Accelerate at DevOps Speed With Openshift v3 Alessandro Vozza & Samuel Terburg Red Hat
IT (R)Evolution
Red Hat Brings It All Together
What is Kubernetes Open source container cluster manager Inspired by the technology that runs Google RUns anywhere: Public cloud Private cloud Bare metal Strong ecosystem Partners: Red Hat, VMware, CoreOS.. Community: clients, integration
Benefits for developers
OpenShift Technical Architecture
openshift.com
OpenShift runs on your choice of infrastructure openshift.com
Nodes are instances of RHEL where apps will run openshift.com
App services run in docker containers on each node openshift.com
Pods run one or more docker containers as a unit openshift.com
Registries are where application images are stored openshift.com
Masters leverage kubernetes to orchestrate nodes / apps openshift.com
Master provides authenticated API for users & clients openshift.com
Master uses etcd key-value data store for persistence openshift.com
Master provides scheduler for pod placement on nodes openshift.com
Pod placement is determined based on defined policy openshift.com
Services allow related pods to connect to each other openshift.com
Management/Replication controller manages the pod lifecycle openshift.com
What if a pod goes down? openshift.com
OpenShift automatically recovers and deploys a new Pod openshift.com
Pods can attach to shared storage for stateful services openshift.com
Routing layer routes external app requests to pods openshift.com
Developers access OpenShift via Web, CLI or IDE openshift.com
Architecture Route Service Registry Pod Build config Deploy config Node Pod Node Pod Master Volume Storage Kubernetes Cluster
Agile
Faster: From Idea to Production OPENSHIFT Self provisioning Environment standardization Auto scaling Centralized Management DEV QA UAT PROD CONTINUOUS DELIVERY Idea IDE Product managers Configuration management Developers Continuous integration Test engineers Monitoring Operations personnel Production feature CYCLE TIME Cycle time is defined as the time it takes from starting to code a new feature to the time it takes to deploy that feature into production. The goal of any business should be to reduce this cycle time without compromising on quality.
DevOps experience
Developer provides git repo $> oc new-app --code=http://github.com/mycompany/myapp.git
Providing the Builder image $> oc new-app --code=... --image-stream=wildfly-8-centos scripts auto detect - assemble - run - save-artifact Java JEE PHP Ruby NodeJS Docker : pom.xml : index.php : Rakefile / Gemfile : app.jon / package.json : Dockerfile
Layer is applied to image $> oc start-build my-build
Layer is added back to registry my-app:latest
Image is deployed ImageChange Triggers "Deployment" my-app:latest $> oc deploy my-app --latest
Trigger a new Build Base ImageChange WebHook
Updated image is added back to the registry WebHook my-app:latest
New image is deployed as rolling update WebHook Replica: 3 App.1 App.1 App.1 App.2 App.2 App.2 App.1 App.1 App.1 App.2 App.2 App.2 App.1 App.1 App.1 step 1 step 2 step 3 App.2 App.2 App.2
Continuous Integration Pipeline example commit webhook registry ImageChange Source Build Store Deploy :test :test Deploy test-fw ImageChange Deploy :uat ImageChange Deploy :prod Test ITIL Approve registry Tag :uat registry Tag :prod
OpenShift Demo
WebUI and CLI & IDE $> oc build openshift/hello-world
Logging Elasticsearch, Fluentd, and Kibana Full build, deploy, docker (std error/out) log consolidation for admins Developer gets real-time logs to console openshift.com
Metrics Heapster Connect it to Hawkular (and therefore Cassandra) Container metrics from cgroups (via the Heapster data model) Java app metrics from JAdvisor/Jolokia attributes* * still under active development openshift.com
OpenShift Integrations
Authentication! RBAC! LDAP! HTPasswd! GitHub / Google / OpenID! SSO - Request Header (eg X-Remote-User )! Tokens Trust! Trusted Red Hat Registry
JBoss Developer Studio and Eclipse Plugin You can: - Create new Project - Create new App - Use Templates Import existing OpenShift app Local docker tools, deploy image Connect to your application via port forwarding Build and Runtime logs openshift.com
OpenShift On OpenStack A True Open Hybrid Cloud Deploy OpenShift on OpenStack via Heat Integrate Apps with OpenStack services Manage it all with CloudForms Get it all at once with Red Hat Cloud Suite openshift.com 45
Administration & Container Mgt. with CloudForms Red Hat CloudForms 4 adds new providers for OpenShift and Containers (Dec 2015) Monitor containers running in OpenShift Enterprise Docker and Kubernetes aware (containers, pods, services...) OpenShift provider adds even more features (projects, users, registries, images) Included with OSE subscriptions openshift.com
Available in 3 flavors docker run openshift/origin
Q & A
CASE DESCRIPTION! IT Challenges! Proposes solutions! How did we do it! How did the solution solved the issues
LESSONS LEARNED! What worked well?! What needs to be improved
NEXT STEPS! Tell something about the future of IT in your company in relation to this project
Build automation Source-to-Image builds Developer Code Build Layer Image Deploy to App Integrated Docker builds Developer Dockerfile Build Image Deploy to App # /62 by
OpenShift Product Roadmap 3.0 - June 2015 Docker container runtime & image packaging format Kubernetes orchestration & mgt. Source-to-Image & Docker builds JBoss EAP 6.4, JWS 3.0, A-MQ 6.2 SCL images (Node, Python, PHP, Ruby...) Shared storage volumes for stateful apps Projects & team collaboration OAuth & enterprise auth integration (LDAP) Enhanced Web, CLI and IDE interfaces Manual scaling Metric-driven autoscaling Integration Service / Fuse 6.x Decision Service / BRMS Cache Service / JDG Eclipse IDE completion Web/CLI UX enhancements SCL 2 image updates External service bridge/registry CloudForms OSE Provider 3.1 - Q4CY15 Additional storage plugins Networking enhancements Enhanced logging / ELK CPU/Memory Overcommit Better Master HA Job Controller LDAP teams integration Better CI integration Atomic Host 3.0.x - Q3CY2015 Auto-scaling basic F5 and External Routing Examples Reference architectures Bug fixes 3.2-1HCY16 Mobile Service / FeedHenry Idling Expanded Fabric8 Integration Non-SNI / non-http routing Git hosting OpenStack Network Integrations CloudForms Active Management Pipelines Service Registry openshift.com
Web Console Updates Streamlined app creation flows Streamlined overview page Ability to delete projects Access to pod logs 3rd party extensions API for pluggability Trigger deployments and rollbacks Cancel builds openshift.com
Notes openshift.com
Change vs. Immutability Finding the Developer Comfort Zone High Iterations Change Level $ oc sync CDK IDE port forwarding Hot deploy Git Branches S2I Jenkins S2I Binary Deploy via Assembly Inception Time to Production Production openshift.com
Deployment automation Manual change Code change Config change Image change # /62 by
Developer Experience Immediate builds triggered after app creation Build and deploy performance improvements Security improvements for source to image builds Jenkins image available to run within OpenShift Git - additional authentication methods Eclipse / JBoss Developer Tools Hot deploy Offline / Local (CDK) : Vagrant, Docker openshift.com