Managing Kubernetes and OpenShift with ManageIQ Alissa Bonas, Dublin 2015 The stages of containers world Containerizing an app Alissa Bonas @ Cloud Open Dublin 2015 Run a container Alissa Bonas @ Cloud Open Dublin 2015 Run multiple containers Alissa Bonas @ Cloud Open Dublin 2015 Run multiple containers ● Orchestrate containers ● Run many containers on multiple hosts ● Manage a containers based environment Alissa Bonas @ Cloud Open Dublin 2015 Today we’ll focus on Kubernetes OpenShift ManageIQ Alissa Bonas @ Cloud Open Dublin 2015 Kubernetes ● Deployment, scaling and orchestration of containers across clusters of hosts. Developed ● 1.0 release - July 2015 in Go Alissa Bonas @ Cloud Open Dublin 2015 Kubernetes concepts ● Node - a machine that containers run on ● Pod - a group of containers ● Replication controller - ensures there are always X replicas of pods Alissa Bonas @ Cloud Open Dublin 2015 Kubernetes concepts ● Service - a base load balancer that provides traffic to pods ● Namespace - partitioning resources created by users into logical groups Alissa Bonas @ Cloud Open Dublin 2015 OpenShift ● Platform as a service for building and running applications - for developers Developed ● Built on top of Kubernetes in Go ● 3.0 release - June 2015 Alissa Bonas @ Cloud Open Dublin 2015 OpenShift concepts ● Provides additional capabilities ○ application lifecycle ○ routing - extends service ○ projects - extension of namespaces Build Deploy Run Alissa Bonas @ Cloud Open Dublin 2015 Insight and control ● How many containers exist in my environment? ● Does a specific node have enough resources? ● How many distinct images are used? ● Which registries are used? Alissa Bonas @ Cloud Open Dublin 2015 ManageIQ ● A cloud management platform ○ supports multiple virtualization providers a Ruby on Rails ● Insight and control project ○ inventory overview and events ○ smart state analysis ○ workflow/orchestration Alissa Bonas @ Cloud Open Dublin 2015 New in upstream ManageIQ ● Providers for container management ● Supported providers ○ Kubernetes ○ OpenShift Alissa Bonas @ Cloud Open Dublin 2015 Container management providers Alissa Bonas @ Cloud Open Dublin 2015 Working together Kubernetes / Openshift Node A ManageIQ REST Master Node B Alissa Bonas @ Cloud Open Dublin 2015 Inventory ● Entities ● Relationships ● Additional information Alissa Bonas @ Cloud Open Dublin 2015 Creating more insights ● Modelling additional entities as first class citizens ● Deducing relationships Alissa Bonas @ Cloud Open Dublin 2015 Kubernetes provider summary Alissa Bonas @ Cloud Open Dublin 2015 Kubernetes provider relationships Alissa Bonas @ Cloud Open Dublin 2015 OpenShift provider summary OpenShift provider relationships Alissa Bonas @ Cloud Open Dublin 2015 Nodes ● OS and Software versions ● How many entities are on a node ● Capacity and utilization ● Which infrastructure is it running on Alissa Bonas @ Cloud Open Dublin 2015 Node summary page Alissa Bonas @ Cloud Open Dublin 2015 What do we know about nodes? Capacity Docker and Kubernetes info OS info Alissa Bonas @ Cloud Open Dublin 2015 What do we know about nodes? Alissa Bonas @ Cloud Open Dublin 2015 Cross providers insight ● Connect all layers of infrastructure, cloud and containers ● Currently supports cross linking with ○ OpenStack ○ oVirt / RHEV ○ VMware vCenter Alissa Bonas @ Cloud Open Dublin 2015 Cross linking demystified Nodes Pods Containers Virtual Hosts Machines Alissa Bonas @ Cloud Open Dublin 2015 Cross linking zoom out Routes Services Images Nodes Pods Containers Storage Virtual Hosts Machines Network Alissa Bonas @ Cloud Open Dublin 2015 Cross provider example - Node Alissa Bonas @ Cloud Open Dublin 2015 Cross provider - VM side Alissa Bonas @ Cloud Open Dublin 2015 Nodes capacity and utilization Alissa Bonas @ Cloud Open Dublin 2015 Alissa Bonas @ Cloud Open Dublin 2015 Resource quotas and limit ranges ● Limit the number of pods, containers, etc. ○ tracked per a project/namespace scope ● Limit CPU and memory ○ tracked per pod, container Alissa Bonas @ Cloud Open Dublin 2015 Container ● Traceability - node, container id, image Alissa Bonas @ Cloud Open Dublin 2015 Image from a known registry Alissa Bonas @ Cloud Open Dublin 2015 Image from an unknown source Alissa Bonas @ Cloud Open Dublin 2015 Registries Pods ● Which containers are part of it ● Which services work with it ● Which node does it run on ● Is it controlled by a replicator? Alissa Bonas @ Cloud Open Dublin 2015 Pod Alissa Bonas @ Cloud Open Dublin 2015 Replicators Searches for pods with this label Alissa Bonas @ Cloud Open Dublin 2015 Services ● A portal IP and source/target port pairs ● Redirects traffic to relevant pods based on a labels selector Alissa Bonas @ Cloud Open Dublin 2015 Service example Alissa Bonas @ Cloud Open Dublin 2015 OpenShift Routes ● Exposes a service by giving it an externally reachable hostname ● Can be fine tuned by /path ● Can be also secured Alissa Bonas @ Cloud Open Dublin 2015 Events / Timeline ● Node ○ ready / not ready / rebooted ● Pod ○ scheduled ● More to come... Alissa Bonas @ Cloud Open Dublin 2015 Tagging ● Leveraging ManageIQ tags Alissa Bonas @ Cloud Open Dublin 2015 Topology view ● “A picture is worth a thousand words” ● Includes cross provider relationships ● Status color indication Alissa Bonas @ Cloud Open Dublin 2015 Topology live demo Alissa Bonas @ Cloud Open Dublin 2015 A glimpse into the future Dashboard - providers overview Dashboard - a single provider view Dashboard of a project Alissa Bonas @ Cloud Open Dublin 2015 Smart State Analysis ● Inspect the packages included in an image ● Combined with vulnerabilities db, generate alerts for important security issues on running containers Alissa Bonas @ Cloud Open Dublin 2015 Analysis of an image Alissa Bonas @ Cloud Open Dublin 2015 An image after analysis ManageIQ community ● http://talk.manageiq.org ● https://github.com/ManageIQ/manageiq ○ Follow label #providers/containers ● #manageiq IRC on freenode Alissa Bonas @ Cloud Open Dublin 2015 Projects info ● http://www.openshift.org/ ● http://kubernetes.io/ ● http://manageiq.org/ Alissa Bonas @ Cloud Open Dublin 2015 Icons Credits ● The Go gopher - Renee French ● Diamond by MarkieAnn Packer, the Noun Project ● Rails by Luis Martins, the Noun Project ● Light Bulb by artworkbean, the Noun Project ● Sherlock by James Keuning, the Noun Project ● Twitter by Lubos Volkov, the Noun Project ● Link by Vitor Fernandes, the Noun Project Thank you! @mikeyteva.