OpenShift and Kubernetes: Same, Same, Different Josh Wood Developer Advocate October 2018 

Formerly: DocOps, CoreOS Josh Wood Developer Advocate, Kubernetes and OpenShift ● [email protected] ● @joshixisjosh9 ● github.com/joshix ● speakerdeck.com/joshix 

No content

No content

No content

No content

OpenShift is specifically designed to bring developers and operations teams together. 

K8s bets era: OpenShift v3 & etc. OpenShift Cartridge A bit of history... ... ‘14 June 6: K8s commits OpenShift has roots older than Kubernetes This accounts for some of their differences ‘15 July ‘15: K8s v1.0 ‘16 

Elements Kubernetes (blue) and OpenShift (red) Abstractions Route Deployment Configuration Build Configuration Image Stream Integrated Registry Pod Replication Controller* Service Ingress Persistent Volume Claim Persistent Volume 

Kubernetes terms and concepts Distributed systems oriented Kubernetes is a container cluster orchestrator. It has a proliferation of words: ● Control Plane and Controller - same ● Node - same ● Pod - yup ● Deployment - different, but key concept ● Service - “” ● Ingress and Ingress Controller- different, but 

Kubernetes terms and concepts Control Plane The control plane implements loop(s), checking that actual state == desired state ● Controller - a control plane member implementing state reconciliation ● The default control plane schedules pods onto cluster Nodes 

Kubernetes terms and concepts Pod A Pod groups one or more containers together to share resources ● Pod is the unit of scaling, or replication: kubectl scale depl/name --replicas=3 

Kubernetes terms and concepts Deployment A Deployment represents a running application ● ReplicaSet: group of Pods ● Deployment Controller implements the state loop 

Kubernetes terms and concepts Service A Service defines a logical set of Pods and a manner for accessing them ● By default, a Service provides an endpoint on the cluster network (not external access) ● Usually a Service chooses Pods based on a label selector (eg, `role=frontend`) 

Kubernetes terms and concepts Ingress Ingress is a collection of rules about external access to a Service ● Load balancing, SSL termination and name-based virtual hosting ● Typically HTTP at L7 (but depends on the …) ● Ingress Controller required 

OpenShift things Application developer oriented OpenShift adds abstractions and tooling to make a PaaS-like experience ● Application Oriented: The Deployment config ● Intelligent security, config defaults: multi-tenant, elaborated on the RBAC core in k8s ● Integrated container registry, base for ● Build configurations ● Image streams: of image tags from the registry - can trigger rebuild of apps atop those base images ● Deployment Configuration: ties together application items ● Route: Getting external traffic to the App 

OpenShift build tools Building and deploying app containers on the cluster OpenShift promotes build elements to first-class abstractions on the platform ● Integrated container registry ● Software catalog ● Build configuration ● Image stream: Tagged images, source in registry, rollbacks to arbitrary points on that stream, rebuild apps when FROM is updated 

OpenShift web console and oc Managing apps on the cluster OpenShift promotes some new elements. These tools know about them ● Web console built around the Project -> App ● Graphical tools for native k8s things like volume claims, etc ● oc: CLI tool ● odo: CLI tool for developers 

Elements Kubernetes (blue) and OpenShift (red) Abstractions Route Deployment Configuration Build Configuration Image Stream Integrated Registry Pod Replication Controller* Service Ingress Persistent Volume Claim Persistent Volume 

OpenShift Project Namespace ready for work Projects draw on the Kubernetes namespace, which isolates resources and access ● Intelligent RBAC defaults and user role ● Project defines and seals an “application” ● … in a way flexible enough for various architectures ● Projects enable multi-tenant use of an OpenShift cluster with access privileges determined by the identity of the user or the team they belong to 

OpenShift Deployment Config Developer application handle Deployment Configs bundle application resources from multiple K8s and OpenShift components ● A deployment config: ● Contains one or more application Pods (and thus their containers) ● … again, in a way flexible enough for various architectures ● Lists services related by selectors ● Built on the kubernetes Replication Controller (rather than ReplicaSet) ● Knows how to build my app! ● Tracks build config, build output (including pipelines), other development keys 

OpenShift Route Real world external traffic The OpenShift Route(r) ● Routes predate Ingress resource/controllers ● And remain considerably easier to think about and use ● OpenShift admins define Routers -- effectively, edge routing between the cluster SDN and the real world where your customers live ● HAProxy: L7 is in the box ● Easy TLS, edge or pass through 

OpenShift and Kubernetes Where to get them and how OpenShift ● https://learn.openshift.com ● OpenShift Online Starter ● OpenShift Online Pro, Dedicated (our VMs, managed) ● OpenShift is Software: ● OpenShift Container Platform (on prem/your VMs) ● OKD (formerly OpenShift Origin) ● Minishift: local dev on your laptop 

OpenShift and Kubernetes Conclusions OpenShift makes it easier for devs to get distributed system benefits ● Deployment choices reduced: SDN, Ingress controller and LB costs ● But what about Layer 4? ● What about site specific SDN concerns? ● Kubernetes flexibility: ● Define alternative implementations ● OpenShift Routers: can be replaced, or ● Kubernetes Ingress 

Formerly: DocOps, CoreOS Josh Wood Developer Advocate, Kubernetes and OpenShift ● [email protected] ● @joshixisjosh9 ● github.com/joshix ● speakerdeck.com/joshix 

No content