a Containerized Application Platform

@SamuelTerburgOpenShift “Specialist” Solution ArchitectMarch 2016

OpenShift Enterprise

• Docker• Kubernetes added-value• OpenShift added-value

• Projects• Source 2 Image Builds• Deployment pre/post-Hooks• External (Oracle) Services

• Demo• Q & A

Agenda

Image BImage AApplication Hosting

4

● “Image”• Unified Packaging format

• Like “war”, “rpm” or “zip”

• For any type of Application

• Portable

● “Container”• Runtime• Isolation

Hardware

Container

APP AImage

Host Minimal OS

Container

APP BImage

Container

APP CImage

Docker Engine

Docker Registry

RHELJDK

Jboss-EAPLibs A Libs BApp A App B

docker pull <image>

But in production we need more than just packaging and isolation

• Scheduling : Where should my containers run?

• Lifecycle : Keep my containers running despite failures• Discovery : Where are my containers now?• Monitoring : What’s happening with my containers?• Auth{n,z} : Control who can do things to my containers• Aggregates : Compose sets of containers into jobs• Scaling : Making jobs bigger or smaller

Kubernetes Cluster

Registry

Master

Node

Storage

Pod

Volume

Node

Service

Pod

Pod

Image

Kubernetes a “Cluster Manager” at scale

Dev / Ops

Visitor

Router

• Manages • 1.000 nodes• 100.000 containers

RED HAT OPENSHIFT ENTERPRISE

We need more than just Cluster Management !

Self Service -Templates

- Web Console

Multi-Language

Automation- Deploy

- Build

DevOpsCollaboration

Secure- Namespaced- RBAC

Scalable- Integrated LB

Open Source

Enterprise- Authentication- Web Console- Central Logging

RED HAT OPENSHIFT ENTERPRISE

We need more than just Orchestration

Self Service -Templates

- Web Console

Multi-Language

Automation- Deploy

- Build

DevOpsCollaboration

Secure- Namespaced- RBAC

Scalable- Integrated LB

Open Source

Enterprise- Authentication- Web Console- Central Logging

OpenShift is Red Hat’s Container Application Platform (PaaS)

Project NamespacesProject

• Sandboxed Environment• Network VXLan• Authorization Policies• Resource Quotas • Ops in Control, Dev

Freedom

oc new-project Project-Devoc policy add-role-to-user admin scientist1oc new-app --source=https://gitlab/MyJavaApp --docker-image=jboss-eap

Project “Prod” Project “Dev” ProjectGlobal Services

OpenShift Platform

APP AImage

APP CImage

App• Images run in Containers• Grouped together as a

Service• Defined as Template

Pods

POD Definition:• Group of Containers• Deployment unit• Same namespace• Emphemeral

Examples:• JBoss-EAP (Wildfly)• MySQL• Wildfly+ MySQL• App + data-load• App + proxy

Kubernetes Cluster

Pod

JBoss

Example: App + DB

• MySQL seperate Scale Deploy

• Out of the Box Scaling Service Discovery Enterprisy

Pod

MySQL

kind: Podmetadata: name: mydbspec:spec: containers: - name: backend image: mysql ports: - containerPort: 3306 volumeMount: - name: data mount: /var/lib/mysql volumes: - name: data claim: requests: storage: 100Gi

Storage

Volume

Kubernetes Cluster

Pod

JBoss

Example: App + DB Versioning

Flyway

• Seperate Flyway container• Mounts git repo• Git tag = DB Version• preDeployHook dependency

Pod

MySQL

Storage

Volume

kind: Podmetadata: name: myappspec:spec: containers: - name: dbversions image: flyway volumes: - gitRepo: repository: “git@git:/” - name: frontend image: jboss-eap ports: - containerPort: 8000 resources: cpu: “100m” memory: “1Gi”

Code

Deploy

Build

Can configure different deployment strategies like A/B, Rolling upgrade, Automated base updates, and more.

Can configure triggers for automated deployments, builds, and more. Build & Deploy an Image

Source2

Image BuilderImage

Developer

SCM

Container Image

Builder Images• Jboss-EAP• PHP• Python• Ruby• Jenkins• Customer

• C++ / Go• S2I (bash) scripts

Triggers• Image Change (tagging)• Code Change (webhook)• Config Change

OpenShift Cluster

Master

Node

Storage

Pod

Volume

Node

Service

Pod

Pod

OpenShiftBuild & Deploy Architecture

etcd

SkyDNS

ReplicationController

APIDev/Ops

Router

Deploy

Build

Policies

config

kind: "BuildConfig“metadata: name: “myApp-build“spec: source: type: "Git“ git: uri: "git://gitlab/project/hello.git“ dockerfile: “jboss-eap-6“ strategy: type: "Source“ sourceStrategy: from: kind: "Image“ name: “jboss-eap-6:latest“ output: to: kind: “Image“ name: “myApp:latest“ triggers: - type: "GitHub“ github: secret: "secret101“ - type: "ImageChange“

# oc start-build myApp-build

Registry

Image

Visitor

Deployment Process

• …

• Versions• Strategy• Hooks• Triggers

Deploy• Scale• Monitor

Replicate• Runtime• StatePod

• MyJBossApp • MyJBossApp-v1 (2x)• MyJBossApp-v2 (4x)

OpenShift Cluster

MasterStorage

Deploy - Trigger

etcd

ReplicationController

APIDev/Ops

Deploy

kind: “DeploymentConfig“metadata: name: “myApp“spec: replicas: 2 selector: app: myapp template: metadata: name: myapp labels: app: mine spec: containers: - name: frontend image: jboss-eap:latest ports: - containerPort: 80 triggers: - type: "ImageChange“ from: kind: “Image” name: “myapp:latest

# oc deploy myApp --latest

Registry

Image

Pod

JBoss

Flyway

Pod

MySQL

Volume

OpenShift Cluster

MasterStorage

Deploy - Strategy

etcd

ReplicationController

APIDev/Ops

Deploy

kind: “DeploymentConfig“metadata: name: “myApp“spec: replicas: 2 template: spec: containers: - name: frontend - name: flyway strategy: type: rolling rollingParams: pre: execNewPod: containerName: flyway volumes: [‘git’] command: “flyway do” post: tagImage: containerName: frontend to: “frontend:prod” triggers: … # oc deploy myApp --latest

Registry

Image

Pod

JBoss

Flyway

Pod

MySQL

Volume

Kubernetes Cluster

MySQL

DB

MySQL

Service

Service Definition:• Load-Balanced Virtual-IP (layer 4)• Abstraction layer for your App• Enables Service Discovery

• DNS • ENV

Examples:• frontend• database• api

172.16.0.1:3386

PHP

10.1.0.1:330610.2.0.1:3306

db.project.cluster.local

Visitor

<?php mysql_connect(getenv(“db_host”)) mysql_connect(“db:3306”)?>

Pod

Service

Pod

Pod

Labels & Selectors- apiVersion: v1 kind: Service metadata: labels: app: MyApp role: BE phase: DEV name: MyApp spec: ports: - name: 80-tcp port: 80 protocol: TCP targetPort: 8080 selector: app: MyApp role: BE sessionAffinity: None type: ClusterIP

Role: FEPhase: Dev

Role: BEPhase: DEV

Role: BEPhase: TST

Role: BEthink SQL ‘select ... where ...’- apiVersion: v1 kind: Pod metadata: labels: app: MyApp role: BE phase: DEV name: MyApp

apiVersion: v1kind: Endpointsmetadata: name: my-oraclesubsets: addresses: - ip: 192.168.1.82 - ip: 192.168.1.83

MySQL

Service

MySQL

Ingress / Router

• Router Definition:• Layer 7 Load-Balancer /

Reverse Proxy• SSL/TLS Termination• Name based Virtual Hosting• Context Path based Routing• Customizable (image)

• HA-Proxy• F5 Big-IP

Examples:• https://www.mysite.nl/myapp1/• http://www.mysite.nl/myapp2

172.16.0.1:3386

PHP

10.1.0.1:330610.2.0.1:3306

db.project.cluster.local

Visitor

Router https://mysite.nl/service1/apiVersion: extensions/v1beta1kind: Ingressmetadata: name: mysitespec: rules: - host: www.mysite.nl http: paths: - path: /foo backend: serviceName: s1 servicePort: 80 - path: /bar backend: serviceName: s2 servicePort: 80

Kubernetes Cluster

Master

Node

Storage

Pod

Volume

Node

Service

Pod

Pod

KubernetesHosting Architecture

etcd

SkyDNS

ReplicationController

APIDev/Ops

Ingress

Policies

Registry

Image

VisitorLogging

ELK

OpenShift Cluster

Master

Node

Storage

Pod

Volume

Node

Service

Pod

Pod

OpenShift PaaS Architecture

etcd

SkyDNS

ReplicationController

APIDev/Ops

Router

Deploy

Build

Policies

config

Registry

Image

VisitorLogging

EFK

• Added “Build”• Added “Deployment”• s/ELK/EFK/g• s/Ingress/Router/g• Added Policies + tools• Added WebConsole• Added Projects

• OpenShift-SDN isolation

WebConsole

Demo• docker run openshift/origin• Image Layers

Setup

yum install docker-engine

docker run openshift/origin

Setup

yum install docker-engine

docker run openshift/origin

curl –s https://get.helm.sh | bashhelm update

yum install docker-engine

docker run -d --name "ose" --privileged --net=host --pid=host \ -v /:/rootfs:ro \ -v /var/run:/var/run:rw \ -v /sys:/sys:ro \ -v /var/lib/docker:/var/lib/docker:rw \ -v /var/lib/origin/openshift.local.volumes:/var/lib/origin/openshift.local.volumes:z \ -v /var/lib/origin/openshift.local.config:/var/lib/origin/openshift.local.config:z \ -v /var/lib/origin/openshift.local.etcd:/var/lib/origin/openshift.local.etcd:z \ openshift3/ose start \ --master="https://${OSE_MASTER_IP}:8443" \ --etcd-dir="/var/lib/origin/openshift.local.etcd" \ --hostname=`hostname` \ --cors-allowed-origins=.*

Image Layers

redhat/jboss-eap-64

sterburg/jboss-oracle

sterburg/jboss-flyway add /jboss/modules/oracle

add /usr/local/flywaysterburg/myapp

add /jboss/deployments/

myapp.war

• JBoss EAP• JBoss Web Server /

Tomcat• JBoss Developer Studio

• Fuse• A-MQ• Data Virtualization

• Business Process Management *

• Business Rules Management System

• Red Hat Mobile / FeedHenry *

Application Container Services

IntegrationServices

BusinessProcess Services

MobileServices

* Coming Soon

Our JBoss Middleware xPaas Service Catalog

RED HAT OPENSHIFT ENTERPRISE

CloudForms Management

RED HAT OPENSHIFT ENTERPRISE

RED HAT CLOUD SUITE FOR APPLICATIONSCloud Management – Alternative Virtualization – OpenStack – Containers – Development

RED HAT OPENSHIFT ENTERPRISE

Questions?plus.google.com/+RedHat

nl.linkedin.com/in/samuelterburg

youtube.com/user/RedHatVideos

facebook.com/redhatinc

twitter.com/SamuelTerburg

github.com/sterburg/