Cette présentation donne une vue d’ensemble et les concepts généraux, permettant d’appréhender OpenShift et de faciliter les premières étales de prises en mains.
On y parle de Pods, de services, de source-to-image, etc.
4. Docker/ Openshift introduction
Principles of container
Coming from Chroot / BSD Jails / Openvz / lxc / solaris ...
A container is a specific way to isolate process within the server.
Containered process are isolated using cgroups.
Containered process use less resources than virtual machine allowing
more containers on a machine. It allows a stronger densification of
servers.
4
Linux Kernel Isolation
5. Docker/ Openshift introduction
What docker brings : Docker image
Docker allows to encapsulate the code and application as an image in order to ease its
diffusion.
The docker image is :
- agnostic to the host
- immutable
- runnable
- execution isolated
Therefore you can easily create an app and deploy it using docker.
The app is build using DockerFile into a docker image, stored via “docker push” into a registry
and shipped on any docker host via “docker pull”
5
Immutable applicative image
6. Docker/ Openshift introduction
Openshift
6
Open Source Based PaaS
OpenShift is a PaaS, it allows to develop, run, and manage applications without the
complexity of building and maintaining the infrastructure typically associated with
developing and launching an app.
Openshift is based on kubernetes, which is a container platform orchestrator.
Its purpose is to build, ship and run containers.
it provides :
- Run
- including standardized images, automated restart, load balancer,
- Ship
- including internal registry, webhooks, image-tag etc…
- Builds
- including inheritance overwriting, etc...
7. Docker/ Openshift introduction
Different ways to store docker images (various registries)
Docker images are stored into a centralized service called a registry
Openshift for technical purpose provides an internal registry
JFrog product Artifactory provides a docker registry.
Sonatype has Nexus 3 that also provides a docker registry
7
Store, share and reuse images
10. Docker/ Openshift introduction
Openshift is a container platform orchestrator : it manages a cluster of containers servers
called nodes.
Openshift is used to instantiate docker images, with the desired settings (environment
variables, volumes, secrets…).
An Openshift Pod is a group of one or more containers, tied together for the purposes of
administration and networking.
Openshift uses pod as its core execution unit.
A pod is the smallest deployable unit that can be created and managed by Openshift.
A pod can instantiate more than one docker image but it is better to have only one docker per
pod.
Nodes and Pods
10
Openshift atomic unit
12. Docker/ Openshift introduction
Routes & services
Openshift provides :
- services to allow pods to be used internally within the cluster.
- routes in order to expose services to the outside world.
12
Internal and External network communication
14. Docker/ Openshift introduction
Build Config
Openshift can build docker images using build configurations.
A build configuration describes a single build definition and a set of triggers for when a new build should be
created.
Various build strategies :
- Source-to-Image build strategy
Source-to-Image (S2I) is a tool for building reproducible, Docker-formatted container images. It produces
ready-to-run images by injecting application source into a container image name base image and
assembling a new image.
The new image incorporates the base image (the builder) and built source and is ready to use with the
docker run command.
- Docker build strategy
The Docker build strategy invokes the docker build command, and it therefore expects a repository with a
Dockerfile and all required artifacts in it to produce a runnable image.
14
Source to image
16. Docker/ Openshift introduction
Deployment Config
Openshift uses Deployment Config in order to describe the manner to instantiate pods on
nodes, accessible through services
It describe (overview):
- the docker images to instantiate
- the storage volumes to use, if needed
- the number of replicas
- the triggers on which react
Openshift will manage pods and nodes state and availability, in order to maintain the fixed
number of pods spread among its nodes.
It will ensure the service delivery even if a pod or a node crash.
Openshift uses a key-value database (etcd) in order to keep track of the whole cluster state
16
Deploy, replicate, scale
18. Docker/ Openshift introduction
A lot of other objects
A container is an instanciate executable
isolated process
A container repository is a library of image.
A Kubernetes Pod (PO) is a group of one or
more containers.
An image stream (IS) is a virtual view of related
images, similar to an image repository.
A service (SVC) is named mapping to pod
A route is an exposition of service
A build configuration (BC) describes a build
definition and a set of triggers for when a new
build should be created.
A DeploymentConfig (DC) instantiate docker
images that will provide services.
Persistent Volume (PV) is a piece of networked
storage in the cluster.
Persistent Volume Claim (PVC) is a reservation of a
Persistent Volume into a namespace / project
18
Image Streams, Storage management, ...
Icones from https://github.com/kanedafromparisfriends/icones_ocp_kube
...
20. Docker/ Openshift introduction
Namespace / project
Openshift provides projects in order to isolate specific groups of
resources managed by the cluster
An Openshift project is equivalent to a kubernetes namespace.
Openshift provides user management and policies at project level.
Openshift also allows a granular security through Security Context
Constraints, Service accounts and Roles within cluster and project.
20
Security, Segregation of resources and roles
25. Docker/ Openshift introduction
A Virtual Machine versus a Container
25
HYPERVISOR
EMULATOR
FULL OS DEPLOY
LACK OF RESOURCES
FULL ISOLATION
NO EMULATION
NO SPECIAL NEEDS
WORKS EVERYWHERE