advanced architecture openshift container platform (ocp)
TRANSCRIPT
![Page 1: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/1.jpg)
CONFIDENTIAL Designator
OpenShift 4.x Architecture Workshop
OpenShift Container Platform (OCP) Advanced Architecture
July 2019
![Page 2: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/2.jpg)
2
Self-Service
Multi-language
Automation
Collaboration
Multi-tenant
Standards-based
Web-scale
Open Source
Enterprise Grade
Secure
![Page 3: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/3.jpg)
3
ANYCONTAINER
Amazon Web Services Microsoft Azure Google CloudOpenStackDatacenterLaptop
ANYINFRASTRUCTURE
APPLICATION LIFECYCLE MANAGEMENT
ENTERPRISE CONTAINER HOST
CONTAINER ORCHESTRATION AND MANAGEMENT(KUBERNETES)
OPENSHIFT CONTAINER PLATFORM
![Page 4: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/4.jpg)
4
OPENSHIFT CONTAINER PLATFORM
Automated Operations
Kubernetes
Red Hat Enterprise Linux or Red Hat CoreOS
Application Services
CaaS PaaSBest IT Ops Experience Best Developer Experience
Cluster Services
Developer Services
Middleware, Service Mesh, Functions, ISV Metrics, Chargeback, Registry, Logging Dev Tools, Automated Builds, CI/CD, IDE
![Page 5: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/5.jpg)
5
OPENSHIFT ARCHITECTURE
EXISTING AUTOMATION
TOOLSETS
SCM(GIT)
CI/CD
SERVICE LAYER
ROUTING LAYER
PERSISTENTSTORAGE
REGISTRY
RHEL
NODE
c
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
C
C
C C
C
C
C CC C
RED HATENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
SCHEDULER
HEALTH/SCALING
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
![Page 6: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/6.jpg)
CONFIDENTIAL Designator
Cotainer Concepts Overview
![Page 7: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/7.jpg)
7
A container is the smallest compute unit
CONTAINER
![Page 8: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/8.jpg)
8
containers are created from container images
CONTAINERCONTAINERIMAGE
BINARY RUNTIME
![Page 9: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/9.jpg)
9
IMAGE REGISTRY
container images are stored in an image registry
CONTAINER
CONTAINERIMAGE
CONTAINERIMAGE
CONTAINERIMAGE
CONTAINERIMAGE
CONTAINERIMAGE
CONTAINERIMAGE
![Page 10: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/10.jpg)
10
an image repository contains all versions of an image in the image registry
IMAGE REGISTRY
frontend:latestfrontend:2.0frontend:1.1frontend:1.0
CONTAINERIMAGE
mongo:latestmongo:3.7mongo:3.6mongo:3.4
CONTAINERIMAGE
myregistry/frontend myregistry/mongo
![Page 11: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/11.jpg)
11
PODPOD
containers are wrapped in pods which are units of deployment and management
CONTAINER CONTAINERCONTAINER
IP: 10.1.0.11 IP: 10.1.0.55
![Page 12: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/12.jpg)
12
pods configuration is defined in a deployment
image namereplicaslabelscpumemorystorage
POD
CONTAINER
POD
CONTAINER
POD
CONTAINER
DEPLOYMENT
![Page 13: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/13.jpg)
CONFIDENTIAL Designator
OpenShift Architecture
![Page 14: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/14.jpg)
14
YOUR CHOICE OF INFRASTRUCTURE
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
![Page 15: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/15.jpg)
NODES RHEL INSTANCES WHERE APPS RUN
15
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
![Page 16: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/16.jpg)
RHEL
NODE
c
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
C
C
C C
C
C
C CC C
APPS RUN IN CONTAINERS
16
Container Image
Container
Pod
![Page 17: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/17.jpg)
17
PODS ARE THE UNIT OF ORCHESTRATION
RHEL
NODE
c
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
C
C
C C
C
C
C CC C
![Page 18: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/18.jpg)
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
18
MASTERS ARE THE CONTROL PLANE
RED HATENTERPRISE LINUX
MASTER
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
![Page 19: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/19.jpg)
RHEL
NODE
RHEL
NODE
RHEL
NODE
19
API AND AUTHENTICATION
RHEL
NODE
RHEL
NODE
RHEL
NODE
RED HATENTERPRISE LINUX
MASTER
API/AUTHENTICATION
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
![Page 20: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/20.jpg)
RHEL
NODE
RHEL
NODE
RHEL
NODE
20
DESIRED AND CURRENT STATE
RHEL
NODE
RHEL
NODE
RHEL
NODE
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
RED HATENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
![Page 21: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/21.jpg)
21
INTEGRATED CONTAINER REGISTRY
RHEL
NODE
RHEL
NODE
RHEL
RHEL
NODE
RHEL
NODE
RHEL
RHEL
NODE
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
RED HATENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
NODE
REGISTRY
RHEL
![Page 22: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/22.jpg)
22
ORCHESTRATION AND SCHEDULING
RHEL
NODE
RHEL
NODE
RHEL
RHEL
NODE
RHEL
NODE
RHEL
RHEL
NODE
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
RED HATENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
SCHEDULER
NODE
REGISTRY
RHEL
![Page 23: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/23.jpg)
23
PLACEMENT BY POLICY
RHEL
NODE
RHEL
NODE
RHEL
NODE
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
RED HATENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
SCHEDULERREGISTRY
RHEL
NODE
RHEL
NODE
C
C
RHEL
NODE
c
C
C
![Page 24: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/24.jpg)
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
C
C
RHEL
NODE
c
C
C
24
AUTOSCALING PODS
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
RED HATENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
SCHEDULERREGISTRY
HEALTH/SCALING
![Page 25: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/25.jpg)
25
SERVICE DISCOVERY
SERVICE LAYER
REGISTRY
RHEL
NODE
C
C
RHEL
NODE
C C
RHEL
NODE
c
C
C
RHEL
NODE
C C
RHEL
NODE
C
RHEL
NODE
CRED HATENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
SCHEDULER
HEALTH/SCALING
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
![Page 26: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/26.jpg)
26
PERSISTENT DATA IN CONTAINERS
SERVICE LAYER
PERSISTENTSTORAGE
REGISTRY
RHEL
NODE
C
C
RHEL
NODE
C C
RHEL
NODE
c
C
C
RHEL
NODE
C C
RHEL
NODE
C
RHEL
NODE
CRED HATENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
SCHEDULER
HEALTH/SCALING
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
![Page 27: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/27.jpg)
27
ROUTING AND LOAD-BALANCING
SERVICE LAYER
ROUTING LAYER
PERSISTENTSTORAGE
REGISTRY
RHEL
NODE
C
C
RHEL
NODE
C C
RHEL
NODE
c
C
C
RHEL
NODE
C C
RHEL
NODE
C
RHEL
NODE
CRED HATENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
SCHEDULER
HEALTH/SCALING
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
![Page 28: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/28.jpg)
28
ACCESS VIA WEB, CLI, IDE AND API
EXISTING AUTOMATION
TOOLSETS
SCM(GIT)
CI/CD
SERVICE LAYER
ROUTING LAYER
PERSISTENTSTORAGE
REGISTRY
RHEL
NODE
C
C
RHEL
NODE
C C
RHEL
NODE
c
C
C
RHEL
NODE
C C
RHEL
NODE
C
RHEL
NODE
CRED HATENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
SCHEDULER
HEALTH/SCALING
PHYSICAL VIRTUAL PRIVATE PUBLIC HYBRID
![Page 29: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/29.jpg)
CONFIDENTIAL Designator
Networking
![Page 30: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/30.jpg)
30
● Built-in internal DNS to reach services by name
● Split DNS is supported via DNSmasq
○ Master answers DNS queries for internal services
○ Other name servers serve the rest of the queries
● Software Defined Networking (SDN) for a unified cluster network to enable pod-to-pod communication
● OpenShift follows the Kubernetes Container Networking Interface (CNI) plug-in model
OPENSHIFT NETWORKING
![Page 31: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/31.jpg)
NODE172.16.1.10
31
OPENSHIFT NETWORKING
POD10.1.2.2
POD10.1.2.4
NODE172.16.1.20
POD10.1.4.2
POD10.1.4.4
IP Network
VxLAN Overlay Network
![Page 32: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/32.jpg)
32
OPENSHIFT NETWORK PLUGINS
OpenShift SDN
(OVS)
OPENSHIFT
KUBERNETES CNI
Flannel** NuageTigera
Calico & CNX
JuniperContrail
CiscoContiv &
Contiv-ACIBig Switch
Fully Supported Validated
VMwareNSX-T
In-Progress
kuryr-k8s
OpenShift SDN
(OVN*)
OpenDaylight(CNI & Kuryr)
RH-OSPNeutronPlugin
Default in OCP 4.1
With OSP 14
![Page 33: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/33.jpg)
FLAT NETWORK
● All pods can communicate with each other across projects
MULTI-TENANT NETWORK
● Project-level network isolation
● Multicast support
● Egress network policies
NETWORK POLICY (Default)
● Granular policy-based isolation33
OPENSHIFT SDN
NODE
POD POD
PODPOD
NODE
POD POD
PODPOD
PROJECT A PROJECT B
DEFAULT NAMESPACE
✓
PROJECT C
Multi-Tenant Network
![Page 34: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/34.jpg)
PROJECT A
34
OPENSHIFT SDN - NETWORK POLICY
POD
POD
POD
POD
PROJECT B
POD
POD
POD
POD
Example Policies● Allow all traffic inside the project● Allow traffic from green to gray● Allow traffic to purple on 8080
✓
✓
8080
5432
✓
apiVersion: extensions/v1beta1kind: NetworkPolicymetadata: name: allow-to-purple-on-8080spec: podSelector: matchLabels: color: purple ingress: - ports: - protocol: tcp port: 8080
✓
![Page 35: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/35.jpg)
35
services provide internal load-balancing and service discovery across pods
POD
CONTAINER
POD
CONTAINER
POD
CONTAINER
BACKEND SERVICE
POD
CONTAINER
role: backend
role: backendrole: backendrole: backendrole: frontend10.110.1.11 10.120.2.22 10.130.3.3310.140.4.44
172.30.170.110
![Page 36: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/36.jpg)
36
apps can talk to each other via services
InvokeBackend API
POD
CONTAINER
POD
CONTAINER
POD
CONTAINER
BACKEND SERVICE
POD
CONTAINER
role: backend
role: backendrole: backendrole: backendrole: frontend10.110.1.11 10.120.2.22 10.130.3.3310.140.4.44
172.30.170.110
![Page 37: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/37.jpg)
37
BUILT-IN SERVICE DISCOVERYINTERNAL LOAD-BALANCING
SERVICE
app=payroll role=frontend
POD
app=payroll
role=frontend
POD
app=payroll
role=frontend
Name: payroll-frontendIP: 172.10.1.23Port: 8080
POD
app=payroll
role=backendversion=1.0 version=1.0
![Page 38: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/38.jpg)
38
BUILT-IN SERVICE DISCOVERYINTERNAL LOAD-BALANCING
SERVICE
app=payroll role=frontend
POD
app=payroll
role=frontend
POD
app=payroll
role=frontend
POD
app=payroll
role=frontend
Name: payroll-frontendIP: 172.10.1.23Port: 8080
POD
app=payroll
role=backendversion=2.0 version=1.0 version=1.0
![Page 39: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/39.jpg)
39
ROUTE SPLIT TRAFFIC
SERVICE A
App A App A
SERVICE B
App B App B
ROUTE
10% traffic90% traffic
Split Traffic Between Multiple Services For A/B Testing, Blue/Green and Canary Deployments
![Page 40: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/40.jpg)
● NodePort binds a service to a unique port on all the nodes
● Traffic received on any node redirects to a node with the running service
● Ports in 30K-60K range which usually differs from the service
● Firewall rules must allow traffic to all nodes on the specific port
40
EXTERNAL TRAFFIC TO A SERVICE ON A RANDOM PORT WITH NODEPORT
NODE192.10.0.12
NODE192.10.0.11
NODE192.10.0.10
SERVICE
INT IP: 172.1.0.20:90
POD
10.1.0.1:90
POD
10.1.0.2:90
POD
10.1.0.3:90
connect 192.10.0.10:31421192.10.0.11:31421192.10.0.12:31421
CLIENT
![Page 41: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/41.jpg)
NODE192.10.0.12
NODE192.10.0.11
NODE192.10.0.10
41
EXTERNAL TRAFFIC TO A SERVICE ON ANY PORT WITH INGRESS
SERVICE
EXT IP: 200.1.0.10:90INT IP: 172.1.0.20:90
POD
10.1.0.1:90
POD
10.1.0.2:90
POD
10.1.0.3:90
connect 200.1.0.10:90
CLIENT
● Access a service with an external IP on any TCP/UDP port, such as
○ Databases
○ Message Brokers
● Automatic IP allocation from a predefined pool using Ingress IP Self-Service
● IP failover pods provide high availability for the IP pool
![Page 42: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/42.jpg)
42
CONTROL OUTGOING TRAFFIC SOURCE IP WITH EGRESS ROUTER
NODEIP1
EGRESSROUTER
PODIP1
EGRESS SERVICEINTERNAL-IP:8080
EXTERNAL SERVICE
Whitelist: IP1
POD
POD
POD
![Page 43: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/43.jpg)
43
● Pluggable routing architecture○ HAProxy Router○ F5 Router
● Multiple-routers with traffic sharding
● Router supported protocols○ HTTP/HTTPS○ WebSockets○ TLS with SNI
● Non-standard ports via cloud load-balancers, external IP, and NodePort
ROUTING AND EXTERNAL LOAD-BALANCING
![Page 44: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/44.jpg)
44
POD
routes add services to the external load-balancer and provide readable urls for the app
CONTAINER
POD
CONTAINER
POD
CONTAINER
BACKEND SERVICE
ROUTEapp-prod.mycompany.com
> curl http://app-prod.mycompany.com
![Page 45: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/45.jpg)
45
SERVICE
POD POD
ROUTER
POD
EXTERNAL TRAFFIC
INTERNAL TRAFFIC
ROUTE EXPOSES SERVICES EXTERNALLY
![Page 46: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/46.jpg)
Container to Container on the Same Host
46
OPENSHIFT SDN - OVS PACKET FLOW
NODE
POD 1veth0
10.1.15.2/24
br010.1.15.1/24
192.168.0.100
eth0
POD 2veth1
10.1.15.3/24
vxlan0
![Page 47: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/47.jpg)
NODE 2
NODE 1
47
OPENSHIFT SDN - OVS PACKET FLOW
POD 1veth0
10.1.15.2/24br0
10.1.15.1/24vxlan0
POD 2veth0
10.1.20.2/24br0
10.1.20.1/24vxlan0
192.168.0.100
eth0
192.168.0.200
eth0
Container to Container on the Different Hosts
![Page 48: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/48.jpg)
Container Connects to External Host
Container to Container on Different Hosts
48
OPENSHIFT SDN - OVS PACKET FLOW
NODE 1
POD 1veth0
10.1.15.2/24br0
10.1.15.1/24tun0
192.168.0.100
ExternalHost
eth0
![Page 49: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/49.jpg)
CONFIDENTIAL Designator
OpenShift Monitoring / Clustering
![Page 50: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/50.jpg)
50
AUTO-HEALING FAILED PODS
RHEL
NODE
RHEL
NODE
c
RHEL
NODE
RHEL
NODE
c
RHEL
NODE
C
C
RHEL
NODE
C
C
RED HATENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
SCHEDULER
HEALTH/SCALING
C
![Page 51: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/51.jpg)
51
AUTO-HEALING FAILED CONTAINERS
RHEL
NODE
RHEL
NODE
c
RHEL
NODE
RHEL
NODE
c
RHEL
NODE
C
C
RHEL
NODE
C
C
RED HATENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
SCHEDULER
HEALTH/SCALING
C
![Page 52: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/52.jpg)
52
AUTO-HEALING FAILED CONTAINERS
RHEL
NODE
RHEL
NODE
c
RHEL
NODE
RHEL
NODE
c
RHEL
NODE
C
C
RHEL
NODE
C
C
RED HATENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
SCHEDULER
HEALTH/SCALING
C
![Page 53: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/53.jpg)
53
AUTO-HEALING FAILED CONTAINERS
RHEL
NODE
RHEL
NODE
c
RHEL
NODE
RHEL
NODE
c
RHEL
NODE
C
C
RHEL
NODE
C
C
RED HATENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
SCHEDULER
HEALTH/SCALING
C
![Page 54: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/54.jpg)
54
AUTO-HEALING FAILED CONTAINERS
RHEL
NODE
RHEL
NODE
RHEL
NODE
RHEL
NODE
C
C
RHEL
NODE
C
C
c
RED HATENTERPRISE LINUX
MASTER
API/AUTHENTICATION
DATA STORE
SCHEDULER
HEALTH/SCALING
C
c
![Page 55: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/55.jpg)
CONFIDENTIAL Designator
OpenShift persistant Storage
![Page 56: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/56.jpg)
56
● Persistent Volume (PV) is tied to a piece of network storage● Provisioned by an administrator (static or dynamically)● Allows admins to describe storage and users to request storage● Assigned to pods based on the requested size, access mode, labels
and type
PERSISTENT STORAGE
NFS
GlusterFS
OpenStack Cinder
Ceph RBD
AWS EBS
GCE Persistent Disk
iSCSI
Fiber Channel
Azure Disk
Azure File
FlexVolume
VMWare vSphere VMDK
Container Storage Interface (CSI)**
* Shipped and supported by NetApp via TSANet** Tech Preview
NetApp Trident*
![Page 57: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/57.jpg)
PROJECT
POOL OF PERSISTENT VOLUMES
57
PERSISTENT STORAGE
NFSPV
iSCSIPV
NFSPV
Admin
User
register PV
create claim
NFSPV
GlusterFSPV
Pod
claim
Pod
claim
Pod
claim
CephRBDPV
![Page 58: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/58.jpg)
58
DYNAMIC VOLUME PROVISIONING
Admin
User
define StorageClass
create claim: Fastest
SlowAzure-Disk
FastAWS-SSD
FastestNetApp-Flash
NetAppProvisioner
AWSProvisioner
Pod
claim
PV
OpenShiftPV Controller
provision
AzureProvisioner
bound
![Page 59: Advanced Architecture OpenShift Container Platform (OCP)](https://reader030.vdocuments.net/reader030/viewer/2022020622/61ec48f7ef397b71e50fd101/html5/thumbnails/59.jpg)
CONFIDENTIAL Designator
Thank you !