Enterprise Kubernetes: Openshift Container Platform

Transcript

1. Enterprise Kubernetes:
   Openshift Container Platform
   M. Aykut Bulgu
   Technology Consultant, Software Architect
   @systemcraftsman
   

   View Slide

2. @systemcraftsman
   Who am I ?
   Was a child in the end of 80’s and beginning of 90’s
   Married, has a daugther
   Tech lover
   Has been working for about 12 years in software/tech industry
   Fond of Software Craftsmanship
   Co-organiser of ScTurkey Community
   Works as a Red Hatter; a Middleware Consultant
   

   View Slide

3. An Overall History &
   Why Openshift
   

   View Slide

4. @systemcraftsman
   https://www.slideshare.net/egg9/kubernetes-introduction
   A Brief Kubernetes History
   

   View Slide

5. @systemcraftsman
   Jul 2014
   Red Hat contributions start
   https://www.slideshare.net/egg9/kubernetes-introduction
   A Brief Kubernetes History
   

   View Slide

6. @systemcraftsman
   #1 - Google - 41,649
   #2 - Red Hat - 14,410
   #6 - IBM - 1230
   #9 - CoreOS - 964*
   #10 - Microsoft - 728
   #13 - VMware - 433
   #15 - Intel - 400
   #23 - Cisco - 192
   #26 - Pivotal - 141
   #41 - Oracle - 36
   #56 - Docker - 14
   Amazon/AWS - ?
   * Most CoreOS commits were done using personal email
   addresses (Independent)
   http://stackalytics.com/?metric=commits&project_type=kubernetes-group&release=all
   Kubernetes Project Contributions
   

   View Slide

7. @systemcraftsman
   Red Hat Contributions to Kubernetes
   Operators Framework | ClusterRole Aggregation |
   RBAC Authorization | Stateful Sets | Init Containers | Rolling Update Status |
   Pod Security Policy Limits | Memory based Pod Eviction | Quota Controlled
   Services | 1,000+ Nodes | Dynamic PV Provisioning | Multiple Schedulers |
   SECCOMP | Audit | Job Scheduler | Access Review API | Whitelisting Sysctls |
   Secure Cluster Policy | Evict Pods Disk IO | Storage Classes | Azure Data Disk
   | etcdv3 | RBAC API | Auth to kubelet API | Pod-level cGroups QoS | Kublet
   Eviction Model | RBAC | Storage Class | CustomResourceDefinitions | API
   Aggregation | Encrypted secrets in etcd | Limit Node Access | HPA Status
   Conditions | Network Policy | CRI Validation Test Suite | Local Persistent
   Storage | Audit Logging |
   

   View Slide

8. @systemcraftsman
   A Brief History of Openshift
   Openshift v2 - Announced in 2013
   Red Hat Contribution to K8s started in 2014
   Openshift v3 dev. Preview is announced in 2016
   Openshift v3.0 is announced in 2017 (end of v2)
   

   View Slide

9. 9
   How Do We Deliver OpenShift?
   CONTAINER PLATFORM
   DEDICATED
   ONLINE
   Integrate OSS projects
   Partner integration platform
   No-cost validations for innovation
   Community Distribution of Kubernetes
   100+ Integrations
   Align time with OSS trunk
   

   View Slide

10. @systemcraftsman
    Security fixes
    100s of defect and performance fixes
    200+ validated integrations
    Middleware integrations
    (container images, storage, networking, cloud services, etc)
    9 year enterprise lifecycle management
    Certified Kubernetes
    Kubernetes
    Release
    OpenShift
    Release
    1-3 months
    hardening
    Openshift Is Kubernetes For The Enterprise
    

    View Slide

11. @systemcraftsman
    ~250
    Bugs Fixed
    ~190
    Bugs Fixed
    ~30
    Bugs Fixed
    Between
    K8s 1.* and
    Openshift 3.*
    Between
    Openshift 3.* and
    3.*.33
    Since
    3.*.33
    Openshift Is Kubernetes For The Enterprise
    

    View Slide

12. @systemcraftsman
    Requires a Linux operating system
    Requires a Container Runtime (CRI-O, Containerd, Docker, etc)
    Requires image registry
    Requires software defined networking
    Requires load‐balancer and routing
    Requires log management
    Requires container metrics and monitoring
    OpenShift includes all these components fully integrated and fully tested as part of the platform.
    Why Kubernetes Is Not Enough
    For The Enterprise
    

    View Slide

13. @systemcraftsman
    Container Infrastructure and Management
    Kubernetes OKD* OpenShift
    Multi-host container scheduling ✔ ✔ ✔
    Self-service provisioning ✔ ✔ ✔
    Service discovery ✔ ✔ ✔
    Enterprise Linux operating system ✔
    Image registry ✔ ✔
    Validated storage plugins ✔ ✔
    Networking and validated networking plugins ✔ ✔
    Log aggregation and monitoring ✔ ✔
    Multi-tenancy ✔ ✔
    Metering and chargeback ✔
    * OKD is the open source project formerly known as OpenShift Origin
    

    View Slide

14. @systemcraftsman
    Developer Experience
    Kubernetes OKD* OpenShift
    Automated image builds
    No developer or
    application services
    ✔ ✔
    CI/CD workflows and pipelines ✔ ✔
    Certified application services ✔
    Certified middleware ✔
    Certified databases ✔
    200+ certified ISV solutions ✔
    * OKD is the open source project formerly known as OpenShift Origin
    

    View Slide

15. @systemcraftsman
    Enterprise Support and Community
    Kubernetes OKD OpenShift
    Community forums and resources ✔ ✔ ✔
    Zero downtime patching and upgrades ✔
    Enterprise 24/7 support ✔
    9 year support lifecycle ✔
    Security response team ✔
    External review: 10 most important differences between OpenShift and Kubernetes
    

    View Slide

16. @systemcraftsman
    That’s Why:
    

    View Slide

17. @systemcraftsman
    Kubernetes is a project, Openshift is a product
    That’s Why:
    

    View Slide

18. Myths
    

    View Slide

19. @systemcraftsman
    Myth: Openshift Is Too Far Behind K8s OSS
    

    View Slide

20. @systemcraftsman
    Myth: Openshift Is Too Heavy | It’s a PaaS
    KUBERNETES
    RED HAT ENTERPRISE LINUX | RED HAT COREOS
    SDN NETWORKING STORAGE LOGGING MONITORING
    CI/CD PIPELINES SERVICE CATALOG
    CONTAINER REGISTRY SECURITY | AUTH OPS CONSOLE
    BARE METAL VIRTUAL PRIVATE PUBLIC
    SERVICE BROKERS | ANSIBLE | AWS | AZURE | GCP
    CLOUD-NATIVE
    AI / ML
    BIG DATA
    IOT SERVERLESS
    OPERATOR LIFECYCLE MANAGER | PLATFORM | APPLICATIONS
    RED HAT MIDDLEWARE SERVICES
    TRADITIONAL WINDOWS
    ISTIO - SERVICE MESH
    CONTAINERS
    AS A SERVICE
    (CaaS)
    PLATFORM
    AS A SERVICE
    (PaaS)
    [OPTIONAL TO USE]
    

    View Slide

21. Openshift Architecture
    

    View Slide

22. @systemcraftsman
    Automated Operations
    Kubernetes
    Red Hat Enterprise Linux or Red Hat CoreOS
    Application
    Services
    CaaS PaaS
    Best IT Ops Experience Best Developer Experience
    Cluster
    Services
    Developer
    Services
    Middleware, Service Mesh, Functions, ISV Metrics, Chargeback, Registry, Logging Dev Tools, Automated Builds, CI/CD, IDE
    Openshift Container Platform
    

    View Slide

23. @systemcraftsman
    EXISTING
    AUTOMATION
    TOOLSETS
    SCM
    (GIT)
    CI/CD
    SERVICE LAYER
    ROUTING LAYER
    PERSISTENT
    STORAGE
    REGISTRY
    RHEL
    NODE
    c
    RHEL
    NODE
    RHEL
    NODE
    RHEL
    NODE
    RHEL
    NODE
    RHEL
    NODE
    C
    C
    C C
    C
    C
    C C
    C C
    RED HAT
    ENTERPRISE LINUX
    MASTER
    API/AUTHENTICATION
    DATA STORE
    SCHEDULER
    HEALTH/SCALING
    PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
    Openshift Architecture
    

    View Slide

24. @systemcraftsman
    Openshift Architecture
    https://medium.com/levvel-consulting/the-differences-between-kubernetes-and-openshift-ae778059a90e
    

    View Slide

25. @systemcraftsman
    Openshift Architecture
    https://medium.com/levvel-consulting/the-differences-between-kubernetes-and-openshift-ae778059a90e
    

    View Slide

26. Openshift Installation Architectures
    

    View Slide

27. @systemcraftsman
    Proof-of-Concept Architecture
    Application
    Traffic
    Dev and Ops
    User
    INFRA
    MASTER
    NODE NODE
    An infrastructure node is a node that is dedicated to infrastructure
    pods such as router, image registry, metrics, and logs
    

    View Slide

28. @systemcraftsman
    App High-Availability Architecture
    ENTERPRISE
    LOAD-BALANCER
    Application
    Traffic
    Dev and Ops
    User
    INFRA
    MASTER INFRA
    NODE NODE NODE NODE
    

    View Slide

29. @systemcraftsman
    Full High-Availability Architecture
    ENTERPRISE LOAD-BALANCER
    Application
    Traffic
    Dev and Ops
    User
    NODE
    MASTER MASTER INFRA
    MASTER INFRA
    NODE NODE NODE NODE
    NODE
    INFRA
    NODE
    

    View Slide

30. Technical Deep Dive
    

    View Slide

31. Application Health
    

    View Slide

32. @systemcraftsman
    Auto-Healing Failed Pods
    RHEL
    NODE
    RHEL
    NODE
    c
    RHEL
    NODE
    RHEL
    NODE
    c
    RHEL
    NODE
    C
    C
    RHEL
    NODE
    C
    C
    RED HAT
    ENTERPRISE LINUX
    MASTER
    API/AUTHENTICATION
    DATA STORE
    SCHEDULER
    HEALTH/SCALING
    C
    

    View Slide

33. @systemcraftsman
    RHEL
    NODE
    RHEL
    NODE
    c
    RHEL
    NODE
    RHEL
    NODE
    c
    RHEL
    NODE
    C
    C
    RHEL
    NODE
    C
    C
    RED HAT
    ENTERPRISE LINUX
    MASTER
    API/AUTHENTICATION
    DATA STORE
    SCHEDULER
    HEALTH/SCALING
    C
    Auto-Healing Failed Pods
    

    View Slide

34. @systemcraftsman
    RHEL
    NODE
    RHEL
    NODE
    c
    RHEL
    NODE
    RHEL
    NODE
    c
    RHEL
    NODE
    C
    C
    RHEL
    NODE
    C
    C
    RED HAT
    ENTERPRISE LINUX
    MASTER
    API/AUTHENTICATION
    DATA STORE
    SCHEDULER
    HEALTH/SCALING
    C
    Auto-Healing Failed Pods
    

    View Slide

35. @systemcraftsman
    RHEL
    NODE
    RHEL
    NODE
    c
    RHEL
    NODE
    RHEL
    NODE
    c
    RHEL
    NODE
    C
    C
    RHEL
    NODE
    C
    C
    RED HAT
    ENTERPRISE LINUX
    MASTER
    API/AUTHENTICATION
    DATA STORE
    SCHEDULER
    HEALTH/SCALING
    C
    Auto-Healing Failed Containers
    

    View Slide

36. @systemcraftsman
    RHEL
    NODE
    RHEL
    NODE
    c
    RHEL
    NODE
    RHEL
    NODE
    c
    RHEL
    NODE
    C
    C
    RHEL
    NODE
    C
    C
    RED HAT
    ENTERPRISE LINUX
    MASTER
    API/AUTHENTICATION
    DATA STORE
    SCHEDULER
    HEALTH/SCALING
    C
    Auto-Healing Failed Containers
    

    View Slide

37. @systemcraftsman
    RHEL
    NODE
    RHEL
    NODE
    RHEL
    NODE
    RHEL
    NODE
    C
    C
    RHEL
    NODE
    C
    C
    c
    RED HAT
    ENTERPRISE LINUX
    MASTER
    API/AUTHENTICATION
    DATA STORE
    SCHEDULER
    HEALTH/SCALING
    C
    c
    Auto-Healing Failed Containers
    

    View Slide

38. Routing
    

    View Slide

39. @systemcraftsman
    Built-in Service Discovery
    Internal Load-Balancing
    SERVICE
    app=payroll role=frontend
    POD
    app=payroll
    role=frontend
    POD
    app=payroll
    role=frontend
    Name: payroll-frontend
    IP: 172.10.1.23
    Port: 8080
    POD
    app=payroll
    role=backend
    version=1.0 version=1.0
    

    View Slide

40. @systemcraftsman
    SERVICE
    app=payroll role=frontend
    POD
    app=payroll
    role=frontend
    POD
    app=payroll
    role=frontend
    Name: payroll-frontend
    IP: 172.10.1.23
    Port: 8080
    POD
    app=payroll
    role=backend
    version=2.0 version=1.0
    POD
    app=payroll
    role=frontend
    version=1.0
    Built-in Service Discovery
    Internal Load-Balancing
    

    View Slide

41. @systemcraftsman
    SERVICE
    POD POD
    ROUTER
    POD
    EXTERNAL TRAFFIC
    INTERNAL TRAFFIC
    Route Exposes Services Externally
    

    View Slide

42. @systemcraftsman
    ROUTING AND EXTERNAL LOAD-BALANCING
    Pluggable routing architecture
    HAProxy Router
    F5 Router
    Multiple-routers with traffic sharding
    Router supported protocols
    HTTP/HTTPS
    WebSockets
    TLS with SNI
    Non-standard ports via cloud load-balancers, external IP, and NodePort
    

    View Slide

43. @systemcraftsman
    ROUTE SPLIT TRAFFIC
    SERVICE A
    App A App A
    SERVICE B
    App B App B
    ROUTE
    10% traffic
    90% traffic
    Split Traffic Between
    Multiple Services For
    A/B Testing,
    Blue/Green and
    Canary Deployments
    

    View Slide

44. Logging & Metrics
    

    View Slide

45. @systemcraftsman
    Central Log Management with EFK
    EFK stack to aggregate logs for hosts and applications
    Elasticsearch:
    a search and analytics engine to
    store logs
    Fluentd:
    gathers logs and sends to
    Elasticsearch.
    Kibana:
    A web UI for Elasticsearch.
    

    View Slide

46. @systemcraftsman
    APPLICATION LOGS
    OPERATION LOGS
    ELASTIC
    ELASTIC
    RHEL
    NODE
    POD POD
    POD
    POD
    FLUENTD
    RHEL
    NODE
    POD POD
    POD
    POD
    FLUENTD
    ELASTICSEARCH
    RHEL
    NODE
    POD POD
    POD
    POD
    FLUENTD
    USER
    ELASTIC
    ELASTIC
    KIBANA
    ELASTIC
    ELASTIC
    ELASTICSEARCH
    ELASTIC
    ELASTIC
    KIBANA
    ADMIN
    Central Log Management with EFK
    

    View Slide

47. @systemcraftsman
    CONTAINER METRICS
    RHEL
    NODE
    POD POD
    POD
    POD
    FLUENTD
    Container Metrics
    RHEL
    NODE
    POD POD
    POD
    POD
    FLUENTD
    HEAPSTER
    RHEL
    NODE
    POD POD
    POD
    POD
    CADVISOR
    HAWKULAR
    OPENSHIFT
    WEB CONSOLE
    ELASTIC
    ELASTIC
    CASSANDRA
    RED HAT
    CLOUDFORMS
    CUSTOM
    DASHBOARDS
    API
    USER
    

    View Slide

48. @systemcraftsman
    Container Metrics
    

    View Slide

49. Security
    

    View Slide

50. @systemcraftsman
    NODE
    MASTER
    Secret Management
    Container
    Distributed Store
    Container
    Secure mechanism for holding sensitive data e.g.
    Passwords and credentials
    SSH Keys
    Certificates
    Secrets are made available as
    Environment variables
    Volume mounts
    Interaction with external systems
    

    View Slide

51. @systemcraftsman
    Certificate Management
    Check
    Expiry
    Redeploy
    Certs
    Certificates are used to provide secure connections
    to
    Master and nodes
    Router and registry
    Etcd
    Ansible playbooks to automate redeployment
    Redeploy all at once or specific components
    Certificate expiry report generator
    MASTER
    NODES
    ROUTER
    REGISTRY
    ETCD
    ✓
    ✓
    ✓
    ✓
    ✓
    Ansible
    Playbook
    

    View Slide

52. Persistent Storage
    

    View Slide

53. @systemcraftsman
    Persistent Storage
    NFS
    GlusterFS
    OpenStack Cinder
    Ceph RBD
    AWS EBS
    GCE Persistent
    Disk
    iSCSI
    Fiber Channel
    Azure Disk
    Azure File
    FlexVolume
    VMWare
    vSphere VMDK
    Container Storage
    Interface (CSI)**
    * Shipped and supported by NetApp via TSANet
    ** Tech Preview
    NetApp Trident*
    Persistent Volume (PV) is tied to a piece of network storage
    Provisioned by an administrator (static or dynamically)
    Allows admins to describe storage and users to request storage
    Assigned to pods based on the requested size, access mode, labels and type
    

    View Slide

54. @systemcraftsman
    PROJECT
    POOL OF PERSISTENT VOLUMES
    Persistent Storage
    NFSP
    V
    iSCSI
    PV
    NFSP
    V
    Admin
    User
    register PV
    create claim
    NFSP
    V
    GlusterFS
    PV
    Pod
    claim
    Pod
    claim
    Pod
    claim
    Ceph
    RBD
    PV
    

    View Slide

55. @systemcraftsman
    Dynamic Volume Provisioning
    Admin
    User
    define StorageClass
    create claim: Fastest
    Slow
    Azure-Disk
    Fast
    AWS-SSD
    Fastest
    NetApp-Flash
    NetApp
    Provisioner
    AWS
    Provisioner
    Pod
    claim
    PV
    OpenShift
    PV Controller
    provision
    Azure
    Provisioner
    bound
    

    View Slide

56. Service Brokers
    

    View Slide

57. @systemcraftsman
    What Is A Service Broker?
    SERVICE
    CONSUMER
    SERVICE
    PROVIDER
    SERVICE
    CATALOG
    SERVICE
    BROKER
    Automated, Standard and Consistent
    

    View Slide

58. @systemcraftsman
    Why A Service Broker?
    SERVICE
    CONSUMER
    SERVICE
    PROVIDER
    ☑ Open ticket
    ☑ Wait for allocation
    ☑ Receive credentials
    ☑ Add to app
    ☑ Deploy app
    Manual, Time-consuming and Inconsistent
    

    View Slide

59. @systemcraftsman
    A multi-vendor project to
    standardize how services
    are consumed on
    cloud-native platforms
    across service providers
    

    View Slide

60. @systemcraftsman
    Openshift Service Catalog
    OPENSHIFT SERVICE CATALOG
    OpenShift
    Automation
    Broker
    OpenShift
    Template
    Broker
    AWS
    Service
    Broker
    Other
    Service
    Brokers
    ANSIBLE
    OPENSHIFT
    AWS
    OTHER COMPATIBLE SERVICES
    Ansible
    Playbook
    Bundles
    OpenShift
    Templates
    AWS
    Services
    Other
    Services
    

    View Slide

61. Operator Framework
    

    View Slide

62. @systemcraftsman
    Kubernetes Operator Framework
    Operator Framework is an open source toolkit to manage application instances on
    Kubernetes in an effective, automated and scalable way.
    Installation Upgrade Backup
    Failure
    recovery
    Metrics
    & insights
    Tuning
    AUTOMATED LIFECYCLE MANAGEMENT
    

    View Slide

63. @systemcraftsman
    Operators codify operational
    knowledge and workflows to
    automate lifecycle management
    of containerized applications
    with Kubernetes
    SDK LIFECYCLE
    MANAGEMENT
    METERING
    Kubernetes Operator Framework
    

    View Slide

64. @systemcraftsman
    Why Operator Framework?
    DEVELOPER
    DEPLOY
    STATEFUL APP
    A WHILE
    LATER
    APP SERVICES
    OPERATIONS
    UPDATE
    PATCH
    BACKUP
    REBALANCE
    SCALE
    DEPLOY
    STATEFUL APP
    UPDATE
    PATCH
    BACKUP
    REBALANCE
    SCALE
    APP
    OPERATOR
    DEVELOPER
    

    View Slide

65. @systemcraftsman
    Operator Lifecycle Manager
    

    View Slide

66. @systemcraftsman
    Operator Metering
    Based on Prometheus
    Reports namespace, pods and
    custom label query
    Easy to process by accounting or
    custom software
    

    View Slide

67. Build and Deploy Container Images
    

    View Slide

68. @systemcraftsman
    DEPLOY YOUR
    SOURCE CODE
    DEPLOY YOUR
    CONTAINER IMAGE
    DEPLOY YOUR
    APP BINARY
    Build and Deploy Container Images
    

    View Slide

69. @systemcraftsman
    Deploy Source Code With Source-to-Image (S2I)
    Git
    Repository
    BUILD APP
    (OpenShift)
    Developer
    code
    Source-to-Image
    (S2I)
    Builder
    Image
    Image
    Registry
    BUILD IMAGE
    (OpenShift)
    DEPLOY
    (OpenShift)
    deploy
    Application
    Container
    OpenShift Does
    User/Tool Does
    

    View Slide

70. @systemcraftsman
    Application
    Binary
    (e.g. WAR)
    BUILD APP
    (Build Infra) Existing Build
    Process
    build
    Source-to-Image
    (S2I)
    Builder
    Image
    Image
    Registry
    BUILD IMAGE
    (OpenShift)
    DEPLOY
    (OpenShift)
    deploy
    Application
    Container
    OpenShift Does
    User/Tool Does
    Deploy App Binary With Source-to-Image (S2I)
    

    View Slide

71. @systemcraftsman
    DEPLOY
    (OpenShift)
    Deploy Docker Image
    build
    Application
    Container
    deploy
    Application
    Image
    Image
    Registry
    BUILD IMAGE
    (Build Infra) Existing Image
    Build Process
    PUSH
    (Build Infra)
    OpenShift Does
    User/Tool Does
    

    View Slide

72. @systemcraftsman
    BUILD STAGE 3
    BUILD STAGE 2
    BUILD STAGE 1
    Build Images in Multiple Stages
    

    View Slide

73. CI/CD
    

    View Slide

74. @systemcraftsman
    Continuous Delivery with Containers
    source
    repository
    CI/CD
    engine
    dev container
    physical
    virtual
    private cloud
    public cloud
    

    View Slide

75. @systemcraftsman
    CI/CD with Builds and Deployments
    BUILDS
    Webhook triggers: build the app image whenever the code changes
    Image trigger: build the app image whenever the base language or app
    runtime changes
    Build hooks: test the app image before pushing it to an image registry
    DEPLOYMENTS
    

    View Slide

76. @systemcraftsman
    Openshift Loves CI/CD
    JENKINS-AS-A SERVICE
    ON OPENSHIFT
    HYBRID JENKINS INFRA
    WITH OPENSHIFT
    EXISTING CI/CD
    DEPLOY TO OPENSHIFT
    

    View Slide

77. @systemcraftsman
    JENKINS-AS-A-SERVICE ON OPENSHIFT
    Plugins
    Jobs
    Configuration
    Jenkins
    (S2I)
    Custom
    Jenkins
    Image
    Jenkins
    Image
    Certified Jenkins images with pre-configured plugins
    Provided out-of-the-box
    Follows Jenkins 1.x and 2.x LTS versions
    Jenkins S2I Builder for customizing the image
    Install Plugins
    Configure Jenkins
    Configure Build Jobs
    OpenShift plugins to integrate authentication with OpenShift and also
    CI/CD pipelines
    Dynamically deploys Jenkins slave containers
    

    View Slide

78. @systemcraftsman
    HYBRID JENKINS INFRA WITH OPENSHIFT
    OPENSHIFT
    APP APP
    run job
    JENKINS
    SLAVE
    Run Job
    JENKINS
    SLAVE
    Run Job
    build
    JENKINS
    MASTER
    deploy
    Scale existing Jenkins infrastructure by dynamically provisioning Jenkins slaves on
    OpenShift
    Use Kubernetes plug-in on existing Jenkin servers
    

    View Slide

79. @systemcraftsman
    EXISTING CI/CD DEPLOY TO OPENSHIFT
    OPENSHIFT
    APP
    EXISTING
    CI/CD INFRA
    Jenkins, Bamboo,
    TeamCity, etc
    APP
    build
    deploy
    S2I
    Build
    run job
    Existing CI/CD infrastructure outside OpenShift performs operations against OpenShift
    OpenShift Pipeline Jenkins Plugin for Jenkins
    OpenShift CLI for integrating other CI Engines with OpenShift
    Without disrupting existing processes, can be combined with previous alternative
    

    View Slide

80. @systemcraftsman
    OPENSHIFT PIPELINES
    apiVersion: v1
    kind: BuildConfig
    metadata:
    name: app-pipeline
    spec:
    strategy:
    type: JenkinsPipeline
    jenkinsPipelineStrategy:
    jenkinsfile: |-
    node('maven') {
    stage('build app') {
    git url: 'https://git/app.git'
    sh "mvn package"
    }
    stage('build image') {
    sh "oc start-build app --from-file=target/app.jar
    }
    stage('deploy') {
    openshiftDeploy deploymentConfig: 'app'
    }
    }
    Provision a
    Jenkins slave for
    running Maven
    OpenShift Pipelines allow defining a CI/CD
    workflow via a Jenkins pipeline which can be
    started, monitored, and managed similar to other
    builds
    Dynamic provisioning of Jenkins slaves
    Auto-provisioning of Jenkins server
    OpenShift Pipeline strategies
    Embedded Jenkinsfile
    Jenkinsfile from a Git repository
    

    View Slide

81. @systemcraftsman
    OpenShift
    Pipelines in
    Web Console
    

    View Slide

82. @systemcraftsman
    Continuous Delivery Pipeline
    OPENSHIFT
    IMAGE
    REGISTRY
    OPENSHIFT
    CLUSTER
    DEVELOPER GIT SERVER ARTIFACT REPOSITORY
    OPENSHIFT
    CI/CD PIPELINE
    (JENKINS)
    IMAGE BUILD
    & DEPLOY
    OPENSHIFT
    IMAGE
    REGISTRY
    OPENSHIFT
    CLUSTER
    NON-PROD PROD
    DEV
    

    View Slide

83. @systemcraftsman
    OPENSHIFT
    IMAGE
    REGISTRY
    OPENSHIFT
    CLUSTER
    DEVELOPER GIT SERVER ARTIFACT REPOSITORY
    OPENSHIFT
    CI/CD PIPELINE
    (JENKINS)
    IMAGE BUILD
    & DEPLOY
    OPENSHIFT
    IMAGE
    REGISTRY
    OPENSHIFT
    CLUSTER
    PROMOTE
    TO TEST
    NON-PROD PROD
    DEV TEST
    Continuous Delivery Pipeline
    

    View Slide

84. @systemcraftsman
    OPENSHIFT
    IMAGE
    REGISTRY
    OPENSHIFT
    CLUSTER
    DEVELOPER GIT SERVER ARTIFACT REPOSITORY
    OPENSHIFT
    CI/CD PIPELINE
    (JENKINS)
    IMAGE BUILD
    & DEPLOY
    OPENSHIFT
    IMAGE
    REGISTRY
    OPENSHIFT
    CLUSTER
    PROMOTE
    TO TEST
    PROMOTE
    TO UAT
    NON-PROD PROD
    DEV TEST UAT
    Continuous Delivery Pipeline
    

    View Slide

85. @systemcraftsman
    ServiceNow
    JIRA Service Desk
    Zendeks
    BMC Remedy
    OPENSHIFT
    IMAGE
    REGISTRY
    OPENSHIFT
    CLUSTER
    DEVELOPER GIT SERVER ARTIFACT REPOSITORY
    OPENSHIFT
    CI/CD PIPELINE
    (JENKINS)
    IMAGE BUILD
    & DEPLOY
    OPENSHIFT
    IMAGE
    REGISTRY
    OPENSHIFT
    CLUSTER
    GO
    LIVE?
    PROMOTE
    TO TEST
    PROMOTE
    TO UAT
    RELEASE MANAGER
    NON-PROD PROD
    ☒
    ☑
    DEV TEST UAT
    Continuous Delivery Pipeline
    

    View Slide

86. @systemcraftsman
    OPENSHIFT
    IMAGE
    REGISTRY
    OPENSHIFT
    CLUSTER
    GIT SERVER ARTIFACT REPOSITORY
    OPENSHIFT
    CI/CD PIPELINE
    (JENKINS)
    IMAGE BUILD
    & DEPLOY
    OPENSHIFT
    IMAGE
    REGISTRY
    OPENSHIFT
    CLUSTER
    GO
    LIVE?
    PROMOTE
    TO TEST
    PROMOTE
    TO UAT
    PROMOTE
    TO PROD
    RELEASE MANAGER
    NON-PROD PROD
    DEV TEST UAT
    ☒
    ☑
    DEVELOPER
    Continuous Delivery Pipeline
    

    View Slide

87. Application Services
    

    View Slide

88. @systemcraftsman
    CrunchyData
    GitLab
    Iron.io
    Couchbase
    Sonatype
    EnterpriseDB
    NuoDB
    Fujitsu
    and many more
    ...and virtually
    any docker
    image
    out there!
    True Polyglot Platform
    PHP
    Python
    Java NodeJS Perl Ruby
    .NET
    Core
    Apache
    HTTP
    Server
    MySQL Redis
    nginx Tomcat
    Varnish
    JBoss
    EAP
    JBoss
    A-MQ
    JBoss
    Fuse
    JBoss
    BRMS
    JBoss
    BPMS
    JBoss
    Data Grid
    JBoss
    Data Virt
    RH
    Mobile
    RH SSO
    3SCALE
    API mgmt
    JBoss
    Web
    Server
    Spring
    Boot
    Wildfly
    Swarm
    Vert.x
    PostgreSQL MongoDB
    Phusion
    Passenger
    Third-party
    Language
    Runtimes
    Third-party
    Databases
    Third-party
    App
    Runtimes
    Third-party
    Middleware
    Third-party
    Middleware
    LANGUAGES
    DATABASES
    WEB SERVERS
    MIDDLEWARE
    

    View Slide

89. OPENSHIFT TECHNICAL OVERVIEW
    89
    Modern, Cloud-Native Application Runtimes and
    an Opinionated Developer Experience
    OPENSHIFT
    SUPPORTED RUNTIMES
    Eclipse Vert.x WildFly Swarm Node.js
    LAUNCH
    Spring Boot JBoss EAP
    

    View Slide

90. Openshift Service Mesh
    Tech Preview available
    

    View Slide

91. @systemcraftsman
    The Need For a Service Mesh
    SERVICE MESH SOLVES THE
    CHALLENGES OF:
    ● Ensuring reliability
    ● Troubleshooting
    ● Performance
    ● Security
    ● Dynamic topology
    USE CASE: Difficulty identifying root cause of
    performance issues
    DISTRIBUTED TRACING provides service
    dependency analysis for different microservices and
    tracking for requests traced through multiple
    microservices. It also identifies performance
    bottlenecks and calls out particular requests,
    identifying the cause to the latency of a request or
    the service that created an error.
    

    View Slide

92. @systemcraftsman
    Microservices Without Istio
    Container
    JVM
    service A
    discovery
    load-balancer
    resiliency
    metrics
    tracing
    app logic
    JVM
    service B
    discovery
    load-balancer
    resiliency
    metrics
    tracing
    app logic
    Container
    JVM
    service C
    discovery
    load-balancer
    resiliency
    metrics
    tracing
    app logic
    

    View Slide

93. @systemcraftsman
    Microservices With Istio
    Container
    JVM
    service C
    app logic
    Pod
    Sidecar Container
    Envoy
    Container
    JVM
    service A
    app logic
    Pod
    Sidecar Container
    Envoy
    Container
    JVM
    service B
    app logic
    Pod
    Sidecar Container
    Envoy
    

    View Slide

94. @systemcraftsman
    Openshift Service Mesh
    Istio - Jaeger
    discovery resiliency metrics tracing
    OpenShift
    App Container
    Pod
    Sidecar Container
    Envoy
    Pod
    Sidecar Container
    Envoy
    App Container
    Sidecar Container
    Envoy
    App Container
    load-balancer
    

    View Slide

95. @systemcraftsman
    Openshift Service Mesh
    Making service-to-service communication safe, performant, and reliable
    OBSERVABILITY
    POLICY ENFORCEMENT
    SERVICE IDENTITY
    & SECURITY
    TRAFFIC MANAGEMENT
    DIST. TRANSACTION
    MONITORING
    SERVICE DEPENDENCY
    ANALYSIS
    ROOT CAUSE ANALYSIS
    DISTRIBUTED CONTEXT
    PROPAGATION
    PERFORMANCE /
    LATENCY OPTIMIZATION
    ISTIO JAEGER
    DISTRIBUTED TRACING
    CONFIGURATION
    VALIDATION
    METRICS COLLECTION
    AND GRAPHS
    SERVICE GRAPH
    REPRESENTATION
    SERVICE DISCOVERY &
    HEALTH COMPUTATION
    KIALI
    

    View Slide

96. @systemcraftsman
    Release Details
    ● Supported distribution of Istio, Jaeger, Kiali,
    Prometheus, and Grafana
    ● Upstream project called Maistra
    ● Integrated with Red Hat OpenShift Application
    Runtimes (RHOAR)
    ● OpenShift Service Mesh comes included with any
    OCP subscription
    September
    • Istio and Jaeger
    • Istio Operator for
    install/uninstall
    • Installation docs
    TP 1
    October
    • Kiali added
    TP 2
    • Full support on OpenShift 4.0
    • Istio Operator for updates
    GA
    Q1 CY19
    TP releases every
    few weeks
    TP N
    TP 4
    TP 3
    OPENSHIFT
    SERVICE MESH
    

    View Slide

97. Resources
    

    View Slide

98. @systemcraftsman
    learn.openshift.com
    Interactive Learning Scenarios provide you with a pre-configured OpenShift instance,
    accessible from your browser without any downloads or configuration.
    

    View Slide

99. @systemcraftsman
    developers.redhat.com
    

    View Slide

100. @systemcraftsman
     

     View Slide

101. THANK YOU
     

     View Slide