Was Ist Das Eigentlich? Und Was Kann Es?

Was ist das eigentlich? Und was kann es?

Sebastian Dehn Solution Architect Partner Enablement [email protected] Wer bin ich? Worüber reden wir heute?

Die Idee hinter OpenShift Wieso, weshalb warum…?

Lasst uns über Technik reden! Das wichtigste in Kürze

Proof it! Ein kurzer Einblick in die reale OpenShift Welt

Q&A Ich beantworte eure Fragen. Habt ihr welche?

3 Wer kennt es nicht? Parts Unlimited

Bill - VP IT

Steve - CEO

Chris - VP AppDev Der Fokus

Steve - die Kosten minimieren/Ressourcen efﬁzient nutzen

Bill - Modernisierung Infrastruktur & Standardisierung der IT Prozesse

Chris - Modern AppDev & Innovative Technologien A consistent container application platform From your data center, to the cloud, to the edge

Automated Secure by Network Over-the-air Monitoring Pluggable Multi-tenant operations default trafﬁc control updates & chargeback architecture

Bare metal, VMware vSphere, Red Hat Virtualization, Red Hat OpenStack Platform, Amazon Web Services, Microsoft Azure, Google, IBM Cloud CONFIDENTIAL Designator

Zeit für Praxis!

8 CONFIDENTIAL Designator

Die Technik Was sich unter der Haube versteckt

9 Empowering Zeit für Innovationen! developers to innovate

10 OpenShift enables developer productivity

BUILD TEST DEPLOY

Self-service Consistent Automated CI/CD Conﬁguration App logs & provisioning environments build & deploy pipelines management metrics

CODE REVIEW MONITOR

SPRING & JAVA™ EE MICROSERVICES FUNCTIONS

LANGUAGES DATABASES APPLICATION SERVICES

LINUX WINDOWS*

* coming soon BUILD AND DEPLOY CONTAINER IMAGES

DEPLOY YOUR DEPLOY YOUR DEPLOY YOUR SOURCE CODE APP BINARY CONTAINER IMAGE DEPLOY SOURCE CODE WITH SOURCE-TO-IMAGE (S2I)

Git code BUILD APP Repository (OpenShift) Developer

Source-to-Image BUILD IMAGE (S2I) (OpenShift) Builder Image Image Registry

Application deploy DEPLOY Container (OpenShift)

User/Tool Does OpenShift Does DEPLOY APP BINARY WITH SOURCE-TO-IMAGE (S2I)

Application build Binary BUILD APP (e.g. WAR) (Build Infra) Existing Build Process

Source-to-Image BUILD IMAGE (S2I) (OpenShift) Builder Image Image Registry

Application deploy DEPLOY Container (OpenShift)

User/Tool Does OpenShift Does DEPLOY DOCKER IMAGE

build Application Image BUILD IMAGE (Build Infra) Existing Image Build Process

Image PUSH Registry (Build Infra)

Application deploy DEPLOY Container (Openshift)

User/Tool Does OpenShift Does Build and Deploy Process 4 4 Dockerfile 1 Push 2 App Image Registry

Source BuildConfig Pull Builder 3 Pod 3 Base Registry Jenkinsfile Image 6 6 Pull 5 App Image

DeploymentConfig/ Deployer Deployment Pod 7

16 Node OpenShift 4 Und so sieht die Architektur der Plattform Architecture aus!

17 OPENSHIFT CONTAINER PLATFORM | Architectural Overview your choice of infrastructure

COMPUTE NETWORK STORAGE

18 OPENSHIFT CONTAINER PLATFORM | Architectural Overview workers run workloads

WORKER WORKER

COMPUTE NETWORK STORAGE

19 OPENSHIFT CONTAINER PLATFORM | Architectural Overview masters are the control plane

MASTER

COMPUTE NETWORK STORAGE

20 OPENSHIFT CONTAINER PLATFORM | Architectural Overview everything runs in pods

IMAGE CONTAINER CONTAINER

POD

10.140.4.44

21 OPENSHIFT CONTAINER PLATFORM | Architectural Overview state of everything

etcd

MASTER

COMPUTE NETWORK STORAGE

22 OPENSHIFT CONTAINER PLATFORM | Architectural Overview core kubernetes components

Kubernetes API server

Kubernetes Scheduler services

etcd

Cluster Management

MASTER

COMPUTE NETWORK STORAGE

23 OPENSHIFT CONTAINER PLATFORM | Architectural Overview core OpenShift components

OpenShift services OpenShift API server

Kubernetes Operator Lifecycle services Management

etcd

Web Console

MASTER

COMPUTE NETWORK STORAGE

24 OPENSHIFT CONTAINER PLATFORM | Architectural Overview internal and support infrastructure services

OpenShift Services

Kubernetes services

etcd

MASTER

COMPUTE NETWORK STORAGE

25 OPENSHIFT CONTAINER PLATFORM | Architectural Overview run on all hosts

OpenShift Services

Infrastructure services

Kubernetes services

etcd

MASTER WORKER WORKER

COMPUTE NETWORK STORAGE

26 OPENSHIFT CONTAINER PLATFORM | Architectural Overview integrated image registry

OpenShift Services

Infrastructure Registry Registry services

Kubernetes services

etcd

MASTER WORKER WORKER

COMPUTE NETWORK STORAGE

27 OPENSHIFT CONTAINER PLATFORM | Architectural Overview cluster monitoring

OpenShift Services

Infrastructure Registry Registry services

Kubernetes services

Prometheus | Grafana Prometheus | Grafana Alertmanager Alertmanager etcd

MASTER WORKER WORKER

COMPUTE NETWORK STORAGE

28 OPENSHIFT CONTAINER PLATFORM | Architectural Overview log aggregation

OpenShift Services Kibana | Elasticsearch Kibana | Elasticsearch

Infrastructure Registry Registry services

Kubernetes services

Prometheus | Grafana Prometheus | Grafana Alertmanager Alertmanager etcd

MASTER WORKER WORKER

COMPUTE NETWORK STORAGE

29 OPENSHIFT CONTAINER PLATFORM | Architectural Overview integrated routing

OpenShift Services Kibana | Elasticsearch Kibana | Elasticsearch

Infrastructure Registry Registry services

Router Router Kubernetes services

Prometheus | Grafana Prometheus | Grafana Alertmanager Alertmanager etcd

MASTER WORKER WORKER

COMPUTE NETWORK STORAGE

30 OPENSHIFT CONTAINER PLATFORM | Architectural Overview dev and ops via web, cli, API, and IDE

OpenShift Services Kibana | Elasticsearch Kibana | Elasticsearch

SCM Registry Registry (GIT) Infrastructure services

Router Router Developers CI/CD Kubernetes services

Admins SDN | DNS | Kubelet SDN | DNS | Kubelet

MASTER WORKER WORKER

COMPUTE NETWORK STORAGE

31 Red Hat Und was ist die Basis? Enterprise Linux CoreOS

32 OPENSHIFT CONTAINER PLATFORM | Architectural Overview

OpenShift Services Kibana | Elasticsearch Kibana | Elasticsearch

SCM Registry Registry (GIT) Infrastructure services

Router Router Developers CI/CD Kubernetes services

Admins SDN | DNS | Kubelet SDN | DNS | Kubelet

MASTER WORKER WORKER

COMPUTE NETWORK STORAGE

33 OPENSHIFT PLATFORM Immutable Operating System

Red Hat Enterprise Linux CoreOS is versioned with RHEL CoreOS admins are responsible for: OpenShift Nothing. CoreOS is tested and shipped in conjunction with the platform. Red Hat runs thousands of tests against these conﬁgurations.

Red Hat Enterprise Linux CoreOS is managed by the cluster The Operating system is operated as part of the cluster, with v4.1.6 the config for components managed by Machine Config Operator: ● CRI-O config ● Kubelet config ● Authorized registries v4.1.6 ● SSH config OpenShift Architecture

A lightweight, OCI-compliant container runtime

Runs any Minimal and Secure Optimized for OCI-compliant image Architecture Kubernetes (including docker)

35 OpenShift Architecture podman

A docker-compatible CLI for containers ● Remote management API via Varlink ● Image/container tagging ● Advanced namespace isolation 36 OpenShift Architecture buildah

Secure & ﬂexible OCI container builds ● Integrated into OCP build pods ● Performance improvements for knative enablement ● Image signing improvements 37 CoreOS “pod” architecture

etcd kube coredns openshift

controller-manager controller-manager

kubelet CRI-O

kube-scheduler kube-apiserver openshift-apiserver openshift-oauth systemd-managed native binaries kubelet static containers scheduled containers OpenShift Das allsehende Auge! Monitoring

39 OPENSHIFT CONTAINER PLATFORM | Architectural Overview

OpenShift Services Kibana | Elasticsearch Kibana | Elasticsearch

SCM Registry Registry (GIT) Infrastructure services

Router Router Developers CI/CD Kubernetes services

Admins SDN | DNS | Kubelet SDN | DNS | Kubelet

MASTER WORKER WORKER

COMPUTE NETWORK STORAGE

40 OPENSHIFT MONITORING | Solution Overview

OpenShift Cluster Monitoring

Metrics collection and storage Alerting/notiﬁcation via Metrics visualization via via Prometheus, an Prometheus’ Alertmanager, an Grafana, the leading metrics open-source monitoring system open-source tool that handles visualization technology. time series database. alerts send by Prometheus.

41 OPENSHIFT MONITORING | Operator & Operand Relationships

Grafana node-exporter

kube-state-metrics openshift-state-metrics (4.2) cluster-monitoring-operator

prometheus-adapter telemeter-client

Prometheus Alertmanager prometheus-operator

42 OPENSHIFT MONITORING | Prometheus, Grafana and Alertmanager Wiring

Grafana Prometheus Alertmanager

Control Plane (API) kube-state-metrics

node-exporter node-exporter

Node (kubelet) Node (kubelet)

Infra/Worker (“hardware”) Worker (“hardware”)

43 OpenShift Ihr sucht, ihr ﬁndet! Logging

44 OPENSHIFT CONTAINER PLATFORM | Architectural Overview

OpenShift Services Kibana | Elasticsearch Kibana | Elasticsearch

SCM Registry Registry (GIT) Infrastructure services

Router Router Developers CI/CD Kubernetes services

Admins SDN | DNS | Kubelet SDN | DNS | Kubelet

MASTER WORKER WORKER

COMPUTE NETWORK STORAGE

45 OPENSHIFT LOGGING | Solution Overview

Observability via log exploration and corroboration with EFK

Components

○ Elasticsearch: a search and analytics engine to store logs ○ Fluentd: gathers logs and sends to Elasticsearch. ○ Kibana: A web UI for Elasticsearch.

Access control

○ Cluster administrators can view all logs ○ Users can only view logs for their projects

Ability to forward logs elsewhere

○ External elasticsearch, Splunk, etc 46 OPENSHIFT LOGGING | Operator & Operand Relationships

ElasticSearch ElasticSearch Operator Cluster

Cluster Logging Kibana Operator

Curator CronJob ...

Fluentd (per node) 47 Curator OPENSHIFT LOGGING | Architecture

Log data ﬂow in OpenShift

Fluentd

TLS Fluentd TLS Node Elasticsearch Kibana Fluentd Node Application Logs Node

48 OPENSHIFT LOGGING | Architecture

Log data ﬂow in OpenShift

stdout stderr

Fluentd TLS Elasticsearch

CRI-O OS DISK journald

kubelet

Node (OS)

49 Persistent Connecting real-world storage to your Storage containers to enable stateful applications

50 OPENSHIFT CONTAINER PLATFORM | Architectural Overview

OpenShift Services Kibana | Elasticsearch Kibana | Elasticsearch

SCM Registry Registry (GIT) Infrastructure services

Router Router Developers CI/CD Kubernetes services

Admins SDN | DNS | Kubelet SDN | DNS | Kubelet

MASTER WORKER WORKER

COMPUTE NETWORK STORAGE

51 OPENSHIFT CONTAINER PLATFORM | Persistent Storage

A broad spectrum of static and dynamic storage endpoints

NFS OpenStack Cinder iSCSI Azure Disk AWS EBS FlexVolume

GCE Persistent VMWare GlusterFS Ceph RBD Fiber Channel Azure File Disk vSphere VMDK

Container Storage NetApp Trident* Interface (CSI)** OPENSHIFT CONTAINER PLATFORM | Persistent Storage

PV Consumption

PV Storage

CONTAINER apiVersion: v1 kind: Pod metadata: name: mypod POD spec: containers: /foo/bar Claim - name: myfrontend Z image: nginx volumeMounts: Kubelet - mountPath: "/var/www/html" name: mypd Node volumes: - name: mypd persistentVolumeClaim: claimName: z OPENSHIFT CONTAINER PLATFORM | Persistent Storage

Static Storage Provisioning

Deﬁne/Map

NFS iSCSI NFS iSCSI PV PV ... PVNFS PViSCSI 2Gi NFS PV PV

Admin PersistentVolumes

CONTAINER Mount

Bind POD

Claim ... Z VolumeMount: Z

Pod Deﬁnition User 2Gi RWX OPENSHIFT CONTAINER PLATFORM | Persistent Storage

Dynamic Storage Provisioning

Mount Fast 2Gi NFS NetApp Flash

NetApp SSD

Block Create VMware VMDK

Admin Map Good Master PV CONTAINER NetApp SSD

StorageClass POD

Bind

Claim Z ... VolumeMount: Z 2Gi RWX User Good Pod Deﬁnition CONFIDENTIAL Designator

Eure Fragen!

56 Nützliches

OpenShift Blog

Lerne OpenShift

Mein YouTube Channel

57 CONFIDENTIAL Designator

Danke! linkedin.com/company/red-hat

youtube.com/user/RedHatVideos

facebook.com/redhatinc

twitter.com/RedHat