OpenShift Windows Containers

Transcript

1. The Road to Production
   OpenShift Windows Containers
   Subodh Bhargava @ Microsoft, Senior Program Manager in Windows Server Group
   Mike Barrett @ Red Hat, Senior Director in Cloud Platforms
   Anand Chandramohan @ Red Hat, Senior Principal Product Manager in Cloud Platforms
   

   View Slide

2. Why Windows Containers?
   

   View Slide

3. ASP.NET and .NET continue to be top framework choices
   Source: Stackoverflow Developer Survey, 2019
   2019 Stackoverflow Developer Survey, Most Popular Technologies
   3
   

   View Slide

4. Why containerize traditional Windows apps?
   • PORTABILITY, SECURITY AND COST REDUCTION
   ○ Accelerate your public and hybrid cloud strategy
   ○ Gain applications portability, agility, and control
   ○ Reduce infrastructure and management costs for Windows 2003, 2008, and 2012 Windows
   applications
   Custom Licensing and Support
   Hardware Resources Inefficiencies
   Application Maintenance
   and Management
   COSTS FOR MANAGING
   TRADITIONAL APPLICATIONS
   65%
   Traditional Application
   Maintenance
   59%
   Inertia of Traditional App
   Infrastructure
   Top Development Challenges for
   Development Teams
   State of App development Survey: Q1 2016, Cornell University case study.
   

   View Slide

5. On-Premises
   ✔ No re-architect or new code
   ✔ Increased density & lower deployment cost
   ✔ Improved productivity and DevOps agility
   ✔ Portability of apps and dependencies
   Lift and Shift Scenarios
   5
   

   View Slide

6. Windows Container Adoption is Growing
   5 Million
   Pulls
   Total
   Server Core
   Nano Server
   Monthly Image Pulls
   

   View Slide

7. Windows Server Evolution
   

   View Slide

8. Kubernetes Evolution
   8
   

   View Slide

9. Why on OpenShift?
   

   View Slide

10. Trusted enterprise
    Kubernetes
    Empowering
    developers to
    innovate
    Cloud-like experience
    everywhere
    Open source innovation
    Why Customers Choose Red Hat OpenShift
    

    View Slide

11. Developer Productivity
    Cluster Services
    Automated Ops ⠇Over-The-Air Updates ⠇Monitoring ⠇Registry ⠇Networking ⠇Router ⠇KubeVirt ⠇OLM ⠇Helm
    11
    Red Hat Enterprise Linux & RHEL CoreOS
    Kubernetes
    Developer CLI ⠇VS Code
    extensions ⠇IDE Plugins
    Code Ready Workspaces
    CodeReady Containers
    Service Mesh ⠇Serverless
    Builds ⠇CI/CD Pipelines
    Full Stack Logging
    Chargeback
    Databases ⠇Languages
    Runtimes ⠇Integration
    Business Automation
    100+ ISV Services
    Platform Services Application Services Developer Services
    Larger Scope
    Physical Virtual Private cloud Public cloud
    Build Cloud-Native Apps
    Manage Workloads
    Multi-cluster Management
    Discovery ⠇Policy ⠇Compliance ⠇Configuration ⠇Workloads
    Managed cloud
    (Azure, AWS, IBM, Red Hat)
    Windows Server
    Nodes
    

    View Slide

12. 12
    Long Term Investment
    Kubernetes Containers
    Red Hat
    

    View Slide

13. MODERNIZE APPS WEB APPS CLOUD NATIVE DEV
    MOBILE BIG DATA | ANALYTICS AI | ML
    MULTI-CLOUD
    IOT
    More Than 1,700 Red Hat OpenShift Customers
    13
    

    View Slide

14. For Windows Containers
    14
    ● Choose: Learn straight Kubernetes or
    stay in the Windows App
    ● Commercial on premise ISV container
    eco-system for Kubernetes
    ● Leverage out of the box OVN
    networking or replace it with Tigera
    solutions
    ● Windows Kubernetes Lifecycling
    ● Automated Windows node joins to
    cluster
    ● Logging and Monitoring
    ● Only place you can run .NET in a
    KubeVirt Windows VM, RHEL .NET
    Core Container, and a Windows
    Server Container: Complete Windows
    coverage
    

    View Slide

15. The Solution
    

    View Slide

16. 16
    EXISTING
    AUTOMATION
    TOOLSETS
    SCM
    (GIT)
    CI/CD
    WORKER
    MASTER
    OpenShift Services
    STORAGE
    Kubernetes
    services
    Monitoring | Logging | Tuned
    SDN | DNS | Kubelet
    Infrastructure
    services
    etcd
    NETWORK
    COMPUTE
    Registry
    Prometheus | Grafana
    Alertmanager
    Kibana | Elasticsearch
    Router
    Developers
    Admins
    WORKER
    Monitoring | Logging | Tuned
    SDN | DNS | Kubelet
    Registry
    Prometheus | Grafana
    Alertmanager
    Kibana | Elasticsearch
    Router
    This is Still Normal OpenShift
    

    View Slide

17. OSS
    Windows
    Inbox
    OpenShift On Prem architecture
    Physical Network – VMWARE, CISCO, or any SDN
    K8s Master Node (Linux)
    Linux OS
    OVS
    Openshift CNI
    CRI
    Storage Plugins
    (SMB, iSCSI)
    CNI
    CSI or
    FlexVolume
    Fluentd
    Plugin
    Prometheus
    Exporter
    Container Runtime
    (CRIO)
    Kubelet
    K8s Worker Node (Windows)
    Windows OS
    Host Compute Service
    (HCS)
    Host Network Service (HNS)
    Container
    Runtime
    (Docker /
    ContainerD)
    CRI
    Fluentd
    Plugin
    Prometheus
    Exporter
    OSS +
    Windows
    Contributed
    VSWITCH
    Openshift Kubernetes Cluster
    New Code
    (co-owned
    by RHT and
    MSFT)
    VXLAN
    Tunnel
    Kubernetes
    Annotations (etcd)
    Running on Linux
    master node
    Kubelet
    Network
    policy
    daemon
    Storage
    Plugins
    (SMB,
    iSCSI)
    CNI
    CSI or
    FlexVolume
    Win-overlay
    CNI
    Kube-proxy
    Hybdrid-Ove
    rlay service
    Hybdrid-Overlay daemon
    Kubernetes
    Annotations (etcd)
    

    View Slide

18. 18
    How the Hybrid Network Works
    

    View Slide

19. Dev Preview Architecture
    Pulls Down:
    ● WMCB
    ● OpenShift node ignition config
    ● Upstream Kubelet
    ● Hybrid-Overlay
    ● Kube-Proxy
    ● CNI plugin
    taint = windows
    hosts inventory file
    WMCB:
    ● Configures the kubelet.conf
    ● Handles the CSR handshake
    ● Set taint for windows
    ● Loads CNI plugin
    ● Loads hybrid-overlay
    ● Starts Kubelet as Windows Service
    Network Rules for Traffic In/Out
    Or Bare Metal
    

    View Slide

20. See it in Action: Demo
    

    View Slide

21. View Slide

22. Why isn’t it GA yet?!?!
    

    View Slide

23. 2019 2020 2021
    March Dec First Half Second Half
    3/25/2019
    Kubernetes 1.14: Production-level support
    for Windows Nodes
    OpenShift 4.3
    OpenShift 4.5
    OVN GA OpenShift 4.7
    OpenShift 4.4
    Magic 8 Ball
    OpenShift 4.3 = Kubernetes 1.16
    OpenShift 4.4 = Kubernetes 1.17
    OpenShift 4.5 = Kubernetes 1.18
    OpenShift 4.6 = Kubernetes 1.19
    OpenShift 4.7 = Kubernetes 1.20
    Kubernetes 1.18
    runAsUser
    gMSA
    CSI Proxy
    Kubernetes 1.17 Kubernetes 1.19
    OpenShift 4.6
    Kubernetes 1.20
    RuntimeClass
    Dates are Subject to Change Without Notice
    THE GA ZONE
    Dev Preview Drop 6 Tech Preview
    First Half Second
    

    View Slide

24. 24
    LifeCycle
    ● Be able to target a set of
    Windows servers
    ● Automate the deployment of
    the software on Windows
    ● Configure the software on the
    Windows node specific to
    OpenShift
    ● Keep the Window’s node Kube
    software in sync with the
    OpenShift cluster version
    

    View Slide

25. Operator Architecture
    

    View Slide

26. Logging & Monitoring
    TLS TLS
    OpenShift Infra Nodes
    Prometheus
    node_exporter
    TLS TLS
    LogMonitor
    Fluentd
    Node_Exporter
    Open source projects driving this work:
    

    View Slide

27. 27
    Storage
    Image from: https://static.sched.com/hosted_files/kccncna19/1e/WindowsSuperpowers.pdf
    Old Way New Way
    

    View Slide

28. 28
    Resource Management & Security
    Resource Management
    ● CPU based on Percentage instead of Shares targeting Kubernetes 1.20
    ● RuntimeClass for HyperV container isolation targeting Kubernetes 1.20
    ○ Will also require CRI based containerd targeting Kubernetes 1.21
    ● Pod evictions due to memory pressure targeting Kubernetes 1.21
    Security
    ● Windows Group Managed Service Account (gMSA) and runAsUserName stable
    in Kubernetes 1.18
    

    View Slide

29. Scope for First Release (GA)
    ● Join a Windows Server node to a OpenShift cluster
    ● Life Cycle required software on the Windows Server node
    ● Be able to hold a tenant boundary
    ● Be able to deploy a container to the Windows Server
    ● Be able to route traffic between pods (east/west) and to application users (north/south)
    ● Prometheus/Grafana Dashboards
    ● ElasticSearch Logging (EFK)
    ● 3rd party eco-system for PV Support
    Out of Scope for First Release
    ● S2I Build or Knative Automations
    ● Service Mesh Integration
    ● Pipeline Integration
    ● Deeper UI changes
    ● Equal Resource Management Policies in Kubernetes
    

    View Slide

30. Archive of SIG Windows
    Meetings
    Latest Windows Container
    Forum Topics
    SIG Live Meeting
    Tues@12:30pmET
    ● Windows Kubernetes Code
    ● OpenShift Windows Container
    Operator
    ● Windows Kubernetes Downloads
    DEV PREVIEW
    Email Microsoft and Red Hat
    Development Questions or Obtain
    Access to the Dev Preview
    Join Kubernetes on Slack!
    #sig-windows
    Get Involved or Just Stay Informed!
    Call To Action
    

    View Slide

31. View Slide