Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Kubernetes and OpenShift: Same, same, different

Josh Wood
October 30, 2018

Kubernetes and OpenShift: Same, same, different

Red Hat Accelerators and Convergence Communities: June, August, and October 2018

Josh Wood

October 30, 2018
Tweet

More Decks by Josh Wood

Other Decks in Technology

Transcript

  1. Formerly: DocOps, CoreOS Josh Wood Developer Advocate, Kubernetes and OpenShift

    [email protected] • @joshixisjosh9 • github.com/joshix • speakerdeck.com/joshix
  2. K8s bets era: OpenShift v3 & etc. OpenShift Cartridge A

    bit of history... ... ‘14 June 6: K8s commits OpenShift has roots older than Kubernetes This accounts for some of their differences ‘15 July ‘15: K8s v1.0 ‘16
  3. Elements Kubernetes (blue) and OpenShift (red) Abstractions Route Deployment Configuration

    Build Configuration Image Stream Integrated Registry Pod Replication Controller* Service Ingress Persistent Volume Claim Persistent Volume
  4. Kubernetes terms and concepts Distributed systems oriented Kubernetes is a

    container cluster orchestrator. It has a proliferation of words: • Control Plane and Controller - same • Node - same • Pod - yup • Deployment - different, but key concept • Service - “” • Ingress and Ingress Controller- different, but
  5. Kubernetes terms and concepts Control Plane The control plane implements

    loop(s), checking that actual state == desired state • Controller - a control plane member implementing state reconciliation • The default control plane schedules pods onto cluster Nodes
  6. Kubernetes terms and concepts Pod A Pod groups one or

    more containers together to share resources • Pod is the unit of scaling, or replication: kubectl scale depl/name --replicas=3
  7. Kubernetes terms and concepts Deployment A Deployment represents a running

    application • ReplicaSet: group of Pods • Deployment Controller implements the state loop
  8. Kubernetes terms and concepts Service A Service defines a logical

    set of Pods and a manner for accessing them • By default, a Service provides an endpoint on the cluster network (not external access) • Usually a Service chooses Pods based on a label selector (eg, `role=frontend`)
  9. Kubernetes terms and concepts Ingress Ingress is a collection of

    rules about external access to a Service • Load balancing, SSL termination and name-based virtual hosting • Typically HTTP at L7 (but depends on the …) • Ingress Controller required
  10. OpenShift things Application developer oriented OpenShift adds abstractions and tooling

    to make a PaaS-like experience • Application Oriented: The Deployment config • Intelligent security, config defaults: multi-tenant, elaborated on the RBAC core in k8s • Integrated container registry, base for • Build configurations • Image streams: of image tags from the registry - can trigger rebuild of apps atop those base images • Deployment Configuration: ties together application items • Route: Getting external traffic to the App
  11. OpenShift build tools Building and deploying app containers on the

    cluster OpenShift promotes build elements to first-class abstractions on the platform • Integrated container registry • Software catalog • Build configuration • Image stream: Tagged images, source in registry, rollbacks to arbitrary points on that stream, rebuild apps when FROM is updated
  12. OpenShift web console and oc Managing apps on the cluster

    OpenShift promotes some new elements. These tools know about them • Web console built around the Project -> App • Graphical tools for native k8s things like volume claims, etc • oc: CLI tool • odo: CLI tool for developers
  13. Elements Kubernetes (blue) and OpenShift (red) Abstractions Route Deployment Configuration

    Build Configuration Image Stream Integrated Registry Pod Replication Controller* Service Ingress Persistent Volume Claim Persistent Volume
  14. OpenShift Project Namespace ready for work Projects draw on the

    Kubernetes namespace, which isolates resources and access • Intelligent RBAC defaults and user role • Project defines and seals an “application” • … in a way flexible enough for various architectures • Projects enable multi-tenant use of an OpenShift cluster with access privileges determined by the identity of the user or the team they belong to
  15. OpenShift Deployment Config Developer application handle Deployment Configs bundle application

    resources from multiple K8s and OpenShift components • A deployment config: • Contains one or more application Pods (and thus their containers) • … again, in a way flexible enough for various architectures • Lists services related by selectors • Built on the kubernetes Replication Controller (rather than ReplicaSet) • Knows how to build my app! • Tracks build config, build output (including pipelines), other development keys
  16. OpenShift Route Real world external traffic The OpenShift Route(r) •

    Routes predate Ingress resource/controllers • And remain considerably easier to think about and use • OpenShift admins define Routers -- effectively, edge routing between the cluster SDN and the real world where your customers live • HAProxy: L7 is in the box • Easy TLS, edge or pass through
  17. OpenShift and Kubernetes Where to get them and how OpenShift

    • https://learn.openshift.com • OpenShift Online Starter • OpenShift Online Pro, Dedicated (our VMs, managed) • OpenShift is Software: • OpenShift Container Platform (on prem/your VMs) • OKD (formerly OpenShift Origin) • Minishift: local dev on your laptop
  18. OpenShift and Kubernetes Conclusions OpenShift makes it easier for devs

    to get distributed system benefits • Deployment choices reduced: SDN, Ingress controller and LB costs • But what about Layer 4? • What about site specific SDN concerns? • Kubernetes flexibility: • Define alternative implementations • OpenShift Routers: can be replaced, or • Kubernetes Ingress
  19. Formerly: DocOps, CoreOS Josh Wood Developer Advocate, Kubernetes and OpenShift

    [email protected] • @joshixisjosh9 • github.com/joshix • speakerdeck.com/joshix