OPENSHIFT FOR OPERATIONS. Jamie Cloud Guy - US Public Sector at Red Hat

Similar documents
TEN LAYERS OF CONTAINER SECURITY

CONTAINERS AND MICROSERVICES WITH CONTRAIL

Dan Williams Networking Services, Red Hat

Wolfram Richter Red Hat. OpenShift Container Netzwerk aus Sicht der Workload

TRAINING AND CERTIFICATION UPDATE

Running RHV integrated with Cisco ACI. JuanLage Principal Engineer - Cisco May 2018

TEN LAYERS OF CONTAINER SECURITY

RDMA Container Support. Liran Liss Mellanox Technologies

Backup strategies for Stateful Containers in OpenShift Using Gluster based Container-Native Storage

OpenShift 3 Technical Architecture. Clayton Coleman, Dan McPherson Lead Engineers

Introduction to Container Technology. Patrick Ladd Technical Account Manager April 13, 2016

THE STATE OF CONTAINERS

Red Hat OpenShift Roadmap Q4 CY16 and H1 CY17 Releases. Lutz Lange Solution

Think Small to Scale Big

Overview of Container Management

RED HAT OPENSHIFT A FOUNDATION FOR SUCCESSFUL DIGITAL TRANSFORMATION

Red Hat Roadmap for Containers and DevOps

SAMPLE CHAPTER. Marko Lukša MANNING

Introduction to Virtualization and Containers Phil Hopkins

Kubernetes The Path to Cloud Native

Linux Containers Roadmap Red Hat Enterprise Linux 7 RC. Bhavna Sarathy Senior Technology Product Manager, Red Hat

OPENSTACK Building Block for Cloud. Ng Hwee Ming Principal Technologist (Telco) APAC Office of Technology

AGILE RELIABILITY WITH RED HAT IN THE CLOUDS YOUR SOFTWARE LIFECYCLE SPEEDUP RECIPE. Lutz Lange - Senior Solution Architect Red Hat

Kubernetes 101. Doug Davis, STSM September, 2017

The Road to Digital Transformation: Increase Agility Building and Managing Cloud Infrastructure. Albert Law Solution Architect Manager

Docker All The Things

Linux Clusters Institute: OpenStack Neutron

Allowing Users to Run Services at the OLCF with Kubernetes

WHITE PAPER. RedHat OpenShift Container Platform. Benefits: Abstract. 1.1 Introduction

S Implementing DevOps and Hybrid Cloud

ACCELERATE APPLICATION DELIVERY WITH OPENSHIFT. Siamak Sadeghianfar Sr Technical Marketing Manager, April 2016

YOUR APPLICATION S JOURNEY TO THE CLOUD. What s the best way to get cloud native capabilities for your existing applications?

What s New in Red Hat OpenShift Container Platform 3.4. Torben Jäger Red Hat Solution Architect

Multiple Networks and Isolation in Kubernetes. Haibin Michael Xie / Principal Architect Huawei

AZURE CONTAINER INSTANCES

TEN LAYERS OF CONTAINER SECURITY. Kirsten Newcomer Security Strategist

Docker A FRAMEWORK FOR DATA INTENSIVE COMPUTING

개발자와운영자를위한 DevOps 플랫폼 OpenShift Container Platform. Hyunsoo Senior Solution Architect 07.Feb.2017

Przyspiesz tworzenie aplikacji przy pomocy Openshift Container Platform. Jarosław Stakuń Senior Solution Architect/Red Hat CEE

Simplify Container Networking With ican. Huawei Cloud Network Lab

Secure Kubernetes Container Workloads

Microservices and Container Development

CNA1699BU Running Docker on your Existing Infrastructure with vsphere Integrated Containers Martijn Baecke Patrick Daigle VMworld 2017 Content: Not fo

Container-Native Storage

Red Hat Atomic Details Dockah, Dockah, Dockah! Containerization as a shift of paradigm for the GNU/Linux OS

Building an on premise Kubernetes cluster DANNY TURNER

VMworld 2017 Content: Not for publication #CNA1699BE CONFIDENTIAL 2

Getting Started With Serverless: Key Use Cases & Design Patterns

CoreOS and Red Hat. Reza Shafii Joe Fernandes Brandon Philips Clayton Coleman May 2018

OpenShift Hyper-Converged Infrastructure Bare Metal Deployment with Containerized Gluster

Go Faster: Containers, Platforms and the Path to Better Software Development (Including Live Demo)

OpenShift Cheat Sheet

Code: Slides:

Keep CALM and Architect On: An Architect s Role in DevOps

Introduction to Kubernetes

Implementing Container Application Platforms with Cisco ACI

OS Virtualization. Linux Containers (LXC)

A REFERENCE ARCHITECTURE FOR DEPLOYING WSO2 MIDDLEWARE ON KUBERNETES

Cloud & container monitoring , Lars Michelsen Check_MK Conference #4

K8s(Kubernetes) and SDN for Multi-access Edge Computing deployment

Automating, Securing, and Managing Cox Automotive's (AutoTrader) Big Data Infrastructure

Amir Zipory Senior Solutions Architect, Redhat Israel, Greece & Cyprus

OPEN SOURCE AND THE DIGITAL TRANSFORMATION. Syed M Shaaf Principal Solution Architect EMEA Telco Technology Office

Containers and isolation as implemented in the Linux kernel

Container mechanics in Linux and rkt FOSDEM 2016

LOG AGGREGATION. To better manage your Red Hat footprint. Miguel Pérez Colino Strategic Design Team - ISBU

How Container Runtimes matter in Kubernetes?

RED HAT OPENSHIFT CONTAINER PLATFORM REFERENCE ARCHITECTURE FOR PCI DSS V3.2.1

The speed of containers, the security of VMs. KataContainers.io

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Kubernetes 101: Pods, Nodes, Containers, andclusters

Kubernetes networking in the telco space

Container Management : First Looks

Run containerized applications from pre-existing images stored in a centralized registry

Docker and Security. September 28, 2017 VASCAN Michael Irwin

Cloud Native Java with Kubernetes

Important DevOps Technologies (3+2+3days) for Deployment

2016 Mesosphere, Inc. All Rights Reserved.

OpenShift on Public & Private Clouds: AWS, Azure, Google, OpenStack

Microservices. Chaos Kontrolle mit Kubernetes. Robert Kubis - Developer Advocate,

SBB. Java User Group 27.9 & Tobias Denzler, Philipp Oser

Container in Production : Openshift 구축사례로 이해하는 PaaS. Jongjin Lim Specialist Solution Architect, AppDev

Taming your heterogeneous cloud with Red Hat OpenShift Container Platform.

This document (including, without limitation, any product roadmap or statement of direction data) illustrates the planned testing, release and

Building Kubernetes cloud: real world deployment examples, challenges and approaches. Alena Prokharchyk, Rancher Labs

Red Hat Cloud Platforms with Dell EMC. Quentin Geldenhuys Emerging Technology Lead

Kubernetes Performance-Sensitive Application Platform

Container Adoption for NFV Challenges & Opportunities. Sriram Natarajan, T-Labs Silicon Valley Innovation Center

NVMe over Fabrics (NVMe-oF) For Containers

Zero to Microservices in 5 minutes using Docker Containers. Mathew Lodge Weaveworks

OpenShift Roadmap Enterprise Kubernetes for Developers. Clayton Coleman, Architect, OpenShift

Continuous delivery while migrating to Kubernetes

利用 Mesos 打造高延展性 Container 環境. Frank, Microsoft MTC

Containers OpenStack. Murano brings Docker & Kubernetes to OpenStack. Serg Melikyan. software.mirantis.com. January 27, 2015

/ Cloud Computing. Recitation 5 September 26 th, 2017

Authorized Source IP for OpenShift Project

Using DC/OS for Continuous Delivery

THE AFS NAMESPACE AND CONTAINERS

Connect with Remedy: SmartIT: Social Event Manager Webinar Q&A

Cisco Virtualized Infrastructure Manager

Transcription:

1 OPENSHIFT FOR OPERATIONS Jamie Duncan @jamieeduncan Cloud Guy - US Public Sector at Red Hat 20170504

ABOUT JDUNCAN I've been at Red Hat just over 5 years 2 This is my daughter Elizabeth. #cutestthingever I've worked with every major US Government Agency (I think)

AGENDA 3 our task & ground rules containers are taking over the world deploying an application with OpenShift what is happening inside OpenShift...and down into the kernel investigating networking isolation investigating PID isolation conclusions

BEFORE WE GET STARTED 4 Containers are taking over the world as we know it. https://www.flickr.com/photos/dpstyles

TODAY'S TASK 5 OpenShift is the most complete, production-ready container platform out there. While I certainly have a bias, I can back that up with facts, data and reason. I'll happily share a cold beverage with anyone interested in talking about this after the session. Today we are going to take a deeper dive at what exactly is going on when you deploy an application in OpenShift. I am a firm believer that the best way to master a tool is to have a good grasp on how it is fundamentally doing its job. That is our goal today. Before we get going, there are a few ground rules...

GROUND RULES 6 This session is a discussion, not a lecture. This information is accurate, to the best of my ability, through OpenShift 3.5. This is a nuts and bolts talk. We won't be talking about roadmaps or changelogs. At the end of the day, it's all about getting some new information and (hopefully) have a few laughs.

GETTING STARTED WITH A NEW APP We start out by deploying an application in an OpenShift cluster. 7 Raise your hand if this looks familiar.

CONNECTING THE DOTS 8 OpenShift creates: a custom container image with your source code and the template an Image Stream to tie all of your application resources together a buildconfig to control how your application is built out a Deployment Config to dictate how your application is deployed and updated updates a load balancer so traffic from the world can get in and out of your application smoothly OpenShift tells kubernetes to create: a Replication Controller to scale your application up and down on demand a Service to help expose your application to the world Then kubernetes talks to docker to create containers to put in the new Replication Controller That moves us down into the kernel...

WHAT THE KERNEL DOES 9 docker tells Linux to: take your custom container image and put it in its own mount namespace to isolate the application and its files create a network interface and isolate it with a unique network namespace isolate your application's memory resources with an IPC namespace give your container a unique hostname and domainname with a UTS namespace give your container its own PID counter set with a PID namespace create control groups to limit the resources your container can consume create unique SELinux contexts for your new containers Let's put this in infographic form.

container image image stream buildconfig deploymentconfig haproxy configuration for routing 10 replication controller service mount namespace network namespace IPC namespace UTS namespace PID namepace SELinux contexts Control Groups Also Known As...

A MODERN CONTAINER PLATFORM 11

FOR AN OPS TEAM... 12 note the Linux beard... HOW DO YOU MANAGE ALL OF THIS? Let's start with what everyone always says is the hardest. Networking.

OPENSHIFT NETWORKING 13 OpenShift uses an SDN solution based on OpenVSwitch technology. For each container in an application pod: The eth0 interface is linked to a virtual eth, veth, device on the host The veth0 is added to the ovs bridge, br0 Traffic bound for other OpenShift hosts is routed through the vxlan0 interface Traffic to the interwebz is routed through the tun0 interface myapp eth0 br0 veth1 tun0 Interwebz app2 eth0 veth2 vxlan0 OpenShift Cluster

NETWORKING IT IN ACTION Looking at an OpenShift Node, we can see all of this from the command line. 14 BUT... how do we know which of those veth interfaces inside the OpenShift SDN bridge is linked to each container?

TRACING NETWORK TRAFFIC How traffic gets into and out of your container. 15 The interface inside the container is linked to the veth interface on the host that is hooked into OpenShift-SDN. Voila. Networking.

CONTAINER PIDS ON YOUR HOST 16 You can see your processes from the host, but how does it look from INSIDE the container? Let's take a look.

PIDS INSIDE YOUR CONTAINER 17 Your container's PID namespace limits the PIDs that are visible from inside the container.

CONCLUSIONS 18 OpenShift automates a lot of work to make your applications elastic For an Operations Team, you have to think about applications differently inside OpenShift to analyze them along with the OpenShift infrastructure. OpenShift ships with a lot of the tools to get the information you need out of your infrastructure. Nowhere in a diagram or a screen capture did I reference voodoo or unicorn blood. Containers!= Magic. Containers == More efficient process isolation. Containers == Linux! Linux == RHEL!

19 K YOU m/+redhat facebook.com/redhatinc ompany/red-hat twitter.com/redhatnews user/redhatvideos

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback