Tweet
Tweet

Slide 1

Slide 1 text

Enterprise Kubernetes: Openshift Container Platform M. Aykut Bulgu Technology Consultant, Software Architect @systemcraftsman

Slide 2

Slide 2 text

@systemcraftsman Who am I ? Was a child in the end of 80’s and beginning of 90’s Married, has a daugther Tech lover Has been working for about 12 years in software/tech industry Fond of Software Craftsmanship Co-organiser of ScTurkey Community Works as a Red Hatter; a Middleware Consultant

Slide 3

Slide 3 text

An Overall History & Why Openshift

Slide 4

Slide 4 text

@systemcraftsman https://www.slideshare.net/egg9/kubernetes-introduction A Brief Kubernetes History

Slide 5

Slide 5 text

@systemcraftsman Jul 2014 Red Hat contributions start https://www.slideshare.net/egg9/kubernetes-introduction A Brief Kubernetes History

Slide 6

Slide 6 text

@systemcraftsman #1 - Google - 41,649 #2 - Red Hat - 14,410 #6 - IBM - 1230 #9 - CoreOS - 964* #10 - Microsoft - 728 #13 - VMware - 433 #15 - Intel - 400 #23 - Cisco - 192 #26 - Pivotal - 141 #41 - Oracle - 36 #56 - Docker - 14 Amazon/AWS - ? * Most CoreOS commits were done using personal email addresses (Independent) http://stackalytics.com/?metric=commits&project_type=kubernetes-group&release=all Kubernetes Project Contributions

Slide 7

Slide 7 text

@systemcraftsman Red Hat Contributions to Kubernetes Operators Framework | ClusterRole Aggregation | RBAC Authorization | Stateful Sets | Init Containers | Rolling Update Status | Pod Security Policy Limits | Memory based Pod Eviction | Quota Controlled Services | 1,000+ Nodes | Dynamic PV Provisioning | Multiple Schedulers | SECCOMP | Audit | Job Scheduler | Access Review API | Whitelisting Sysctls | Secure Cluster Policy | Evict Pods Disk IO | Storage Classes | Azure Data Disk | etcdv3 | RBAC API | Auth to kubelet API | Pod-level cGroups QoS | Kublet Eviction Model | RBAC | Storage Class | CustomResourceDefinitions | API Aggregation | Encrypted secrets in etcd | Limit Node Access | HPA Status Conditions | Network Policy | CRI Validation Test Suite | Local Persistent Storage | Audit Logging |

Slide 8

Slide 8 text

@systemcraftsman A Brief History of Openshift Openshift v2 - Announced in 2013 Red Hat Contribution to K8s started in 2014 Openshift v3 dev. Preview is announced in 2016 Openshift v3.0 is announced in 2017 (end of v2)

Slide 9

Slide 9 text

9 How Do We Deliver OpenShift? CONTAINER PLATFORM DEDICATED ONLINE Integrate OSS projects Partner integration platform No-cost validations for innovation Community Distribution of Kubernetes 100+ Integrations Align time with OSS trunk

Slide 10

Slide 10 text

@systemcraftsman Security fixes 100s of defect and performance fixes 200+ validated integrations Middleware integrations (container images, storage, networking, cloud services, etc) 9 year enterprise lifecycle management Certified Kubernetes Kubernetes Release OpenShift Release 1-3 months hardening Openshift Is Kubernetes For The Enterprise

Slide 11

Slide 11 text

@systemcraftsman ~250 Bugs Fixed ~190 Bugs Fixed ~30 Bugs Fixed Between K8s 1.* and Openshift 3.* Between Openshift 3.* and 3.*.33 Since 3.*.33 Openshift Is Kubernetes For The Enterprise

Slide 12

Slide 12 text

@systemcraftsman Requires a Linux operating system Requires a Container Runtime (CRI-O, Containerd, Docker, etc) Requires image registry Requires software defined networking Requires load‐balancer and routing Requires log management Requires container metrics and monitoring OpenShift includes all these components fully integrated and fully tested as part of the platform. Why Kubernetes Is Not Enough For The Enterprise

Slide 13

Slide 13 text

@systemcraftsman Container Infrastructure and Management Kubernetes OKD* OpenShift Multi-host container scheduling ✔ ✔ ✔ Self-service provisioning ✔ ✔ ✔ Service discovery ✔ ✔ ✔ Enterprise Linux operating system ✔ Image registry ✔ ✔ Validated storage plugins ✔ ✔ Networking and validated networking plugins ✔ ✔ Log aggregation and monitoring ✔ ✔ Multi-tenancy ✔ ✔ Metering and chargeback ✔ * OKD is the open source project formerly known as OpenShift Origin

Slide 14

Slide 14 text

@systemcraftsman Developer Experience Kubernetes OKD* OpenShift Automated image builds No developer or application services ✔ ✔ CI/CD workflows and pipelines ✔ ✔ Certified application services ✔ Certified middleware ✔ Certified databases ✔ 200+ certified ISV solutions ✔ * OKD is the open source project formerly known as OpenShift Origin

Slide 15

Slide 15 text

@systemcraftsman Enterprise Support and Community Kubernetes OKD OpenShift Community forums and resources ✔ ✔ ✔ Zero downtime patching and upgrades ✔ Enterprise 24/7 support ✔ 9 year support lifecycle ✔ Security response team ✔ External review: 10 most important differences between OpenShift and Kubernetes

Slide 16

Slide 16 text

@systemcraftsman That’s Why:

Slide 17

Slide 17 text

@systemcraftsman Kubernetes is a project, Openshift is a product That’s Why:

Slide 18

Slide 18 text

Myths

Slide 19

Slide 19 text

@systemcraftsman Myth: Openshift Is Too Far Behind K8s OSS

Slide 20

Slide 20 text

@systemcraftsman Myth: Openshift Is Too Heavy | It’s a PaaS KUBERNETES RED HAT ENTERPRISE LINUX | RED HAT COREOS SDN NETWORKING STORAGE LOGGING MONITORING CI/CD PIPELINES SERVICE CATALOG CONTAINER REGISTRY SECURITY | AUTH OPS CONSOLE BARE METAL VIRTUAL PRIVATE PUBLIC SERVICE BROKERS | ANSIBLE | AWS | AZURE | GCP CLOUD-NATIVE AI / ML BIG DATA IOT SERVERLESS OPERATOR LIFECYCLE MANAGER | PLATFORM | APPLICATIONS RED HAT MIDDLEWARE SERVICES TRADITIONAL WINDOWS ISTIO - SERVICE MESH CONTAINERS AS A SERVICE (CaaS) PLATFORM AS A SERVICE (PaaS) [OPTIONAL TO USE]

Slide 21

Slide 21 text

Openshift Architecture

Slide 22

Slide 22 text

@systemcraftsman Automated Operations Kubernetes Red Hat Enterprise Linux or Red Hat CoreOS Application Services CaaS PaaS Best IT Ops Experience Best Developer Experience Cluster Services Developer Services Middleware, Service Mesh, Functions, ISV Metrics, Chargeback, Registry, Logging Dev Tools, Automated Builds, CI/CD, IDE Openshift Container Platform

Slide 23

Slide 23 text

@systemcraftsman EXISTING AUTOMATION TOOLSETS SCM (GIT) CI/CD SERVICE LAYER ROUTING LAYER PERSISTENT STORAGE REGISTRY RHEL NODE c RHEL NODE RHEL NODE RHEL NODE RHEL NODE RHEL NODE C C C C C C C C C C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID Openshift Architecture

Slide 24

Slide 24 text

@systemcraftsman Openshift Architecture https://medium.com/levvel-consulting/the-differences-between-kubernetes-and-openshift-ae778059a90e

Slide 25

Slide 25 text

@systemcraftsman Openshift Architecture https://medium.com/levvel-consulting/the-differences-between-kubernetes-and-openshift-ae778059a90e

Slide 26

Slide 26 text

Openshift Installation Architectures

Slide 27

Slide 27 text

@systemcraftsman Proof-of-Concept Architecture Application Traffic Dev and Ops User INFRA MASTER NODE NODE An infrastructure node is a node that is dedicated to infrastructure pods such as router, image registry, metrics, and logs

Slide 28

Slide 28 text

@systemcraftsman App High-Availability Architecture ENTERPRISE LOAD-BALANCER Application Traffic Dev and Ops User INFRA MASTER INFRA NODE NODE NODE NODE

Slide 29

Slide 29 text

@systemcraftsman Full High-Availability Architecture ENTERPRISE LOAD-BALANCER Application Traffic Dev and Ops User NODE MASTER MASTER INFRA MASTER INFRA NODE NODE NODE NODE NODE INFRA NODE

Slide 30

Slide 30 text

Technical Deep Dive

Slide 31

Slide 31 text

Application Health

Slide 32

Slide 32 text

@systemcraftsman Auto-Healing Failed Pods RHEL NODE RHEL NODE c RHEL NODE RHEL NODE c RHEL NODE C C RHEL NODE C C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING C

Slide 33

Slide 33 text

@systemcraftsman RHEL NODE RHEL NODE c RHEL NODE RHEL NODE c RHEL NODE C C RHEL NODE C C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING C Auto-Healing Failed Pods

Slide 34

Slide 34 text

@systemcraftsman RHEL NODE RHEL NODE c RHEL NODE RHEL NODE c RHEL NODE C C RHEL NODE C C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING C Auto-Healing Failed Pods

Slide 35

Slide 35 text

@systemcraftsman RHEL NODE RHEL NODE c RHEL NODE RHEL NODE c RHEL NODE C C RHEL NODE C C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING C Auto-Healing Failed Containers

Slide 36

Slide 36 text

@systemcraftsman RHEL NODE RHEL NODE c RHEL NODE RHEL NODE c RHEL NODE C C RHEL NODE C C RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING C Auto-Healing Failed Containers

Slide 37

Slide 37 text

@systemcraftsman RHEL NODE RHEL NODE RHEL NODE RHEL NODE C C RHEL NODE C C c RED HAT ENTERPRISE LINUX MASTER API/AUTHENTICATION DATA STORE SCHEDULER HEALTH/SCALING C c Auto-Healing Failed Containers

Slide 38

Slide 38 text

Routing

Slide 39

Slide 39 text

@systemcraftsman Built-in Service Discovery Internal Load-Balancing SERVICE app=payroll role=frontend POD app=payroll role=frontend POD app=payroll role=frontend Name: payroll-frontend IP: 172.10.1.23 Port: 8080 POD app=payroll role=backend version=1.0 version=1.0

Slide 40

Slide 40 text

@systemcraftsman SERVICE app=payroll role=frontend POD app=payroll role=frontend POD app=payroll role=frontend Name: payroll-frontend IP: 172.10.1.23 Port: 8080 POD app=payroll role=backend version=2.0 version=1.0 POD app=payroll role=frontend version=1.0 Built-in Service Discovery Internal Load-Balancing

Slide 41

Slide 41 text

@systemcraftsman SERVICE POD POD ROUTER POD EXTERNAL TRAFFIC INTERNAL TRAFFIC Route Exposes Services Externally

Slide 42

Slide 42 text

@systemcraftsman ROUTING AND EXTERNAL LOAD-BALANCING Pluggable routing architecture HAProxy Router F5 Router Multiple-routers with traffic sharding Router supported protocols HTTP/HTTPS WebSockets TLS with SNI Non-standard ports via cloud load-balancers, external IP, and NodePort

Slide 43

Slide 43 text

@systemcraftsman ROUTE SPLIT TRAFFIC SERVICE A App A App A SERVICE B App B App B ROUTE 10% traffic 90% traffic Split Traffic Between Multiple Services For A/B Testing, Blue/Green and Canary Deployments

Slide 44

Slide 44 text

Logging & Metrics

Slide 45

Slide 45 text

@systemcraftsman Central Log Management with EFK EFK stack to aggregate logs for hosts and applications Elasticsearch: a search and analytics engine to store logs Fluentd: gathers logs and sends to Elasticsearch. Kibana: A web UI for Elasticsearch.

Slide 46

Slide 46 text

@systemcraftsman APPLICATION LOGS OPERATION LOGS ELASTIC ELASTIC RHEL NODE POD POD POD POD FLUENTD RHEL NODE POD POD POD POD FLUENTD ELASTICSEARCH RHEL NODE POD POD POD POD FLUENTD USER ELASTIC ELASTIC KIBANA ELASTIC ELASTIC ELASTICSEARCH ELASTIC ELASTIC KIBANA ADMIN Central Log Management with EFK

Slide 47

Slide 47 text

@systemcraftsman CONTAINER METRICS RHEL NODE POD POD POD POD FLUENTD Container Metrics RHEL NODE POD POD POD POD FLUENTD HEAPSTER RHEL NODE POD POD POD POD CADVISOR HAWKULAR OPENSHIFT WEB CONSOLE ELASTIC ELASTIC CASSANDRA RED HAT CLOUDFORMS CUSTOM DASHBOARDS API USER

Slide 48

Slide 48 text

@systemcraftsman Container Metrics

Slide 49

Slide 49 text

Security

Slide 50

Slide 50 text

@systemcraftsman NODE MASTER Secret Management Container Distributed Store Container Secure mechanism for holding sensitive data e.g. Passwords and credentials SSH Keys Certificates Secrets are made available as Environment variables Volume mounts Interaction with external systems

Slide 51

Slide 51 text

@systemcraftsman Certificate Management Check Expiry Redeploy Certs Certificates are used to provide secure connections to Master and nodes Router and registry Etcd Ansible playbooks to automate redeployment Redeploy all at once or specific components Certificate expiry report generator MASTER NODES ROUTER REGISTRY ETCD ✓ ✓ ✓ ✓ ✓ Ansible Playbook

Slide 52

Slide 52 text

Persistent Storage

Slide 53

Slide 53 text

@systemcraftsman Persistent Storage NFS GlusterFS OpenStack Cinder Ceph RBD AWS EBS GCE Persistent Disk iSCSI Fiber Channel Azure Disk Azure File FlexVolume VMWare vSphere VMDK Container Storage Interface (CSI)** * Shipped and supported by NetApp via TSANet ** Tech Preview NetApp Trident* Persistent Volume (PV) is tied to a piece of network storage Provisioned by an administrator (static or dynamically) Allows admins to describe storage and users to request storage Assigned to pods based on the requested size, access mode, labels and type

Slide 54

Slide 54 text

@systemcraftsman PROJECT POOL OF PERSISTENT VOLUMES Persistent Storage NFSP V iSCSI PV NFSP V Admin User register PV create claim NFSP V GlusterFS PV Pod claim Pod claim Pod claim Ceph RBD PV

Slide 55

Slide 55 text

@systemcraftsman Dynamic Volume Provisioning Admin User define StorageClass create claim: Fastest Slow Azure-Disk Fast AWS-SSD Fastest NetApp-Flash NetApp Provisioner AWS Provisioner Pod claim PV OpenShift PV Controller provision Azure Provisioner bound

Slide 56

Slide 56 text

Service Brokers

Slide 57

Slide 57 text

@systemcraftsman What Is A Service Broker? SERVICE CONSUMER SERVICE PROVIDER SERVICE CATALOG SERVICE BROKER Automated, Standard and Consistent

Slide 58

Slide 58 text

@systemcraftsman Why A Service Broker? SERVICE CONSUMER SERVICE PROVIDER ☑ Open ticket ☑ Wait for allocation ☑ Receive credentials ☑ Add to app ☑ Deploy app Manual, Time-consuming and Inconsistent

Slide 59

Slide 59 text

@systemcraftsman A multi-vendor project to standardize how services are consumed on cloud-native platforms across service providers

Slide 60

Slide 60 text

@systemcraftsman Openshift Service Catalog OPENSHIFT SERVICE CATALOG OpenShift Automation Broker OpenShift Template Broker AWS Service Broker Other Service Brokers ANSIBLE OPENSHIFT AWS OTHER COMPATIBLE SERVICES Ansible Playbook Bundles OpenShift Templates AWS Services Other Services

Slide 61

Slide 61 text

Operator Framework

Slide 62

Slide 62 text

@systemcraftsman Kubernetes Operator Framework Operator Framework is an open source toolkit to manage application instances on Kubernetes in an effective, automated and scalable way. Installation Upgrade Backup Failure recovery Metrics & insights Tuning AUTOMATED LIFECYCLE MANAGEMENT

Slide 63

Slide 63 text

@systemcraftsman Operators codify operational knowledge and workflows to automate lifecycle management of containerized applications with Kubernetes SDK LIFECYCLE MANAGEMENT METERING Kubernetes Operator Framework

Slide 64

Slide 64 text

@systemcraftsman Why Operator Framework? DEVELOPER DEPLOY STATEFUL APP A WHILE LATER APP SERVICES OPERATIONS UPDATE PATCH BACKUP REBALANCE SCALE DEPLOY STATEFUL APP UPDATE PATCH BACKUP REBALANCE SCALE APP OPERATOR DEVELOPER

Slide 65

Slide 65 text

@systemcraftsman Operator Lifecycle Manager

Slide 66

Slide 66 text

@systemcraftsman Operator Metering Based on Prometheus Reports namespace, pods and custom label query Easy to process by accounting or custom software

Slide 67

Slide 67 text

Build and Deploy Container Images

Slide 68

Slide 68 text

@systemcraftsman DEPLOY YOUR SOURCE CODE DEPLOY YOUR CONTAINER IMAGE DEPLOY YOUR APP BINARY Build and Deploy Container Images

Slide 69

Slide 69 text

@systemcraftsman Deploy Source Code With Source-to-Image (S2I) Git Repository BUILD APP (OpenShift) Developer code Source-to-Image (S2I) Builder Image Image Registry BUILD IMAGE (OpenShift) DEPLOY (OpenShift) deploy Application Container OpenShift Does User/Tool Does

Slide 70

Slide 70 text

@systemcraftsman Application Binary (e.g. WAR) BUILD APP (Build Infra) Existing Build Process build Source-to-Image (S2I) Builder Image Image Registry BUILD IMAGE (OpenShift) DEPLOY (OpenShift) deploy Application Container OpenShift Does User/Tool Does Deploy App Binary With Source-to-Image (S2I)

Slide 71

Slide 71 text

@systemcraftsman DEPLOY (OpenShift) Deploy Docker Image build Application Container deploy Application Image Image Registry BUILD IMAGE (Build Infra) Existing Image Build Process PUSH (Build Infra) OpenShift Does User/Tool Does

Slide 72

Slide 72 text

@systemcraftsman BUILD STAGE 3 BUILD STAGE 2 BUILD STAGE 1 Build Images in Multiple Stages

Slide 73

Slide 73 text

CI/CD

Slide 74

Slide 74 text

@systemcraftsman Continuous Delivery with Containers source repository CI/CD engine dev container physical virtual private cloud public cloud

Slide 75

Slide 75 text

@systemcraftsman CI/CD with Builds and Deployments BUILDS Webhook triggers: build the app image whenever the code changes Image trigger: build the app image whenever the base language or app runtime changes Build hooks: test the app image before pushing it to an image registry DEPLOYMENTS

Slide 76

Slide 76 text

@systemcraftsman Openshift Loves CI/CD JENKINS-AS-A SERVICE ON OPENSHIFT HYBRID JENKINS INFRA WITH OPENSHIFT EXISTING CI/CD DEPLOY TO OPENSHIFT

Slide 77

Slide 77 text

@systemcraftsman JENKINS-AS-A-SERVICE ON OPENSHIFT Plugins Jobs Configuration Jenkins (S2I) Custom Jenkins Image Jenkins Image Certified Jenkins images with pre-configured plugins Provided out-of-the-box Follows Jenkins 1.x and 2.x LTS versions Jenkins S2I Builder for customizing the image Install Plugins Configure Jenkins Configure Build Jobs OpenShift plugins to integrate authentication with OpenShift and also CI/CD pipelines Dynamically deploys Jenkins slave containers

Slide 78

Slide 78 text

@systemcraftsman HYBRID JENKINS INFRA WITH OPENSHIFT OPENSHIFT APP APP run job JENKINS SLAVE Run Job JENKINS SLAVE Run Job build JENKINS MASTER deploy Scale existing Jenkins infrastructure by dynamically provisioning Jenkins slaves on OpenShift Use Kubernetes plug-in on existing Jenkin servers

Slide 79

Slide 79 text

@systemcraftsman EXISTING CI/CD DEPLOY TO OPENSHIFT OPENSHIFT APP EXISTING CI/CD INFRA Jenkins, Bamboo, TeamCity, etc APP build deploy S2I Build run job Existing CI/CD infrastructure outside OpenShift performs operations against OpenShift OpenShift Pipeline Jenkins Plugin for Jenkins OpenShift CLI for integrating other CI Engines with OpenShift Without disrupting existing processes, can be combined with previous alternative

Slide 80

Slide 80 text

@systemcraftsman OPENSHIFT PIPELINES apiVersion: v1 kind: BuildConfig metadata: name: app-pipeline spec: strategy: type: JenkinsPipeline jenkinsPipelineStrategy: jenkinsfile: |- node('maven') { stage('build app') { git url: 'https://git/app.git' sh "mvn package" } stage('build image') { sh "oc start-build app --from-file=target/app.jar } stage('deploy') { openshiftDeploy deploymentConfig: 'app' } } Provision a Jenkins slave for running Maven OpenShift Pipelines allow defining a CI/CD workflow via a Jenkins pipeline which can be started, monitored, and managed similar to other builds Dynamic provisioning of Jenkins slaves Auto-provisioning of Jenkins server OpenShift Pipeline strategies Embedded Jenkinsfile Jenkinsfile from a Git repository

Slide 81

Slide 81 text

@systemcraftsman OpenShift Pipelines in Web Console

Slide 82

Slide 82 text

@systemcraftsman Continuous Delivery Pipeline OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER DEVELOPER GIT SERVER ARTIFACT REPOSITORY OPENSHIFT CI/CD PIPELINE (JENKINS) IMAGE BUILD & DEPLOY OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER NON-PROD PROD DEV

Slide 83

Slide 83 text

@systemcraftsman OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER DEVELOPER GIT SERVER ARTIFACT REPOSITORY OPENSHIFT CI/CD PIPELINE (JENKINS) IMAGE BUILD & DEPLOY OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER PROMOTE TO TEST NON-PROD PROD DEV TEST Continuous Delivery Pipeline

Slide 84

Slide 84 text

@systemcraftsman OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER DEVELOPER GIT SERVER ARTIFACT REPOSITORY OPENSHIFT CI/CD PIPELINE (JENKINS) IMAGE BUILD & DEPLOY OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER PROMOTE TO TEST PROMOTE TO UAT NON-PROD PROD DEV TEST UAT Continuous Delivery Pipeline

Slide 85

Slide 85 text

@systemcraftsman ServiceNow JIRA Service Desk Zendeks BMC Remedy OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER DEVELOPER GIT SERVER ARTIFACT REPOSITORY OPENSHIFT CI/CD PIPELINE (JENKINS) IMAGE BUILD & DEPLOY OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER GO LIVE? PROMOTE TO TEST PROMOTE TO UAT RELEASE MANAGER NON-PROD PROD ☒ ☑ DEV TEST UAT Continuous Delivery Pipeline

Slide 86

Slide 86 text

@systemcraftsman OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER GIT SERVER ARTIFACT REPOSITORY OPENSHIFT CI/CD PIPELINE (JENKINS) IMAGE BUILD & DEPLOY OPENSHIFT IMAGE REGISTRY OPENSHIFT CLUSTER GO LIVE? PROMOTE TO TEST PROMOTE TO UAT PROMOTE TO PROD RELEASE MANAGER NON-PROD PROD DEV TEST UAT ☒ ☑ DEVELOPER Continuous Delivery Pipeline

Slide 87

Slide 87 text

Application Services

Slide 88

Slide 88 text

@systemcraftsman CrunchyData GitLab Iron.io Couchbase Sonatype EnterpriseDB NuoDB Fujitsu and many more ...and virtually any docker image out there! True Polyglot Platform PHP Python Java NodeJS Perl Ruby .NET Core Apache HTTP Server MySQL Redis nginx Tomcat Varnish JBoss EAP JBoss A-MQ JBoss Fuse JBoss BRMS JBoss BPMS JBoss Data Grid JBoss Data Virt RH Mobile RH SSO 3SCALE API mgmt JBoss Web Server Spring Boot Wildfly Swarm Vert.x PostgreSQL MongoDB Phusion Passenger Third-party Language Runtimes Third-party Databases Third-party App Runtimes Third-party Middleware Third-party Middleware LANGUAGES DATABASES WEB SERVERS MIDDLEWARE

Slide 89

Slide 89 text

OPENSHIFT TECHNICAL OVERVIEW 89 Modern, Cloud-Native Application Runtimes and an Opinionated Developer Experience OPENSHIFT SUPPORTED RUNTIMES Eclipse Vert.x WildFly Swarm Node.js LAUNCH Spring Boot JBoss EAP

Slide 90

Slide 90 text

Openshift Service Mesh Tech Preview available

Slide 91

Slide 91 text

@systemcraftsman The Need For a Service Mesh SERVICE MESH SOLVES THE CHALLENGES OF: ● Ensuring reliability ● Troubleshooting ● Performance ● Security ● Dynamic topology USE CASE: Difficulty identifying root cause of performance issues DISTRIBUTED TRACING provides service dependency analysis for different microservices and tracking for requests traced through multiple microservices. It also identifies performance bottlenecks and calls out particular requests, identifying the cause to the latency of a request or the service that created an error.

Slide 92

Slide 92 text

@systemcraftsman Microservices Without Istio Container JVM service A discovery load-balancer resiliency metrics tracing app logic JVM service B discovery load-balancer resiliency metrics tracing app logic Container JVM service C discovery load-balancer resiliency metrics tracing app logic

Slide 93

Slide 93 text

@systemcraftsman Microservices With Istio Container JVM service C app logic Pod Sidecar Container Envoy Container JVM service A app logic Pod Sidecar Container Envoy Container JVM service B app logic Pod Sidecar Container Envoy

Slide 94

Slide 94 text

@systemcraftsman Openshift Service Mesh Istio - Jaeger discovery resiliency metrics tracing OpenShift App Container Pod Sidecar Container Envoy Pod Sidecar Container Envoy App Container Sidecar Container Envoy App Container load-balancer

Slide 95

Slide 95 text

@systemcraftsman Openshift Service Mesh Making service-to-service communication safe, performant, and reliable OBSERVABILITY POLICY ENFORCEMENT SERVICE IDENTITY & SECURITY TRAFFIC MANAGEMENT DIST. TRANSACTION MONITORING SERVICE DEPENDENCY ANALYSIS ROOT CAUSE ANALYSIS DISTRIBUTED CONTEXT PROPAGATION PERFORMANCE / LATENCY OPTIMIZATION ISTIO JAEGER DISTRIBUTED TRACING CONFIGURATION VALIDATION METRICS COLLECTION AND GRAPHS SERVICE GRAPH REPRESENTATION SERVICE DISCOVERY & HEALTH COMPUTATION KIALI

Slide 96

Slide 96 text

@systemcraftsman Release Details ● Supported distribution of Istio, Jaeger, Kiali, Prometheus, and Grafana ● Upstream project called Maistra ● Integrated with Red Hat OpenShift Application Runtimes (RHOAR) ● OpenShift Service Mesh comes included with any OCP subscription September • Istio and Jaeger • Istio Operator for install/uninstall • Installation docs TP 1 October • Kiali added TP 2 • Full support on OpenShift 4.0 • Istio Operator for updates GA Q1 CY19 TP releases every few weeks TP N TP 4 TP 3 OPENSHIFT SERVICE MESH

Slide 97

Slide 97 text

Resources

Slide 98

Slide 98 text

@systemcraftsman learn.openshift.com Interactive Learning Scenarios provide you with a pre-configured OpenShift instance, accessible from your browser without any downloads or configuration.

Slide 99

Slide 99 text

@systemcraftsman developers.redhat.com

Slide 100

Slide 100 text

@systemcraftsman

Slide 101

Slide 101 text

THANK YOU