Was ist das eigentlich? Und was kann es? Sebastian Dehn Solution Architect Partner Enablement [email protected] Wer bin ich? Worüber reden wir heute? Die Idee hinter OpenShift Wieso, weshalb warum…? Lasst uns über Technik reden! Das wichtigste in Kürze Proof it! Ein kurzer Einblick in die reale OpenShift Welt Q&A Ich beantworte eure Fragen. Habt ihr welche? 3 Wer kennt es nicht? Parts Unlimited Bill - VP IT Steve - CEO Chris - VP AppDev Der Fokus Steve - die Kosten minimieren/Ressourcen effizient nutzen Bill - Modernisierung Infrastruktur & Standardisierung der IT Prozesse Chris - Modern AppDev & Innovative Technologien A consistent container application platform From your data center, to the cloud, to the edge Automated Secure by Network Over-the-air Monitoring Pluggable Multi-tenant operations default traffic control updates & chargeback architecture Bare metal, VMware vSphere, Red Hat Virtualization, Red Hat OpenStack Platform, Amazon Web Services, Microsoft Azure, Google, IBM Cloud CONFIDENTIAL Designator Zeit für Praxis! 8 CONFIDENTIAL Designator Die Technik Was sich unter der Haube versteckt 9 Empowering Zeit für Innovationen! developers to innovate 10 OpenShift enables developer productivity BUILD TEST DEPLOY Self-service Consistent Automated CI/CD Configuration App logs & provisioning environments build & deploy pipelines management metrics CODE REVIEW MONITOR SPRING & JAVA™ EE MICROSERVICES FUNCTIONS LANGUAGES DATABASES APPLICATION SERVICES LINUX WINDOWS* * coming soon BUILD AND DEPLOY CONTAINER IMAGES DEPLOY YOUR DEPLOY YOUR DEPLOY YOUR SOURCE CODE APP BINARY CONTAINER IMAGE DEPLOY SOURCE CODE WITH SOURCE-TO-IMAGE (S2I) Git code BUILD APP Repository (OpenShift) Developer Source-to-Image BUILD IMAGE (S2I) (OpenShift) Builder Image Image Registry Application deploy DEPLOY Container (OpenShift) User/Tool Does OpenShift Does DEPLOY APP BINARY WITH SOURCE-TO-IMAGE (S2I) Application build Binary BUILD APP (e.g. WAR) (Build Infra) Existing Build Process Source-to-Image BUILD IMAGE (S2I) (OpenShift) Builder Image Image Registry Application deploy DEPLOY Container (OpenShift) User/Tool Does OpenShift Does DEPLOY DOCKER IMAGE build Application Image BUILD IMAGE (Build Infra) Existing Image Build Process Image PUSH Registry (Build Infra) Application deploy DEPLOY Container (Openshift) User/Tool Does OpenShift Does Build and Deploy Process 4 4 Dockerfile 1 Push 2 App Image Registry Source BuildConfig Pull Builder 3 Pod 3 Base Registry Jenkinsfile Image 6 6 Pull 5 App Image DeploymentConfig/ Deployer Deployment Pod 7 16 Node OpenShift 4 Und so sieht die Architektur der Plattform Architecture aus! 17 OPENSHIFT CONTAINER PLATFORM | Architectural Overview your choice of infrastructure COMPUTE NETWORK STORAGE 18 OPENSHIFT CONTAINER PLATFORM | Architectural Overview workers run workloads WORKER WORKER COMPUTE NETWORK STORAGE 19 OPENSHIFT CONTAINER PLATFORM | Architectural Overview masters are the control plane MASTER COMPUTE NETWORK STORAGE 20 OPENSHIFT CONTAINER PLATFORM | Architectural Overview everything runs in pods IMAGE CONTAINER CONTAINER POD 10.140.4.44 21 OPENSHIFT CONTAINER PLATFORM | Architectural Overview state of everything etcd MASTER COMPUTE NETWORK STORAGE 22 OPENSHIFT CONTAINER PLATFORM | Architectural Overview core kubernetes components Kubernetes API server Kubernetes Scheduler services etcd Cluster Management MASTER COMPUTE NETWORK STORAGE 23 OPENSHIFT CONTAINER PLATFORM | Architectural Overview core OpenShift components OpenShift services OpenShift API server Kubernetes Operator Lifecycle services Management etcd Web Console MASTER COMPUTE NETWORK STORAGE 24 OPENSHIFT CONTAINER PLATFORM | Architectural Overview internal and support infrastructure services OpenShift Services Infrastructure Monitoring | Logging | Tuned | SDN | DNS | Kubelet services Kubernetes services etcd MASTER COMPUTE NETWORK STORAGE 25 OPENSHIFT CONTAINER PLATFORM | Architectural Overview run on all hosts OpenShift Services Infrastructure services Kubernetes services etcd Monitoring | Logging | Tuned Monitoring | Logging | Tuned SDN | DNS | Kubelet SDN | DNS | Kubelet MASTER WORKER WORKER COMPUTE NETWORK STORAGE 26 OPENSHIFT CONTAINER PLATFORM | Architectural Overview integrated image registry OpenShift Services Infrastructure Registry Registry services Kubernetes services etcd Monitoring | Logging | Tuned Monitoring | Logging | Tuned SDN | DNS | Kubelet SDN | DNS | Kubelet MASTER WORKER WORKER COMPUTE NETWORK STORAGE 27 OPENSHIFT CONTAINER PLATFORM | Architectural Overview cluster monitoring OpenShift Services Infrastructure Registry Registry services Kubernetes services Prometheus | Grafana Prometheus | Grafana Alertmanager Alertmanager etcd Monitoring | Logging | Tuned Monitoring | Logging | Tuned SDN | DNS | Kubelet SDN | DNS | Kubelet MASTER WORKER WORKER COMPUTE NETWORK STORAGE 28 OPENSHIFT CONTAINER PLATFORM | Architectural Overview log aggregation OpenShift Services Kibana | Elasticsearch Kibana | Elasticsearch Infrastructure Registry Registry services Kubernetes services Prometheus | Grafana Prometheus | Grafana Alertmanager Alertmanager etcd Monitoring | Logging | Tuned Monitoring | Logging | Tuned SDN | DNS | Kubelet SDN | DNS | Kubelet MASTER WORKER WORKER COMPUTE NETWORK STORAGE 29 OPENSHIFT CONTAINER PLATFORM | Architectural Overview integrated routing OpenShift Services Kibana | Elasticsearch Kibana | Elasticsearch Infrastructure Registry Registry services Router Router Kubernetes services Prometheus | Grafana Prometheus | Grafana Alertmanager Alertmanager etcd Monitoring | Logging | Tuned Monitoring | Logging | Tuned SDN | DNS | Kubelet SDN | DNS | Kubelet MASTER WORKER WORKER COMPUTE NETWORK STORAGE 30 OPENSHIFT CONTAINER PLATFORM | Architectural Overview dev and ops via web, cli, API, and IDE OpenShift Services Kibana | Elasticsearch Kibana | Elasticsearch SCM Registry Registry (GIT) Infrastructure services Router Router Developers CI/CD Kubernetes services Prometheus | Grafana Prometheus | Grafana Alertmanager Alertmanager EXISTING etcd AUTOMATION TOOLSETS Monitoring | Logging | Tuned Monitoring | Logging | Tuned Admins SDN | DNS | Kubelet SDN | DNS | Kubelet MASTER WORKER WORKER COMPUTE NETWORK STORAGE 31 Red Hat Und was ist die Basis? Enterprise Linux CoreOS 32 OPENSHIFT CONTAINER PLATFORM | Architectural Overview OpenShift Services Kibana | Elasticsearch Kibana | Elasticsearch SCM Registry Registry (GIT) Infrastructure services Router Router Developers CI/CD Kubernetes services Prometheus | Grafana Prometheus | Grafana Alertmanager Alertmanager EXISTING etcd AUTOMATION TOOLSETS Monitoring | Logging | Tuned Monitoring | Logging | Tuned Admins SDN | DNS | Kubelet SDN | DNS | Kubelet MASTER WORKER WORKER COMPUTE NETWORK STORAGE 33 OPENSHIFT PLATFORM Immutable Operating System Red Hat Enterprise Linux CoreOS is versioned with RHEL CoreOS admins are responsible for: OpenShift Nothing. CoreOS is tested and shipped in conjunction with the platform. Red Hat runs thousands of tests against these configurations. Red Hat Enterprise Linux CoreOS is managed by the cluster The Operating system is operated as part of the cluster, with v4.1.6 the config for components managed by Machine Config Operator: ● CRI-O config ● Kubelet config ● Authorized registries v4.1.6 ● SSH config OpenShift Architecture A lightweight, OCI-compliant container runtime Runs any Minimal and Secure Optimized for OCI-compliant image Architecture Kubernetes (including docker) 35 OpenShift Architecture podman A docker-compatible CLI for containers ● Remote management API via Varlink ● Image/container tagging ● Advanced namespace isolation 36 OpenShift Architecture buildah Secure & flexible OCI container builds ● Integrated into OCP build pods ● Performance improvements for knative enablement ● Image signing improvements 37 CoreOS “pod” architecture etcd kube coredns openshift controller-manager controller-manager kubelet CRI-O kube-scheduler kube-apiserver openshift-apiserver openshift-oauth systemd-managed native binaries kubelet static containers scheduled containers OpenShift Das allsehende Auge! Monitoring 39 OPENSHIFT CONTAINER PLATFORM | Architectural Overview OpenShift Services Kibana | Elasticsearch Kibana | Elasticsearch SCM Registry Registry (GIT) Infrastructure services Router Router Developers CI/CD Kubernetes services Prometheus | Grafana Prometheus | Grafana Alertmanager Alertmanager EXISTING etcd AUTOMATION TOOLSETS Monitoring | Logging | Tuned Monitoring | Logging | Tuned Admins SDN | DNS | Kubelet SDN | DNS | Kubelet MASTER WORKER WORKER COMPUTE NETWORK STORAGE 40 OPENSHIFT MONITORING | Solution Overview OpenShift Cluster Monitoring Metrics collection and storage Alerting/notification via Metrics visualization via via Prometheus, an Prometheus’ Alertmanager, an Grafana, the leading metrics open-source monitoring system open-source tool that handles visualization technology. time series database. alerts send by Prometheus. 41 OPENSHIFT MONITORING | Operator & Operand Relationships Grafana node-exporter kube-state-metrics openshift-state-metrics (4.2) cluster-monitoring-operator prometheus-adapter telemeter-client Prometheus Alertmanager prometheus-operator 42 OPENSHIFT MONITORING | Prometheus, Grafana and Alertmanager Wiring Grafana Prometheus Alertmanager Control Plane (API) kube-state-metrics node-exporter node-exporter Node (kubelet) Node (kubelet) Infra/Worker (“hardware”) Worker (“hardware”) 43 OpenShift Ihr sucht, ihr findet! Logging 44 OPENSHIFT CONTAINER PLATFORM | Architectural Overview OpenShift Services Kibana | Elasticsearch Kibana | Elasticsearch