Enterprise Kubernetes: Openshift Container Platform

Transcript

1. Enterprise Kubernetes: Openshift Container Platform M. Aykut Bulgu Technology Consultant,

   Software Architect @systemcraftsman

2. @systemcraftsman Who am I ? Was a child in the

   end of 80’s and beginning of 90’s Married, has a daugther Tech lover Has been working for about 12 years in software/tech industry Fond of Software Craftsmanship Co-organiser of ScTurkey Community Works as a Red Hatter; a Middleware Consultant

3. An Overall History & Why Openshift

4. @systemcraftsman https://www.slideshare.net/egg9/kubernetes-introduction A Brief Kubernetes History

5. @systemcraftsman Jul 2014 Red Hat contributions start https://www.slideshare.net/egg9/kubernetes-introduction A Brief

   Kubernetes History

6. @systemcraftsman #1 - Google - 41,649 #2 - Red Hat

   - 14,410 #6 - IBM - 1230 #9 - CoreOS - 964* #10 - Microsoft - 728 #13 - VMware - 433 #15 - Intel - 400 #23 - Cisco - 192 #26 - Pivotal - 141 #41 - Oracle - 36 #56 - Docker - 14 Amazon/AWS - ? * Most CoreOS commits were done using personal email addresses (Independent) http://stackalytics.com/?metric=commits&project_type=kubernetes-group&release=all Kubernetes Project Contributions

7. @systemcraftsman Red Hat Contributions to Kubernetes Operators Framework | ClusterRole

   Aggregation | RBAC Authorization | Stateful Sets | Init Containers | Rolling Update Status | Pod Security Policy Limits | Memory based Pod Eviction | Quota Controlled Services | 1,000+ Nodes | Dynamic PV Provisioning | Multiple Schedulers | SECCOMP | Audit | Job Scheduler | Access Review API | Whitelisting Sysctls | Secure Cluster Policy | Evict Pods Disk IO | Storage Classes | Azure Data Disk | etcdv3 | RBAC API | Auth to kubelet API | Pod-level cGroups QoS | Kublet Eviction Model | RBAC | Storage Class | CustomResourceDefinitions | API Aggregation | Encrypted secrets in etcd | Limit Node Access | HPA Status Conditions | Network Policy | CRI Validation Test Suite | Local Persistent Storage | Audit Logging |

8. @systemcraftsman A Brief History of Openshift Openshift v2 - Announced

   in 2013 Red Hat Contribution to K8s started in 2014 Openshift v3 dev. Preview is announced in 2016 Openshift v3.0 is announced in 2017 (end of v2)

9. 9 How Do We Deliver OpenShift? CONTAINER PLATFORM DEDICATED ONLINE

   Integrate OSS projects Partner integration platform No-cost validations for innovation Community Distribution of Kubernetes 100+ Integrations Align time with OSS trunk

10. @systemcraftsman Security fixes 100s of defect and performance fixes 200+

    validated integrations Middleware integrations (container images, storage, networking, cloud services, etc) 9 year enterprise lifecycle management Certified Kubernetes Kubernetes Release OpenShift Release 1-3 months hardening Openshift Is Kubernetes For The Enterprise

11. @systemcraftsman ~250 Bugs Fixed ~190 Bugs Fixed ~30 Bugs Fixed

    Between K8s 1.* and Openshift 3.* Between Openshift 3.* and 3.*.33 Since 3.*.33 Openshift Is Kubernetes For The Enterprise

12. @systemcraftsman Requires a Linux operating system Requires a Container Runtime

    (CRI-O, Containerd, Docker, etc) Requires image registry Requires software defined networking Requires load‐balancer and routing Requires log management Requires container metrics and monitoring OpenShift includes all these components fully integrated and fully tested as part of the platform. Why Kubernetes Is Not Enough For The Enterprise

13. @systemcraftsman Container Infrastructure and Management Kubernetes OKD* OpenShift Multi-host container

    scheduling ✔ ✔ ✔ Self-service provisioning ✔ ✔ ✔ Service discovery ✔ ✔ ✔ Enterprise Linux operating system ✔ Image registry ✔ ✔ Validated storage plugins ✔ ✔ Networking and validated networking plugins ✔ ✔ Log aggregation and monitoring ✔ ✔ Multi-tenancy ✔ ✔ Metering and chargeback ✔ * OKD is the open source project formerly known as OpenShift Origin

14. @systemcraftsman Developer Experience Kubernetes OKD* OpenShift Automated image builds No

    developer or application services ✔ ✔ CI/CD workflows and pipelines ✔ ✔ Certified application services ✔ Certified middleware ✔ Certified databases ✔ 200+ certified ISV solutions ✔ * OKD is the open source project formerly known as OpenShift Origin

15. @systemcraftsman Enterprise Support and Community Kubernetes OKD OpenShift Community forums

    and resources ✔ ✔ ✔ Zero downtime patching and upgrades ✔ Enterprise 24/7 support ✔ 9 year support lifecycle ✔ Security response team ✔ External review: 10 most important differences between OpenShift and Kubernetes

16. @systemcraftsman That’s Why:

17. @systemcraftsman Kubernetes is a project, Openshift is a product That’s

    Why:

18. Myths

19. @systemcraftsman Myth: Openshift Is Too Far Behind K8s OSS

20. @systemcraftsman Myth: Openshift Is Too Heavy | It’s a PaaS

    KUBERNETES RED HAT ENTERPRISE LINUX | RED HAT COREOS SDN NETWORKING STORAGE LOGGING MONITORING CI/CD PIPELINES SERVICE CATALOG CONTAINER REGISTRY SECURITY | AUTH OPS CONSOLE BARE METAL VIRTUAL PRIVATE PUBLIC SERVICE BROKERS | ANSIBLE | AWS | AZURE | GCP CLOUD-NATIVE AI / ML BIG DATA IOT SERVERLESS OPERATOR LIFECYCLE MANAGER | PLATFORM | APPLICATIONS RED HAT MIDDLEWARE SERVICES TRADITIONAL WINDOWS ISTIO - SERVICE MESH CONTAINERS AS A SERVICE (CaaS) PLATFORM AS A SERVICE (PaaS) [OPTIONAL TO USE]

21. Openshift Architecture

22. @systemcraftsman Automated Operations Kubernetes Red Hat Enterprise Linux or Red

    Hat CoreOS Application Services CaaS PaaS Best IT Ops Experience Best Developer Experience Cluster Services Developer Services Middleware, Service Mesh, Functions, ISV Metrics, Chargeback, Registry, Logging Dev Tools, Automated Builds, CI/CD, IDE Openshift Container Platform

23. @systemcraftsman EXISTING AUTOMATION TOOLSETS SCM (GIT) CI/CD SERVICE LAYER ROUTING

    LAYER PERSISTENT STORAGE REGISTRY RHEL NODE c RHEL NODE RHEL NODE RHEL NODE RHEL NODE RHEL NODE C C C C C C C C C C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID Openshift Architecture

24. @systemcraftsman Openshift Architecture https://medium.com/levvel-consulting/the-differences-between-kubernetes-and-openshift-ae778059a90e

25. @systemcraftsman Openshift Architecture https://medium.com/levvel-consulting/the-differences-between-kubernetes-and-openshift-ae778059a90e

26. Openshift Installation Architectures

27. @systemcraftsman Proof-of-Concept Architecture Application Traffic Dev and Ops User INFRA

    MASTER NODE NODE An infrastructure node is a node that is dedicated to infrastructure pods such as router, image registry, metrics, and logs

28. @systemcraftsman App High-Availability Architecture ENTERPRISE LOAD-BALANCER Application Traffic Dev and

    Ops User INFRA MASTER INFRA NODE NODE NODE NODE

29. @systemcraftsman Full High-Availability Architecture ENTERPRISE LOAD-BALANCER Application Traffic Dev and

    Ops User NODE MASTER MASTER INFRA MASTER INFRA NODE NODE NODE NODE NODE INFRA NODE

30. Technical Deep Dive

31. Application Health

32. @systemcraftsman Auto-Healing Failed Pods RHEL NODE RHEL NODE c RHEL

    NODE RHEL NODE c RHEL NODE C C RHEL NODE C C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING C

33. @systemcraftsman RHEL NODE RHEL NODE c RHEL NODE RHEL NODE

    c RHEL NODE C C RHEL NODE C C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING C Auto-Healing Failed Pods

34. @systemcraftsman RHEL NODE RHEL NODE c RHEL NODE RHEL NODE

    c RHEL NODE C C RHEL NODE C C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING C Auto-Healing Failed Pods

35. @systemcraftsman RHEL NODE RHEL NODE c RHEL NODE RHEL NODE

    c RHEL NODE C C RHEL NODE C C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING C Auto-Healing Failed Containers

36. @systemcraftsman RHEL NODE RHEL NODE c RHEL NODE RHEL NODE

    c RHEL NODE C C RHEL NODE C C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING C Auto-Healing Failed Containers

37. @systemcraftsman RHEL NODE RHEL NODE RHEL NODE RHEL NODE C

    C RHEL NODE C C c RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING C c Auto-Healing Failed Containers

38. Routing

39. @systemcraftsman Built-in Service Discovery Internal Load-Balancing SERVICE app=payroll role=frontend POD

    app=payroll role=frontend POD app=payroll role=frontend Name: payroll-frontend IP: 172.10.1.23 Port: 8080 POD app=payroll role=backend version=1.0 version=1.0

40. @systemcraftsman SERVICE app=payroll role=frontend POD app=payroll role=frontend POD app=payroll role=frontend

    Name: payroll-frontend IP: 172.10.1.23 Port: 8080 POD app=payroll role=backend version=2.0 version=1.0 POD app=payroll role=frontend version=1.0 Built-in Service Discovery Internal Load-Balancing

41. @systemcraftsman SERVICE POD POD ROUTER POD EXTERNAL TRAFFIC INTERNAL TRAFFIC

    Route Exposes Services Externally

42. @systemcraftsman ROUTING AND EXTERNAL LOAD-BALANCING Pluggable routing architecture HAProxy Router

    F5 Router Multiple-routers with traffic sharding Router supported protocols HTTP/HTTPS WebSockets TLS with SNI Non-standard ports via cloud load-balancers, external IP, and NodePort

43. @systemcraftsman ROUTE SPLIT TRAFFIC SERVICE A App A App A

    SERVICE B App B App B ROUTE 10% traffic 90% traffic Split Traffic Between Multiple Services For A/B Testing, Blue/Green and Canary Deployments

44. Logging & Metrics

45. @systemcraftsman Central Log Management with EFK EFK stack to aggregate

    logs for hosts and applications Elasticsearch: a search and analytics engine to store logs Fluentd: gathers logs and sends to Elasticsearch. Kibana: A web UI for Elasticsearch.

46. @systemcraftsman APPLICATION LOGS OPERATION LOGS ELASTIC ELASTIC RHEL NODE POD

    POD POD POD FLUENTD RHEL NODE POD POD POD POD FLUENTD ELASTICSEARCH RHEL NODE POD POD POD POD FLUENTD USER ELASTIC ELASTIC KIBANA ELASTIC ELASTIC ELASTICSEARCH ELASTIC ELASTIC KIBANA ADMIN Central Log Management with EFK

47. @systemcraftsman CONTAINER METRICS RHEL NODE POD POD POD POD FLUENTD

    Container Metrics RHEL NODE POD POD POD POD FLUENTD HEAPSTER RHEL NODE POD POD POD POD CADVISOR HAWKULAR OPENSHIFT WEB CONSOLE ELASTIC ELASTIC CASSANDRA RED HAT CLOUDFORMS CUSTOM DASHBOARDS API USER

48. @systemcraftsman Container Metrics

49. Security

50. @systemcraftsman NODE MASTER Secret Management Container Distributed Store Container Secure

    mechanism for holding sensitive data e.g. Passwords and credentials SSH Keys Certificates Secrets are made available as Environment variables Volume mounts Interaction with external systems

51. @systemcraftsman Certificate Management Check Expiry Redeploy Certs Certificates are used

    to provide secure connections to Master and nodes Router and registry Etcd Ansible playbooks to automate redeployment Redeploy all at once or specific components Certificate expiry report generator MASTER NODES ROUTER REGISTRY ETCD ✓ ✓ ✓ ✓ ✓ Ansible Playbook

52. Persistent Storage

53. @systemcraftsman Persistent Storage NFS GlusterFS OpenStack Cinder Ceph RBD AWS

    EBS GCE Persistent Disk iSCSI Fiber Channel Azure Disk Azure File FlexVolume VMWare vSphere VMDK Container Storage Interface (CSI)** * Shipped and supported by NetApp via TSANet ** Tech Preview NetApp Trident* Persistent Volume (PV) is tied to a piece of network storage Provisioned by an administrator (static or dynamically) Allows admins to describe storage and users to request storage Assigned to pods based on the requested size, access mode, labels and type

54. @systemcraftsman PROJECT POOL OF PERSISTENT VOLUMES Persistent Storage NFSP V

    iSCSI PV NFSP V Admin User register PV create claim NFSP V GlusterFS PV Pod claim Pod claim Pod claim Ceph RBD PV

55. @systemcraftsman Dynamic Volume Provisioning Admin User define StorageClass create claim:

    Fastest Slow Azure-Disk Fast AWS-SSD Fastest NetApp-Flash NetApp Provisioner AWS Provisioner Pod claim PV OpenShift PV Controller provision Azure Provisioner bound

56. Service Brokers

57. @systemcraftsman What Is A Service Broker? SERVICE CONSUMER SERVICE PROVIDER

    SERVICE CATALOG SERVICE BROKER Automated, Standard and Consistent

58. @systemcraftsman Why A Service Broker? SERVICE CONSUMER SERVICE PROVIDER ☑

    Open ticket ☑ Wait for allocation ☑ Receive credentials ☑ Add to app ☑ Deploy app Manual, Time-consuming and Inconsistent

59. @systemcraftsman A multi-vendor project to standardize how services are consumed

    on cloud-native platforms across service providers

60. @systemcraftsman Openshift Service Catalog OPENSHIFT SERVICE CATALOG OpenShift Automation Broker

    OpenShift Template Broker AWS Service Broker Other Service Brokers ANSIBLE OPENSHIFT AWS OTHER COMPATIBLE SERVICES Ansible Playbook Bundles OpenShift Templates AWS Services Other Services

61. Operator Framework

62. @systemcraftsman Kubernetes Operator Framework Operator Framework is an open source

    toolkit to manage application instances on Kubernetes in an effective, automated and scalable way. Installation Upgrade Backup Failure recovery Metrics & insights Tuning AUTOMATED LIFECYCLE MANAGEMENT

63. @systemcraftsman Operators codify operational knowledge and workflows to automate lifecycle

    management of containerized applications with Kubernetes SDK LIFECYCLE MANAGEMENT METERING Kubernetes Operator Framework

64. @systemcraftsman Why Operator Framework? DEVELOPER DEPLOY STATEFUL APP A WHILE

    LATER APP SERVICES OPERATIONS UPDATE PATCH BACKUP REBALANCE SCALE DEPLOY STATEFUL APP UPDATE PATCH BACKUP REBALANCE SCALE APP OPERATOR DEVELOPER

65. @systemcraftsman Operator Lifecycle Manager

66. @systemcraftsman Operator Metering Based on Prometheus Reports namespace, pods and

    custom label query Easy to process by accounting or custom software

67. Build and Deploy Container Images

68. @systemcraftsman DEPLOY YOUR SOURCE CODE DEPLOY YOUR CONTAINER IMAGE DEPLOY

    YOUR APP BINARY Build and Deploy Container Images

69. @systemcraftsman Deploy Source Code With Source-to-Image (S2I) Git Repository BUILD

    APP (OpenShift) Developer code Source-to-Image (S2I) Builder Image Image Registry BUILD IMAGE (OpenShift) DEPLOY (OpenShift) deploy Application Container OpenShift Does User/Tool Does

70. @systemcraftsman Application Binary (e.g. WAR) BUILD APP (Build Infra) Existing

    Build Process build Source-to-Image (S2I) Builder Image Image Registry BUILD IMAGE (OpenShift) DEPLOY (OpenShift) deploy Application Container OpenShift Does User/Tool Does Deploy App Binary With Source-to-Image (S2I)

71. @systemcraftsman DEPLOY (OpenShift) Deploy Docker Image build Application Container deploy

    Application Image Image Registry BUILD IMAGE (Build Infra) Existing Image Build Process PUSH (Build Infra) OpenShift Does User/Tool Does

72. @systemcraftsman BUILD STAGE 3 BUILD STAGE 2 BUILD STAGE 1

    Build Images in Multiple Stages

73. CI/CD

74. @systemcraftsman Continuous Delivery with Containers source repository CI/CD engine dev

    container physical virtual private cloud public cloud

75. @systemcraftsman CI/CD with Builds and Deployments BUILDS Webhook triggers: build

    the app image whenever the code changes Image trigger: build the app image whenever the base language or app runtime changes Build hooks: test the app image before pushing it to an image registry DEPLOYMENTS

76. @systemcraftsman Openshift Loves CI/CD JENKINS-AS-A SERVICE ON OPENSHIFT HYBRID JENKINS

    INFRA WITH OPENSHIFT EXISTING CI/CD DEPLOY TO OPENSHIFT

77. @systemcraftsman JENKINS-AS-A-SERVICE ON OPENSHIFT Plugins Jobs Configuration Jenkins (S2I) Custom

    Jenkins Image Jenkins Image Certified Jenkins images with pre-configured plugins Provided out-of-the-box Follows Jenkins 1.x and 2.x LTS versions Jenkins S2I Builder for customizing the image Install Plugins Configure Jenkins Configure Build Jobs OpenShift plugins to integrate authentication with OpenShift and also CI/CD pipelines Dynamically deploys Jenkins slave containers

78. @systemcraftsman HYBRID JENKINS INFRA WITH OPENSHIFT OPENSHIFT APP APP run

    job JENKINS SLAVE Run Job JENKINS SLAVE Run Job build JENKINS MASTER deploy Scale existing Jenkins infrastructure by dynamically provisioning Jenkins slaves on OpenShift Use Kubernetes plug-in on existing Jenkin servers

79. @systemcraftsman EXISTING CI/CD DEPLOY TO OPENSHIFT OPENSHIFT APP EXISTING CI/CD

    INFRA Jenkins, Bamboo, TeamCity, etc APP build deploy S2I Build run job Existing CI/CD infrastructure outside OpenShift performs operations against OpenShift OpenShift Pipeline Jenkins Plugin for Jenkins OpenShift CLI for integrating other CI Engines with OpenShift Without disrupting existing processes, can be combined with previous alternative

80. @systemcraftsman OPENSHIFT PIPELINES apiVersion: v1 kind: BuildConfig metadata: name: app-pipeline

    spec: strategy: type: JenkinsPipeline jenkinsPipelineStrategy: jenkinsfile: |- node('maven') { stage('build app') { git url: 'https://git/app.git' sh "mvn package" } stage('build image') { sh "oc start-build app --from-file=target/app.jar } stage('deploy') { openshiftDeploy deploymentConfig: 'app' } } Provision a Jenkins slave for running Maven OpenShift Pipelines allow defining a CI/CD workflow via a Jenkins pipeline which can be started, monitored, and managed similar to other builds Dynamic provisioning of Jenkins slaves Auto-provisioning of Jenkins server OpenShift Pipeline strategies Embedded Jenkinsfile Jenkinsfile from a Git repository

81. @systemcraftsman OpenShift Pipelines in Web Console

82. @systemcraftsman Continuous Delivery Pipeline OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER DEVELOPER

    GIT SERVER ARTIFACT REPOSITORY OPENSHIFT CI/CD PIPELINE (JENKINS) IMAGE BUILD & DEPLOY OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER NON-PROD PROD DEV

83. @systemcraftsman OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER DEVELOPER GIT SERVER ARTIFACT

    REPOSITORY OPENSHIFT CI/CD PIPELINE (JENKINS) IMAGE BUILD & DEPLOY OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER PROMOTE TO TEST NON-PROD PROD DEV TEST Continuous Delivery Pipeline

84. @systemcraftsman OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER DEVELOPER GIT SERVER ARTIFACT

    REPOSITORY OPENSHIFT CI/CD PIPELINE (JENKINS) IMAGE BUILD & DEPLOY OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER PROMOTE TO TEST PROMOTE TO UAT NON-PROD PROD DEV TEST UAT Continuous Delivery Pipeline

85. @systemcraftsman ServiceNow JIRA Service Desk Zendeks BMC Remedy OPENSHIFT IMAGE

    REGISTRY OPENSHIFT CLUSTER DEVELOPER GIT SERVER ARTIFACT REPOSITORY OPENSHIFT CI/CD PIPELINE (JENKINS) IMAGE BUILD & DEPLOY OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER GO LIVE? PROMOTE TO TEST PROMOTE TO UAT RELEASE MANAGER NON-PROD PROD ☒ ☑ DEV TEST UAT Continuous Delivery Pipeline

86. @systemcraftsman OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER GIT SERVER ARTIFACT REPOSITORY

    OPENSHIFT CI/CD PIPELINE (JENKINS) IMAGE BUILD & DEPLOY OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER GO LIVE? PROMOTE TO TEST PROMOTE TO UAT PROMOTE TO PROD RELEASE MANAGER NON-PROD PROD DEV TEST UAT ☒ ☑ DEVELOPER Continuous Delivery Pipeline

87. Application Services

88. @systemcraftsman CrunchyData GitLab Iron.io Couchbase Sonatype EnterpriseDB NuoDB Fujitsu and

    many more ...and virtually any docker image out there! True Polyglot Platform PHP Python Java NodeJS Perl Ruby .NET Core Apache HTTP Server MySQL Redis nginx Tomcat Varnish JBoss EAP JBoss A-MQ JBoss Fuse JBoss BRMS JBoss BPMS JBoss Data Grid JBoss Data Virt RH Mobile RH SSO 3SCALE API mgmt JBoss Web Server Spring Boot Wildfly Swarm Vert.x PostgreSQL MongoDB Phusion Passenger Third-party Language Runtimes Third-party Databases Third-party App Runtimes Third-party Middleware Third-party Middleware LANGUAGES DATABASES WEB SERVERS MIDDLEWARE

89. OPENSHIFT TECHNICAL OVERVIEW 89 Modern, Cloud-Native Application Runtimes and an

    Opinionated Developer Experience OPENSHIFT SUPPORTED RUNTIMES Eclipse Vert.x WildFly Swarm Node.js LAUNCH Spring Boot JBoss EAP

90. Openshift Service Mesh Tech Preview available

91. @systemcraftsman The Need For a Service Mesh SERVICE MESH SOLVES

    THE CHALLENGES OF: • Ensuring reliability • Troubleshooting • Performance • Security • Dynamic topology USE CASE: Difficulty identifying root cause of performance issues DISTRIBUTED TRACING provides service dependency analysis for different microservices and tracking for requests traced through multiple microservices. It also identifies performance bottlenecks and calls out particular requests, identifying the cause to the latency of a request or the service that created an error.

92. @systemcraftsman Microservices Without Istio Container JVM service A discovery load-balancer

    resiliency metrics tracing app logic JVM service B discovery load-balancer resiliency metrics tracing app logic Container JVM service C discovery load-balancer resiliency metrics tracing app logic

93. @systemcraftsman Microservices With Istio Container JVM service C app logic

    Pod Sidecar Container Envoy Container JVM service A app logic Pod Sidecar Container Envoy Container JVM service B app logic Pod Sidecar Container Envoy

94. @systemcraftsman Openshift Service Mesh Istio - Jaeger discovery resiliency metrics

    tracing OpenShift App Container Pod Sidecar Container Envoy Pod Sidecar Container Envoy App Container Sidecar Container Envoy App Container load-balancer

95. @systemcraftsman Openshift Service Mesh Making service-to-service communication safe, performant, and

    reliable OBSERVABILITY POLICY ENFORCEMENT SERVICE IDENTITY & SECURITY TRAFFIC MANAGEMENT DIST. TRANSACTION MONITORING SERVICE DEPENDENCY ANALYSIS ROOT CAUSE ANALYSIS DISTRIBUTED CONTEXT PROPAGATION PERFORMANCE / LATENCY OPTIMIZATION ISTIO JAEGER DISTRIBUTED TRACING CONFIGURATION VALIDATION METRICS COLLECTION AND GRAPHS SERVICE GRAPH REPRESENTATION SERVICE DISCOVERY & HEALTH COMPUTATION KIALI

96. @systemcraftsman Release Details • Supported distribution of Istio, Jaeger, Kiali,

    Prometheus, and Grafana • Upstream project called Maistra • Integrated with Red Hat OpenShift Application Runtimes (RHOAR) • OpenShift Service Mesh comes included with any OCP subscription September • Istio and Jaeger • Istio Operator for install/uninstall • Installation docs TP 1 October • Kiali added TP 2 • Full support on OpenShift 4.0 • Istio Operator for updates GA Q1 CY19 TP releases every few weeks TP N TP 4 TP 3 OPENSHIFT SERVICE MESH

97. Resources

98. @systemcraftsman learn.openshift.com Interactive Learning Scenarios provide you with a pre-configured

    OpenShift instance, accessible from your browser without any downloads or configuration.

99. @systemcraftsman developers.redhat.com

100. @systemcraftsman

101. THANK YOU