Bruno Russi Lautenschlager Transformation Architect LATAM OpenShift 101 

Red Hat OpenShift and Kubernetes core concepts 2 

3 A container is the smallest compute unit Red Hat OpenShift Concepts CONTAINER 

4 Containers are created from container images Red Hat OpenShift Concepts BINARY RUNTIME CONTAINER CONTAINER IMAGE 

5 Container images are stored in an image registry Red Hat OpenShift Concepts CONTAINER REGISTRY CONTAINER 

6 An image repository contains all versions of an image in the image registry Red Hat OpenShift Concepts IMAGE REGISTRY frontend:latest frontend:2.0 frontend:1.1 frontend:1.0 mongo:latest mongo:3.7 mongo:3.6 mongo:3.4 myregistry/frontend myregistry/mongo 

7 Everything runs in pods Red Hat OpenShift Concepts 10.140.4.44 CONTAINER CONTAINER IMAGE POD 

8 Containers are wrapped in pods which are units of deployment and management Red Hat OpenShift Concepts 10.140.4.44 10.15.6.55 POD POD 

9 ReplicationControllers & ReplicaSets ensure a specified number of pods are running at any given time Red Hat OpenShift Concepts image name replicas labels cpu memory storage ReplicaSet ReplicationController ... 1 2 N POD POD POD 

10 Deployments and DeploymentConfigurations define how to roll out new versions of Pods Red Hat OpenShift Concepts image name replicas labels version strategy Deployment DeploymentConfig v1 v2 POD POD 

11 A daemonset ensures that all (or some) nodes run a copy of a pod Red Hat OpenShift Concepts foo = bar Node image name replicas labels cpu memory storage DaemonSet foo = bar Node foo = baz Node ✓ ✓ POD POD 

12 Dev Configmaps allow you to decouple configuration artifacts from image content Red Hat OpenShift Concepts appconfig.conf MYCONFIG=true ConfigMap Prod appconfig.conf MYCONFIG=false ConfigMap POD POD 

13 Secrets provide a mechanism to hold sensitive information such as passwords Red Hat OpenShift Concepts The etcd datastore can be encrypted for additional security https://docs.openshift.com/container-platform/4.6/security/encrypting-etcd.html Dev hash.pw ZGV2Cg== ConfigMap Prod hash.pw cHJvZAo= ConfigMap POD POD 

14 Services provide internal load-balancing and service discovery across pods Red Hat OpenShift & Kubernetes Concepts 10.110.1.11 10.120.2.22 10.130.3.33 10.140.4.44 POD POD POD POD role: frontend role: backend role: backend role: backend role: backend SERVICE “backend” 

15 Apps can talk to each other via services Red Hat OpenShift & Kubernetes Concepts POD POD POD POD 10.110.1.11 10.120.2.22 10.130.3.33 10.140.4.44 role: frontend role: backend role: backend role: backend role: backend SERVICE “backend” 

16 Routes make services accessible to clients outside the environment via real-world urls Red Hat OpenShift Concepts > curl http://app-prod.mycompany.com app-prod.mycompany.com POD POD POD role: frontend role: frontend role: frontend role: backend SERVICE “frontend” Route 

17 Persistent Volume and Claims Red Hat OpenShift Concepts My app is stateful. PersistentVolumeClaim PersistentVolume POD 2Gi 2Gi 

18 Readiness probe Red Hat OpenShift Concepts ready? 

19 Liveness probe Red Hat OpenShift Concepts alive? 

20 Projects isolate apps across environments, teams, groups and departments Red Hat OpenShift Concepts PAYMENT DEV PAYMENT PROD CATALOG INVENTORY ❌ ❌ ❌ POD POD POD POD POD POD POD POD POD POD POD POD 

Red Hat OpenShift Architecture 21 

22 Your choice of infrastructure Red Hat OpenShift | Architectural Overview STORAGE NETWORK COMPUTE 

23 Workers run workloads Red Hat OpenShift | Architectural Overview STORAGE NETWORK COMPUTE COMPUTE COMPUTE 

24 Control plane nodes control the cluster Red Hat OpenShift | Architectural Overview STORAGE NETWORK COMPUTE CONTROL PLANE 

25 State of everything Red Hat OpenShift | Architectural Overview STORAGE NETWORK COMPUTE etcd CONTROL PLANE 

26 The core Kubernetes components Red Hat OpenShift | Architectural Overview STORAGE NETWORK COMPUTE Kubernetes Services etcd Kubernetes API server Scheduler Cluster Management CONTROL PLANE 

27 Internal and support infrastructure services Red Hat OpenShift | Architectural Overview STORAGE NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd Monitoring | Logging |Tuned |SDN | DNS | Kubelet CONTROL PLANE 

28 The core Red Hat OpenShift components Red Hat OpenShift | Architectural Overview STORAGE NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd OpenShift API server Operator Lifecycle Management Web Console CONTROL PLANE Red Hat OpenShift Services 

29 Run on all hosts Red Hat OpenShift | Architectural Overview STORAGE NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd COMPUTE COMPUTE Monitoring | Logging | Tuned SDN | DNS | Kubelet Monitoring | Logging | Tuned SDN | DNS | Kubelet CONTROL PLANE Red Hat OpenShift Services 

30 Cluster monitoring Red Hat OpenShift | Architectural Overview STORAGE NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd COMPUTE COMPUTE Prometheus | Grafana Alertmanager Prometheus | Grafana Alertmanager Monitoring | Logging | Tuned SDN | DNS | Kubelet Monitoring | Logging | Tuned SDN | DNS | Kubelet CONTROL PLANE Red Hat OpenShift Services 

31 Integrated routing Red Hat OpenShift | Architectural Overview STORAGE NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd COMPUTE COMPUTE Router Router Prometheus | Grafana Alertmanager Prometheus | Grafana Alertmanager Monitoring | Logging | Tuned SDN | DNS | Kubelet Monitoring | Logging | Tuned SDN | DNS | Kubelet CONTROL PLANE Red Hat OpenShift Services 

32 Integrated image registry Red Hat OpenShift | Architectural Overview STORAGE NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd COMPUTE COMPUTE Registry Registry Router Router Prometheus | Grafana Alertmanager Prometheus | Grafana Alertmanager Monitoring | Logging | Tuned SDN | DNS | Kubelet Monitoring | Logging | Tuned SDN | DNS | Kubelet CONTROL PLANE Red Hat OpenShift Services 

33 Log aggregation Red Hat OpenShift | Architectural Overview STORAGE NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd COMPUTE COMPUTE Kibana | Elasticsearch Kibana | Elasticsearch Registry Registry Router Router Prometheus | Grafana Alertmanager Prometheus | Grafana Alertmanager Monitoring | Logging | Tuned SDN | DNS | Kubelet Monitoring | Logging | Tuned SDN | DNS | Kubelet CONTROL PLANE Red Hat OpenShift Services 

34 Normal cluster operations Red Hat OpenShift | Architectural Overview STORAGE NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd COMPUTE COMPUTE CONTROL PLANE Red Hat OpenShift Services 

35 Auto-healing failed pods Red Hat OpenShift | Architectural Overview STORAGE NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd COMPUTE COMPUTE CONTROL PLANE Red Hat OpenShift Services 

36 Auto-healing failed pods Red Hat OpenShift | Architectural Overview STORAGE NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd COMPUTE COMPUTE CONTROL PLANE Red Hat OpenShift Services 

37 Auto-healing failed nodes Red Hat OpenShift | Architectural Overview STORAGE NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd COMPUTE COMPUTE CONTROL PLANE Red Hat OpenShift Services 

38 Auto-healing failed nodes Red Hat OpenShift | Architectural Overview STORAGE NETWORK COMPUTE Infrastructure Services Kubernetes Services etcd COMPUTE COMPUTE CONTROL PLANE Red Hat OpenShift Services 

39 Dev and Ops via web, cli, API, and IDE Red Hat OpenShift | Architectural Overview EXISTING AUTOMATION TOOLSETS SCM (GIT) CI/CD STORAGE NETWORK COMPUTE Developers Admins Red Hat OpenShift Services Infrastructure Services Kubernetes Services etcd COMPUTE COMPUTE Kibana | Elasticsearch Kibana | Elasticsearch Registry Registry Router Router Prometheus | Grafana Alertmanager Prometheus | Grafana Alertmanager Monitoring | Logging | Tuned SDN | DNS | Kubelet Monitoring | Logging | Tuned SDN | DNS | Kubelet CONTROL PLANE 

Runtime, Build, Synchronize RHEL CoreOS OCI tooling to create, run, and manage, Linux Containers with a cluster-friendly life cycle skopeo A lightweight OCI-compliant runtime ● Minimal and secure architecture ● Optimized for Kubernetes ● Run any OCI-compliant container image (including docker) A docker-compatible CLI for containers ● Remote management API via Varlink ● Image/container tagging ● Advanced namespace isolation Inspect, push/pull, and sign OCI images ● Inspect image manifests ● Transfer images between registries 

BROAD ECOSYSTEM OF WORKLOADS CRI-O, Kubernetes, and OpenShift CRI-O 1.24 Kubernetes 1.24 OpenShift 4.11 CRI-O tracks and versions identical to Kubernetes, simplifying support permutations 

Learning, Training and Resources 42 

Openshift Learning, Documentation, and Resources Red Hat Openshift Documentation ● Openshift Documentation (4.11) ● Openshift Docs - Deploying Containerized Applications ● Openshift TV - Youtube, Twitch Red Hat Developer Sandbox ● Red Hat Developer Sandbox (Helm, Eclipse Che, Openshift) 

Red Hat Developer, Kubernetes, and Openshift Training ● DO288: Red Hat OpenShift Development II: Containerizing Applications ● EX288: Red Hat Certified Specialist in OpenShift Application Development exam ● AD183: Red Hat Application Development I: Programming in Java EE ● EX183: Red Hat Certified Enterprise Application Developer exam ● DO378: Red Hat Cloud-Native Microservices Development with Quarkus ● DO328: Building Resilient Microservices with Istio and Red Hat OpenShift Service Mesh ● DO180: Red Hat OpenShift I: Containers & Kubernetes ● EX180: Red Hat Red Hat Certified Specialist in Containers and Kubernetes exam 

Openshift TV 

linkedin.com/company/red-hat youtube.com/user/RedHatVideos facebook.com/redhatinc twitter.com/RedHat OPEN INNOVATION LABS 46 red.ht/labs Thank you.