Upgrade to Pro — share decks privately, control downloads, hide ads and more …

那些年的 OpenShift 3.11 容器平台技術選型_20190122

Phil Huang
January 22, 2019

那些年的 OpenShift 3.11 容器平台技術選型_20190122

#openshift #redhat #technical

Phil Huang

January 22, 2019
Tweet

More Decks by Phil Huang

Other Decks in Technology

Transcript

  1. Phil Huang 黃秉鈞 • 健康 清新 小飛機 • 社群斜槓青年 ◦

    SDNDS-TW ◦ Cloud Native Taiwan User Group (CNTUG) • Information ◦ https://blog.pichuang.com.tw ◦ https://www.linkedin.com/in/phil-huang-09b09895/
  2. 2019 容器名詞正名運動 • Docker Registry => Container Registry • Docker

    Images => Container Images • Docker Container => OCI Container ◦ The Open Container Initiative is an open governance structure for the express purpose of creating open industry standards around container formats and runtime. -- From Open Containers Intiative Official Website => 容器標準化 (Specification): Runtime / Image / ... Ref: https://www.facebook.com/groups/cloudnative.tw/permalink/475806496256024/ OCI: Open Container Initiative
  3. 1. Compute Resource ◦ Multi-Cloud / Application Workload / Quota

    2. Network Resource ◦ Network Policy / CNI / Egress & Ingress Router / External & Internal DNS 3. Storage Resource ◦ Persistent Volume Types / CSI / Storage Class 4. Container Images Resource ◦ Images Lifecycle Management / RBAC / Audit What Kind of Resource Management You Should Care
  4. OpenShift v3 Technical Stack Bare-Metal / Virtual / Private Cloud

    / Public Cloud Infrastrcture Red Hat Enterprise Linux Operating System Infrastructure Automation & Cockpit Ops Mgmt Storage / Network / Logs& Metics / Security / Images Registry Container Resource Kubernetes Orchestration Application Management (CI/CD) DevOps Tools Service Catalog Cluster Console Self-Service Build Automation / Deployment Automation DevOps Strategy
  5. OpenShift v3 Architecture Ref: http://v1.uncontained.io/playbooks/installation/#cluster-design-architecture The 3 types of OpenShift

    roles 1. Master Nodes 2. Infrastrucure Nodes 3. Compute Nodes Additional services 1. External Load Balancer 2. Shared Storage 3. External Container Registry External Container Registry
  6. Infrastrcture as Code (IaC) • All configuration you need are

    in one ansible inventory file ◦ Add new nodes when the resource is not enough ◦ To be a baseline for day 2 maintenance plan to each site Ref: GitHub - openshift/openshift-ansible
  7. Operating System & Services • Mostly packages and services are

    migrated from rpm to container already • Easy to do container platform update
  8. Container Registry - Quay Ref: https://blog.pichuang.com.tw/quay-enterprise-grade-images-registry/ 1. Pull / Push

    / Manage container registry 2. Security Scanner 3. Role-based access control
  9. Container Network Interface (CNI) • OpenShift SDN provide 3 CNI

    for configuring network by default 1. ovs-subnet 2. ovs-multitenant 3. ovs-networkpolicy Ref: https://docs.openshift.com/container-platform/3.11/architecture/networking/sdn.html
  10. OpenShift Route v.s. K8S Ingress Ref: https://blog.openshift.com/kubernetes-ingress-vs-openshift-route/ Feature Ingress on

    k8s Route on OpenShift Standard Kubernetes object X External access to services X X Persistent (sticky) sessions X X Load-balancing strategies (e.g. round robin) X X Rate-limit and throttling X X IP whitelisting X X TLS edge termination for improved security X X TLS re-encryption for improved security X TLS passthrough for improved security X Multiple weighted backends (split traffic) X Generated pattern-based hostnames X Wildcard domains X
  11. Container Logging Aggregation • Deploy log aggregation using EFK (Elaticsearch

    / Fluentd / Kibana) Ref: https://itnext.io/multiline-logs-in-openshift-efk-stack-7a7bda4ed055
  12. Operator Lifecycle Management (OLM) • A framework for extending Kubernetes

    objects (CRD) • Help you to install, update and manage lifecycle running across your clustes Let developer to implement operation tools on k8s CRD: Custom Resource Definition Ref: https://www.redhat.com/en/blog/introducing-operator-framework-building-apps-kubernetes
  13. How Do You Learn About Cloud Native Technologies? Top learning

    sources are 1. Documentation 2. Meetups and Local Events 3. Technical Podcasts Ref: https://www.cncf.io/blog/2018/08/29/cncf-survey-use-of-cloud-native-technologies-in-production-has-grown-over-200-percent/