那些年的 OpenShift 3.11 容器平台技術選型_20190122

Transcript

1. 那些年的 OpenShift 3.11
   容器平台技術選型
   Phil Huang 黃秉鈞
   SDN x Cloud Native Meetup #13, Taiwan, Jan. 22, 2019
   

   View Slide

2. 有獎徵題 Skopeo Ansible
   CRI-O
   Podman
   LFN
   

   View Slide

3. Phil Huang 黃秉鈞
   ● 健康 清新 小飛機
   ● 社群斜槓青年
   ○ SDNDS-TW
   ○ Cloud Native Taiwan
   User Group (CNTUG)
   ● Information
   ○ https://blog.pichuang.com.tw
   ○ https://www.linkedin.com/in/phil-huang-09b09895/
   

   View Slide

4. View Slide

5. Ref: http://l.cncf.io
   

   View Slide

6. 2019 容器名詞正名運動
   ● Docker Registry => Container Registry
   ● Docker Images => Container Images
   ● Docker Container => OCI Container
   ○ The Open Container Initiative is an open governance structure for the express purpose of
   creating open industry standards around container formats and runtime. -- From Open
   Containers Intiative Official Website
   => 容器標準化 (Specification): Runtime / Image / ...
   Ref: https://www.facebook.com/groups/cloudnative.tw/permalink/475806496256024/
   OCI: Open Container Initiative
   

   View Slide

7. 1. Compute Resource
   ○ Multi-Cloud / Application Workload / Quota
   2. Network Resource
   ○ Network Policy / CNI / Egress & Ingress Router /
   External & Internal DNS
   3. Storage Resource
   ○ Persistent Volume Types / CSI / Storage Class
   4. Container Images Resource
   ○ Images Lifecycle Management / RBAC / Audit
   What Kind of Resource Management You Should Care
   

   View Slide

8. What is OpenShift?
   Ref: https://www.craftofcoding.com/openshift-vs-kubernetes/
   

   View Slide

9. What is OKD?
   Ref: https://blog.openshift.com/okd310release/
   

   View Slide

10. OpenShift v3 Technical Stack
    Bare-Metal / Virtual / Private Cloud / Public Cloud
    Infrastrcture
    Red Hat Enterprise Linux
    Operating System
    Infrastructure Automation & Cockpit
    Ops Mgmt
    Storage / Network / Logs& Metics / Security / Images Registry
    Container Resource
    Kubernetes
    Orchestration
    Application Management (CI/CD)
    DevOps Tools
    Service Catalog Cluster Console
    Self-Service
    Build Automation / Deployment Automation
    DevOps Strategy
    

    View Slide

11. OpenShift v3 Architecture
    Ref: http://v1.uncontained.io/playbooks/installation/#cluster-design-architecture
    The 3 types of OpenShift roles
    1. Master Nodes
    2. Infrastrucure Nodes
    3. Compute Nodes
    Additional services
    1. External Load Balancer
    2. Shared Storage
    3. External Container
    Registry
    External Container Registry
    

    View Slide

12. How do I know OpenShift current
    configuration immediatly?
    

    View Slide

13. Infrastrcture as Code (IaC)
    ● All configuration you need are in one ansible inventory file
    ○ Add new nodes when the resource is not enough
    ○ To be a baseline for day 2 maintenance plan to each site
    Ref: GitHub - openshift/openshift-ansible
    

    View Slide

14. Operating System & Services
    ● Mostly packages and services are migrated from rpm to container
    already
    ● Easy to do container platform update
    

    View Slide

15. How to manage your container images?
    

    View Slide

16. Container Registry - Quay
    Ref: https://blog.pichuang.com.tw/quay-enterprise-grade-images-registry/
    1. Pull / Push / Manage container registry
    2. Security Scanner
    3. Role-based access control
    

    View Slide

17. Network
    

    View Slide

18. Container Network Interface (CNI)
    ● OpenShift SDN provide 3 CNI for configuring network by default
    1. ovs-subnet
    2. ovs-multitenant
    3. ovs-networkpolicy
    Ref: https://docs.openshift.com/container-platform/3.11/architecture/networking/sdn.html
    

    View Slide

19. OpenShift Route v.s. K8S Ingress
    Ref: https://blog.openshift.com/kubernetes-ingress-vs-openshift-route/
    Feature Ingress on k8s Route on OpenShift
    Standard Kubernetes object X
    External access to services X X
    Persistent (sticky) sessions X X
    Load-balancing strategies (e.g. round robin) X X
    Rate-limit and throttling X X
    IP whitelisting X X
    TLS edge termination for improved security X X
    TLS re-encryption for improved security X
    TLS passthrough for improved security X
    Multiple weighted backends (split traffic) X
    Generated pattern-based hostnames X
    Wildcard domains X
    

    View Slide

20. Do we still choose rsyslog for
    collecting logs purpose?
    

    View Slide

21. Container Logging Aggregation
    ● Deploy log aggregation using EFK (Elaticsearch / Fluentd / Kibana)
    Ref: https://itnext.io/multiline-logs-in-openshift-efk-stack-7a7bda4ed055
    

    View Slide

22. How do I know container cluster have
    good performance and status?
    

    View Slide

23. Container Application Metrics Aggregation
    Ref: https://github.com/LutzLange/OpenShift-Labs/blob/master/OpenShift-Lab.adoc#cluster-metrics-introduction
    ● For HPA and collect metrics per pod/project purpose
    HPA: Horizontal Pod Autoscaler
    

    View Slide

24. pod metrics
    Project overview
    

    View Slide

25. Container Cluster Metrics Monitoring
    Ref: https://docs.openshift.com/container-platform/3.11/install_config/prometheus_cluster_monitoring.html
    

    View Slide

26. Cluster Metrics - Prometheus
    Systems Monitoring and Alerting toolkit
    

    View Slide

27. Dashboard - Grafana
    The Open Platform for Analytics and Monitoring
    

    View Slide

28. Self-Services
    Container platform helps those who help themselves
    

    View Slide

29. Service Catalog
    Ref: https://www.redhat.com/en/about/videos/ama-openshift-service-catalog-brokers-and-user-experience
    

    View Slide

30. Cluster Console
    Ref: https://www.youtube.com/watch?v=-YlZDV5Iadc
    More Administrator-focused Experience based on OpenShift in CoreOS Tectonic
    

    View Slide

31. Operator Lifecycle Management (OLM)
    ● A framework for extending
    Kubernetes objects (CRD)
    ● Help you to install, update and
    manage lifecycle running
    across your clustes
    Let developer to implement operation tools on k8s
    CRD: Custom Resource Definition
    Ref: https://www.redhat.com/en/blog/introducing-operator-framework-building-apps-kubernetes
    

    View Slide

32. Ref: https://docs.openshift.com/container-platform/3.11/install_config/installing-operator-framework.html
    

    View Slide

33. Wanna Learn More?
    

    View Slide

34. How Do You Learn About Cloud Native Technologies?
    Top learning sources are
    1. Documentation
    2. Meetups and Local Events
    3. Technical Podcasts
    Ref: https://www.cncf.io/blog/2018/08/29/cncf-survey-use-of-cloud-native-technologies-in-production-has-grown-over-200-percent/
    

    View Slide

35. Ref: https://www.facebook.com/RedHatTaiwan/
    

    View Slide

36. Ref: https://www.facebook.com/events/2143280755732051/
    Storage Resource Management
    2019/2/18 19:00
    

    View Slide

37. Q&A
    請給我們回饋 下一次分享會更好
    https://goo.gl/forms/UHCcOtHa0PXt3gvj1
    啾咪
    Ref: https://www.facebook.com/micomikicat/
    

    View Slide