DEVOPS AUTOMATIONManaging containers with OpenShift

Renato PucciniOpenShift Technical Account Manager

ENCONTRO DE TECNOLOGIA E INOVAÇÃO2

DIGITAL TRANSFORMATIONIMPACTAR THE WAT WE BUILD, DEPLOY AND MANAGE SOFTWARE

HOW

WHAT

WHERE

TRADITIONALNOW | JUST

PASSEDTREND | NOW

WATERFALL

CLIENT-SERVER

SERVERS

AGILE

N-TIER

PRIVATE

VMs

DEVOPS

MICROSERVICES

PRIVATE PUBLIC

CONTAINERS

MOBILE

ENCONTRO DE TECNOLOGIA E INOVAÇÃO

DIFFERENT GOALS?

DEV OpS

CHANGE STABILITY

BUSINESS

ENCONTRO DE TECNOLOGIA E INOVAÇÃO

WE NEED A NEW CULTURE

PEOPLE

PROCESSES

TECNOLOGY

OPENSHIFT5

PORTAL SELF-SERVICE

VERSION CONTROL

DEPLOY AUTOMATED

MONITORINGAND FEEDBACK

STANDARDIZATION BETWEEN ENVIRONMENTS

ORCHESTRATION AND MANAGEMENT

HEALTH CHECKS AUTOMATED

OPENSHIFT IS THE FOUNDATIONAL BASE FOR A DEVOPS ADOPTION

DEVOPS, CONTAINERS AND MICROSERVICES

6

Container Runtime & Packaging(docker)

Enterprise Container Host

Red Hat Enterprise LinuxAtomic Host

Trusted by Fortune Global 500 companies

OPENSHIFT CONTAINER PLATFORM

7

Infrastructure Automation & Cockpit

Networking Storage Registry Logs & Metrics

Security

Container Orchestration & Cluster Management(kubernetes)

Container Runtime & Packaging(docker)

Enterprise Container Host

Red Hat Enterprise LinuxAtomic Host

Enterprise Kubernetes++container orchestration

Trusted by Fortune Global 500 companies

OPENSHIFT CONTAINER PLATFORM

8

OpenShift Application Lifecycle Management

Build Automation Deployment Automation

Service Catalog(Language Runtimes, Middleware, Databases)

Self-Service

Infrastructure Automation & Cockpit

Networking Storage Registry Logs & Metrics

Security

Container Orchestration & Cluster Management(kubernetes)

Container Runtime & Packaging(docker)

Enterprise Container Host

Red Hat Enterprise LinuxAtomic Host

Developer Experience

Enterprise Kubernetes++container orchestration

Trusted by Fortune Global 500 companies

OPENSHIFT CONTAINER PLATFORM

OpenShift runs anywhere

Physical...

Virtual...Supported on:

Private cloud...Supported on:

Or public cloudSupported on:

Nodes are RHEL instances...

Where your apps will run

Pod is a container abstraction

Container Image

Container

Pod

Your applications could be organized in projects

Project A

Project B

Master orchestrates your apps in the nodes

All communication is safe with OpenShift

Master has an API for users and clients

Master uses a key-value database called etcd

Master has an app scheduler

The app schedule is based on policies

The best nodes are chosen during the app creation

It’s possible to isolate apps in environments

DEV

QA

Service allows that apps communicates internally

Examples:

● postgresql:5432● <service>.<pod_namespace>

.svc.cluster.local:<port>● Internal variables

Registry is your app image repo

App 1

App 2

Besides the internal registry, Red Hat also offers its own repo

Replication Controller manages the app life cycle

OpenShift manages load balance automatically

Balancer

And if does the app fail?

Balancer

OpenShift recovers it and creates a new one automatically

Balancer

How about user sessions?

Balancer

The session could be replicated

Balancer

JDGJDG

JDG

JDG

JDG

Or externalized

Balancer

JDGJDG

JDG

JDG

JDG

And if isn’t the app ready to be accessed?

Balancer

OpenShift adds the app to the load balancer once it’s ready

Balancer

And if do I want to divide the traffic into to load balancers?

Balancer

DEV

QA

OpenShift allows a multitenant approach

Balancer

Balancer

DEV

QA

OpenShift blocks communication between app environments

DEV

QA

OPENSHIFT NETWORK PLUGINS

OPENSHIFT

KUBERNETES CNI

OpenShift Plugin Flannel

Plugin*NuagePlugin

TigeraCalicoPlugin

JuniperContrailPlugin

CiscoContivPlugin

Big SwitchPlugin

Certified Plugin Validated Plugin

VMwareNSX-TPlugin

In-Progress

DEFAULT

OpenDaylightPlugin

FLAT NETWORK (Default)

● All pods can communicate with each other across projects

MULTI-TENANT NETWORK

● Project-level network isolation● Multicast support● Egress network policies

NETWORK POLICY (Tech Preview)

● Granular policy-based isolation

OPENSHIFT SDN

NODE

POD POD

PODPOD

NODE

POD POD

PODPOD

PROJECT A PROJECT B

DEFAULT NAMESPACE

✓

PROJECT C

Multi-Tenant Network

And if does the app try to consume all node resources?

OpenShift will prevent it via quotas and limits

And if does a node fail and need maintenance?

OpenShift will migrate the apps to other nodes

And if isn’t my app instances enough?

OpenShift will scale it out

And also scale it in automatically

And if do I need to save resources?

OpenShift will put the app in idle

Once it has access OpenShift will start the app again

Client

And how much effort is to put my app in OpenShift?

OpenShift builds apps using Source-to-Image (sti/s2i)

Just inform your source code repository

Git Repo

And a language template (optional)

Git Repo

+

OpenShift creates the image and save it to the registry

Git Repo

+

And execute the new app image

Git Repo

+

Besides the source, it’s also possible to use the app binary

JAR/WAR/EAR

+

STI also applies to other templates like Httpd

Git Repo

+

And if does happen a security fail in my app?

OpenShift updates the app automatically

And if do I want to monitor my app resources?

OpenShift allows to monitor:

● CPU

● Memory

● Network

Via Hawkular, Heapster and Cassandra and Prometheus (3.11+)

CONTAINER METRICS

RHEL

NODE

POD POD

PODPOD

FLU

EN

TD

RHEL

NODE

POD POD

PODPOD

FLU

EN

TDHEAPSTER

RHEL

NODE

POD POD

PODPOD

CA

DV

ISO

RHAWKULAR

ELASTICELASTICCASSANDRA

CUSTOMDASHBOARDS

API OPENSHIFTWEB CONSOLE

RED HATCLOUDFORMS

USER

And if do I want to monitor my app logs in a centralized manner?

OpenShift has the EFK stack

● ElasticSearch

● Fluentd

● Kibana

OpenShift has the EFK stack

APPLICATION LOGS

OPERATION LOGS

ELASTICELASTIC

RHEL

NODE

POD POD

PODPODFL

UE

NTD

RHEL

NODE

POD POD

PODPOD

FLU

EN

TDELASTICSEARCH

RHEL

NODE

POD POD

PODPOD

FLU

EN

TD

USER

ELASTICELASTIC

KIBANA

ELASTICELASTIC

ELASTICSEARCH

ELASTICELASTIC

KIBANA

ADMIN

And if does the node get saturated by my apps instances?

OpenShift will create new apps using QoS

● Guaranteed● Burstable● Best Effort

And if did all my nodes are getting saturated?

CloudForms adds more nodes

Applications can use a storage for stateful services

With the most important technologies in the industry

NFS

GlusterFS

OpenStack Cinder

Ceph RBD

AWS EBS

GCE Persistent Disk

iSCSI

Fiber Channel

Azure Disk

Azure File FlexVolume

VMWare vSphere VMDK

Supported with:

● Persistent Volume (PV) is tied to a piece of network storage● Provisioned by an administrator (static or dynamically)● Allows admins to describe storage and users to request storage● Assigned to pods based on the requested size, access mode, labels and type

PROJECT

PERSISTENT VOLUMES POOL

NFSPV

iSCSIPV

NFS PV

Admin

Dev

Creates PV

Ask for storage via PVC (claim)

NFSPV

GlusterFSPV

Pod

claim

Pod

claim

Pod

claim

CephRBDPV

Use of static storage

And also dynamic storage

Admin

Dev

Define StorageClass

Ask for PVC (claim): Fastest

SlowAzure-Disk

FastAWS-SSD

FastestNetApp-Flash

NetAppProvisioner

AWSProvisioner

Pod

claim

PV

OpenShiftPV Controller

provision

AzureProvisioner

bound

Routing layer allows external access to the application

And if do I want to test new versions of my app?

OpenShift executes rolling update with canary check

v1.0 v1.0

v2.0 v2.0

v2.0

v2.0

v1.0

v1.0

And also does the rollback manually or automatically

v1.0 v1.0

v2.0 v2.0

v2.0

v2.0

v1.0

v1.0 v1.0 v1.0

OpenShift runs A/B Testing

90% v1.0 10% v2.0|

v2.0v1.0v1.0

v1.0

And Blue Green Deployment

v2.0

v1.0 v1.0

v2.0

v2.0

v1.0

Balancer

v1.0v2.0

And if do I want to implement CI/CD?

OpenShift already has Jenkins and slaves integrated

M

S SS

Slaves are removed after running

M

S SS

How about my legacy applications?

They can run on OpenShift using StatefulSet

● Unique network ids● Predicted Persistent

Storage● Order Deployment ● Order Soft delete● Order Rolling update

S

S

S

OpenShift also communicates with external services

External Database

Developer may access OpenShift via web, CLI or IDE

And has access to the service catalog

OpenShift AnsibleBroker

OpenShiftTemplateBroker

AWSServiceBroker

OtherServiceBrokers

ANSIBLE

OPENSHIFT

AWS

OTHER COMPATIBLE SERVICES

Ansible Playbook Bundles

OpenShiftTemplates

AWSServices

OtherServices

Including Amazon!

● Top 10 AWS Services

● Use Ansible Playbook Bundles

● Available in OpenShift 3.7

SQS

RDS

DynamoDB

AWS Batch

S3SNS

EMR

Redshift SES

ElastiCache Route 53

Allows to use the most important middleware-as-service...

Data Virtualization

Real Time Decision

IntelligentProcess

Integration Messaging Data Grid

Java EE Application

WebApplication

SingleSign-On MobileAPI

Management

Micro services

In a polyglot platform

...and virtually any docker

image out there!

PHPPythonJava NodeJS Perl Ruby .NETCore

ApacheHTTPServer

MySQL Redis

nginx TomcatVarnish

JBossEAP

JBossA-MQ

JBossFuse

JBossBRMS

JBossBPMS

JBossData Grid

JBossData Virt

RH Mobile RH SSO3SCALE

API mgmt

JBossWeb

Server

SpringBoot

Wildfly Swarm Vert.x

PostgreSQL MongoDB

Phusion Passenger

Third-partyLanguage Runtimes

Third-partyDatabases

Third-partyApp

Runtimes

Third-partyMiddleware

Third-partyMiddleware

LANGUAGES

DATABASES

WEB SERVERS

MIDDLEWARE

CLIENTS

CONTAINERS IN PRODUCTION USING RED HAT OPENSHIFT

TJDFT

THANK YOU

plus.google.com/+RedHat

linkedin.com/company/red-hat

youtube.com/user/RedHatVideos

facebook.com/redhatinc

twitter.com/RedHatNews