Cette présentation donne une vue d’ensemble et les concepts généraux, permettant d’appréhender OpenShift et de faciliter les premières étales de prises en mains. On y parle de Pods, de services, de source-to-image, etc.

1. Docker/ Openshift introduction
1
Introducing Docker and Openshift
oc start-build bc/MeetupOpenShiftParis
build "MeetupOpenShiftParis-20180320" started

2. Charles Sabourdin
Formation du 0809/02/2018 - 09/02/2018 - Dassault System
Salle
Formateur : Charles Sabourdin
Javaiste
Linuxien
Devoxx France
ParisJUG
OpenSource
Architect Dev/
Ops
@kanedafromparis
https://github.com/kanedafromparis/
https://github.com/kanedafromparisfriends

3. Docker/ Openshift introduction
Agenda
● Containers and docker
● OpenShift overview
● Demo
3

4. Docker/ Openshift introduction
Principles of container
Coming from Chroot / BSD Jails / Openvz / lxc / solaris ...
A container is a specific way to isolate process within the server.
Containered process are isolated using cgroups.
Containered process use less resources than virtual machine allowing
more containers on a machine. It allows a stronger densification of
servers.
4
Linux Kernel Isolation

5. Docker/ Openshift introduction
What docker brings : Docker image
Docker allows to encapsulate the code and application as an image in order to ease its
diffusion.
The docker image is :
- agnostic to the host
- immutable
- runnable
- execution isolated
Therefore you can easily create an app and deploy it using docker.
The app is build using DockerFile into a docker image, stored via “docker push” into a registry
and shipped on any docker host via “docker pull”
5
Immutable applicative image

6. Docker/ Openshift introduction
Openshift
6
Open Source Based PaaS
OpenShift is a PaaS, it allows to develop, run, and manage applications without the
complexity of building and maintaining the infrastructure typically associated with
developing and launching an app.
Openshift is based on kubernetes, which is a container platform orchestrator.
Its purpose is to build, ship and run containers.
it provides :
- Run
- including standardized images, automated restart, load balancer,
- Ship
- including internal registry, webhooks, image-tag etc…
- Builds
- including inheritance overwriting, etc...

7. Docker/ Openshift introduction
Different ways to store docker images (various registries)
Docker images are stored into a centralized service called a registry
Openshift for technical purpose provides an internal registry
JFrog product Artifactory provides a docker registry.
Sonatype has Nexus 3 that also provides a docker registry
7
Store, share and reuse images

8. Docker/ Openshift introduction
How it works
8

9. Docker/ Openshift introduction
View : Docker and registry
9
Diagram representation
Docker container
Docker registry
pullpush

10. Docker/ Openshift introduction
Openshift is a container platform orchestrator : it manages a cluster of containers servers
called nodes.
Openshift is used to instantiate docker images, with the desired settings (environment
variables, volumes, secrets…).
An Openshift Pod is a group of one or more containers, tied together for the purposes of
administration and networking.
Openshift uses pod as its core execution unit.
A pod is the smallest deployable unit that can be created and managed by Openshift.
A pod can instantiate more than one docker image but it is better to have only one docker per
pod.
Nodes and Pods
10
Openshift atomic unit

11. Docker/ Openshift introduction
Cluster View : Master, Nodes and PODs
11
Diagram representation
Master
Nodes
Pods

12. Docker/ Openshift introduction
Routes & services
Openshift provides :
- services to allow pods to be used internally within the cluster.
- routes in order to expose services to the outside world.
12
Internal and External network communication

13. Docker/ Openshift introduction
View : Routes & services
13
Diagram representation
services
routes

14. Docker/ Openshift introduction
Build Config
Openshift can build docker images using build configurations.
A build configuration describes a single build definition and a set of triggers for when a new build should be
created.
Various build strategies :
- Source-to-Image build strategy
Source-to-Image (S2I) is a tool for building reproducible, Docker-formatted container images. It produces
ready-to-run images by injecting application source into a container image name base image and
assembling a new image.
The new image incorporates the base image (the builder) and built source and is ready to use with the
docker run command.
- Docker build strategy
The Docker build strategy invokes the docker build command, and it therefore expects a repository with a
Dockerfile and all required artifacts in it to produce a runnable image.
14
Source to image

15. Docker/ Openshift introduction
Build Config : View
15
Build Config
git repository
Base images
application images

16. Docker/ Openshift introduction
Deployment Config
Openshift uses Deployment Config in order to describe the manner to instantiate pods on
nodes, accessible through services
It describe (overview):
- the docker images to instantiate
- the storage volumes to use, if needed
- the number of replicas
- the triggers on which react
Openshift will manage pods and nodes state and availability, in order to maintain the fixed
number of pods spread among its nodes.
It will ensure the service delivery even if a pod or a node crash.
Openshift uses a key-value database (etcd) in order to keep track of the whole cluster state
16
Deploy, replicate, scale

17. Docker/ Openshift introduction
Deployment Config : View
17
Diagram representation
Deployment Config

18. Docker/ Openshift introduction
A lot of other objects
A container is an instanciate executable
isolated process
A container repository is a library of image.
A Kubernetes Pod (PO) is a group of one or
more containers.
An image stream (IS) is a virtual view of related
images, similar to an image repository.
A service (SVC) is named mapping to pod
A route is an exposition of service
A build configuration (BC) describes a build
definition and a set of triggers for when a new
build should be created.
A DeploymentConfig (DC) instantiate docker
images that will provide services.
Persistent Volume (PV) is a piece of networked
storage in the cluster.
Persistent Volume Claim (PVC) is a reservation of a
Persistent Volume into a namespace / project
18
Image Streams, Storage management, ...
Icones from https://github.com/kanedafromparisfriends/icones_ocp_kube
...

19. Docker/ Openshift introduction
BuildConfig (BC)
-- Pipelines
-- Source to Image (S2i)
-- ImageStream (IS)
-- -- DeploymentConfig (DC)
-- -- -- Routes
Objects ownership
19
OpenShift and Kubernetes objects
Namespace (NS)
Deployment (Deploy)
ReplicationController (RC)
PersistentVolume (PV)
-- PersistentVolumeClaim
Service (SVC)
-- Pods (PO)
-- daemonsets
-- StatefulSets
-- Jobs
-- -- scheduledjobs
Openshift Kubernetes

20. Docker/ Openshift introduction
Namespace / project
Openshift provides projects in order to isolate specific groups of
resources managed by the cluster
An Openshift project is equivalent to a kubernetes namespace.
Openshift provides user management and policies at project level.
Openshift also allows a granular security through Security Context
Constraints, Service accounts and Roles within cluster and project.
20
Security, Segregation of resources and roles

21. Docker/ Openshift introduction
Projects and Namespaces
21
Diagram representation

22. Docker/ Openshift introduction
Demo
22

23. Docker/ Openshift introduction
oc start-build bc/MeetupOpenShiftParis
build "MeetupOpenShiftParis-20180320" started
23

24. Docker/ Openshift introduction
Projects and Namespaces
24
Diagram representation : proposed cluster with Application Lifecycle Management

25. Docker/ Openshift introduction
A Virtual Machine versus a Container
25
HYPERVISOR
EMULATOR
FULL OS DEPLOY
LACK OF RESOURCES
FULL ISOLATION
NO EMULATION
NO SPECIAL NEEDS
WORKS EVERYWHERE