OpenShift Windows Containers

Transcript

1. The Road to Production OpenShift Windows Containers Subodh Bhargava @

   Microsoft, Senior Program Manager in Windows Server Group Mike Barrett @ Red Hat, Senior Director in Cloud Platforms Anand Chandramohan @ Red Hat, Senior Principal Product Manager in Cloud Platforms

2. Why Windows Containers?

3. ASP.NET and .NET continue to be top framework choices Source:

   Stackoverflow Developer Survey, 2019 2019 Stackoverflow Developer Survey, Most Popular Technologies 3

4. Why containerize traditional Windows apps? • PORTABILITY, SECURITY AND COST

   REDUCTION ◦ Accelerate your public and hybrid cloud strategy ◦ Gain applications portability, agility, and control ◦ Reduce infrastructure and management costs for Windows 2003, 2008, and 2012 Windows applications Custom Licensing and Support Hardware Resources Inefficiencies Application Maintenance and Management COSTS FOR MANAGING TRADITIONAL APPLICATIONS 65% Traditional Application Maintenance 59% Inertia of Traditional App Infrastructure Top Development Challenges for Development Teams State of App development Survey: Q1 2016, Cornell University case study.

5. On-Premises ✔ No re-architect or new code ✔ Increased density

   & lower deployment cost ✔ Improved productivity and DevOps agility ✔ Portability of apps and dependencies Lift and Shift Scenarios 5

6. Windows Container Adoption is Growing 5 Million Pulls Total Server

   Core Nano Server Monthly Image Pulls

7. Windows Server Evolution

8. Kubernetes Evolution 8

9. Why on OpenShift?

10. Trusted enterprise Kubernetes Empowering developers to innovate Cloud-like experience everywhere

    Open source innovation Why Customers Choose Red Hat OpenShift

11. Developer Productivity Cluster Services Automated Ops ⠇Over-The-Air Updates ⠇Monitoring ⠇Registry

    ⠇Networking ⠇Router ⠇KubeVirt ⠇OLM ⠇Helm 11 Red Hat Enterprise Linux & RHEL CoreOS Kubernetes Developer CLI ⠇VS Code extensions ⠇IDE Plugins Code Ready Workspaces CodeReady Containers Service Mesh ⠇Serverless Builds ⠇CI/CD Pipelines Full Stack Logging Chargeback Databases ⠇Languages Runtimes ⠇Integration Business Automation 100+ ISV Services Platform Services Application Services Developer Services Larger Scope Physical Virtual Private cloud Public cloud Build Cloud-Native Apps Manage Workloads Multi-cluster Management Discovery ⠇Policy ⠇Compliance ⠇Configuration ⠇Workloads Managed cloud (Azure, AWS, IBM, Red Hat) Windows Server Nodes

12. 12 Long Term Investment Kubernetes Containers Red Hat

13. MODERNIZE APPS WEB APPS CLOUD NATIVE DEV MOBILE BIG DATA

    | ANALYTICS AI | ML MULTI-CLOUD IOT More Than 1,700 Red Hat OpenShift Customers 13

14. For Windows Containers 14 • Choose: Learn straight Kubernetes or

    stay in the Windows App • Commercial on premise ISV container eco-system for Kubernetes • Leverage out of the box OVN networking or replace it with Tigera solutions • Windows Kubernetes Lifecycling • Automated Windows node joins to cluster • Logging and Monitoring • Only place you can run .NET in a KubeVirt Windows VM, RHEL .NET Core Container, and a Windows Server Container: Complete Windows coverage

15. The Solution

16. 16 EXISTING AUTOMATION TOOLSETS SCM (GIT) CI/CD WORKER MASTER OpenShift

    Services STORAGE Kubernetes services Monitoring | Logging | Tuned SDN | DNS | Kubelet Infrastructure services etcd NETWORK COMPUTE Registry Prometheus | Grafana Alertmanager Kibana | Elasticsearch Router Developers Admins WORKER Monitoring | Logging | Tuned SDN | DNS | Kubelet Registry Prometheus | Grafana Alertmanager Kibana | Elasticsearch Router This is Still Normal OpenShift

17. OSS Windows Inbox OpenShift On Prem architecture Physical Network –

    VMWARE, CISCO, or any SDN K8s Master Node (Linux) Linux OS OVS Openshift CNI CRI Storage Plugins (SMB, iSCSI) CNI CSI or FlexVolume Fluentd Plugin Prometheus Exporter Container Runtime (CRIO) Kubelet K8s Worker Node (Windows) Windows OS Host Compute Service (HCS) Host Network Service (HNS) Container Runtime (Docker / ContainerD) CRI Fluentd Plugin Prometheus Exporter OSS + Windows Contributed VSWITCH Openshift Kubernetes Cluster New Code (co-owned by RHT and MSFT) VXLAN Tunnel Kubernetes Annotations (etcd) Running on Linux master node Kubelet Network policy daemon Storage Plugins (SMB, iSCSI) CNI CSI or FlexVolume Win-overlay CNI Kube-proxy Hybdrid-Ove rlay service Hybdrid-Overlay daemon Kubernetes Annotations (etcd)

18. 18 How the Hybrid Network Works

19. Dev Preview Architecture Pulls Down: • WMCB • OpenShift node

    ignition config • Upstream Kubelet • Hybrid-Overlay • Kube-Proxy • CNI plugin taint = windows hosts inventory file WMCB: • Configures the kubelet.conf • Handles the CSR handshake • Set taint for windows • Loads CNI plugin • Loads hybrid-overlay • Starts Kubelet as Windows Service Network Rules for Traffic In/Out Or Bare Metal

20. See it in Action: Demo

21. None

22. Why isn’t it GA yet?!?!

23. 2019 2020 2021 March Dec First Half Second Half 3/25/2019

    Kubernetes 1.14: Production-level support for Windows Nodes OpenShift 4.3 OpenShift 4.5 OVN GA OpenShift 4.7 OpenShift 4.4 Magic 8 Ball OpenShift 4.3 = Kubernetes 1.16 OpenShift 4.4 = Kubernetes 1.17 OpenShift 4.5 = Kubernetes 1.18 OpenShift 4.6 = Kubernetes 1.19 OpenShift 4.7 = Kubernetes 1.20 Kubernetes 1.18 runAsUser gMSA CSI Proxy Kubernetes 1.17 Kubernetes 1.19 OpenShift 4.6 Kubernetes 1.20 RuntimeClass Dates are Subject to Change Without Notice THE GA ZONE Dev Preview Drop 6 Tech Preview First Half Second

24. 24 LifeCycle • Be able to target a set of

    Windows servers • Automate the deployment of the software on Windows • Configure the software on the Windows node specific to OpenShift • Keep the Window’s node Kube software in sync with the OpenShift cluster version

25. Operator Architecture

26. Logging & Monitoring TLS TLS OpenShift Infra Nodes Prometheus node_exporter

    TLS TLS LogMonitor Fluentd Node_Exporter Open source projects driving this work:

27. 27 Storage Image from: https://static.sched.com/hosted_files/kccncna19/1e/WindowsSuperpowers.pdf Old Way New Way

28. 28 Resource Management & Security Resource Management • CPU based

    on Percentage instead of Shares targeting Kubernetes 1.20 • RuntimeClass for HyperV container isolation targeting Kubernetes 1.20 ◦ Will also require CRI based containerd targeting Kubernetes 1.21 • Pod evictions due to memory pressure targeting Kubernetes 1.21 Security • Windows Group Managed Service Account (gMSA) and runAsUserName stable in Kubernetes 1.18

29. Scope for First Release (GA) • Join a Windows Server

    node to a OpenShift cluster • Life Cycle required software on the Windows Server node • Be able to hold a tenant boundary • Be able to deploy a container to the Windows Server • Be able to route traffic between pods (east/west) and to application users (north/south) • Prometheus/Grafana Dashboards • ElasticSearch Logging (EFK) • 3rd party eco-system for PV Support Out of Scope for First Release • S2I Build or Knative Automations • Service Mesh Integration • Pipeline Integration • Deeper UI changes • Equal Resource Management Policies in Kubernetes

30. Archive of SIG Windows Meetings Latest Windows Container Forum Topics

    SIG Live Meeting Tues@12:30pmET • Windows Kubernetes Code • OpenShift Windows Container Operator • Windows Kubernetes Downloads DEV PREVIEW Email Microsoft and Red Hat Development Questions or Obtain Access to the Dev Preview Join Kubernetes on Slack! #sig-windows Get Involved or Just Stay Informed! Call To Action
31. None