openshift in a nutshell - episode 06 - core concepts part ii
TRANSCRIPT
Presentation By:
Behnam Loghmani
Summer 2016
IRAN OpenStack Users Group
OPENSHIFTIN A NUTSHELL
(Episode 06)
Core Concepts
part II
IRAN Community| OpenStack.ir
Agenda:
● Users and Projects
● Builds and Image Streams
● Running OpenShift in your system
● Iran OpenStack Community
OpenShift Core Concepts
IRAN Community| OpenStack.ir
Users and Projects
OpenShift Core Concepts
IRAN Community| OpenStack.ir
OpenShift Core Concepts
Users
Interaction with OpenShift Origin is associated with a user. An OpenShift Origin user
object represents an actor which may be granted permissions in the system by adding
roles to them or to their groups.
IRAN Community| OpenStack.ir
OpenShift Core Concepts
Different user types
● Regular users
This is the way most interactive OpenShift Origin users will be represented. Regular
users are created automatically in the system upon first login, or can be created via
the API. EX: Behnam Loghmani
● System users
Many of these are created automatically when the infrastructure is defined, mainly
for the purpose of enabling the infrastructure to interact with the API securely. They
include a cluster administrator (with access to everything), a per-node user, users for
use by routers and registries, and various others. Finally, there is an anonymous
system user that is used by default for unauthenticated requests.
EX: system:node:node1.abc.com
IRAN Community| OpenStack.ir
OpenShift Core Concepts
Different user types(Cont.)
● Service accounts
These are special system users associated with projects; some are created
automatically when the project is first created, while project administrators can
create more for the purpose of defining access to the contents of each project.
Service accounts are represented with the “ServiceAccount” object.
EX: system:serviceaccount:foo:deployer
IRAN Community| OpenStack.ir
OpenShift Core Concepts
Every user must authenticate in some way in order to access OpenShift Origin. API
requests with no authentication or invalid authentication are authenticated as
requests by the anonymous system user. Once authenticated, policy determines
what the user is authorized to do.
IRAN Community| OpenStack.ir
OpenShift Core Concepts
Namespaces
A Kubernetes namespace provides a mechanism to scope resources in a cluster. In
OpenShift Origin, a project is a Kubernetes namespace with additional annotations.
Namespaces provide a unique scope for:
● Named resources to avoid basic naming collisions.
● Delegated management authority to trusted users.
● The ability to limit community resource consumption.
IRAN Community| OpenStack.ir
OpenShift Core Concepts
Most objects in the system are scoped by namespace, but some are excepted and
have no namespace, including nodes,users and projects name.
IRAN Community| OpenStack.ir
OpenShift Core Concepts
Projects
A project is a Kubernetes namespace with additional annotations, and is the central
vehicle by which access to resources for regular users is managed. A project allows a
community of users to organize and manage their content in isolation from other
communities. Users must be given access to projects by administrators, or if allowed
to create projects, automatically have access to their own projects.
IRAN Community| OpenStack.ir
OpenShift Core Concepts
Projects(Cont.)
Projects can have a separate,
● Name : is a unique identifier for the project and is most visible when using the CLI
tools or API. The maximum name length is 63 characters.
● DisplayName : The optional displayName is how the project is displayed in the web
console (defaults to name).
● Description : The optional description can be a more detailed description of the
project and is also visible in the web console.
IRAN Community| OpenStack.ir
OpenShift Core Concepts
Scopes
Each project scopes its own set of:
● Objects : Pods, services, replication controllers, etc.
● Policies : Rules for which users can or cannot perform actions on objects.
● Constraints : Quotas for each kind of object that can be limited.
● Service accounts : Service accounts act automatically with designated access to
objects in the project.
IRAN Community| OpenStack.ir
OpenShift Core Concepts
Cluster administrators can create projects and delegate administrative rights for the
project to any member of the user community. Cluster administrators can also allow
developers to create their own projects.
Developers and administrators can interact with projects using the CLI or the web
console.
IRAN Community| OpenStack.ir
Builds and Image Streams
OpenShift Core Concepts
IRAN Community| OpenStack.ir
OpenShift Core Concepts
Builds
A build is the process of transforming input parameters into a resulting object. Most
often, the process is used to transform input parameters or source code into a
runnable image. A BuildConfig object is the definition of the entire build process.
Build configurations are characterized by a strategy and one or more sources.
IRAN Community| OpenStack.ir
OpenShift Core Concepts
Build strategies
● Source-To-Image (S2I) : Source-to-Image (S2I) is a tool for building reproducible
Docker images. It produces ready-to-run images by injecting application source into a
Docker image and assembling a new Docker image. The new image incorporates the
base image (the builder) and built source and is ready to use with the docker run
command. S2I supports incremental builds, which re-use previously downloaded
dependencies, previously built artifacts, etc.
Advantages : Image flexibility – Speed – Patchability - Operational efficiency -
Operational security - User efficiency - Reproducibility
IRAN Community| OpenStack.ir
OpenShift Core Concepts
Build strategies(Cont.)
● Docker : The Docker build strategy invokes the plain docker build command, and it
therefore expects a repository with a Dockerfile and all required artifacts in it to
produce a runnable image.
● Pipeline : The Pipeline build strategy allows developers to define a Jenkins pipeline
for execution by the Jenkins pipeline plugin. The build can be started, monitored, and
managed by OpenShift Origin in the same way as any other build type.
IRAN Community| OpenStack.ir
OpenShift Core Concepts
Build strategies(Cont.)
● Custom : The Custom build strategy allows developers to define a specific builder
image responsible for the entire build process. Using your own builder image allows
you to customize your build process.
A Custom builder image is a plain Docker image embedded with build process logic,
for example for building RPMs or base Docker images.
IRAN Community| OpenStack.ir
OpenShift Core Concepts
Build sources
● Git : use source codes from git repository.
● Dockerfile : Dockerfile is used as the build input
● Binary : Streaming content in binary format from a local file system to the builder
● Image Source : Additional files can be provided to the build process via images. Files
will copy from source image to destination image
IRAN Community| OpenStack.ir
OpenShift Core Concepts
Image Streams
An image stream comprises any number of Docker images identified by tags. It
presents a single virtual view of related images, similar to a Docker image repository.
Image streams can be used to automatically perform an action when new images are
created. Builds and deployments can watch an image stream to receive notifications
when new images are added and react by performing a build or deployment,
respectively.
IRAN Community| OpenStack.ir
OpenShift Core Concepts
Image Streams(Cont.)
For example, if a deployment is using a certain image and a new version of that image
is created, a deployment could be automatically performed.
IRAN Community| OpenStack.ir
Running OpenShift in your system
OpenShift Core Concepts
https://asciinema.org/a/84195
https://asciinema.org/~Behnam
IRAN Community| OpenStack.ir
Video Channels
https://www.youtube.com/behnamloghmani
http://www.aparat.com/behnamloghmani
OpenShift Core Concepts
IRAN Community| OpenStack.ir
Iran OpenStack Community
OpenShift Core Concepts
IRAN Community| OpenStack.ir
Stay in Touch and Join Us:
● Home Page: OpenStack.ir
● Meetup Page: Meetup.com/Iran-OpenStack
● Mailing List: [email protected]
● Twitter: @OpenStackIR , #OpenStackIRAN
● IRC Channel on FreeNode: #OpenStack-ir
OpenShift Core Concepts
Thank YouBehnam Loghmani
Iran OpenStack Community Member
OpenStack.ir
We need to work together to build a better community