TECHNICAL OVERVIEW OPENSHIFT CONTAINER PLATFORM
OPENSHIFT CONTAINER PLATFORMTECHNICAL OVERVIEWPresenterPresenter’s titleDate
nCollaborationMulti-tenant2OPENSHIFT TECHNICAL OVERVIEWWeb-scaleOpen SourceEnterprise GradeSecure
OPENSHIFT ARCHITECTUREc3OPENSHIFT TECHNICAL OVERVIEW
LINUX CONTAINERS
WHAT ARE CONTAINERS?It Depends Who You AskAPPLICATIONSINFRASTRUCTURE5 Application processes on a shared kernel Package apps with all dependencies Simpler, lighter, and denser than VMs Deploy to any environment in seconds Portable across different environments Easily accessed and sharedOPENSHIFT TECHNICAL OVERVIEW
VIRTUAL MACHINES AND CONTAINERSVIRTUAL MACHINESVMAppAppAppAppOS ainerContainerAppAppAppAppOS depsOS depsOS depsOS depsContainer Host (Kernel)HypervisorHardwareHardwarevirtual machines are isolatedapps are not6OPENSHIFT TECHNICAL OVERVIEWcontainers are isolatedso are the apps
VIRTUAL MACHINES AND CONTAINERSVirtual MachineContainerApplicationApplicationOS dependenciesOS dependenciesOperating SystemVM IsolationComplete OSStatic ComputeStatic MemoryHigh Resource Usage7OPENSHIFT TECHNICAL OVERVIEWContainer HostContainer IsolationShared KernelBurstable ComputeBurstable MemoryLow Resource Usage
VIRTUAL MACHINES AND CONTAINERSContainerVirtual MachineApplicationIT Ops(and Dev, sort of)OS dependenciesOperating SystemClear ownership boundarybetween Dev and IT Opsdrives DevOps adoptionand fosters agilityApplicationDevOS dependenciesContainer HostIT OpsInfrastructureInfrastructureOptimized for stabilityOptimized for agility8OPENSHIFT TECHNICAL OVERVIEW
APPLICATION PORTABILITY WITH VMVirtual machines are NOT portable across hypervisor anddo NOT provide portable packaging for applicationsGuest VMApplicationOS dependenciesOperating SystemLAPTOP9OPENSHIFT TECHNICAL OVERVIEWApplicationOS dependenciesOperating SystemBARE METALVM Type XVM Type YVM Type ZApplicationApplicationApplicationOS dependenciesOS dependenciesOS dependenciesOperating SystemOperating SystemOperating SystemVIRTUALIZATIONPRIVATE CLOUDPUBLIC CLOUD
APPLICATION PORTABILITY WITH CONTAINERSRHEL Containers RHEL Host Guaranteed PortabilityAcross Any ionApplicationOS dependenciesOS dependenciesOS dependenciesOS dependenciesOS dependenciesRHELRHELRHELVirtual MachineVirtual MachineVirtual MachineVIRTUALIZATIONPRIVATE CLOUDPUBLIC CLOUDRHELRHELGuest VMLAPTOP10OPENSHIFT TECHNICAL OVERVIEWBARE METAL
RAPID SECURITY PATCHING USINGCONTAINER IMAGE LAYERINGImage Layer 3Image Layer 2Image Layer 1Base ImageContainer Image Layers11OPENSHIFT TECHNICAL OVERVIEWApplication LayerJava Runtime LayerOS Update LayerBase RHELExample Container Image
A lightweight, OCI-compliant container runtimeOptimized forKubernetesAny OCI-compliantcontainer from anyOCI registry(including docker)Available in OpenShift Online (soon)Tech Preview in OCP 3.7, GA in OCP 3.812OPENSHIFT TECHNICAL OVERVIEWImprove Security andPerformance at scale
OPENSHIFT ARCHITECTURE
YOUR CHOICE OF INFRASTRUCTURE14OPENSHIFT TECHNICAL OVERVIEW
NODES RHEL INSTANCES WHERE APPS RUN15OPENSHIFT TECHNICAL OVERVIEW
APPS RUN IN CONTAINERSc16OPENSHIFT TECHNICAL OVERVIEW
PODS ARE THE UNIT OF ORCHESTRATIONc17OPENSHIFT TECHNICAL OVERVIEW
MASTERS ARE THE CONTROL PLANE18OPENSHIFT TECHNICAL OVERVIEW
API AND AUTHENTICATION19OPENSHIFT TECHNICAL OVERVIEW
DESIRED AND CURRENT STATE20OPENSHIFT TECHNICAL OVERVIEW
INTEGRATED CONTAINER REGISTRY21OPENSHIFT TECHNICAL OVERVIEW
ORCHESTRATION AND SCHEDULING22OPENSHIFT TECHNICAL OVERVIEW
PLACEMENT BY POLICYc23OPENSHIFT TECHNICAL OVERVIEW
AUTOSCALING PODSc24OPENSHIFT TECHNICAL OVERVIEW
SERVICE DISCOVERYc25OPENSHIFT TECHNICAL OVERVIEW
PERSISTENT DATA IN CONTAINERSc26OPENSHIFT TECHNICAL OVERVIEW
ROUTING AND LOAD-BALANCINGc27OPENSHIFT TECHNICAL OVERVIEW
ACCESS VIA WEB, CLI, IDE AND APIc28OPENSHIFT TECHNICAL OVERVIEW
TECHNICAL DEEP DIVE
MONITORINGAPPLICATION HEALTH
AUTO-HEALING FAILED PODScc31OPENSHIFT TECHNICAL OVERVIEW
AUTO-HEALING FAILED CONTAINERScc32OPENSHIFT TECHNICAL OVERVIEW
AUTO-HEALING FAILED CONTAINERScc33OPENSHIFT TECHNICAL OVERVIEW
AUTO-HEALING FAILED CONTAINERScc34OPENSHIFT TECHNICAL OVERVIEW
AUTO-HEALING FAILED CONTAINERSc35OPENSHIFT TECHNICAL OVERVIEWc
NETWORKING
BUILT-IN SERVICE DISCOVERYINTERNAL LOAD-BALANCING37OPENSHIFT TECHNICAL OVERVIEW
BUILT-IN SERVICE DISCOVERYINTERNAL LOAD-BALANCING38OPENSHIFT TECHNICAL OVERVIEW
ROUTE EXPOSES SERVICES EXTERNALLY39OPENSHIFT TECHNICAL OVERVIEW
ROUTING AND EXTERNAL LOAD-BALANCING Pluggable routing architecture HAProxy Router F5 Router Multiple-routers with traffic shardingRouter supported protocols HTTP/HTTPS WebSockets TLS with SNI 40Non-standard ports via cloud load-balancers,external IP, and NodePortOPENSHIFT TECHNICAL OVERVIEW
ROUTE SPLIT TRAFFICSplit Traffic BetweenMultiple Services For A/BTesting, Blue/Green andCanary Deployments41OPENSHIFT TECHNICAL OVERVIEW
EXTERNAL TRAFFIC TO A SERVICEON A RANDOM PORT WITH NODEPORT42 NodePort binds a service to aunique port on all the nodes Traffic received on any noderedirects to a node with therunning service Ports in 30K-60K range whichusually differs from the service Firewall rules must allow traffic toall nodes on the specific portOPENSHIFT TECHNICAL OVERVIEW
EXTERNAL TRAFFIC TO A SERVICEON ANY PORT WITH INGRESS43 Access a service with an externalIP on any TCP/UDP port, such as Databases Message Brokers Automatic IP allocation from apredefined pool using Ingress IPSelf-Service IP failover pods provide highavailability for the IP poolOPENSHIFT TECHNICAL OVERVIEW
CONTROL OUTGOING TRAFFICSOURCE IP WITH EGRESS ROUTER44OPENSHIFT TECHNICAL OVERVIEW
OPENSHIFT NETWORKING45 Built-in internal DNS to reach services by name Split DNS is supported via SkyDNS Master answers DNS queries for internal services Other nameservers serve the rest of the queries Software Defined Networking (SDN) for a unifiedcluster network to enable pod-to-pod communication OpenShift follows the KubernetesContainer Networking Interface (CNI) plug-in modelOPENSHIFT TECHNICAL OVERVIEW
OPENSHIFT NETWORK PLUGINS* Flannel is minimally verified and is supported only and exactly as deployed in the OpenShift on OpenStack reference architecture46OPENSHIFT TECHNICAL OVERVIEW
OPENSHIFT NETWORKING47OPENSHIFT TECHNICAL OVERVIEW
OPENSHIFT SDNFLAT NETWORK (Default) All pods can communicate witheach other across projectsMULTI-TENANT NETWORK Project-level network isolationMulticast supportEgress network policiesNETWORK POLICY (Tech Preview) 48Granular policy-based isolationOPENSHIFT TECHNICAL OVERVIEWNODENODEPODPODPODPODPODPODPODPOD
OPENSHIFT SDN - NETWORK POLICYExample Policies Allow all traffic inside the project Allow traffic from green to gray Allow traffic to purple on 8080apiVersion: extensions/v1beta1kind: NetworkPolicymetadata:name: s:color: purpleingress:- ports:- protocol: tcpport: 808049OPENSHIFT TECHNICAL OVERVIEW
OPENSHIFT SDN - OVS PACKET FLOWContainer to Container on the Same Host50OPENSHIFT TECHNICAL OVERVIEW
OPENSHIFT SDN - OVS PACKET FLOWContainer to Container on the DifferentHosts51OPENSHIFT TECHNICAL OVERVIEW
OPENSHIFT SDN - OVS PACKET FLOWContainer Connects to External Host52OPENSHIFT TECHNICAL OVERVIEW
OPENSHIFT SDN WITHFLANNEL FOR OPENSTACKFlannel is minimally verified and is supported only and exactly as deployed in the OpenShifton OpenStack reference architecture IFT TECHNICAL OVERVIEW
LOGGING & METRICS
CENTRAL LOG MANAGEMENT WITH EFK EFK stack to aggregate logs for hosts and applications Elasticsearch: an object store to store all logs Fluentd: gathers logs and sends to Elasticsearch. Kibana: A web UI for Elasticsearch.Access control Cluster administrators can view all logs Users can only view logs for their projectsAbility to send logs elsewhere 55External elasticsearch, Splunk, etcOPENSHIFT TECHNICAL OVERVIEW
CENTRAL LOG MANAGEMENT WITH ODRHEL56OPENSHIFT TECHNICAL STICELASTICELASTICELASTICFLUENTDFLUENTDPOD
CONTAINER METRICS57OPENSHIFT TECHNICAL OVERVIEW
CONTAINER PODRHELPODPODRHEL58OPENSHIFT TECHNICAL OVERVIEWCADVISORNODEFLUENTDPODELASTICELASTIC
SECURITY
TEN LAYERS OF CONTAINER SECURITY60Container Host & Multi-tenancyFederated ClustersContainer PlatformAPI ManagementNetwork IsolationDeploying ContainerContainer RegistryContainer ContentStorageBuilding ContainersOPENSHIFT TECHNICAL OVERVIEW
SECRET MANAGEMENT61 Secure mechanism for holding sensitive data e.g. Passwords and credentials SSH Keys Certificates Secrets are made available as Environment variables Volume mounts Interaction with external systems Encrypted in transit Never rest on the nodesOPENSHIFT TECHNICAL OVERVIEW
PERSISTENT STORAGE
PERSISTENT STORAGE 63Persistent Volume (PV) is tied to a piece of network storageProvisioned by an administrator (static or dynamically)Allows admins to describe storage and users to request storageAssigned to pods based on the requested size, access mode, labels and typeNFSOpenStackCinderiSCSIAzure DiskAWS EBSFlexVolumeGlusterFSCeph RBDFiber ChannelAzure FileGCE PersistentDiskVMWarevSphere VMDKOPENSHIFT TECHNICAL OVERVIEW
PERSISTENT STORAGE64OPENSHIFT TECHNICAL OVERVIEW
DYNAMIC VOLUME PROVISIONING65OPENSHIFT TECHNICAL OVERVIEW
CONTAINER-NATIVE STORAGE Containerized Red Hat Gluster Storage Native integration with OpenShift Unified Orchestration using Kubernetes forapplications and storage66 Greater control & ease of use for developers Lower TCO through convergence Single vendor SupportOPENSHIFT TECHNICAL OVERVIEW
CONTAINER-NATIVE STORAGEMASTERNODENODEPOD67OPENSHIFT TECHNICAL OD
SERVICE BROKER
WHY A SERVICE BROKER?Manual, Time-consuming and Inconsistent69OPENSHIFT TECHNICAL OVERVIEW
A multi-vendor project tostandardize how servicesare consumed oncloud-native platformsacross service providers70OPENSHIFT TECHNICAL OVERVIEW
WHAT IS A SERVICE BROKER?Automated, Standard and Consistent71OPENSHIFT TECHNICAL OVERVIEW
OPENSHIFT SERVICE CATALOG72OPENSHIFT TECHNICAL OVERVIEW
SERVICE BROKER CONCEPTSSERVICE: an offering that can be used by an app e.g. databasePLAN: a specific flavor of a service e.g. Gold TierSERVICE INSTANCE: an instance of the offeringPROVISION: creating a service instanceSERVICECONSUMERBIND: associate a service instance and its credentials to an app73OPENSHIFT TECHNICAL OVERVIEWSERVICECATALOGSERVICEBROKERSERVICEPROVIDER
HOW TO ADD A SERVICE BROKER Deploy service broker on or off OpenShift Register the broker referring to the deployed brokerapiVersion: servicecatalog.k8s.io/v1alpha1kind: Brokermetadata:name: asb-brokerspec:url: nip.io 74Register the broker services by creating ServiceClass resources(the service broker might automatically perform this step)OPENSHIFT TECHNICAL OVERVIEW
TEMPLATE SERVICE BROKER75 Exposes Templates and Instant Apps in the Service Catalog Pulled from openshift namespace by default Multiple namespaces can be configured for template discoveryOPENSHIFT TECHNICAL OVERVIEW
TEMPLATE SERVER eService Broker creates athe objects from thetemplateOpenShiftService CatalogTemplate ServiceBroker76OPENSHIFT TECHNICAL OVERVIEWNode.jsContainer
TEMPLATE SERVICE ShiftService CatalogTemplate ServiceBrokercreate binding77OPENSHIFT TECHNICAL OVERVIEWService Broker creates abinding and secret forany credentials (configmap, secret, etc) createdby the templateNode.jsContainer
OPENSHIFT ANSIBLE BROKER Use Ansible on OpenShift 78Deploy containerized applicationsProvision external services (e.g. Oracle database)Provision cloud services (e.g. AWS RDS)Orchestrate multi-service solutionsConditional logic for control on deployments (e.g. database is initialized) Leverage existing Ansible playbooks Anything you can do with Ansible, you can do with OABOPENSHIFT TECHNICAL OVERVIEW
ANSIBLE PLAYBOOK BUNDLES (APB) Lightweight application definition Packaged as a container image Embedded Ansible runtime Metadata for parameters Named playbooks for actions Leverage existing Ansible playbooks Registry is queried to discover APBs rolesplaybooks provision.yaml unprovision.yaml bind.yaml unbind.yamlapb.yamlAnsible Runtime79OPENSHIFT TECHNICAL OVERVIEWAnsible Playbook Bundle(Container Image)
OPENSHIFT ANSIBLE hiftService CatalogOpenShiftAnsible Broker80OPENSHIFT TECHNICAL OVERVIEWDocker HubOpenShift RegistryRed HatContainer CatalogDiscover and listAPBs from theconfigured imageregistries
OPENSHIFT ANSIBLE r HubOpenShift RegistryRed HatContainer CatalogPull APB image andrun it with the brokeraction as a parameterOpenShiftService CatalogOpenShiftAnsible Brokeroc run postgresql-apb provision vars81OPENSHIFT TECHNICAL OVERVIEWAPBContainer(postgresql)
OPENSHIFT ANSIBLE r HubOpenShift RegistryRed HatContainer CatalogAPB container runsprovision.yamlplaybook to create aPostgreSQL containerOpenShiftService CatalogOpenShiftAnsibleService BrokerAnsibleoc run postgresql-apb provision vars82OPENSHIFT TECHNICAL OVERVIEWAPBContainer(postgresql)ansible-playbook provision.yaml varsPostgreSQLContainer
OPENSHIFT ANSIBLE BROKERBINDINGmediawiki-apbpostgresql-apbDocker HubOpenShift RegistryRed HatContainer CatalogAPB container runsbind.yamlplaybook to createdatabase userOpenShiftService CatalogOpenShiftAnsible Brokeroc run postgresql-apb bind ible-playbook bind.yaml varsMediaWikiContainer83OPENSHIFT TECHNICAL OVERVIEW
OPENSHIFT ANSIBLE BROKERBINDINGmediawiki-apbpostgresql-apbDocker HubOpenShift RegistryRed HatContainer CatalogAPB container goesaway and Service Brokercreates a binding forthe PostgreSQL serviceOpenShiftService CatalogOpenShiftAnsible Brokercreate binding84OPENSHIFT TECHNICAL OVERVIEWPostgreSQLContainerMediaWikiContainer
OPENSHIFT ANSIBLE BROKERBINDINGmediawiki-apbpostgresql-apbDocker HubOpenShift RegistryRed HatContainer CatalogService Catalog createsa secret for the binding,containing the databasecredentialsOpenShiftService CatalogOpenShiftAnsible Brokermount binding secret85OPENSHIFT TECHNICAL OVERVIEWPostgreSQLContainerMediaWikiContainer
OPENSHIFT ANSIBLE BROKERBINDINGmediawiki-apbpostgresql-apbDocker HubOpenShift RegistryRed HatContainer CatalogOpenShiftService CatalogOpenShiftAnsible Brokermount binding secret86OPENSHIFT TECHNICAL OVERVIEWMediaWiki containeruses the credentials inthe secret to connectto the ainer
AWS SERVICE BROKER87 Targets Top 10 AWS Services Uses Ansible Playbook Bundles Available in OpenShift 3.7OPENSHIFT TECHNICAL OVERVIEWSQSSNSDynamoDBRedshift SESS3RDSEMRAWS BatchElastiCacheRoute 53
AWS PROVISIONINGs3-apbrds-apbCompatible DockerRegistriesAWS ECRAPB container runsprovision.yaml playbookto interact with CFN andcreate RDS instanceOpenShiftService CatalogOpenShiftAnsible Brokeroc run rds-apb provision vars88OPENSHIFT TECHNICAL OVERVIEWAPBContainer(rds)ansible-playbook provision.yaml varsAWSCloudFormationAWSRDS
OPERATIONALMANAGEMENT
TOP CHALLENGES OFRUNNING CONTAINERS AT SCALEOPERATIONALEFFICIENCY90OPENSHIFT TECHNICAL OVERVIEWSERVICEHEALTHSECURITY& COMPLIANCEFINANCIALMANAGEMENT
91OPENSHIFT TECHNICAL OVERVIEW
OPERATIONAL EFFICIENCY92 CloudForms continuously discovers yourinfrastructure in near real time. CloudForms discovers and visualizesrelationships between infra components CloudForms cross references inventoryacross technologies. CloudForms offers custom automation viacontrol policy or UI extensionsOPENSHIFT TECHNICAL OVERVIEW
OPERATIONAL EFFICIENCY93OPENSHIFT TECHNICAL OVERVIEW
SERVICE HEALTH94 CloudForms monitors resourceconsumption and shows trends CloudForms alerts on performancethresholds or other events CloudForms offers right-sizingrecommendations CloudForms enforces configuration andtracks it over time.OPENSHIFT TECHNICAL OVERVIEW
SERVICE HEALTH95OPENSHIFT TECHNICAL OVERVIEW
SECURITY & COMPLIANCE96 CloudForms finds and marks nodesnon-compliant with policy. CloudForms allows reporting on containerprovenance. CloudForms scans container images usingOpenSCAP. CloudForms tracks genealogy betweenimages and containers.OPENSHIFT TECHNICAL OVERVIEW
SECURITY & COMPLIANCE97OPENSHIFT TECHNICAL OVERVIEW
FINANCIAL MANAGEMENT98 Define cost models for infrastructure andunderstand your cost. Rate schedules per platform and per tenantwith multi-tiered and multi-currencysupport CloudForms shows top users for CPU,memory, as well as cost. Chargeback/showback to projects based oncontainer utilization.OPENSHIFT TECHNICAL OVERVIEW
FINANCIAL MANAGEMENT99OPENSHIFT TECHNICAL OVERVIEW
REFERENCEARCHITECTURES
REFERENCE ARCHITECTURESOpenShift on VMware vCenterApplication Release Strategies with OpenShiftOpenShift on Red Hat OpenStack PlatformBuilding Polyglot Microservices on OpenShiftOpenShift on Amazon Web ServicesBuilding JBoss EAP 6 Microservices on OpenShiftOpenShift on Google Cloud PlatformBuilding JBoss EAP 7 Microservices on OpenShiftOpenShift on Microsoft AzureBusiness Process Management with JBoss BPMS on OpenShiftOpenShift on Red Hat VirtualizationBuild and Deployment of Java Applications on OpenShiftOpenShift on HPE Servers with Ansible TowerBuilding Microservices on OpenShift with Fuse Integration.OpenShift on VMware vCenter 6 with GlusterJFrog Artifactory on OpenShift Container PlatformDeploying an OpenShift Distributed ArchitectureSpring Boot Microservices on Red Hat OpenShiftOpenShift Architecture and Deployment GuideAPI Management with Red Hat 3scale on OpenShiftOpenShift Scaling, Performance, and Capacity Planning101OPENSHIFT TECHNICAL OVERVIEW
BUILD AND DEPLOYCONTAINER IMAGES
BUILD AND DEPLOY CONTAINER IMAGESDEPLOY YOURSOURCE CODE103OPENSHIFT TECHNICAL OVERVIEWDEPLOY YOURAPP BINARYDEPLOY YOURCONTAINER IMAGE
DEPLOY SOURCE CODE WITHSOURCE-TO-IMAGE (S2I)User/Tool Does104OPENSHIFT TECHNICAL OVERVIEWOpenShift Does
DEPLOY APP BINARY WITHSOURCE-TO-IMAGE (S2I)User/Tool Does105OPENSHIFT TECHNICAL OVERVIEWOpenShift Does
DEPLOY DOCKER IMAGEUser/Tool Does106OPENSHIFT TECHNICAL OVERVIEWOpenShift Does
BUILD IMAGES IN MULTIPLE STAGES107OPENSHIFT TECHNICAL OVERVIEW
EXAMPLE: USE ANY RUNTIME IMAGE WITHSOURCE-TO-IMAGE BUILDSUse Source-to-Image to build app binaries and deploy on lean vanilla runtimesread more on SHIFT TECHNICAL OVERVIEW
EXAMPLE: USE ANY BUILD TOOL WITHOFFICIAL RUNTIME IMAGESUse your choice of build tool like Gradle and deploy to official images like the JDK imageread more on SHIFT TECHNICAL OVERVIEW
EXAMPLE: SMALL LEAN RUNTIMESBuild the app binary and deploy on small scratch imagesread more on SHIFT TECHNICAL OVERVIEW
CONTINUOUS INTEGRATION (CI)CONTINUOUS DELIVERY (CD)
CI/CD WITH BUILD AND DEPLOYMENTSBUILDS Webhook triggers: build the app image whenever the code changesImage trigger: build the app image whenever the base language or app runtime changesBuild hooks: test the app image before pushing it to an image registryDEPLOYMENTS 112Deployment triggers: redeploy app containers whenever configuration changes or theimage changes in the OpenShift integrated registry or upstream registriesOPENSHIFT TECHNICAL OVERVIEW
CONTINUOUS DELIVERY WITH CONTAINERS113OPENSHIFT TECHNICAL OVERVIEW
OPENSHIFT LOVES CI/CDJENKINS-AS-A SERVICEON OPENSHIFT114OPENSHIFT TECHNICAL OVERVIEWHYBRID JENKINS INFRAWITH OPENSHIFTEXISTING CI/CDDEPLOY TO OPENSHIFT
JENKINS-AS-A-SERVICE ON OPENSHIFT115 Certified Jenkins images with pre-configured plugins Provided out-of-the-box Follows Jenkins 1.x and 2.x LTS versions Jenkins S2I Builder for customizing the image Install Plugins Configure Jenkins Configure Build Jobs OpenShift plugins to integrate authentication withOpenShift and also CI/CD pipelines Dynamically deploys Jenkins slave containersOPENSHIFT TECHNICAL OVERVIEW
HYBRID JENKINS INFRA WITH OPENSHIFT116 Scale existing Jenkins infrastructure by dynamically provisioning Jenkins slaves on OpenShift Use Kubernetes plug-in on existing Jenkin serversOPENSHIFT TECHNICAL OVERVIEW
EXISTING CI/CD DEPLOY TO OPENSHIFT117 Existing CI/CD infrastructure outside OpenShift performs operations against OpenShift OpenShift Pipeline Jenkins Plugin for Jenkins OpenShift CLI for integrating other CI Engines with OpenShift Without disrupting existing processes, can be combined with previous alternativeOPENSHIFT TECHNICAL OVERVIEW
OPENSHIFT PIPELINES118 OpenShift Pipelines allow defining aCI/CD workflow via a Jenkins pipelinewhich can be started, monitored, andmanaged similar to other builds Dynamic provisioning of Jenkins slaves Auto-provisioning of Jenkins server OpenShift Pipeline strategies Embedded Jenkinsfile Jenkinsfile from a Git repositoryOPENSHIFT TECHNICAL OVERVIEWapiVersion: v1kind: BuildConfigmetadata:name: app-pipelinespec:strategy:type: : node('maven') {stage('build app') {git url: 'https://git/app.git'sh "mvn package"}stage('build image') {sh "oc start-build app --from-file target/app.jar}stage('deploy') {openshiftDeploy deploymentConfig: 'app'}}
119OPENSHIFT TECHNICAL OVERVIEW
CONTINUOUS DELIVERY PIPELINE 120OPENSHIFT TECHNICAL OVERVIEW
CONTINUOUS DELIVERY PIPELINE121OPENSHIFT TECHNICAL OVERVIEW
CONTINUOUS DELIVERY PIPELINE122OPENSHIFT TECHNICAL OVERVIEW
CONTINUOUS DELIVERY PIPELINE123OPENSHIFT TECHNICAL OVERVIEW
CONTINUOUS DELIVERY PIPELINEServiceNowJIRA Service DeskZendeksBMC Remedy 124OPENSHIFT TECHNICAL OVERVIEW
CONTINUOUS DELIVERY PIPELINE 125OPENSHIFT TECHNICAL OVERVIEW
DEVELOPER WORKFLOW
LOCAL DEVELOPMENT WORKFLOW127OPENSHIFT TECHNICAL OVERVIEW
LOCAL DEVELOPMENT WORKFLOWBOOTSTRAP Pick your programming language and application runtime of choiceCreate the project skeleton from scratch or use a generator such as 128Maven archetypesQuickstarts and TemplatesOpenShift GeneratorSpring InitializrOPENSHIFT TECHNICAL OVERVIEW
LOCAL DEVELOPMENT WORKFLOWDEVELOP 129Pick your framework of choice such as Java EE, Spring, Ruby on Rails, Django, Express, .Develop your application code using your editor or IDE of choiceBuild and test your application code locally using your build toolsCreate or generate OpenShift templates or Kubernetes objectsOPENSHIFT TECHNICAL OVERVIEW
LOCAL DEVELOPMENT WORKFLOWLOCAL DEPLOY 130Deploy your code on a local OpenShift cluster Red Hat Container Development Kit (CDK), minishift and oc clusterRed Hat CDK provides a standard RHEL-based development environmentUse binary deploy, maven or CLI rsync to push code or app binary directly intocontainersOPENSHIFT TECHNICAL OVERVIEW
LOCAL DEVELOPMENT WORKFLOWVERIFY 131Verify your code is working as expectedRun any type of tests that are required with or without other components (database, etc)Based on the test results, change code, deploy, verify and repeatOPENSHIFT TECHNICAL OVERVIEW
LOCAL DEVELOPMENT WORKFLOWGIT PUSH 132Push the code and configuration to the Git repositoryIf using Fork & Pull Request workflow, create a Pull RequestIf using code review workflow, participate in code review discussionsOPENSHIFT TECHNICAL OVERVIEW
LOCAL DEVELOPMENT WORKFLOWPIPELINE 133Pushing code to the Git repository triggers one or multiple deployment pipelinesDesign your pipelines based on your development workflow e.g. test the pull requestFailure in the pipeline? Go back to the code and start againOPENSHIFT TECHNICAL OVERVIEW
APPLICATION SERVICES
A PLATFORM THAT GROWS WITH YOUR BUSINESS135OPENSHIFT TECHNICAL a EEApplicationMobileIntegrationMessagingData GridReal TimeDecision
TRUE POLYGLOT WEB DDLEWARE136OPENSHIFT TECHNICAL OVERVIEWand many more
TESTED AND VERIFIED MICROSERVICES FRAMEWORKSLAUNCHSpring BootNetflix HystrixNetflix RibbonSUPPORTED MICROSERVICES RUNTIMESReactiveMicroProfileServer-side JSJava EEJava EE WebEclipse Vert.xWildFly SwarmNode.jsJBoss EAPEmbedded TomcatModern, Cloud-Native Application Runtimes andan Opinionated Developer Experience137OPENSHIFT TECHNICAL OVERVIEW
MICROSERVICESINFRASTRUCTURE:ISTIO SERVICE MESH
WHAT YOU NEED FOR MICROSERVICES?Visibility & ReportingResilience & Fault ToleranceRouting & Traffic ControlIdentity & SecurityPolicy Enforcement139OPENSHIFT TECHNICAL OVERVIEW
WHAT YOU NEED FOR MICROSERVICES?Visibility & ReportingResilience & Fault ToleranceRouting & Traffic ControlIdentity & SecurityPolicy Enforcement140OPENSHIFT TECHNICAL OVERVIEWIstio
WHAT IS ISTIO?a service mesh to connect, manage, and secure microservicesControlPlaneDataPlane141OPENSHIFT TECHNICAL pAppPodPodPodPod
45 OPENSHIFT TECHNICAL OVERVIEW Built-in internal DNS to reach services by name Split DNS is supported via SkyDNS Master answers DNS queries for internal services Other nameservers serve the rest of the queries Software Defined Networking (SDN) for a unified cluster network to enable
Red Hat OpenShift Container Storage 4.7 Deploying OpenShift Container Storage using IBM Power Systems 8. Verification steps 1. Verify that OpenShift Container Storage Operator shows a green tick indicating successful installation. 2. Click View Installed Operators in namespace openshift-storage link to verify that OpenShift
The Red Hat OpenShift Container Platform is an enterprise-grade platform as a service based on Kubernetes that enables Enterprise customers to adopt container technology to develop and run applications. Most organizations that adopt Red Hat OpenShift require enterprise-grade network and security also face challenges when connecting newly
Deliver a Multi-Cloud web application architecture, using F5 BIG-IP, . Istio. Deploy OpenShift Clusters and F5 Infrastructure with Ansible Tower running on premises, in Azure, and in AWS. The Goal. 5 Space Reality Soul Mind Time Power. 6 The Gauntlet. 7. 8. BIG-IP Controller for OpenShift BIG-IP DNS OpenShift Container Platform
took over operational control of Kubernetes. For more information, visit www.cncf.io. Red Hat OpenShift is 100% Kubernetes compliant.1 Red Hat OpenShift is a certified Kubernetes platform and distribution.2 In fact, Red Hat OpenShift was one of the first vendor offerings
OpenShift Container Platform uses Kubernetes which is an orchestration framework based on container-deployment practices. Kubernetes has gained popularity in the cloud community due to its maturity, scalability, performance, and many built-in tools that enable production-level container workload orchestration.
Red Hat OpenShift Container Platform (OCP) is an enterprise kubernetes distribution targeted at corporations of multiple segments and sizes. OpenShift is a critical workload platform, and without a virtualization layer, users and
3 Red Hat Container Catalog and Container Health Index Dirk Herrmann, Product Manager OpenShift It's quick and easy to pull a Linux container image from a public registry and get started. In fact, too easy. There can be an explosion of different distributions, architectures, performance and security characteristics in different images.
A Curriculum Guide to George’s Secret Key to the Universe By Lucy & Stephen Hawking About the Book When George’s pet pig breaks through the fence into the yard next door, George meets his new neighbors—Annie and her scientist father, Eric—and discovers a secret key that opens up a whole new way of looking at the world from outer space! For Eric has the world’s most advanced computer .
