKFLOW
127 OPENSHIFT TECHNICAL OVERVIEW LOCAL DEVELOPMENT WORKFLOW
BOOTSTRAP
● Pick your programming language and application runtime of choice ● Create the project skeleton from scratch or use a generator such as ○ Maven archetypes ○ Quickstarts and Templates ○ OpenShift Generator ○ Spring Initializr
128 OPENSHIFT TECHNICAL OVERVIEW LOCAL DEVELOPMENT WORKFLOW
DEVELOP
● Pick your framework of choice such as Java EE, Spring, Ruby on Rails, Django, Express, ... ● Develop your application code using your editor or IDE of choice ● Build and test your application code locally using your build tools ● Create or generate OpenShift templates or Kubernetes objects
129 OPENSHIFT TECHNICAL OVERVIEW LOCAL DEVELOPMENT WORKFLOW
LOCAL DEPLOY
● Deploy your code on a local OpenShift cluster ○ Red Hat Container Development Kit (CDK), minishift and oc cluster ● Red Hat CDK provides a standard RHEL-based development environment ● Use binary deploy, maven or CLI rsync to push code or app binary directly into containers
130 OPENSHIFT TECHNICAL OVERVIEW LOCAL DEVELOPMENT WORKFLOW
VERIFY
● Verify your code is working as expected ● Run any type of tests that are required with or without other components (database, etc) ● Based on the test results, change code, deploy, verify and repeat
131 OPENSHIFT TECHNICAL OVERVIEW LOCAL DEVELOPMENT WORKFLOW
GIT PUSH
● Push the code and configuration to the Git repository ● If using Fork & Pull Request workflow, create a Pull Request ● If using code review workflow, participate in code review discussions
132 OPENSHIFT TECHNICAL OVERVIEW LOCAL DEVELOPMENT WORKFLOW
PIPELINE
● Pushing code to the Git repository triggers one or multiple deployment pipelines ● Design your pipelines based on your development workflow e.g. test the pull request ● Failure in the pipeline? Go back to the code and start again
133 OPENSHIFT TECHNICAL OVERVIEW APPLICATION SERVICES A PLATFORM THAT GROWS WITH YOUR BUSINESS
Web Data Intelligent Micro Application Virtualization Process services
API Single Java EE Mobile Management Sign-On Application
Real Time Integration Messaging Data Grid Decision
135 OPENSHIFT TECHNICAL OVERVIEW TRUE POLYGLOT PLATFORM
LANGUAGES
DATABASES CrunchyData GitLab Iron.io
WEB SERVERS Couchbase Sonatype EnterpriseDB NuoDB Fujitsu
MIDDLEWARE and many more
136 OPENSHIFT TECHNICAL OVERVIEW TESTED AND VERIFIED MICROSERVICES FRAMEWORKS
LAUNCH
Spring Boot Netflix Hystrix Netflix Ribbon
SUPPORTED MICROSERVICES RUNTIMES
Reactive MicroProfile Server-side JS Java EE Java EE Web Eclipse Vert.x WildFly Swarm Node.js JBoss EAP Embedded Tomcat
Modern, Cloud-Native Application Runtimes and an Opinionated Developer Experience
137 OPENSHIFT TECHNICAL OVERVIEW MICROSERVICES INFRASTRUCTURE: ISTIO SERVICE MESH WHAT YOU NEED FOR MICROSERVICES?
Visibility & Reporting
Resilience & Fault Tolerance
Routing & Traffic Control
Identity & Security
Policy Enforcement
139 OPENSHIFT TECHNICAL OVERVIEW WHAT YOU NEED FOR MICROSERVICES?
Visibility & Reporting
Resilience & Fault Tolerance Routing & Traffic Control Istio Identity & Security
Policy Enforcement
140 OPENSHIFT TECHNICAL OVERVIEW WHAT IS ISTIO?
a service mesh to connect, manage, and secure microservices
Control Pilot Mixer Auth Plane
Envoy Envoy Envoy Envoy
Data Plane App App App App
Pod Pod Pod Pod
141 OPENSHIFT TECHNICAL OVERVIEW