bit.ly/kubemaster1 dn.dev/openshift-workshop 1 OpenShift and Kubernetes Today’s slides are here: dn.dev/openshift-workshop Homework dn.dev/openshift-tutorial 

dn.dev/kubemaster2 Josh Wood Principal Developer Advocate Formerly CoreOS Kubernetes Operators, O’Reilly 2020 OpenShift for Developers, O’Reilly 2021 [email protected] 

dn.dev/openshift-workshop Developer Sandbox! Get free access for renewable 30 days to a self-service, cloud-hosted Kubernetes experience with Developer Sandbox for Red Hat OpenShift. https://developers.redhat.com/developer-sandbox 

dn.dev/openshift-workshop Why developers care about Hybrid Cloud? Applications can easily be made highly scalable and available Platform looks the same wherever it runs - same APIs and rich UI Applications can be developed and deployed in the same way Clusters typically stretch across cloud AZ for data center resilience But what about load balancing and HA across clusters running in different cloud providers? - It would need multiple data centers to fail to halt your application! X X 

dn.dev/openshift-workshop Why Kubernetes? 

dn.dev/openshift-workshop Love Thy Mono Old School New School 

dn.dev/openshift-workshop Container Technology Supporting Modern Apps workloads Cloud Native Portable and interoperable Mature technology 

dn.dev/openshift-workshop CONTAINERS CLOUD INFRASTRUCTURE LINUX HOST (KERNEL) Container App Container App Container App Container App DEVELOPERS ● Cloud-native apps ● Simplified packaging ● Simplified testing IT OPERATIONS ● Consistent app deploys ● Automated app deploys ● Improved app performance ● Multi-cloud consistency BUSINESS LEADER ● Enable devops culture ● Enable hybrid cloud ● Reduce vm licensing costs ● Accelerate app-dev cycles 

dn.dev/openshift-workshop DevOps Challenges - Multiple Containers ▪ How to scale? ▪ How to avoid port conflicts? ▪ How to manage them on multiple hosts? ▪ What happens if a host fails? ▪ How to keep them running continuously? ▪ How to update them? ▪ Rebuild Container Images? 

dn.dev/openshift-workshop ▪ Greek for “Helmsman” ▪ Container orchestrator ▪ Supports multiple cloud and bare-metal environments ▪ Inspired by Google’s experience with containers ▪ Open source, written in Go ▪ Manage applications, not machines Meet Kubernetes 

dn.dev/openshift-workshop What is Kubernetes? 

dn.dev/openshift-workshop ✓ 1+ containers ✓ Single IP address ✓ Shared storage (ephemeral) ✓ Shared resources ✓ Shared lifecycle Kubernetes Terms - Pod 

dn.dev/openshift-workshop ✓ The Desired State - replicas, pod template: health checks, resources, image Kubernetes Terms - Deployment/ReplicaSet 

dn.dev/openshift-workshop ✓ Grouping of pods (acting as one) has stable virtual IP and DNS name Kubernetes Terms - Service 

dn.dev/openshift-workshop ✓ Network available storage ✓ PVs and PVCs Kubernetes Terms - Persistent Volume 

dn.dev/openshift-workshop ✓ Key/Value pairs associated with Kubernetes objects (env=production) Kubernetes Terms - Labels 

dn.dev/openshift-workshop Kubernetes terms and concepts Control Plane The control plane implements loop(s), checking that actual state == desired state ● Controller - a control plane member implementing state reconciliation ● The default control plane schedules pods onto cluster Nodes 

dn.dev/openshift-workshop Primary Node Node Istio proxy Node Node Node Node Dev Ops api etcd scheduler controllers Kubernetes Cluster - Nodes kubelet kubelet kubelet kubelet kubelet kubelet 

dn.dev/openshift-workshop Dev Ops Kubernetes Cluster - Declarative 

dn.dev/openshift-workshop Node Node Istio proxy Node Node Node Node Kubernetes Cluster - 4 Tomcats kubelet kubelet kubelet kubelet kubelet kubelet 

dn.dev/openshift-workshop Node Node Istio proxy Node Node Node Node Kubernetes Cluster - Pod Fail kubelet kubelet kubelet kubelet kubelet kubelet X 

dn.dev/openshift-workshop Node Node Istio proxy Node Node Node Node Kubernetes Cluster - Correcting kubelet kubelet kubelet kubelet kubelet kubelet 

dn.dev/openshift-workshop Node Node Istio proxy Node Node Node Node Kubernetes Cluster - Node Fail kubelet kubelet kubelet kubelet kubelet kubelet X 

dn.dev/openshift-workshop Node Node Istio proxy Node Node Node kubelet kubelet kubelet kubelet kubelet Kubernetes Cluster - Pods Replaced 

Access Developer Console and open Web Terminal 

OpenShift build tools: Pipelines and GitOps Building and deploying app containers on the cluster OpenShift promotes build elements to first-class abstractions on the platform ● Integrated container registry ● Software catalog ● Build configuration builds from source repo ● Image stream: Tagged images, source in registry, rollbacks to arbitrary points on that stream, rebuild apps when FROM is updated 

OpenShift web console and oc Managing apps on the cluster OpenShift promotes some new elements. These tools know about them ● Web console built around the Project → App ● Graphical tools for native k8s things like volume claims, etc ● oc: CLI tool ● odo: CLI tool for developers 

Elements Kubernetes (blue) and OpenShift (red) Abstractions Route Namespace == Project Build Configuration Image Stream Integrated Registry Pod Replica Set Service Ingress Persistent Volume Claim Persistent Volume 

OpenShift Project Namespace ready for work Projects draw on the Kubernetes namespace, which isolates resources and access ● Intelligent RBAC defaults and user role ● Project defines and seals an “application” ● … in a way flexible enough for various architectures ● Projects enable multi-tenant use of an OpenShift cluster with access privileges determined by the identity of the user or the team they belong to 

OpenShift Route Real world external traffic The OpenShift Route(r) ● Routes predate Ingress resource/controllers ● And remain considerably easier to think about and use ● OpenShift admins define Routers -- effectively, edge routing between the cluster SDN and the real world where your customers live ● HAProxy: L7 is in the box ● Easy TLS, edge or pass through 

OpenShift and Kubernetes Conclusions OpenShift makes it easier for devs to get distributed system benefits ● Deployment choices reduced: SDN, Ingress controller and LB costs ● But what about Layer 4? ● What about site specific SDN concerns? ● Kubernetes flexibility: ● Define alternative implementations ● OpenShift Routers: can be replaced, or ● Kubernetes Ingress 

dn.dev/openshift-workshop Additional Resources 

dn.dev/openshift-workshop Developer Sandbox! Get free access for renewable 30 days to a self-service, cloud-hosted Kubernetes experience with Developer Sandbox for Red Hat OpenShift. https://developers.redhat.com/developer-sandbox 

dn.dev/openshift-workshop Lab: dn.dev/openshift-tutorial 

dn.dev/openshift-workshop Want More - Labs! developers.redhat.com ● Using OpenShift ● Developing on OpenShift ● GitOps and Pipelines ● Serverless ● Operators ● Istio ● Storage ● AI/ML ● Quarkus 

dn.dev/openshift-workshop Download https://red.ht/3IxJCzY 

dn.dev/openshift-workshop Download https://red.ht/modernize-enterprise-java 

dn.dev/openshift-workshop Download https://dn.dev/k8s-patterns 

dn.dev/openshift-workshop Thank You!