From Kubernetes to Openshift - Wael El Doamiry

Transcript

1. • Cloud Native Stack, Functional Overview • Open Hybrid Cloud

   • Red Hat Openshift container platform • Demo لﺎﻣﻋﻷا لودﺟ • ﺔﻣﺎﻋ ﺔﯾﻔﯾظو ةرظﻧ ،ﺔﻠﻣﺎﻛﺗﻣﻟا ﺔﯾﺑﺎﺣﺳﻟا ﺔﺑﺳوﺣﻟا لوﻠﺣ • ردﺻﻣﻟا ﺔﺣوﺗﻔﻣ تﺎﯾﺟﻣرﺑ مادﺧﺗﺳﺎﺑ ﺔﻧﯾﺟﮭﻟا ﺔﯾﺑﺎﺣﺳﻟا ﺔﺑﺳوﺣﻟا • تﺎھ دﯾر نﻣ - تﻔﯾﺷ نﺑوا - تﺎﯾوﺎﺣﻟا لﻣﻋ ﺔﺻﻧﻣ • ﻲﻣﯾدﻘﺗ ضرﻋ 1 ﺎﻌﯾﻣﺟ مﻛﺑ ﺎﺑﺣرﻣ https://www.redhat.com/cms/managed-files/cl-openshift-and-kubernetes-ebook-f25170wg-202010-en.pdf?sc_cid=7013a000002glBQAAY

2. FULL PICTURE | TRADITIONAL يدﯾﻠﻘﺗﻟا بوﻠﺳﻷا | ﺔﻠﻣﺎﻛﻟا ةروﺻﻟا 2

   Infrastructure DEVELOPERS source repository CI/CD engine dev Binaries DEV SIT UAT PRD Pipeline Pipeline Networking Storage Servers Virtualization O/S PHYSICAL VIRTUAL CLOUD APP OPS Runtime Middleware Configuration Applications • Raise Service Request • Infrastructure provisioning (Server HW, VM) • Setting up OS • Setting up technology stack • Configuration Management • Release Management • Development, Build, Test • Application deployment • Monitoring and Day2 Ops ﺔﯾﺗﺣﺗﻟا ﺔﯾﻧﺑﻟا نوروطﻣﻟا تﺎﻘﯾﺑطﺗﻟا ةرادإ تﺎﺑﻠطﻟا ﻊﻓر ﺔﯾﺗﺣﺗﻟا ﺔﯾﻧﺑﻟا دادﻋإ لﯾﻐﺷﺗﻟا مﺎظﻧ دادﻋإ ﺔﻣدﺧﺗﺳﻣﻟا ﺎﯾﺟوﻟوﻧﻛﺗﻟا دادﻋإ لﯾﻐﺷﺗﻟا طﺎﻣﻧأ و ﺔﺋﯾﮭﺗﻟا ةرادإ تارادﺻﻹا ةرادإ رﺎﺑﺗﺧﻹا ،ءﺎﻧﺑﻟا ،رﯾوطﺗﻟا تﺎﻘﯾﺑطﺗﻟا بﯾﺻﻧﺗ ﺔﻣﺋادﻟا ﺔظﺣﻼﻣﻟاو ﺔﻌﺑﺎﺗﻣﻟا

3. 3 Capacity Planning App Team Request VM[s] Having Capacity Request

   HW Provision VM[s] Server, Network, Storage No Yes Manage Receive VM[s] Receive VM[s] Setting up App Services Setting up App Services Deployment Development OS, Runtimes, MW, Configuration Mgt, Monitoring, Loggin Patches, Updates, Upgrades, Scalability, Monitoring, Loggin Scalability Day2 Ops Code, Build, Test Deployment PROCESS VIEW | TRADITIONAL يدﯾﻠﻘﺗﻟا بوﻠﺳﻷا | تاءارﺟﻹاو ﺔﯾﻠﻣﻌﻟا رﯾﺳ

4. 4 Infrastructure DEVELOPERS physical virtual private cloud public cloud Networking

   Storage Servers Container DevOps Cloud Experience Service Catalog Self-Service Multicloud Support Infrastructure Services * Automation Multi Tenancy Quota Management Microservice APP OPS Runtime Middleware Configuration Applications Immutable OS Security & Scalability Collaboration & RBAC Application Services Runtimes and Frameworks ** Lifecycle Management DevOps Cloud development Developer Tools * Installation, Logging, Metrics, Metering, Networking, Storage, Capacity management ** Provision, Build, Test, Configuration Management, Deploy, Maintain, Release Management, Decommission FULL PICTURE | MODERN (CLOUD) يرﺻﻌﻟا بوﻠﺳﻷا | ﺔﻠﻣﺎﻛﻟا ةروﺻﻟا

5. 5 Platform Admin Service Manager Monitoring Service Consumer Request Resources

   Allocate Resources Cloud Platform Capacity Management Autoscaling, Node management, Pod Placement, Quota, Resource limit Scalability Receive Resources Request new Service Enable Service in Service Catalog Receive Service Provision Services Development CICD Pipelines Provision, Code, Build, Test, Configuration, Deploy, Promote Metrics Logging Alerts Metering Observability Traceability Day 2 Ops Automated Patching/Upgrades - Platform - Workload Metering Scalability Security User management Chaos engineering Backup/Restore …. .... .. . parallel Continuous PROCESS VIEW | MODERN (CLOUD) يرﺻﻌﻟا بوﻠﺳﻷا | تاءارﺟﻹاو ﺔﯾﻠﻣﻌﻟا رﯾﺳ Image Registry

6. Cloud Native Stack | Functional Overview ﺔﻣﺎﻋ ﺔﯾﻔﯾظو ةرظﻧ |

   ﺔﻠﻣﺎﻛﺗﻣﻟا ﺔﯾﺑﺎﺣﺳﻟا ﺔﺑﺳوﺣﻟا لوﻠﺣ Container Optimized/Immutable OS STORAGE NETWORK COMPUTE Container Runtime Container Orchestration Container Native Network Container Native Storage Registry Logging Metrics Observability Metering Service Mesh Serverless (FaaS) Traceability Lifecycle Management Release Management Configuration Management Developer Experience Application Services Management Automation CSI CNI 1 core component, 3 specs, and 16 unknown لوﮭﺟﻣ رﺷﻋ ﺔﺗﺳ ،ﺔﯾﺳﺎﯾﻗ تﺎﻔﺻاوﻣ ثﻼﺛ ،دﺣاو ﻲﺳﯾﺋر نوﻛﻣ

7. CNCF Cloud Native Landscape ﺔﯾﺑﺎﺣﺳﻟا ﺔﺑﺳوﺣﻟا ﺔﻣظﻧأو تﺎﻘﯾﺑطﺗ | فا

   ﻲﺳ نا ﻲﺳ

8. Open hybrid cloud و ﺔﺛﯾدﺣ تﺎﺋﯾﺑ ﻲﻓ ﺎﮭﻠﯾﻐﺷﺗ و رﯾوطﺗﻠﻟ

   ﺔﻠﺑﺎﻗ تﺎﻘﯾﺑطﺗ ءﺎﺷﻧإ نﻣ تﺎﺳﺳؤﻣﻟا ردﺻﻣﻟا ﺔﯾﺑﺎﺣﺳ تﺎﯾﻧﻘﺗﻟا نّﻛﻣﺗ تﺎﻣدﺧﻟا و ،ﺔﻣدﺧﻟا تﺎﻛﺑﺷ و ،تﺎﯾوﺎﺣﻟا جذوﻣﻧﻟا اذھ لﺛﻣﯾ .ﺔﻧﯾﺟﮭﻟا و ﺔﺻﺎﺧﻟا و ﺔﻣﺎﻌﻟا بﺣﺳﻟا لﺛﻣ ﺔﯾﻛﯾﻣﺎﻧﯾد .ﺔﯾﻔﯾرﻌﺗﻟا تﺎﻘﯾﺑطﺗﻟا ﺔﺟﻣرﺑ تﺎﮭﺟاو و ،ةرﻘﺗﺳﻣﻟا رﯾﻏ ﺔﯾﺗﺣﺗﻟا ﺔﯾﻧﺑﻟا و ،ةرﻐﺻﻣﻟا ﺎﮭﻧﺈﻓ ، ﺔﯾوﻘﻟا ﺔﺗﻣﺗﻷا ﻰﻟإ ﺔﻓﺎﺿﻹﺎﺑ .ﺔظﺣﻼﻣﻟا و هرادﻼﻟ ﺔﯾﻠﺑﺎﻘﻟاو ﺔﻧورﻣﻟﺎﺑ ﺔﻧورﻘﻣﻟا مظﻧﻟا تﺎﯾﻧﻘﺗﻟا هذھ نﻛﻣﺗ و .حدﻛﻟا نﻣ ﻰﻧدﻷا دﺣﻟا ﻊﻣ ﻊﻗوﺗﻣ و ررﻛﺗﻣ لﻛﺷﺑ رﯾﺛﺄﺗﻟا ﺔﯾﻟﺎﻋ تارﯾﯾﻐﺗ ءارﺟﺈﺑ نﯾﺳدﻧﮭﻣﻠﻟ ﺢﻣﺳﺗ 8 ردﺻﻣﻟا ﺔﺣوﺗﻔﻣ تﺎﯾﺟﻣرﺑ مادﺧﺗﺳﺎﺑ ﺔﻧﯾﺟﮭﻟا ﺔﯾﺑﺎﺣﺳﻟا ﺔﺑﺳوﺣﻟا Hybrid Cloud Infrastructure Management and Automation Cloud Native Development

9. ﺔﯾﺑﺎﺣﺳ تﺎﻘﯾﺑطﺗ رﯾوطﺗ • Service based • API Centric •

   Containers • DevOps Open hybrid cloud Management and automation Cloud-native development Hybrid cloud infrastructure 9 ﺔﻧﯾﺟﮭﻟا ﺔﯾﺗﺣﺗﻟا ﺔﯾﻧﺑﻟا • Physical • Virtual • Public Cloud • Private Cloud • Edge ﺔﯾوﻘﻟا ﺔﺗﻣﺗﻷاو ةرادﻹا ردﺻﻣﻟا ﺔﺣوﺗﻔﻣ تﺎﯾﺟﻣرﺑ مادﺧﺗﺳﺎﺑ ﺔﻧﯾﺟﮭﻟا ﺔﯾﺑﺎﺣﺳﻟا ﺔﺑﺳوﺣﻟا

10. 10 The Analyst Review | Recent Forrester Wave We believe

    that being named a leader in this Wave evaluation further validates what we hear from our customers - that OpenShift delivers the modern bridge between existing IT deployments and a cloud-native future, while simultaneously bringing development and IT operations teams together on a common platform ASHESH BADANI SENIOR VICE PRESIDENT, CLOUD PLATFORMS, RED HAT Multicloud Container Development Platforms 2020 Q3 report • 8 Multicloud container platform vendors • 3 Categories (Current Offering, Strategy, Market Presence) • 29 evaluation criteria • Red Hat scored top in the strategy and market presence categories, as well as the highest score in the current offering category.

11. OPENSHIFT OVERVIEW

12. 12 Open Hybrid Cloud Containers/Kubernetes Common Fabric Infrastructure Services Day2

    Ops App Services Automation Lifecycle Management Ecosystem DevOps Shades of Openshift Platform Container Platform Container Driven | Cloud First | ONE Platform Developer Tools Bare Metal IBM Power تﺎﯾوﺎﺣﻟا ﺔﯾدﺎﻣﺗﻋﺎﺑ | ﺔﯾﺑﺎﺣﺳﻟا ﺔﺑﺳوﺣﻠﻟ | ةدﺣاو ﺔﺻﻧﻣ كرﺗﺷﻣ ﺞﯾﺳﻧ ﺔﯾﺑﺎﺣﺳﻟا تﺎﻣدﺧﻠﻟ ﺔﺗﻣﺗأ ﺔﯾﻧﺑﻟا تﺎﻣدﺧ ﺔﯾﺗﺣﺗﻟا دﻌﺑ ﺎﻣ تﺎﻣدﺧ بﯾﺻﻧﺗﻟا تﺎﻣدﺧ تﺎﻘﯾﺑطﺗﻟا سﺑوأ فﯾد تاودأ نﯾروطﻣﻠﻟ ةﺎﯾﺣ ةرود ةرادإ تﺎﻘﯾﺑطﺗﻟا ﻲﺟوﻟوﻛﯾإ مﺎظﻧ ﺔﻘﻓاوﺗﻣﻟا مظﻧﻟا

13. Container Optimized/Immutable OS STORAGE NETWORK COMPUTE Container Runtime Container Orchestration

    Container Native Network Container Native Storage Registry Logging Metrics Observability Metering Service Mesh Serverless (FaaS) Traceability Lifecycle Management Release Management Configuration Management Developer Experience Application Services Management Automation Openshift | Cloud Native Stack | Functional Overview ﺔﻣﺎﻋ ﺔﯾﻔﯾظو ةرظﻧ | ﺔﻠﻣﺎﻛﺗﻣﻟا ﺔﯾﺑﺎﺣﺳﻟا ﺔﺑﺳوﺣﻟا لوﻠﺣ | تﻔﯾﺷ نﺑوا EFK OCR Prometheus Grafana (OVN)

14. 14 OPENSHIFT CONTAINER PLATFORM | Functional Overview Developer productivity Cluster

    services Install ⠇Operators ⠇Over-the-air updates ⠇Monitoring ⠇Logging ⠇Registry ⠇ Storage ⠇Networking ⠇Security ⠇ Ingress routing Kubernetes Developer CLI ⠇IDE Plugins & Extensions ⠇ Cloud-native IDE ⠇ Local developer sandbox Service Mesh Serverless ⠇Builds CI/CD Pipelines Log Management ⠇ Cost Management Languages & Runtimes API Mgmt ⠇ Integration⠇ Messaging ⠇ Process Automation Platform services Application services Developer services Build cloud-native apps Manage workloads Multi-cluster management Inventory ⠇Policy ⠇Compliance ⠇Configuration ⠇Workloads Data driven insights Databases ⠇Cache Data Ingestion & Preparation Data Analytics ⠇AI/ML Data Mgmt & Resilience Data services Physical Virtual Private cloud Public cloud Edge OpenShift Kubernetes Engine Advanced Cluster Management OpenShift Container Platform Red Hat Enterprise Linux & RHEL CoreOS ﺔﻣﺎﻋ ﺔﯾﻔﯾظو ةرظﻧ | تﺎﯾوﺎﺣﻟا لﯾﻐﺷﺗ ﺔﺻﻧﻣ تﻔﯾﺷ نﺑوا

15. 15 15 OpenShift offers the broadest set of hybrid cloud

    services ﺔﻔﻠﺗﺧﻣ كﻼﮭﺗﺳإ جذﺎﻣﻧﺑ دﺣاو ﺞﺗﻧﻣ Red Hat OpenShift Dedicated or Amazon Red Hat OpenShift (AMRO) Azure Red Hat OpenShift Red Hat OpenShift Dedicated Red Hat OpenShift on IBM Cloud OpenShift Container Platform On-premises Red Hat OpenShift Dedicated - Managed By Red Hat or OCP Customer Managed ARO - Jointly Engineered, Managed & supported or OCP Customer Managed Dedicated - Managed By Red Hat or OCP Customer Managed Jointly Engineered and Supported OCP Customer Managed Developer Efficiency Business Productivity Enterprise Ready

16. The Platform | Developer Experience Developers OpenShift Dev Console OpenShift

    Pipelines Tekton CLI Kubernetes CI/CD Core CodeReady Workspaces (Eclipse Che) Local & remote Developer Tools Tekton Core Integrations Extensions Operator API Visual Studio Code Tasks Application Services Provisioning Build Deploy Configuration Management Release Management Scale Decommission Lifecycle Management Test Jenkins Registry Packaging S2I Certified Images Operator OLM Polyglot 16

17. OPENSHIFT CONTAINER PLATFORM | Architectural Overview 17 EXISTING AUTOMATION TOOLSETS

    SCM (GIT) CI/CD WORKER MASTER Red Hat® OpenShift® services STORAGE Kubernetes services Monitoring | Logging | Tuned SDN | DNS | Kubelet Infrastructure services etcd NETWORK COMPUTE Registry Prometheus | Grafana Alertmanager Kibana | Elasticsearch Router Developers Admins WORKER Monitoring | Logging | Tuned SDN | DNS | Kubelet Registry Prometheus | Grafana Alertmanager Kibana | Elasticsearch Router

18. OPENSHIFT CONTAINER PLATFORM | HA SETUP 18 ENTERPRISE LOAD-BALANCER Application

    Traffic Dev and Ops User MASTER MASTER INFRA MASTER INFRA INFRA NODE NODE NODE NODE NODE NODE NODE

19. Openshift Experience • Installation • Supported Infrastructure providers • Cluster

    Services ◦ Networking ◦ Logging ◦ Metrics ◦ Storage ◦ Registry ◦ Routing • Immutable infrastructure and Cluster updates • Day2 Ops • Security • Capacity Management • Team and Collaboration • DevOps • Application Services and development models ◦ Application Services ◦ Service Mesh ◦ Serverless • Developer Tools

20. Installation Paradigms OPENSHIFT CONTAINER PLATFORM | Installation 20 Full Stack

    Automated Simplified opinionated “Best Practices” for cluster provisioning Fully automated installation and updates including host container OS. Pre-existing Infrastructure Customer managed resources & infrastructure provisioning Plug into existing DNS and security boundaries OPENSHIFT CONTAINER PLATFORM HOSTED OPENSHIFT Azure Red Hat OpenShift Deploy directly from the Azure console. Jointly managed by Red Hat and Microsoft Azure engineers. OpenShift Dedicated Get a powerful cluster, fully Managed by Red Hat engineers and support. IPI UPI Managed بﯾﺻﻧﺗﻟا قرط بﯾﺻﻧﺗﻟا

21. As per 4.6 Supported Providers Full Stack Automation (IPI) Pre-existing

    Infrastructure (UPI) Bare Metal IBM Power Systems 21 Bare Metal Now supports deploying to VMware vSphere 7.0 بﯾﺻﻧﺗﻟا

22. IPI Installer: Required vCenter account privileges 22 A user requires

    the following privileges to install an OpenShift Container Platform cluster: • Datastore ◦ Allocate space ◦ Browse datastore ◦ Low level file operations ◦ Remove file • Folder ◦ Create folder ◦ Delete folder • vSphere Tagging ◦ All privileges • Network ◦ Assign network • Resource ◦ Assign virtual machine to resource pool • Profile-driven storage ◦ All privileges • vApp ◦ All privileges • Virtual machine ◦ All privileges UPI Can’t be granted! Example بﯾﺻﻧﺗﻟا

23. • OpenShift retrieves the list of available updates • Admin

    selects the target version • OpenShift is updated over the air • Auto-update support Over the Air (OTA) Updates Cluster Version Operator (CVO) تﺎﺛﯾدﺣﺗﻟا

24. Update manager for your clusters in restricted or disconnected networks

    • OpenShift Update Service (OSUS) is the on-premise release of Red Hat’s hosted update service • Supports the publishing of upgrade graph information to clusters in restricted networks • Provides clusters with a list of next recommended update versions based on the current version installed on the cluster • Comprised of two services: ◦ Graph Builder: Fetches OpenShift release payload information (primary metadata) from any container registry (compatible with Docker registry V2 API) and builds a directed acyclic graph (DAG) representing valid upgrade edges ◦ Policy Engine: Responsible for selectively serving updates to every cluster by altering a client’s view of the graph with a set of filters • Distributed on Operator Hub as an optional add-on operator https://www.openshift.com/blog/cluster-updates-get-an-update-in-openshift-4.6 Blog post announcing OpenShift Update Service OpenShift Update Service Local Container Registry in Restricted Network OpenShift Update Service Graph Builder Policy Engine OpenShift Cluster in Restricted Network Cluster Version Operator (CVO) Scrape Release Images from Registry Read graph data (secondary metadata) Edge Add/Remove Cluster Version Operator (CVO) OpenShift Cluster in Restricted Network تﺎﺛﯾدﺣﺗﻟا

25. OpenShift SDN Plugin When the multi-tenant plugin is enabled, a

    cluster administrator can define egress firewall policies to limit the external addresses that some or all pods can access from within the cluster All pods can communicate with each other across projects Flat Network NODE POD POD POD POD NODE POD POD POD POD PROJECT A PROJECT B DEFAULT NAMESPACE ✓ PROJECT C Multi-Tenant Network Project-level network isolation, Multicast support, Egress Network Policy Multi-Tenant Network Granular policy-based isolation Network Policy ﺔﻛﺑﺷﻟا

26. • Next-gen Kubernetes CNI plugin (ovn-kubernetes) • OCP 4.6 GA

    (default is still OVS) • Install-time option or post-install Why OVN? • Consolidates Red Hat SDN efforts across products • Flexible SDN architecture for faster feature development • Large upstream community (Linux Foundation project) • Red Hat leadership in upstream OVS & OVN communities • Manages overlays and physical network connectivity • Flexible security policies via ACLs and security groups • Distributed L3 routing, L2/L3 Gateways to other networks • IPv4 and IPv6 capability • Windows “Hybrid Overlay” service for pod-to-pod traffic between Windows and Linux cluster nodes. Kubernetes CNI (OVN) OpenShift SDN OVN Kubernetes veth pairs veth pairs OVS bridge OVS bridge Central controller / host-ipam Central controller / host-ipam VXLAN tunnels Geneve tunnels OVS flows for NetworkPolicy OVS flows for NetworkPolicy IPTables for services OVN LBs for services IPTables for NAT OVS for NAT Goal: Develop and support a modern, maintainable, community-based, open-source Kubernetes CNI network plugin for OpenShift that complements the existing capabilities of OVS to add native support for virtual network abstractions. Technology Highlights Comparison ﺔﻛﺑﺷﻟا

27. 3rd-Party CNI Plugin Certification as of 4.6 The following 3rd-party

    Kubernetes CNI plug-ins have begun the OpenShift certification process and are at varying stages of progress: • ACI • The certification process primarily consists of: 1. Formalizing the partnership 2. Certifying the container(s) 3. Certifying the Operator 4. Successfully passing the same Kubernetes networking conformance tests that OpenShift uses to validate its own SDN OPENSHIFT KUBERNETES CNI Tech Preview Cert In-Progress TBD Cisco ACI midCY2020 VMware NSX-T soon Juniper Contrail Q4CY2020 OpenShift SDN DEFAULT 4.x OVN 4.6 kuryr- kubernetes2 RH-OSP Neutron Plugin 4.2.2 Tigera Calico (open src) 4.2 Fully Supported 27 https://access.redhat.com/articles/4763741 As of Sep 23, VMware officially completed certification of the following: • NSX Container Plug-in (NCP) 3.0.2 with Openshift 4.4 and NSX-T 3.x+ ﺔﻛﺑﺷﻟا

28. OpenShift Route vs Kubernetes Ingress GETTING TRAFFIC INTO THE CLUSTER

    28 Feature Ingress on OpenShift Route on OpenShift Standard Kubernetes object X External access to services X X Persistent (sticky) sessions X X Load-balancing strategies X X Rate-limit and throttling X X IP whitelisting X X TLS edge termination for improved security X X TLS re-encryption for improved security X TLS passthrough for improved security X Multiple weighted backends (split traffic) X Generated pattern-based hostnames X Wildcard domains X Source: https://blog.openshift.com/kubernetes-ingress-vs-openshift-route/ ﺔﻛﺑﺷﻟا

29. Storage Capabilities for Container Workloads • Persistent File Storage For

    Containers (RWX) Container application state is held in this persistent file storage • Persistent Block Storage For Containers (RWO) Specific storage type for workloads that require a certain performance. i.e. Database workloads, Logging where Elastic or equivalents are involved. • Object Storage Storage type widely being used within cloud and container workloads OCS offers a huge amount of options for Object Storage leveraged by NooBaa • Registry Store Location where container base images are placed in May not have redundant storage, therefore possible point of failure. نﯾزﺧﺗﻟا

30. A broad spectrum of static and dynamic storage endpoints CONTAINER

    STORAGE | STORAGE PLUGINS OCP Supported AWS EBS Fibre Channel Azure File & Disk HostPath GCE PD Local Volume VMware vSphere Disk Raw Block NFS iSCSI Supported via OCS File , Block, Raw Block, Object Supported via OSP Cinder نﯾزﺧﺗﻟا

31. Storage access modes 31 نﯾزﺧﺗﻟا

32. CONTAINER STORAGE | PROVISIONING PROJECT POOL OF PERSISTENT VOLUMES NFSP

    V iSCSI PV Admin User register PV create claim GlusterFS PV Pod claim Pod claim Pod claim Ceph RBD PV Admin User define StorageClass create claim: Fastest Slow Azure-Disk Fast AWS-SSD Fastest NetApp-Flash NetApp Provisioner AWS Provisioner Pod claim PV OpenShift PV Controller provision Azure Provisioner bound Static Storage Provisioning Dynamic Storage Provisioning نﯾزﺧﺗﻟا

33. OCS | VALUE Supports multi-cloud/hybrid cloud (private and public) Simplifies

    management (consumed and managed through OpenShift) Stores all types of data (structured, semi-structured and unstructured) 33 Manages storage based on policies (across clouds) • Persistent storage for containers • Integrated management from OpenShift • Storage provisioning for all types of data • Backed by Red Hat expertise نﯾزﺧﺗﻟا

34. 34 Consistent storage management, and operations ANY CLOUD. ANY APP.

    NO LOCK IN Future Proof against cloud or infrastructure lock-in CONTAINERS BARE METAL LEGACY STORAGE RED HAT OPENSHIFT CONTAINER STORAGE HYBRID CLOUD VIRTUAL MACHINES OCS | OVERVIEW Block File Object نﯾزﺧﺗﻟا

35. OCP 4 with OCS 4 - Technology Stack 35 Easy

    & Automated Management with Operators Highly Resilient & Scalable Storage System Multi-Cloud & Hybrid Object Storage OCS | TECHNOLOGY STACK Operator Driven Install Integrated Dashboard Automated Day 2 Operations App Multi-Cloud Buckets Multi-site Buckets S3 API App App Hybrid Buckets نﯾزﺧﺗﻟا

36. 36 Sources: OCP 4.2 Dynamic Provisioner support matrix OCP 4.2

    Access Mode support matrix OCP 4.2 Block Volume support matrix Kubernetes CSI Drivers Persistent volume capabilities C SI provision Basic CSI driver persistent volume capabilities 1 2 3 4 5 A B C D E F G C SI attach Common persistent volume modes, types and capabilities C SI snapshot C SI clone Raw Block m ode RW O single pod access m ode D ynam ic provisioning RW X m ulti-pod access m ode Rapid PV attach/detach M ulti-zone PVs Topology-aware provisioning H O bject bucket claim C SI resize

37. Openshift LOGGING | EFK STACK 37 Components ･ Elasticsearch: a

    search and analytics engine to store logs ･ Fluentd: gathers logs and sends to Elasticsearch. ･ Kibana: A web UI for Elasticsearch. Access control ･ Integrated with OCP RBAC ･ Cluster administrators can view all logs ･ Users can only view logs for their projects Ability to forward logs elsewhere ･ External elasticsearch, Splunk, etc APPLICATION LOGS OPERATION LOGS ELASTIC ELASTIC RHEL NODE POD POD POD POD FLUENTD RHEL NODE POD POD POD POD FLUENTD ELASTICSEARCH RHEL NODE POD POD POD POD FLUENTD USER ELASTIC ELASTIC KIBANA ELASTIC ELASTIC ELASTICSEARCH ELASTIC ELASTIC KIBANA ADMIN تﻼﺟﺳﻟا Infra App Audit Forward logs to different systems based on their “inputSource”. inputSource=app inputSource=audit apiVersion: "logging.openshift.io/v1" kind: "ClusterLogForwarder" spec: outputs: - name: MyLogs type: Syslog syslog: Facility: Local0 url: localstore.example.com:9200 pipelines: - inputs: [Infrastructure, Application, Audit] outputs: [MyLogs] Log forwarding • Extra Fluentd • Managed cluster-wide using ClusterLogForwarder CRD • The API helps to reduce probability to misconfigure Fluentd • Audit log collection and forwarding to external elasticsearch and kafka

38. Openshift METRICS | PROMETHEUS, GRAFANA, AND ALERT MANAGER 38 Metrics

    collection and storage via Prometheus, an open-source monitoring system time series database. Metrics visualization via Grafana, the leading metrics visualization technology. Alerting/notification via Prometheus’ Alertmanager, an open-source tool that handles alerts send by Prometheus. سﯾﯾﺎﻘﻣﻟا

39. The OpenShift Security Guide is Available • OpenShift Security Guide

    is released on Amazon (Kindle format) • Also available to our customers via the customer portal - here نﻣﻷا

40. نﻣﻷا • Distributed as a container image • Transactional updates

    follow container image versioning • Immutable • Installing RPMs on RHCOS is not supported • Security and compliance are managed by machine config operator Openshift Machine Config Operator

41. نﻣﻷا • Secure Boot - provides guarantee that a trusted,

    unmodified Kernel is loaded • File integrity monitoring ◦ /usr is read only ◦ Machine Config Operator marks nodes with wrongly configured files as degraded • Roadmap: a file integrity operator using AIDE ◦ Advanced Intrusion Detection Environment is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions File Integrity

42. نﻣﻷا Container Security Operator Proactive Vulnerability Monitoring = Install, upgrade,

    reconcile, config Monitor, scale, troubleshoot, backup Summarize Observe Red Hat Consolidated Vulnerability Feed 2 1 User adds the Container Security Operator to watch containers for vulnerabilities Continuous Quay and Claire Scans 3

43. AUTOMATED OPS | OPERATORS 43 Operators codify operational knowledge and

    workflows to automate lifecycle management of containerized applications with Kubernetes SDK LIFECYCLE MANAGEMENT METERING Operators are only targeting the platform, But also all workloads running on top of it! ﺔﺗﻣﺗﻷاو ةرادﻹا

44. Developer Experience | Overview 44 OpenShift Dev Console OpenShift Pipelines

    Tekton CLI Kubernetes CI/CD Core Developer Tools CodeReady Workspaces (Eclipse Che) Tekton Core Integrations Extensions Operator API Visual Studio Code Tasks Application Services Provisioning Build Deploy Configuration Management Release Management Scale Decommission Lifecycle Management Test Jenkins CI/CD Pipelines Security S2I Packaging Operator SDK Monitoring تﺎﻘﯾﺑطﺗﻟا رﯾوطﺗ

45. OPENSHIFT SERVICE MESH OPENSHIFT SERVERLESS OpenShift Service Mesh ◦ Security

    and network segmentation of microservices applications including Istio, Kiali (UI), and Jaeger (Tracing) projects OpenShift Serverless ◦ Integrated serverless for scale-to-zero FaaS services and event sources, built on the Knative framework OpenShift Pipelines (Tech Preview) ◦ Kubernetes-style CI/CD based on Tekton delivers tight integration with OpenShift and Red Hat developer tools Building next-gen applications OPENSHIFT PIPELINES تﺎﻘﯾﺑطﺗﻟا رﯾوطﺗ

46. Developer Experience | Pipelines 46 DC, RC, RS, ConfigMap, Secrets,

    Service, Readiness/Liveness Probes Skopeo INTEGRATED IMAGE REGISTRY OPENSHIFT CLUSTER DEVELOPER GIT SERVER ARTIFACT REPOSITORY OPENSHIFT CI/CD PIPELINE (JENKINS) IMAGE BUILD & DEPLOY INTEGRATED IMAGE REGISTRY OPENSHIFT CLUSTER GO LIVE? PROMOTE TO TEST PROMOTE TO UAT PROMOTE TO PROD RELEASE MANAGER NON-PROD PROD DEV TEST UAT ☒ ☑ Red Hat Base Images Runtimes App Services BC, S2I Built-in Jenkins Built-in pipeline Tekton pipeline OCR Quay Deployment Strategy Configuration Management Probes and Health Check Service Discovery Code Ready Workspaces Visual Studio Code ODO, Fabric8 تﺎﻘﯾﺑطﺗﻟا رﯾوطﺗ

47. Developer Experience | Service - Developer - Catalog 47 •

    Entry point for a developer to access all services available to them • Merges all capabilities from Application Services, Operators, and Custom templates Example: adding Drupal to Developer Catalog (Setting up Drupal-8 and MariaDB) تﺎﻘﯾﺑطﺗﻟا رﯾوطﺗ

48. Openshift Project Developer Experience | Self-Service 48 DEVELOPER • Quota

    • Resource Limits • RBAC Dev - Project Project Developer Catalog Cluster Developer Catalog CPU, Memory, Storage, # of containers, # of Pods, # of builds, # of deployments, ...etc Cluster Admin Project Admin Manage Manage Manage تﺎﻘﯾﺑطﺗﻟا رﯾوطﺗ

49. Developer Experience | S2I - SOURCE TO IMAGE 49 Build

    From Source Build From Binary Build From Image Multi Stage Build Still not enough, You can go for S2I Custom Build Polyglot automated image builder تﺎﻘﯾﺑطﺗﻟا رﯾوطﺗ

50. Developer Experience | SERVICE MESH 50 Key Features & Updates

    • Sidecar automatic injection • Dynamic service discovery • Load balancing • TLS termination • HTTP/2 and gRPC proxies • Control service access • Circuit breakers and Throttling • Health checks • Timeouts And Retries • Advanced deployment strategies • Staged rollouts with percent-based traffic split • Service versioning • Metrics • Observability • Traceability • Chaos Engineering MyService Business Code Observing Tracing Security Deployment Resilience Routing Traffic Management Authentication Logging Versioning تﺎﻘﯾﺑطﺗﻟا رﯾوطﺗ

51. Developer Experience | SERVICE MESH - ISTIO 51 Control Plane

    Pilot Mixer Auth Data Plane Pod Envoy App Pod Envoy App Pod Envoy App Pod Envoy App Mixer • Enforces access control and usage policies across service mesh • Collects telemetry data from Envoy proxy and other services • Proxy extracts request-level attributes, sends to Mixer for evaluation Pilot • Service discovery for Envoy sidecars • Traffic management capabilities for intelligent routing—A/B tests, canary deployments, etc. • Resiliency—timeouts, retries, circuit breakers, etc. • Converts high-level routing rules that control traffic behavior into Envoy-specific configurations ◦ Propagates them to sidecars at runtime Envoy - Sidecar • Policy Enforcement as defined in Pilot • Communicates telemetry to the Mixer MyService Business Code Observing Tracing Security Deployment Resilience Routing Traffic Management Authentication Logging Versioning تﺎﻘﯾﺑطﺗﻟا رﯾوطﺗ

52. Developer Experience | SERVICE MESH - ISTIO 52 Observe Observe

    Secure Control Connect Jaeger Prometheus Istio Kiali Grafana تﺎﻘﯾﺑطﺗﻟا رﯾوطﺗ

53. Developer Experience | SERVICE MESH - ISTIO 53 Microservice before

    and after Istio Platform Microservice Service Discovery Load Balancing Circuit Breaker Traffic Control Monitoring Tracing Business Logic Netflix OSS Config Server Security Policies Service Registry Traffic Control Monitoring Tracing API Magenement Smart Routing Microservice Business Logic OpenShift + Istio Config Server Load Balancing Service Registry Traffic Control Monitoring Tracing API Magenement Smart Routing Microservices App Microservices App Before After تﺎﻘﯾﺑطﺗﻟا رﯾوطﺗ

54. Developer Experience | SERVERLESS 54 Event SERVERLESS SERVER Results HTTP

    Requests Kafka Messages Image Uploaded New Order Login from user trigger produce Benefits of this model: • No need to setup auto-scaling and load balancers ◦ Scale down and save resources when needed. ◦ Scale up to meet the demand. • Enable Event Driven Architectures (EDA) patterns • Enable teams to associate cost with IT • Modernize existing applications to run as serverless containers Event Sourcing Containers تﺎﻘﯾﺑطﺗﻟا رﯾوطﺗ

55. Developer Experience | SERVERLESS 55 Immutable revisions Deploy new features:

    performing canary, A/B or blue-green testing with gradual traffic rollout with no sweat and following best practices. No need to configure number of replicas, or idling. Scale to zero when not in use, auto scale to thousands during peak, with built-in reliability and fault-tolerance. Automatic scaling Ready for the Hybrid Cloud Truly portable serverless running anywhere OpenShift runs, that is on-premises or on any public cloud. Leverage data locality and SaaS when needed. Event Driven Architectures Build loosely coupled & distributed apps connecting with a variety of built-in or third-party event sources or connectors powered by Operators. Any programming language Use any programming language or runtime of choice. From Java, Python, Go and JavaScript to Quarkus, SpringBoot or Node.js. Simplified developer experience to deploy applications/code on serverless containers abstracting infrastructure & focusing on what matters. Containers made easy prem aws azure Key Features https://docs.google.com/presentation/d/1AFnyQUaRw1uAr4gwIRQSsPhhSmp967We4eX1rg7DafM/edit#slide=id.g74a3ba7280_4_3519 تﺎﻘﯾﺑطﺗﻟا رﯾوطﺗ

56. Developer Experience | SERVERLESS 56 OPERATOR BASED INSTALLATION • Click

    Install experience • Developer & admin experience in Console • Built-in event sources • No external dependencies. • "Just works." Toolset • Kn CLI • Web UI • Monitoring, Metering and Logging • Disconnected install support (air-gapped) • Egress proxy with TLS support • Over the air updates and patches CLI UI $ kn service create --image= تﺎﻘﯾﺑطﺗﻟا رﯾوطﺗ

57. Developer Experience | APPLICATION SERVICES IN SERVERLESS 57 Building on

    OpenShift Serverless with Red Hat Services Connected Services How Knative services interact with the outside world. Service Orchestrator Composing multiple services together into an application. Event Streaming All modern architectures need some Kafka. API Gateway Next gen APIs still require management. Implementing Services Functions, languages, and the vagaries of cold starts. The Dirty Word in Serverless Yep, you still need state to handle long-lived orchestration. تﺎﻘﯾﺑطﺗﻟا رﯾوطﺗ

58. 58 Project sources Dependencies Developer Tools Commands Build and packaging

    tools Terminal Operating system Web server / application server Database (All other runtime components) Everything a developer needs is managed in a personal Workspace hosted in an IT-Managed OpenShift cluster. CodeReady Workspaces creates a containerized developer environment in Kubernetes - requires no Kube knowledge 1. Accelerates projects and onboarding of developers. 2. Removes inconsistencies between dev and prod. 3. Protects source code by keeping it off laptops. Developer Experience | IDE تﺎﻘﯾﺑطﺗﻟا رﯾوطﺗ

59. Developer Experience | ODO 59 Developer command line odo is

    a new CLI for OpenShift that is tailored for developer syntax and workflows. Goal is to make it simple for a developer to create an app, add components (like a database) and expose it without needing to know Kubernetes. odo is a affectionately called “OpenShift DO!” > odo create wildfly backend Component ‘backend’ was created. To push source code to the component run ‘odo push’ > odo push Pushing changes to component: backend > odo storage create backend-store --path /data --size 100M Added storage backend-store to backend > odo create php frontend Component ‘frontend’ was created. To push source code to the component run ‘odo push’ > odo push Pushing changes to component: frontend > odo url create frontend - http://frontend-myproject.192.168.99.100.nip.io > odo watch Waiting for something to change in /Users/tomas/odo/frontend تﺎﻘﯾﺑطﺗﻟا رﯾوطﺗ

60. Developer Experience | VISUAL STUDIO 60 Visual Studio Plugins Red

    Hat plugins for VSCode add IDE superpowers for Java, Kubernetes YAML and Fuse XML. The OpenShift plugin allows developers to quickly connect and deploy to OpenShift instances locally or remotely. Dependency Analytics adds license and CVE package alerts. تﺎﻘﯾﺑطﺗﻟا رﯾوطﺗ

61. Developer perspective and DevOps capabilities A developer-focused console perspective: •

    Create apps from git, images, etc… • Application topology views • Pipeline creation and tracking • Scale up/down in a single click • Monitor app health and metrics • Link to more detailed admin views Creates a UI to focus DevOps teams. Why? A PaaS layer on OpenShift’s hybrid multi-cloud Kubernetes platform. Developer Experience | OPENSHIFT DEVELOPER CONSOLE تﺎﻘﯾﺑطﺗﻟا رﯾوطﺗ

62. Subscription and Application Services Bundles

63. Subscription | Overview 63 • Core based subscription • Different

    subscription units • Valid for all supported infrastructures • 1Y/3Y and can be managed for 5Y • OCP subscription covers the following ◦ OCP engine ◦ Fully Automated Installers, and Over the Air Smart Upgrades ◦ Operator Lifecycle Manager (OLM) ◦ SDN ◦ Matrix ◦ Logging ◦ Metering and Cost Management SaaS Service ◦ Registry ◦ Service Mesh ◦ OCP Virtualization ◦ RHSCL 4 vCPU 32 vCPU 128 vCPU Units

64. Subscription | Cores vs vCPU and Hyperthreading 64 • Virtual

    machines use virtualized CPUs. • For hyperthreaded systems ◦ You can see two vCPU per underlying physical core ◦ Red Hat calculates cores with a ratio of 2 core = 4 vCPUs ◦ In other words, a 2-core subscription covers 4 virtual CPUs in a VM • This is the default unless It is explicitly mentioned that hyperthreading is not used Example: An 8 vCPU VM has 4 effective “cores”, and would need two (2) 2 core subscriptions. • For non-hyperthreaded systems ◦ You can see one vCPU per underlying physical core ◦ Red Hat calculates cores with a ratio of 2 cores = 2 vCPUs ◦ In other words, a 2-core of a subscription covers 2 virtual CPUs in a VM on a non-hyperthreaded system Example: A 4 vCPU VM has 4 effective “cores”, and would need two (2) 2 core subscriptions.

65. Subscription | RHSCL - Red Hat Software Collections 65 •

    Perl • Python • Ruby • NodeJS • PHP • Postgresql • MariaDB • MySql • MongoDB • Redis • Httpd • Nginx • Varnish • Red Hat Developer Toolset (DTS) Certified/Supported Images At minimum, Critical and Important Security errata advisories (RHSAs) and Urgent Priority Bug Fix errata advisories (RHBAs) will be issued if and when available. Lower-impact security advisories may be made in the next point release. All errata are provided at Red Hat's discretion. The following table details the types of software maintenance performed during the life cycle: Description Support Unlimited-incident technical support Yes Asynchronous security errata Yes Asynchronous bug-fix errata Yes Software enhancements Yes Scope of Coverage

66. Subscription | Application Services 66 • Runtimes Bundle ◦ JBoss

    EAP ◦ Red Hat Data Grid ◦ Red Hat AMQ Broker ◦ JWS (Tomcat) ◦ OpenJDK ◦ Quarkus ◦ Spring Boot ◦ Vert.x ◦ Wildfly Swarm ◦ Thorntail ◦ Open liberty ◦ NodeJS ◦ RHSSO • Integration Bundle • Process Automation Bundle • Portfolio Bundle Integration Process Runtimes • Runtimes is included in higher bundles • No restriction on vCPU distribution • Bundled with OCP subscription • Can be added on an existing OCP subscription

67. Subscription | Where can I run it? 67 Anywhere RHEL/RHEL

    CoreOS x86 is supported and tested: • Bare metal • Virtual ◦ VMware ◦ Red Hat Virtualization ◦ Other Virtualization Platforms, Other platforms are supported via the Bare Metal UPI install method • Private cloud ◦ Red Hat OpenStack Platform • Any OpenShift-certified public cloud ◦ AWS, GCE, and Azure. ◦ Cloud Access subscription transfer is required for RHEL Nodes ◦ https://www.redhat.com/en/technologies/cloud-computing/cloud-access ◦ Cloud providers that sell our product on their public clouds have to join the CCSP program.

68. Subscription | OCS - Openshift container Storage 68 • Separate

    subscription • vCPU based • It depends on deployment option

69. linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHat 69 Red Hat is the world’s

    leading provider of enterprise open source software solutions. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. Thank you Optional section marker or title