Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Enterprise Kubernetes: Openshift Container Platform

Aykut Bulgu
October 17, 2018
Technology
0
1.4k

Enterprise Kubernetes: Openshift Container Platform

This is the presentation that I prepeared for Software Craftsmanship Turkey event in 2018. https://www.meetup.com/Software-Craftsmanship-Turkey/events/253854585/

Follow me on twitter (@systemcraftsman) or subscribe to https://www.systemcraftsman.com/join/ to get any updates from me.

Aykut Bulgu

October 17, 2018
Tweet

More Decks by Aykut Bulgu

See All by Aykut Bulgu
Ansible Lightspeed: Where Automation Meets AI
mabulgu
0
110
Developing Kubernetes Operators with Java Operator SDK
mabulgu
0
230
Super Plumber Bros: An event streaming game with change data capture and OpenShift Streams for Apache Kafka
mabulgu
0
360
Functionia: An event-driven adventure in the serverless metaverse with OpenShift Serverless
mabulgu
0
550
The Metamorphosis: The Story of a CLI for Strimzi
mabulgu
0
530
MicroProfile Reactive Messaging with Quarkus and Apache Kafka
mabulgu
0
1.1k
A day in a coffee shop: Building event-driven systems with structure
mabulgu
0
570
The Metamorphosis: Kafka's Evolution in the Cloud-Native Era and the Story Behind a Kafka CLI for Strimzi
mabulgu
0
620
System Craftsmanship: Software Craftsmanship in the Cloud Native Era
mabulgu
0
130

Other Decks in Technology

See All in Technology
リテール金融(キャッシュレス・ネット銀行・ネット証券)の競争環境と経済圏
8maki
0
860
Java EE/Jakarta EEの現状と将来 ―クラウドネイティブ時代にJava EEは対応できるのか?―
takakiyo
1
150
プラットフォームってつくることより計測することが重要なんじゃないかという話 / Platform Engineering Meetup #8
taishin
1
350
DevOpsDays History and my DevOps story
kawaguti
PRO
9
2.5k
レガシーをぶっ壊せ。AEONで始めるDevRelの話 / Qiita Night 2024-2-22
aeonpeople
3
1.3k
Google Cloud Next '24でブログを10本書いた方法と勉強会を沸かせた方法
yasumuusan
0
290
Cracking the KubeCon CfP
inductor
2
240
開発生産性向上サービスを作るFindyが自分たちで開発生産性を爆上げした組織づくりの歩み / Findy's path to boosting its own development productivity 2024-04-17
ma3tk
3
650
SPI原点回帰論:事業課題とFour Keysの結節点を見出す実践的ソフトウェアプロセス改善 / DevOpsDays Tokyo 2024
visional_engineering_and_design
4
1.9k
オーナーシップを持つ領域を明確にする
konifar
13
3.1k
MapLibreとAmazon Location Service
dayjournal
1
150
KubeCon EU 2024 Recap “Kubernetes Policy Time Machine: Where to Next?”
ryysud
0
210

Featured

See All Featured
Embracing the Ebb and Flow
colly
80
4.1k
Debugging Ruby Performance
tmm1
70
11k
It's Worth the Effort
3n
180
27k
WebSockets: Embracing the real-time Web
robhawkes
59
7k
4 Signs Your Business is Dying
shpigford
175
21k
Building an army of robots
kneath
300
41k
Fashionably flexible responsive web design (full day workshop)
malarkey
398
65k
What's new in Ruby 2.0
geeforr
337
31k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
501
140k
Designing for humans not robots
tammielis
248
25k
The Language of Interfaces
destraynor
151
23k
Documentation Writing (for coders)
carmenintech
60
3.9k

Transcript

  1. Enterprise Kubernetes: Openshift Container Platform M. Aykut Bulgu Technology Consultant,

    Software Architect @systemcraftsman

  2. @systemcraftsman Who am I ? Was a child in the

    end of 80’s and beginning of 90’s Married, has a daugther Tech lover Has been working for about 12 years in software/tech industry Fond of Software Craftsmanship Co-organiser of ScTurkey Community Works as a Red Hatter; a Middleware Consultant

  3. An Overall History & Why Openshift

  4. @systemcraftsman https://www.slideshare.net/egg9/kubernetes-introduction A Brief Kubernetes History

  5. @systemcraftsman Jul 2014 Red Hat contributions start https://www.slideshare.net/egg9/kubernetes-introduction A Brief

    Kubernetes History

  6. @systemcraftsman #1 - Google - 41,649 #2 - Red Hat

    - 14,410 #6 - IBM - 1230 #9 - CoreOS - 964* #10 - Microsoft - 728 #13 - VMware - 433 #15 - Intel - 400 #23 - Cisco - 192 #26 - Pivotal - 141 #41 - Oracle - 36 #56 - Docker - 14 Amazon/AWS - ? * Most CoreOS commits were done using personal email addresses (Independent) http://stackalytics.com/?metric=commits&project_type=kubernetes-group&release=all Kubernetes Project Contributions

  7. @systemcraftsman Red Hat Contributions to Kubernetes Operators Framework | ClusterRole

    Aggregation | RBAC Authorization | Stateful Sets | Init Containers | Rolling Update Status | Pod Security Policy Limits | Memory based Pod Eviction | Quota Controlled Services | 1,000+ Nodes | Dynamic PV Provisioning | Multiple Schedulers | SECCOMP | Audit | Job Scheduler | Access Review API | Whitelisting Sysctls | Secure Cluster Policy | Evict Pods Disk IO | Storage Classes | Azure Data Disk | etcdv3 | RBAC API | Auth to kubelet API | Pod-level cGroups QoS | Kublet Eviction Model | RBAC | Storage Class | CustomResourceDefinitions | API Aggregation | Encrypted secrets in etcd | Limit Node Access | HPA Status Conditions | Network Policy | CRI Validation Test Suite | Local Persistent Storage | Audit Logging |

  8. @systemcraftsman A Brief History of Openshift Openshift v2 - Announced

    in 2013 Red Hat Contribution to K8s started in 2014 Openshift v3 dev. Preview is announced in 2016 Openshift v3.0 is announced in 2017 (end of v2)

  9. 9 How Do We Deliver OpenShift? CONTAINER PLATFORM DEDICATED ONLINE

    Integrate OSS projects Partner integration platform No-cost validations for innovation Community Distribution of Kubernetes 100+ Integrations Align time with OSS trunk

  10. @systemcraftsman Security fixes 100s of defect and performance fixes 200+

    validated integrations Middleware integrations (container images, storage, networking, cloud services, etc) 9 year enterprise lifecycle management Certified Kubernetes Kubernetes Release OpenShift Release 1-3 months hardening Openshift Is Kubernetes For The Enterprise

  11. @systemcraftsman ~250 Bugs Fixed ~190 Bugs Fixed ~30 Bugs Fixed

    Between K8s 1.* and Openshift 3.* Between Openshift 3.* and 3.*.33 Since 3.*.33 Openshift Is Kubernetes For The Enterprise

  12. @systemcraftsman Requires a Linux operating system Requires a Container Runtime

    (CRI-O, Containerd, Docker, etc) Requires image registry Requires software defined networking Requires load‐balancer and routing Requires log management Requires container metrics and monitoring OpenShift includes all these components fully integrated and fully tested as part of the platform. Why Kubernetes Is Not Enough For The Enterprise

  13. @systemcraftsman Container Infrastructure and Management Kubernetes OKD* OpenShift Multi-host container

    scheduling ✔ ✔ ✔ Self-service provisioning ✔ ✔ ✔ Service discovery ✔ ✔ ✔ Enterprise Linux operating system ✔ Image registry ✔ ✔ Validated storage plugins ✔ ✔ Networking and validated networking plugins ✔ ✔ Log aggregation and monitoring ✔ ✔ Multi-tenancy ✔ ✔ Metering and chargeback ✔ * OKD is the open source project formerly known as OpenShift Origin

  14. @systemcraftsman Developer Experience Kubernetes OKD* OpenShift Automated image builds No

    developer or application services ✔ ✔ CI/CD workflows and pipelines ✔ ✔ Certified application services ✔ Certified middleware ✔ Certified databases ✔ 200+ certified ISV solutions ✔ * OKD is the open source project formerly known as OpenShift Origin

  15. @systemcraftsman Enterprise Support and Community Kubernetes OKD OpenShift Community forums

    and resources ✔ ✔ ✔ Zero downtime patching and upgrades ✔ Enterprise 24/7 support ✔ 9 year support lifecycle ✔ Security response team ✔ External review: 10 most important differences between OpenShift and Kubernetes

  16. @systemcraftsman That’s Why:

  17. @systemcraftsman Kubernetes is a project, Openshift is a product That’s

    Why:

  18. Myths

  19. @systemcraftsman Myth: Openshift Is Too Far Behind K8s OSS

  20. @systemcraftsman Myth: Openshift Is Too Heavy | It’s a PaaS

    KUBERNETES RED HAT ENTERPRISE LINUX | RED HAT COREOS SDN NETWORKING STORAGE LOGGING MONITORING CI/CD PIPELINES SERVICE CATALOG CONTAINER REGISTRY SECURITY | AUTH OPS CONSOLE BARE METAL VIRTUAL PRIVATE PUBLIC SERVICE BROKERS | ANSIBLE | AWS | AZURE | GCP CLOUD-NATIVE AI / ML BIG DATA IOT SERVERLESS OPERATOR LIFECYCLE MANAGER | PLATFORM | APPLICATIONS RED HAT MIDDLEWARE SERVICES TRADITIONAL WINDOWS ISTIO - SERVICE MESH CONTAINERS AS A SERVICE (CaaS) PLATFORM AS A SERVICE (PaaS) [OPTIONAL TO USE]

  21. Openshift Architecture

  22. @systemcraftsman Automated Operations Kubernetes Red Hat Enterprise Linux or Red

    Hat CoreOS Application Services CaaS PaaS Best IT Ops Experience Best Developer Experience Cluster Services Developer Services Middleware, Service Mesh, Functions, ISV Metrics, Chargeback, Registry, Logging Dev Tools, Automated Builds, CI/CD, IDE Openshift Container Platform

  23. @systemcraftsman EXISTING AUTOMATION TOOLSETS SCM (GIT) CI/CD SERVICE LAYER ROUTING

    LAYER PERSISTENT STORAGE REGISTRY RHEL NODE c RHEL NODE RHEL NODE RHEL NODE RHEL NODE RHEL NODE C C C C C C C C C C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID Openshift Architecture

  24. @systemcraftsman Openshift Architecture https://medium.com/levvel-consulting/the-differences-between-kubernetes-and-openshift-ae778059a90e

  25. @systemcraftsman Openshift Architecture https://medium.com/levvel-consulting/the-differences-between-kubernetes-and-openshift-ae778059a90e

  26. Openshift Installation Architectures

  27. @systemcraftsman Proof-of-Concept Architecture Application Traffic Dev and Ops User INFRA

    MASTER NODE NODE An infrastructure node is a node that is dedicated to infrastructure pods such as router, image registry, metrics, and logs

  28. @systemcraftsman App High-Availability Architecture ENTERPRISE LOAD-BALANCER Application Traffic Dev and

    Ops User INFRA MASTER INFRA NODE NODE NODE NODE

  29. @systemcraftsman Full High-Availability Architecture ENTERPRISE LOAD-BALANCER Application Traffic Dev and

    Ops User NODE MASTER MASTER INFRA MASTER INFRA NODE NODE NODE NODE NODE INFRA NODE

  30. Technical Deep Dive

  31. Application Health

  32. @systemcraftsman Auto-Healing Failed Pods RHEL NODE RHEL NODE c RHEL

    NODE RHEL NODE c RHEL NODE C C RHEL NODE C C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING C

  33. @systemcraftsman RHEL NODE RHEL NODE c RHEL NODE RHEL NODE

    c RHEL NODE C C RHEL NODE C C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING C Auto-Healing Failed Pods

  34. @systemcraftsman RHEL NODE RHEL NODE c RHEL NODE RHEL NODE

    c RHEL NODE C C RHEL NODE C C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING C Auto-Healing Failed Pods

  35. @systemcraftsman RHEL NODE RHEL NODE c RHEL NODE RHEL NODE

    c RHEL NODE C C RHEL NODE C C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING C Auto-Healing Failed Containers

  36. @systemcraftsman RHEL NODE RHEL NODE c RHEL NODE RHEL NODE

    c RHEL NODE C C RHEL NODE C C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING C Auto-Healing Failed Containers

  37. @systemcraftsman RHEL NODE RHEL NODE RHEL NODE RHEL NODE C

    C RHEL NODE C C c RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING C c Auto-Healing Failed Containers

  38. Routing

  39. @systemcraftsman Built-in Service Discovery Internal Load-Balancing SERVICE app=payroll role=frontend POD

    app=payroll role=frontend POD app=payroll role=frontend Name: payroll-frontend IP: 172.10.1.23 Port: 8080 POD app=payroll role=backend version=1.0 version=1.0

  40. @systemcraftsman SERVICE app=payroll role=frontend POD app=payroll role=frontend POD app=payroll role=frontend

    Name: payroll-frontend IP: 172.10.1.23 Port: 8080 POD app=payroll role=backend version=2.0 version=1.0 POD app=payroll role=frontend version=1.0 Built-in Service Discovery Internal Load-Balancing

  41. @systemcraftsman SERVICE POD POD ROUTER POD EXTERNAL TRAFFIC INTERNAL TRAFFIC

    Route Exposes Services Externally

  42. @systemcraftsman ROUTING AND EXTERNAL LOAD-BALANCING Pluggable routing architecture HAProxy Router

    F5 Router Multiple-routers with traffic sharding Router supported protocols HTTP/HTTPS WebSockets TLS with SNI Non-standard ports via cloud load-balancers, external IP, and NodePort

  43. @systemcraftsman ROUTE SPLIT TRAFFIC SERVICE A App A App A

    SERVICE B App B App B ROUTE 10% traffic 90% traffic Split Traffic Between Multiple Services For A/B Testing, Blue/Green and Canary Deployments

  44. Logging & Metrics

  45. @systemcraftsman Central Log Management with EFK EFK stack to aggregate

    logs for hosts and applications Elasticsearch: a search and analytics engine to store logs Fluentd: gathers logs and sends to Elasticsearch. Kibana: A web UI for Elasticsearch.

  46. @systemcraftsman APPLICATION LOGS OPERATION LOGS ELASTIC ELASTIC RHEL NODE POD

    POD POD POD FLUENTD RHEL NODE POD POD POD POD FLUENTD ELASTICSEARCH RHEL NODE POD POD POD POD FLUENTD USER ELASTIC ELASTIC KIBANA ELASTIC ELASTIC ELASTICSEARCH ELASTIC ELASTIC KIBANA ADMIN Central Log Management with EFK

  47. @systemcraftsman CONTAINER METRICS RHEL NODE POD POD POD POD FLUENTD

    Container Metrics RHEL NODE POD POD POD POD FLUENTD HEAPSTER RHEL NODE POD POD POD POD CADVISOR HAWKULAR OPENSHIFT WEB CONSOLE ELASTIC ELASTIC CASSANDRA RED HAT CLOUDFORMS CUSTOM DASHBOARDS API USER

  48. @systemcraftsman Container Metrics

  49. Security

  50. @systemcraftsman NODE MASTER Secret Management Container Distributed Store Container Secure

    mechanism for holding sensitive data e.g. Passwords and credentials SSH Keys Certificates Secrets are made available as Environment variables Volume mounts Interaction with external systems

  51. @systemcraftsman Certificate Management Check Expiry Redeploy Certs Certificates are used

    to provide secure connections to Master and nodes Router and registry Etcd Ansible playbooks to automate redeployment Redeploy all at once or specific components Certificate expiry report generator MASTER NODES ROUTER REGISTRY ETCD ✓ ✓ ✓ ✓ ✓ Ansible Playbook

  52. Persistent Storage

  53. @systemcraftsman Persistent Storage NFS GlusterFS OpenStack Cinder Ceph RBD AWS

    EBS GCE Persistent Disk iSCSI Fiber Channel Azure Disk Azure File FlexVolume VMWare vSphere VMDK Container Storage Interface (CSI)** * Shipped and supported by NetApp via TSANet ** Tech Preview NetApp Trident* Persistent Volume (PV) is tied to a piece of network storage Provisioned by an administrator (static or dynamically) Allows admins to describe storage and users to request storage Assigned to pods based on the requested size, access mode, labels and type

  54. @systemcraftsman PROJECT POOL OF PERSISTENT VOLUMES Persistent Storage NFSP V

    iSCSI PV NFSP V Admin User register PV create claim NFSP V GlusterFS PV Pod claim Pod claim Pod claim Ceph RBD PV

  55. @systemcraftsman Dynamic Volume Provisioning Admin User define StorageClass create claim:

    Fastest Slow Azure-Disk Fast AWS-SSD Fastest NetApp-Flash NetApp Provisioner AWS Provisioner Pod claim PV OpenShift PV Controller provision Azure Provisioner bound

  56. Service Brokers

  57. @systemcraftsman What Is A Service Broker? SERVICE CONSUMER SERVICE PROVIDER

    SERVICE CATALOG SERVICE BROKER Automated, Standard and Consistent

  58. @systemcraftsman Why A Service Broker? SERVICE CONSUMER SERVICE PROVIDER ☑

    Open ticket ☑ Wait for allocation ☑ Receive credentials ☑ Add to app ☑ Deploy app Manual, Time-consuming and Inconsistent

  59. @systemcraftsman A multi-vendor project to standardize how services are consumed

    on cloud-native platforms across service providers

  60. @systemcraftsman Openshift Service Catalog OPENSHIFT SERVICE CATALOG OpenShift Automation Broker

    OpenShift Template Broker AWS Service Broker Other Service Brokers ANSIBLE OPENSHIFT AWS OTHER COMPATIBLE SERVICES Ansible Playbook Bundles OpenShift Templates AWS Services Other Services

  61. Operator Framework

  62. @systemcraftsman Kubernetes Operator Framework Operator Framework is an open source

    toolkit to manage application instances on Kubernetes in an effective, automated and scalable way. Installation Upgrade Backup Failure recovery Metrics & insights Tuning AUTOMATED LIFECYCLE MANAGEMENT

  63. @systemcraftsman Operators codify operational knowledge and workflows to automate lifecycle

    management of containerized applications with Kubernetes SDK LIFECYCLE MANAGEMENT METERING Kubernetes Operator Framework

  64. @systemcraftsman Why Operator Framework? DEVELOPER DEPLOY STATEFUL APP A WHILE

    LATER APP SERVICES OPERATIONS UPDATE PATCH BACKUP REBALANCE SCALE DEPLOY STATEFUL APP UPDATE PATCH BACKUP REBALANCE SCALE APP OPERATOR DEVELOPER

  65. @systemcraftsman Operator Lifecycle Manager

  66. @systemcraftsman Operator Metering Based on Prometheus Reports namespace, pods and

    custom label query Easy to process by accounting or custom software

  67. Build and Deploy Container Images

  68. @systemcraftsman DEPLOY YOUR SOURCE CODE DEPLOY YOUR CONTAINER IMAGE DEPLOY

    YOUR APP BINARY Build and Deploy Container Images

  69. @systemcraftsman Deploy Source Code With Source-to-Image (S2I) Git Repository BUILD

    APP (OpenShift) Developer code Source-to-Image (S2I) Builder Image Image Registry BUILD IMAGE (OpenShift) DEPLOY (OpenShift) deploy Application Container OpenShift Does User/Tool Does

  70. @systemcraftsman Application Binary (e.g. WAR) BUILD APP (Build Infra) Existing

    Build Process build Source-to-Image (S2I) Builder Image Image Registry BUILD IMAGE (OpenShift) DEPLOY (OpenShift) deploy Application Container OpenShift Does User/Tool Does Deploy App Binary With Source-to-Image (S2I)

  71. @systemcraftsman DEPLOY (OpenShift) Deploy Docker Image build Application Container deploy

    Application Image Image Registry BUILD IMAGE (Build Infra) Existing Image Build Process PUSH (Build Infra) OpenShift Does User/Tool Does

  72. @systemcraftsman BUILD STAGE 3 BUILD STAGE 2 BUILD STAGE 1

    Build Images in Multiple Stages

  73. CI/CD

  74. @systemcraftsman Continuous Delivery with Containers source repository CI/CD engine dev

    container physical virtual private cloud public cloud

  75. @systemcraftsman CI/CD with Builds and Deployments BUILDS Webhook triggers: build

    the app image whenever the code changes Image trigger: build the app image whenever the base language or app runtime changes Build hooks: test the app image before pushing it to an image registry DEPLOYMENTS

  76. @systemcraftsman Openshift Loves CI/CD JENKINS-AS-A SERVICE ON OPENSHIFT HYBRID JENKINS

    INFRA WITH OPENSHIFT EXISTING CI/CD DEPLOY TO OPENSHIFT

  77. @systemcraftsman JENKINS-AS-A-SERVICE ON OPENSHIFT Plugins Jobs Configuration Jenkins (S2I) Custom

    Jenkins Image Jenkins Image Certified Jenkins images with pre-configured plugins Provided out-of-the-box Follows Jenkins 1.x and 2.x LTS versions Jenkins S2I Builder for customizing the image Install Plugins Configure Jenkins Configure Build Jobs OpenShift plugins to integrate authentication with OpenShift and also CI/CD pipelines Dynamically deploys Jenkins slave containers

  78. @systemcraftsman HYBRID JENKINS INFRA WITH OPENSHIFT OPENSHIFT APP APP run

    job JENKINS SLAVE Run Job JENKINS SLAVE Run Job build JENKINS MASTER deploy Scale existing Jenkins infrastructure by dynamically provisioning Jenkins slaves on OpenShift Use Kubernetes plug-in on existing Jenkin servers

  79. @systemcraftsman EXISTING CI/CD DEPLOY TO OPENSHIFT OPENSHIFT APP EXISTING CI/CD

    INFRA Jenkins, Bamboo, TeamCity, etc APP build deploy S2I Build run job Existing CI/CD infrastructure outside OpenShift performs operations against OpenShift OpenShift Pipeline Jenkins Plugin for Jenkins OpenShift CLI for integrating other CI Engines with OpenShift Without disrupting existing processes, can be combined with previous alternative

  80. @systemcraftsman OPENSHIFT PIPELINES apiVersion: v1 kind: BuildConfig metadata: name: app-pipeline

    spec: strategy: type: JenkinsPipeline jenkinsPipelineStrategy: jenkinsfile: |- node('maven') { stage('build app') { git url: 'https://git/app.git' sh "mvn package" } stage('build image') { sh "oc start-build app --from-file=target/app.jar } stage('deploy') { openshiftDeploy deploymentConfig: 'app' } } Provision a Jenkins slave for running Maven OpenShift Pipelines allow defining a CI/CD workflow via a Jenkins pipeline which can be started, monitored, and managed similar to other builds Dynamic provisioning of Jenkins slaves Auto-provisioning of Jenkins server OpenShift Pipeline strategies Embedded Jenkinsfile Jenkinsfile from a Git repository

  81. @systemcraftsman OpenShift Pipelines in Web Console

  82. @systemcraftsman Continuous Delivery Pipeline OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER DEVELOPER

    GIT SERVER ARTIFACT REPOSITORY OPENSHIFT CI/CD PIPELINE (JENKINS) IMAGE BUILD & DEPLOY OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER NON-PROD PROD DEV

  83. @systemcraftsman OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER DEVELOPER GIT SERVER ARTIFACT

    REPOSITORY OPENSHIFT CI/CD PIPELINE (JENKINS) IMAGE BUILD & DEPLOY OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER PROMOTE TO TEST NON-PROD PROD DEV TEST Continuous Delivery Pipeline

  84. @systemcraftsman OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER DEVELOPER GIT SERVER ARTIFACT

    REPOSITORY OPENSHIFT CI/CD PIPELINE (JENKINS) IMAGE BUILD & DEPLOY OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER PROMOTE TO TEST PROMOTE TO UAT NON-PROD PROD DEV TEST UAT Continuous Delivery Pipeline

  85. @systemcraftsman ServiceNow JIRA Service Desk Zendeks BMC Remedy OPENSHIFT IMAGE

    REGISTRY OPENSHIFT CLUSTER DEVELOPER GIT SERVER ARTIFACT REPOSITORY OPENSHIFT CI/CD PIPELINE (JENKINS) IMAGE BUILD & DEPLOY OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER GO LIVE? PROMOTE TO TEST PROMOTE TO UAT RELEASE MANAGER NON-PROD PROD ☒ ☑ DEV TEST UAT Continuous Delivery Pipeline

  86. @systemcraftsman OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER GIT SERVER ARTIFACT REPOSITORY

    OPENSHIFT CI/CD PIPELINE (JENKINS) IMAGE BUILD & DEPLOY OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER GO LIVE? PROMOTE TO TEST PROMOTE TO UAT PROMOTE TO PROD RELEASE MANAGER NON-PROD PROD DEV TEST UAT ☒ ☑ DEVELOPER Continuous Delivery Pipeline

  87. Application Services

  88. @systemcraftsman CrunchyData GitLab Iron.io Couchbase Sonatype EnterpriseDB NuoDB Fujitsu and

    many more ...and virtually any docker image out there! True Polyglot Platform PHP Python Java NodeJS Perl Ruby .NET Core Apache HTTP Server MySQL Redis nginx Tomcat Varnish JBoss EAP JBoss A-MQ JBoss Fuse JBoss BRMS JBoss BPMS JBoss Data Grid JBoss Data Virt RH Mobile RH SSO 3SCALE API mgmt JBoss Web Server Spring Boot Wildfly Swarm Vert.x PostgreSQL MongoDB Phusion Passenger Third-party Language Runtimes Third-party Databases Third-party App Runtimes Third-party Middleware Third-party Middleware LANGUAGES DATABASES WEB SERVERS MIDDLEWARE

  89. OPENSHIFT TECHNICAL OVERVIEW 89 Modern, Cloud-Native Application Runtimes and an

    Opinionated Developer Experience OPENSHIFT SUPPORTED RUNTIMES Eclipse Vert.x WildFly Swarm Node.js LAUNCH Spring Boot JBoss EAP

  90. Openshift Service Mesh Tech Preview available

  91. @systemcraftsman The Need For a Service Mesh SERVICE MESH SOLVES

    THE CHALLENGES OF: • Ensuring reliability • Troubleshooting • Performance • Security • Dynamic topology USE CASE: Difficulty identifying root cause of performance issues DISTRIBUTED TRACING provides service dependency analysis for different microservices and tracking for requests traced through multiple microservices. It also identifies performance bottlenecks and calls out particular requests, identifying the cause to the latency of a request or the service that created an error.

  92. @systemcraftsman Microservices Without Istio Container JVM service A discovery load-balancer

    resiliency metrics tracing app logic JVM service B discovery load-balancer resiliency metrics tracing app logic Container JVM service C discovery load-balancer resiliency metrics tracing app logic

  93. @systemcraftsman Microservices With Istio Container JVM service C app logic

    Pod Sidecar Container Envoy Container JVM service A app logic Pod Sidecar Container Envoy Container JVM service B app logic Pod Sidecar Container Envoy

  94. @systemcraftsman Openshift Service Mesh Istio - Jaeger discovery resiliency metrics

    tracing OpenShift App Container Pod Sidecar Container Envoy Pod Sidecar Container Envoy App Container Sidecar Container Envoy App Container load-balancer

  95. @systemcraftsman Openshift Service Mesh Making service-to-service communication safe, performant, and

    reliable OBSERVABILITY POLICY ENFORCEMENT SERVICE IDENTITY & SECURITY TRAFFIC MANAGEMENT DIST. TRANSACTION MONITORING SERVICE DEPENDENCY ANALYSIS ROOT CAUSE ANALYSIS DISTRIBUTED CONTEXT PROPAGATION PERFORMANCE / LATENCY OPTIMIZATION ISTIO JAEGER DISTRIBUTED TRACING CONFIGURATION VALIDATION METRICS COLLECTION AND GRAPHS SERVICE GRAPH REPRESENTATION SERVICE DISCOVERY & HEALTH COMPUTATION KIALI

  96. @systemcraftsman Release Details • Supported distribution of Istio, Jaeger, Kiali,

    Prometheus, and Grafana • Upstream project called Maistra • Integrated with Red Hat OpenShift Application Runtimes (RHOAR) • OpenShift Service Mesh comes included with any OCP subscription September • Istio and Jaeger • Istio Operator for install/uninstall • Installation docs TP 1 October • Kiali added TP 2 • Full support on OpenShift 4.0 • Istio Operator for updates GA Q1 CY19 TP releases every few weeks TP N TP 4 TP 3 OPENSHIFT SERVICE MESH

  97. Resources

  98. @systemcraftsman learn.openshift.com Interactive Learning Scenarios provide you with a pre-configured

    OpenShift instance, accessible from your browser without any downloads or configuration.

  99. @systemcraftsman developers.redhat.com

  100. @systemcraftsman

  101. THANK YOU