This session discusses OpenShift Enterprise (or OpenShift Container Platform). OpenShift Container Platform is Red Hat's on-premise private platform as a service product, built around a core of application containers powered by Docker, with orchestration and management provided by Kubernetes, on a foundation of Red Hat Enterprise Linux.

1. OpenShift Enterprise
a Containerized Application Platform
@LinhDo
AxonVibe Devops
April 16, 2017

2. Agenda
Docker
Kubernetes added-value
OpenShift added-value
Demo
Q & A

3. Container Technology
- Docker

4. Images & Containers
Docker “Image”
Unified Packaging format.
- Like “war" or “tar.gz"
- For any type of
Application
- Portable
Docker “Container”
Runtime
Isolation
Image BImage A
Hardware
Container
APP A
Image
Host Minimal OS
Container
APP B
Image
Container
APP C
Image
Docker Engine
Docker Registry
RHEL
JDK
Jboss-EAP
Libs A Libs B
App A App B
docker pull <image>

5. Evolution
Hardware
Host OS
LIBS A LIBS B LIBS..
APP A APP B
Hardware
Guest OS
LIBS A
APP A
Hypervisor
Guest OS
LIBS B
APP B
Guest OS
LIBS C
APP C
Hardware
Container
LIBS A
APP A
Host Minimal OS
Container
LIBS B
APP B
Container
LIBS C
APP C
Traditional Virtual Containershared system isolation process isolation

6. Linux Kernel
App1 App2 App3
Isolation, not Virtualization
• Kernel Namespaces
• Process
• Network
• IPC
• Mount
• User
• Resource Limits
• Cgroups
• Security
• SELinux

7. Container Orchestration
- Kubernetes

8. We need more than just packing and isolation
• Scheduling : Where should my containers run?
• Lifecycle and health : Keep my containers running despite failures
• Discovery : Where are my containers now?
• Monitoring : What’s happening with my containers?
• Auth{n,z} : Control who can do things to my containers
• Aggregates : Compose sets of containers into jobs
• Scaling : Making jobs bigger or smaller

9. Kubernetes – Container Orchestration at Scale
Greek for “Helmsman”; also the root of the word “Governor” and “cybernetic”
• Container Cluster Manager
- Inspired by the technology that runs Google
• Runs anywhere
- Public cloud
- Private cloud
- Bare metal
• Strong ecosystem
- Partners: Red Hat, VMware, CoreOS..
- Community: clients, integration

10. Kubernetes Cluster
Registry
Master
Node
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
Image
Core Concepts
• Pod
• Labels & Selectors
• ReplicationController
Service
Persistent Volumes
etcd
SkyDNS
Replication
Controller
APIDev/Ops
Visitor
Router
Policies
Logging
ELK

11. Pods
POD Definition:
• Group of Containers
• Related to each other
• Same namespace
• Emphemeral
Examples:
• Wordpress
• MySQL
• Wordpress + MySQL
• ELK
• Nginx+Logstash
• Auth-Proxy+PHP
• App + data-load

12. Kubernetes Cluster
Master
Node
Node
Pod
Node
Pod
Replication Controller
etcd
Replication
Controller
APIDev/Ops
kind: ReplicationController
metadata:
name: nginx
spec:
replicas: 2
selector:
app: nginx
template:
metadata:
name: nginx
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:v2.2
ports:
- containerPort: 80
“nginx”
RC Object
• Pod Scaling
• Pod Monitoring
• Rolling updates
# kubectl create –f nginx-rc.yaml

13. Kubernetes Cluster
MySQL
DB
MySQL
Service
Service Definition:
• Load-Balanced Virtual-IP (layer 4)
• Abstraction layer for your App
• Enables Service Discovery
• DNS
• ENV
Examples:
• frontend
• database
• api
172.16.0.1:3386
PHP
10.1.0.1:3306
10.2.0.1:3306
db.project.cluster.local
Visitor
<?php
mysql_connect(getenv(“db_host”))
mysql_connect(“db:3306”)
?>

14. MySQL
MySQL
Service
PHP
10.1.0.1:3306
10.2.0.1:3306
Master
Node
etcd
SkyDNS
APIDev/Ops
“DB”
Service Object
Kube
Proxy
IPTables
Kube
Proxy
IPTables
3. Register
Service
2. Watch
Changes
Redirect
3. Update
Rule
2. Watch
Changes
- apiVersion: v1
kind: Service
metadata:
labels:
app: MySQL
role: BE
phase: DEV
name: MySQL
spec:
ports:
- name: mysql-data
port: 3386
protocol: TCP
targetPort: 3306
selector:
app: MySQL
role: BE
sessionAffinity: None
type: ClusterIP
1. Create
Object
1. Register
Pod Object

15. Pod
Service
Pod
Pod
Labels & Selectors
- apiVersion: v1
kind: Service
metadata:
labels:
app: MyApp
role: BE
phase: DEV
name: MyApp
spec:
ports:
- name: 80-tcp
port: 80
protocol: TCP
targetPort: 8080
selector:
app: MyApp
role: BE
sessionAffinity: None
type: ClusterIP
Role: FE
Phase: Dev
Role: BE
Phase: DEV
Role: BE
Phase: TST
Role: BEthink SQL ‘select ... where ...’
- apiVersion: v1
kind: Pod
metadata:
labels:
app: MyApp
role: BE
phase: DEV
name: MyApp

16. MySQL
Service
MySQL
Ingress / Router
• Router Definition:
• Layer 7 Load-Balancer /
Reverse Proxy
• SSL/TLS Termination
• Name based Virtual Hosting
• Context Path based Routing
• Customizable (image)
• HA-Proxy
• F5 Big-IP
Examples:
• https://www.mysite.nl/myapp1/
• http://www.mysite.nl/myapp2
172.16.0.1:3386
PHP
10.1.0.1:3306
10.2.0.1:3306
db.project.cluster.local
Visitor
Router https://mysite.nl/service1/apiVersion:
extensions/v1beta1
kind: Ingress
metadata:
name: mysite
spec:
rules:
- host: www.mysite.nl
http:
paths:
- path: /foo
backend:
serviceName: s1
servicePort: 80
- path: /bar
backend:
serviceName: s2
servicePort: 80

17. Kubernetes Cluster
Node
Storage
Pod
Volume
Node
Pod
Pod
Persistent Storage
for Ops:
• Google
• AWS EBS
• OpenStack's Cinder
• Ceph
• GlusterFS
• NFS
• iSCSI
• FibreChannel
• EmptyDir
for Dev:
• “Claim”
kind: PersistentVolume
metadata:
name: pv0003
spec:
capacity:
storage: 8Gi
accessModes:
- ReadWriteOnce
nfs:
path: /tmp
server: 172.17.0.2
kind: PersistentVolumeClaim
metadata:
name: myclaim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 8Gi

18. Persistent Volume Claim
18
Storage
Provider(s)
Ops Dev
Persistent Volume Farm Projects Claim and Mount
Project: ABC
Project: XYZ
10G
SSD
40G
pod
pod
5G
SSD
10G pod
pod

19. • Each Host = 256 IPs
• Each POD = 1 IP
Programmable Infra:
• GCE / GKE
• AWS
• OpenStack
• Nuage
Networking
Overlay Networks:
• Flannel
• Weave
• OpenShift-SDN
• Open vSwitch

20. Kubernetes Cluster
Master
Node
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
Hosting Platform
• Scheduling
• Lifecycle and health
• Discovery
• Monitoring
• Auth{n,z}
• Scaling
etcd
SkyDNS
Replication
Controller
APIDev/Ops
Router
Policies
Registry
Image
Visitor
Logging
ELK

21. OpenShift as a Development Platform
• Project spaces
• Build tools
• Integration with your IDE

22. We need more than just Orchestration !
Self Service
-Templates
- Web Console
Multi-Language
Automation
- Deploy
- Build
DevOps
Collaboration
Secure
- Namespaced
- RBAC
Scalable
- Integrated LB
Open Source
Enterprise
- Authentication
- Web Console
- Central Logging

23. We need more than just Orchestration
Self Service
-Templates
- Web Console
Multi-Language
Automation
- Deploy
- Build
DevOps
Collaboration
Secure
- Namespaced
- RBAC
Scalable
- Integrated LB
Open Source
Enterprise
- Authentication
- Web Console
- Central Logging
OpenShift is Red Hat’s Container Application Platform (PaaS)

24. Kubernetes Embedded
https://master:8443/api = Kubernetes API
/oapi = OpenShift API
/console = OpenShift WebConsole
OpenShift:
• 1 Binary for Master
• 1 Binary for Node
• 1 Binary for Client
• Docker-image
• Vagrant-image
Kubernetes:
• ApiServer, Controller, Scheduler, Etcd
• KubeProxy, Kubelet
• Kubectl

25. Project Namespaces
Project
• Sandboxed Environment
• Network VXLan
• Authorization Policies
• Resource Quotas
• Ops in Control, Dev Freedom
oc new-project Project-Dev
oc policy add-role-to-user admin scientist1
oc new-app
--source=https://gitlab/MyJavaApp
--docker-image=jboss-eap
Project “Prod” Project “Dev” Project
Global Services
OpenShift Platform
APP A
Image
APP C
Image
App
• Images run in Containers
• Grouped together as a Service
• Defined as Template

26. Kubernetes Cluster
Master
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
Kubernetes
Hosting Architecture
etcd
SkyDNS
Replication
Controller
APIDev/Ops
Ingress
Policies
Registry
Image
VisitorLogging
ELK

27. OpenShift Cluster
Master
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
OpenShift
PaaS Architecture
etcd
SkyDNS
Replication
Controller
APIDev/Ops
Router
Deploy
Build
Policies
config
Registry
Image
VisitorLogging
EFK
• Added “Build”
• Added “Deployment”
• s/ELK/EFK/g
• s/Ingress/Router/g
• Added Policies + tools
• Added WebConsole
• OpenShift-SDN isolation
Web
Console

28. OpenShift Cluster
Master
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
OpenShift
Build & Deploy Architecture
etcd
SkyDNS
Replication
Controller
APIDev/Ops
Router
Deploy
Build
Policies
config
kind: "BuildConfig“
metadata:
name: “myApp-build“
spec:
source:
type: "Git“
git:
uri: "git://gitlab/project/hello.git“
dockerfile: “jboss-eap-6“
strategy:
type: "Source“
sourceStrategy:
from:
kind: "Image“
name: “jboss-eap-6:latest“
output:
to:
kind: “Image“
name: “myApp:latest“
triggers:
- type: "GitHub“
github:
secret: "secret101“
- type: "ImageChange“
# oc start-build myApp-build
Registry
Image
VisitorLogging
EFK

29. Code
Deploy
Build
Can configure different
deployment strategies
like A/B, Rolling upgrade,
Automated base updates,
and more.
Can configure triggers for
automated deployments,
builds, and more.
Build & Deploy an Image
Source
2
Image Builder
Image
Developer
SCM
Container Image
Builder Images
• Jboss-EAP
• PHP
• Python
• Ruby
• Jenkins
• Customer
• C++ / Go
• S2I (bash) scripts
Triggers
• Image Change (tagging)
• Code Change (webhook)
• Config Change

30. OpenShift Cluster
Master
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
OpenShift
Build & Deploy Architecture
etcd
SkyDNS
Replication
Controller
APIDev/Ops
Router
Deploy
Build
Policies
kind: “DeploymentConfig“
metadata:
name: “myApp“
spec:
replicas: 2
selector:
app: nginx
template:
metadata:
name: nginx
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
triggers:
- type: "ImageChange“
from:
kind: “Image”
name: “nginx:latest
# oc deploy myApp --latest
Registry
Image
VisitorLogging
EFK

31. Continuous Integration Pipeline example
Source Build Deploy
:test
:test
Deploy
:test-fw
Test Tag
:uat
Deploy
:uat
commit webhook
registry
ImageChange
registry
ImageChange
Approve Tag
:prod
Deploy
:prod
registry
ImageChange
ITIL
container

32. Template
OpenShift
MySQL
Service
MySQL
PHP
RouterapiVersion: v1
kind: Template
metadata:
name: redis-template
annotations:
description: "Description“
iconClass: "icon-redis“
tags: "database,nosql“
objects:
- apiVersion: v1
kind: Pod
…
parameters:
- description: Password
from: '[A-Z0-9]{8}‘
generate: expression
name: REDIS_PASSWORD
labels:
redis: master
apiVersion: v1
kind: List
Items:
- apiVersion: v1
kind: Pod
…
- apiVersion: v1
kind: Service
…
Kubernetes
curl –s https://get.helm.sh | bash
helm update
helm search redis
helm install redis
Deis Helm

33. Demo
https://github.com/thachphongphong/os-demo.git

34. Questions?
docs.openshift.org
www.youtube.com/user/rhopenshift
www.facebook.com/thachphongph
ong
linh.do@axonactive.com