DEVOPS AUTOMATION

Managing containers with OpenShift

Renato Puccini
OpenShift Technical Account Manager
 DIGITAL TRANSFORMATION
IMPACTAR THE WAT WE BUILD, DEPLOY AND MANAGE SOFTWARE

NOW | JUST
TRADITIONAL TREND | NOW
PASSED

HOW
WATERFALL
AGILE DEVOPS

WHAT MOBILE
CLIENT-SERVER N-TIER MICROSERVICES

CONTAINERS
VMs

WHERE
SERVERS PRIVATE PRIVATE PUBLIC

2 ENCONTRO DE TECNOLOGIA E INOVAÇÃO

 DIFFERENT GOALS?

DEV OpS

BUSINESS
CHANGE STABILITY
ENCONTRO DE TECNOLOGIA E INOVAÇÃO
 WE NEED A NEW CULTURE

PEOPLE

PROCESSES

TECNOLOGY

ENCONTRO DE TECNOLOGIA E INOVAÇÃO

 OPENSHIFT IS THE FOUNDATIONAL BASE FOR A
DEVOPS ADOPTION
DEVOPS, CONTAINERS AND MICROSERVICES

VERSION CONTROL

PORTAL HEALTH CHECKS

SELF-SERVICE AUTOMATED

MONITORING DEPLOY
AND FEEDBACK AUTOMATED

ORCHESTRATION AND STANDARDIZATION BETWEEN

MANAGEMENT ENVIRONMENTS

5 OPENSHIFT
 OPENSHIFT CONTAINER PLATFORM

Enterprise Container Host

Container Runtime & Packaging
Trusted by Fortune Global 500
(docker) companies
Atomic Host Red Hat Enterprise Linux

6
 OPENSHIFT CONTAINER PLATFORM

Container Orchestration & Cluster Management

(kubernetes)
Enterprise Kubernetes++
Logs &
Networking Storage Registry
Metrics
Security
container orchestration
Infrastructure Automation & Cockpit

Enterprise Container Host

Container Runtime & Packaging
Trusted by Fortune Global 500
(docker) companies
Atomic Host Red Hat Enterprise Linux

7
 OPENSHIFT CONTAINER PLATFORM

Self-Service
Service Catalog
(Language Runtimes, Middleware, Databases)

Build Automation Deployment Automation

Developer Experience
OpenShift Application Lifecycle Management

Container Orchestration & Cluster Management

(kubernetes)
Enterprise Kubernetes++
Logs &
Networking Storage Registry
Metrics
Security
container orchestration
Infrastructure Automation & Cockpit

Enterprise Container Host

Container Runtime & Packaging
Trusted by Fortune Global 500
(docker) companies
Atomic Host Red Hat Enterprise Linux

8
OpenShift runs anywhere
Physical...
 Virtual...
Supported on:
Private cloud...
Supported on:
Or public cloud
Supported on:
Nodes are RHEL instances...
Where your apps will run
 Pod is a container abstraction

Container
Image

Container

Pod
Your applications could be organized in projects

Project A

Project B
Master orchestrates your apps in the nodes
All communication is safe with OpenShift
Master has an API for users and clients
Master uses a key-value database called etcd
Master has an app scheduler
The app schedule is based on policies
The best nodes are chosen during the app creation
It’s possible to isolate apps in environments

DEV

QA
 Service allows that apps communicates internally

Examples:

● postgresql:5432
● <service>.<pod_namespace>
.svc.cluster.local:<port>
● Internal variables
Registry is your app image repo

App 1

App 2
Besides the internal registry, Red Hat also offers its own repo
Replication Controller manages the app life cycle
 OpenShift manages load balance automatically
Balancer
 And if does the app fail?
Balancer
OpenShift recovers it and creates a new one automatically
Balancer
 How about user sessions?
Balancer
 The session could be replicated
Balancer

JDG

JDG JDG JDG

JDG
 Or externalized
Balancer

JDG

JDG JDG JDG

JDG
 And if isn’t the app ready to be accessed?
Balancer
OpenShift adds the app to the load balancer once it’s ready
Balancer
And if do I want to divide the traffic into to load balancers?
Balancer

DEV

QA
 OpenShift allows a multitenant approach
Balancer

DEV

Balancer
QA
OpenShift blocks communication between app environments

DEV

QA
 OPENSHIFT NETWORK PLUGINS

OPENSHIFT
KUBERNETES CNI

OpenShift Tigera Juniper Cisco VMware Open

Flannel Nuage Big Switch
Plugin Calico Contrail Contiv NSX-T Daylight
Plugin* Plugin Plugin
Plugin Plugin Plugin Plugin Plugin
DEFAULT

Certified Plugin Validated Plugin In-Progress

OPENSHIFT SDN

FLAT NETWORK (Default)

● All pods can communicate with each PROJECT A PROJECT B PROJECT C
other across projects DEFAULT NAMESPACE

MULTI-TENANT NETWORK
NODE NODE

●
●
Project-level network isolation
Multicast support
POD POD
✓ POD POD

● Egress network policies POD POD POD POD

NETWORK POLICY (Tech Preview)

● Granular policy-based isolation Multi-Tenant Network

And if does the app try to consume all node resources?
OpenShift will prevent it via quotas and limits
And if does a node fail and need maintenance?
OpenShift will migrate the apps to other nodes
And if isn’t my app instances enough?
OpenShift will scale it out
And also scale it in automatically
And if do I need to save resources?
OpenShift will put the app in idle
Once it has access OpenShift will start the app again

Client
And how much effort is to put my app in OpenShift?
OpenShift builds apps using Source-to-Image (sti/s2i)
 Just inform your source code repository
Git Repo
 And a language template (optional)
Git Repo

+
 OpenShift creates the image and save it to the registry
Git Repo

+
 And execute the new app image
Git Repo

+
 Besides the source, it’s also possible to use the app binary

JAR/WAR/EAR

+
 STI also applies to other templates like Httpd
Git Repo

+
And if does happen a security fail in my app?
OpenShift updates the app automatically
And if do I want to monitor my app resources?
 OpenShift allows to monitor:

● CPU

● Memory

● Network
Via Hawkular, Heapster and Cassandra and Prometheus (3.11+)

NODE

RED HAT
POD POD CLOUDFORMS
CONTAINER METRICS
FLUENTD
NODE
POD POD API OPENSHIFT
HEAPSTER HAWKULAR
WEB CONSOLE
POD POD
FLUENTD

NODE
RHEL USER
POD POD CUSTOM
DASHBOARDS
POD POD ELASTIC
CADVISOR

ELASTIC
CASSANDRA
RHEL
POD POD

RHEL
And if do I want to monitor my app logs in a centralized manner?
 OpenShift has the EFK stack

● ElasticSearch

● Fluentd

● Kibana
 OpenShift has the EFK stack

NODE

POD POD OPERATION LOGS

FLUENTD
NODE
ELASTIC ELASTIC
POD POD ELASTIC ELASTIC
ELASTICSEARCH KIBANA
POD POD
FLUENTD

ADMIN
NODE
RHEL
POD POD APPLICATION LOGS

POD POD
FLUENTD

ELASTIC ELASTIC
ELASTIC ELASTIC
RHEL ELASTICSEARCH KIBANA
POD POD
USER

RHEL
And if does the node get saturated by my apps instances?
 OpenShift will create new apps using QoS

● Guaranteed
● Burstable
● Best Effort
And if did all my nodes are getting saturated?
CloudForms adds more nodes
Applications can use a storage for stateful services
With the most important technologies in the industry
Supported with:

OpenStack
NFS Azure Disk AWS EBS
Cinder

GlusterFS iSCSI Azure File FlexVolume

GCE Persistent VMWare

Ceph RBD Fiber Channel
Disk vSphere VMDK

● Persistent Volume (PV) is tied to a piece of network storage

● Provisioned by an administrator (static or dynamically)
● Allows admins to describe storage and users to request storage
● Assigned to pods based on the requested size, access mode, labels and type
 Use of static storage

PERSISTENT VOLUMES POOL

Creates PV Ceph
iSCSI GlusterFS NFS NFS NFS
RBD
PV PV PV PV PV
PV

Admin

PROJECT Pod Pod Pod

Ask for storage via PVC (claim)

claim claim claim

Dev
 And also dynamic storage

Slow Azure
Azure-Disk Provisioner

Define StorageClass Fast AWS

AWS-SSD Provisioner

provision
Admin Fastest NetApp
PV
NetApp-Flash Provisioner

Pod

Ask for PVC (claim): Fastest OpenShift

PV Controller
bound
claim
Dev
Routing layer allows external access to the application
And if do I want to test new versions of my app?
OpenShift executes rolling update with canary check

v2.0
v1.0 v1.0 v1.0

v2.0
v1.0 v2.0 v2.0
And also does the rollback manually or automatically

v2.0
v1.0 v1.0 v1.0

v2.0
v1.0 v2.0
v1.0 v2.0
v1.0
OpenShift runs A/B Testing

90% v1.0 | 10% v2.0

v1.0 v1.0 v2.0

v1.0
 And Blue Green Deployment
Balancer

v2.0
v1.0 v2.0 v2.0 v1.0

v2.0 v1.0 v1.0

And if do I want to implement CI/CD?
OpenShift already has Jenkins and slaves integrated

S S S
Slaves are removed after running

S S S
How about my legacy applications?
 They can run on OpenShift using StatefulSet

● Unique network ids S S

● Predicted Persistent
Storage
● Order Deployment
● Order Soft delete
● Order Rolling update
S
 OpenShift also communicates with external services

External Database
Developer may access OpenShift via web, CLI or IDE
And has access to the service catalog

OpenShift OPENSHIFT OpenShift

Template Templates
Broker

OpenShift ANSIBLE Ansible

Ansible Playbook
Broker Bundles

AWS AWS
Service AWS
Broker Services

Other OTHER COMPATIBLE SERVICES

Other
Service
Services
Brokers
 Including Amazon!

● Top 10 AWS Services

● Use Ansible Playbook Bundles

● Available in OpenShift 3.7

SQS SNS DynamoDB Redshift SES S3

RDS EMR AWS Batch ElastiCache Route 53

Allows to use the most important
middleware-as-service...

Web Data Intelligent Micro

Application Virtualization Process services

API Single Java EE

Mobile
Management Sign-On Application

Real Time
Integration Messaging Data Grid
Decision
 In a polyglot platform
Third-party
.NET
LANGUAGES Java NodeJS Python PHP Perl Ruby Language
Core Runtimes

DATABASES MySQL PostgreSQL MongoDB Redis ...and virtually Third-party

Databases
any docker
Apache
image Third-party
Phusion
WEB SERVERS HTTP
Server
nginx Varnish Passenger Tomcat
out there! App
Runtimes

JBoss
Spring Wildfly JBoss JBoss JBoss Third-party
Vert.x Web Middleware
Boot Swarm EAP A-MQ Fuse
Server
MIDDLEWARE

3SCALE JBoss JBoss JBoss JBoss RH Third-party

RH SSO Middleware
API mgmt BRMS BPMS Data Virt Data Grid Mobile
CLIENTS
 CONTAINERS IN PRODUCTION USING
RED HAT OPENSHIFT

TJDFT
THANK YOU
plus.google.com/+RedHat facebook.com/redhatinc

linkedin.com/company/red-hat twitter.com/RedHatNews

youtube.com/user/RedHatVideos