open shift enterprise 3.1 paas on kubernetes
TRANSCRIPT
a Containerized Application Platform
@SamuelTerburgOpenShift “Specialist” Solution ArchitectMarch 2016
OpenShift Enterprise
• Docker• Kubernetes added-value• OpenShift added-value
• Projects• Source 2 Image Builds• Deployment pre/post-Hooks• External (Oracle) Services
• Demo• Q & A
Agenda
Image BImage AApplication Hosting
4
● “Image”• Unified Packaging format
• Like “war”, “rpm” or “zip”
• For any type of Application
• Portable
● “Container”• Runtime• Isolation
Hardware
Container
APP AImage
Host Minimal OS
Container
APP BImage
Container
APP CImage
Docker Engine
Docker Registry
RHELJDK
Jboss-EAPLibs A Libs BApp A App B
docker pull <image>
But in production we need more than just packaging and isolation
• Scheduling : Where should my containers run?
• Lifecycle : Keep my containers running despite failures• Discovery : Where are my containers now?• Monitoring : What’s happening with my containers?• Auth{n,z} : Control who can do things to my containers• Aggregates : Compose sets of containers into jobs• Scaling : Making jobs bigger or smaller
Kubernetes Cluster
Registry
Master
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
Image
Kubernetes a “Cluster Manager” at scale
Dev / Ops
Visitor
Router
• Manages • 1.000 nodes• 100.000 containers
RED HAT OPENSHIFT ENTERPRISE
We need more than just Cluster Management !
Self Service -Templates
- Web Console
Multi-Language
Automation- Deploy
- Build
DevOpsCollaboration
Secure- Namespaced- RBAC
Scalable- Integrated LB
Open Source
Enterprise- Authentication- Web Console- Central Logging
RED HAT OPENSHIFT ENTERPRISE
We need more than just Orchestration
Self Service -Templates
- Web Console
Multi-Language
Automation- Deploy
- Build
DevOpsCollaboration
Secure- Namespaced- RBAC
Scalable- Integrated LB
Open Source
Enterprise- Authentication- Web Console- Central Logging
OpenShift is Red Hat’s Container Application Platform (PaaS)
Project NamespacesProject
• Sandboxed Environment• Network VXLan• Authorization Policies• Resource Quotas • Ops in Control, Dev
Freedom
oc new-project Project-Devoc policy add-role-to-user admin scientist1oc new-app --source=https://gitlab/MyJavaApp --docker-image=jboss-eap
Project “Prod” Project “Dev” ProjectGlobal Services
OpenShift Platform
APP AImage
APP CImage
App• Images run in Containers• Grouped together as a
Service• Defined as Template
Pods
POD Definition:• Group of Containers• Deployment unit• Same namespace• Emphemeral
Examples:• JBoss-EAP (Wildfly)• MySQL• Wildfly+ MySQL• App + data-load• App + proxy
Kubernetes Cluster
Pod
JBoss
Example: App + DB
• MySQL seperate Scale Deploy
• Out of the Box Scaling Service Discovery Enterprisy
Pod
MySQL
kind: Podmetadata: name: mydbspec:spec: containers: - name: backend image: mysql ports: - containerPort: 3306 volumeMount: - name: data mount: /var/lib/mysql volumes: - name: data claim: requests: storage: 100Gi
Storage
Volume
Kubernetes Cluster
Pod
JBoss
Example: App + DB Versioning
Flyway
• Seperate Flyway container• Mounts git repo• Git tag = DB Version• preDeployHook dependency
Pod
MySQL
Storage
Volume
kind: Podmetadata: name: myappspec:spec: containers: - name: dbversions image: flyway volumes: - gitRepo: repository: “git@git:/” - name: frontend image: jboss-eap ports: - containerPort: 8000 resources: cpu: “100m” memory: “1Gi”
Code
Deploy
Build
Can configure different deployment strategies like A/B, Rolling upgrade, Automated base updates, and more.
Can configure triggers for automated deployments, builds, and more. Build & Deploy an Image
Source2
Image BuilderImage
Developer
SCM
Container Image
Builder Images• Jboss-EAP• PHP• Python• Ruby• Jenkins• Customer
• C++ / Go• S2I (bash) scripts
Triggers• Image Change (tagging)• Code Change (webhook)• Config Change
OpenShift Cluster
Master
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
OpenShiftBuild & Deploy Architecture
etcd
SkyDNS
ReplicationController
APIDev/Ops
Router
Deploy
Build
Policies
config
kind: "BuildConfig“metadata: name: “myApp-build“spec: source: type: "Git“ git: uri: "git://gitlab/project/hello.git“ dockerfile: “jboss-eap-6“ strategy: type: "Source“ sourceStrategy: from: kind: "Image“ name: “jboss-eap-6:latest“ output: to: kind: “Image“ name: “myApp:latest“ triggers: - type: "GitHub“ github: secret: "secret101“ - type: "ImageChange“
# oc start-build myApp-build
Registry
Image
Visitor
Deployment Process
• …
• Versions• Strategy• Hooks• Triggers
Deploy• Scale• Monitor
Replicate• Runtime• StatePod
• MyJBossApp • MyJBossApp-v1 (2x)• MyJBossApp-v2 (4x)
OpenShift Cluster
MasterStorage
Deploy - Trigger
etcd
ReplicationController
APIDev/Ops
Deploy
kind: “DeploymentConfig“metadata: name: “myApp“spec: replicas: 2 selector: app: myapp template: metadata: name: myapp labels: app: mine spec: containers: - name: frontend image: jboss-eap:latest ports: - containerPort: 80 triggers: - type: "ImageChange“ from: kind: “Image” name: “myapp:latest
# oc deploy myApp --latest
Registry
Image
Pod
JBoss
Flyway
Pod
MySQL
Volume
OpenShift Cluster
MasterStorage
Deploy - Strategy
etcd
ReplicationController
APIDev/Ops
Deploy
kind: “DeploymentConfig“metadata: name: “myApp“spec: replicas: 2 template: spec: containers: - name: frontend - name: flyway strategy: type: rolling rollingParams: pre: execNewPod: containerName: flyway volumes: [‘git’] command: “flyway do” post: tagImage: containerName: frontend to: “frontend:prod” triggers: … # oc deploy myApp --latest
Registry
Image
Pod
JBoss
Flyway
Pod
MySQL
Volume
Kubernetes Cluster
MySQL
DB
MySQL
Service
Service Definition:• Load-Balanced Virtual-IP (layer 4)• Abstraction layer for your App• Enables Service Discovery
• DNS • ENV
Examples:• frontend• database• api
172.16.0.1:3386
PHP
10.1.0.1:330610.2.0.1:3306
db.project.cluster.local
Visitor
<?php mysql_connect(getenv(“db_host”)) mysql_connect(“db:3306”)?>
Pod
Service
Pod
Pod
Labels & Selectors- apiVersion: v1 kind: Service metadata: labels: app: MyApp role: BE phase: DEV name: MyApp spec: ports: - name: 80-tcp port: 80 protocol: TCP targetPort: 8080 selector: app: MyApp role: BE sessionAffinity: None type: ClusterIP
Role: FEPhase: Dev
Role: BEPhase: DEV
Role: BEPhase: TST
Role: BEthink SQL ‘select ... where ...’- apiVersion: v1 kind: Pod metadata: labels: app: MyApp role: BE phase: DEV name: MyApp
apiVersion: v1kind: Endpointsmetadata: name: my-oraclesubsets: addresses: - ip: 192.168.1.82 - ip: 192.168.1.83
MySQL
Service
MySQL
Ingress / Router
• Router Definition:• Layer 7 Load-Balancer /
Reverse Proxy• SSL/TLS Termination• Name based Virtual Hosting• Context Path based Routing• Customizable (image)
• HA-Proxy• F5 Big-IP
Examples:• https://www.mysite.nl/myapp1/• http://www.mysite.nl/myapp2
172.16.0.1:3386
PHP
10.1.0.1:330610.2.0.1:3306
db.project.cluster.local
Visitor
Router https://mysite.nl/service1/apiVersion: extensions/v1beta1kind: Ingressmetadata: name: mysitespec: rules: - host: www.mysite.nl http: paths: - path: /foo backend: serviceName: s1 servicePort: 80 - path: /bar backend: serviceName: s2 servicePort: 80
Kubernetes Cluster
Master
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
KubernetesHosting Architecture
etcd
SkyDNS
ReplicationController
APIDev/Ops
Ingress
Policies
Registry
Image
VisitorLogging
ELK
OpenShift Cluster
Master
Node
Storage
Pod
Volume
Node
Service
Pod
Pod
OpenShift PaaS Architecture
etcd
SkyDNS
ReplicationController
APIDev/Ops
Router
Deploy
Build
Policies
config
Registry
Image
VisitorLogging
EFK
• Added “Build”• Added “Deployment”• s/ELK/EFK/g• s/Ingress/Router/g• Added Policies + tools• Added WebConsole• Added Projects
• OpenShift-SDN isolation
WebConsole
Demo• docker run openshift/origin• Image Layers
Setup
yum install docker-engine
docker run openshift/origin
Setup
yum install docker-engine
docker run openshift/origin
curl –s https://get.helm.sh | bashhelm update
yum install docker-engine
docker run -d --name "ose" --privileged --net=host --pid=host \ -v /:/rootfs:ro \ -v /var/run:/var/run:rw \ -v /sys:/sys:ro \ -v /var/lib/docker:/var/lib/docker:rw \ -v /var/lib/origin/openshift.local.volumes:/var/lib/origin/openshift.local.volumes:z \ -v /var/lib/origin/openshift.local.config:/var/lib/origin/openshift.local.config:z \ -v /var/lib/origin/openshift.local.etcd:/var/lib/origin/openshift.local.etcd:z \ openshift3/ose start \ --master="https://${OSE_MASTER_IP}:8443" \ --etcd-dir="/var/lib/origin/openshift.local.etcd" \ --hostname=`hostname` \ --cors-allowed-origins=.*
Image Layers
redhat/jboss-eap-64
sterburg/jboss-oracle
sterburg/jboss-flyway add /jboss/modules/oracle
add /usr/local/flywaysterburg/myapp
add /jboss/deployments/
myapp.war
• JBoss EAP• JBoss Web Server /
Tomcat• JBoss Developer Studio
• Fuse• A-MQ• Data Virtualization
• Business Process Management *
• Business Rules Management System
• Red Hat Mobile / FeedHenry *
Application Container Services
IntegrationServices
BusinessProcess Services
MobileServices
* Coming Soon
Our JBoss Middleware xPaas Service Catalog
RED HAT OPENSHIFT ENTERPRISE
CloudForms Management
RED HAT OPENSHIFT ENTERPRISE
RED HAT CLOUD SUITE FOR APPLICATIONSCloud Management – Alternative Virtualization – OpenStack – Containers – Development
RED HAT OPENSHIFT ENTERPRISE
Questions?plus.google.com/+RedHat
nl.linkedin.com/in/samuelterburg
youtube.com/user/RedHatVideos
facebook.com/redhatinc
twitter.com/SamuelTerburg
github.com/sterburg/