Kubernetes has become the most popular choice among container orchestrators with strong community and growing numbers of production deployments. There is no shortage of various K8s distros, at the moment 20+ and counting. There are many distributions available that just simply add toolsets and products that embed it and adds more features. In this presentation, you'll learn about OpenShift and how it compares to vanilla Kubernetes - their major differences, best features and how they can help to build a consistent platform for Dev and Ops cooperation.
9. CloudFoundry survey (September 8, 2017),
https://www.cloudfoundry.org/wp-content/uploads/2012/02/Container-
Report-2017-1.pdf
25% of companies are using containers in
production
15. Life without containers
Virtual
Machines
Cheap and easy
Great Isolation
Huge and reliable ecosystem
Containers
Not everything is container
ready
Some workloads won’t
benefit
Aren’t magic pill
16. Life without containers
Virtual
Machines
Cheap and easy
Great Isolation
Huge and reliable ecosystem
Containers
Not everything is container
ready
Some workloads won’t
benefit
Aren’t magic pill
Windows
Stay where you are ;-)
Wait for better container
support
21. Containers
offer
Single format for complete app
Express setup of whole stack (e.g. docker-compose)
Innovation at speed
Increased security (less is more)
40. Using containers without
COE
Example valid reasons
You want to use as better packaging system
Your app doesn’t scale, is legacy or hardware constrained
41. Using containers without
COE
Example valid reasons
You want to use as better packaging system
Your app doesn’t scale, is legacy or hardware constrained
You wait for something even better or wrote your own :-)
42. Using containers without
COE
Example valid reasons
You want to use as better packaging system
Your app doesn’t scale, is legacy or hardware constrained
You wait for something even better or wrote your own :-)
Just stick with good old VMs
54. OpenShift
Current release 3.6 includes Kubernetes 1.6
Version 3 based on Kubernetes
3.0 Released before Kubernetes 1.0 !
55. OpenShift
Current release 3.6 includes Kubernetes 1.6
Version 3 based on Kubernetes
3.0 Released before Kubernetes 1.0 !
Red Hat as one of the main contributors (11 of 28 leads
of K8S Special Interest Groups)
60. Installation and operation
Easy
Multiple tools and projects
Quick run using minikube
Command line: kubectl
Optional web dashboard as add-on
Relatively easy
Manual or with Ansible
Quick run using minishift
Command line: oc
Built-in, rich web interface
61.
62.
63. Platforms
Supports many distros
Docker Enterprise Edition support!
Hosted versions: Google, Azure
Container runtimes (via CRI): Docker, RKT
Only RHEL, CentOS, Fedora
Hosted versions: Online or Dedicated (by
Red Hat)
Container runtimes: Docker, CRI-O (in
progress)
68. Networking
SDN plugins (via CNI):
Cilium, Contiv, Contrail, Flannel, GCE,
NSX-T, Nuage, OpenVSwitch, OVN, Calico,
Romana, Weave Net
Traffic management via Ingress based on
Nginx
69. Networking
SDN plugins (via CNI):
Cilium, Contiv, Contrail, Flannel, GCE,
NSX-T, Nuage, OpenVSwitch, OVN, Calico,
Romana, Weave Net
Traffic management via Ingress based on
Nginx
SDN support (Kubernetes): Cisco Contiv,
Juniper Contrail, Flannel, VMware NSX-T,
Nokia Nuage, Tigera Calico
Custom SDN: ovs-subnet, ovs-
multitenant
Traffic management via Routes based on
HAproxy or F5
77. Security
Default policy: OPEN Default policy forbids container to:
Run as root user
Run as privileged container
Access volumes from host
Set additional CAPS
90. Apps
Business
Provide apps that
meet business
requirements
Dev
Provide
environment for
those apps
Ops
Make applications
available to users in most
reliable, secure and
efficient way
94. Legacy
approach
ssh 10.12.13.14 -l root
tail -f /var/log/syslog
df
du
killall -9 java
reboot
Dirty tricks
Make it work and forget
Now it’s up to Dev to fix it
110. Container
approach
Do nothing - let orchestrator take care of it (livenessProbe)
Use central logging
Rollback to previous version
111. Container
approach
Do nothing - let orchestrator take care of it (livenessProbe)
Use central logging
Rollback to previous version
Fix once and deploy
117. Container
approach
Pod Pod Pod Pod Pod
Service
Ingress
Cloud Load
Balancers
DNS (`*.cluster.local)
Group by label
Service
Pod
118. Container
approach
Pod Pod Pod Pod Pod
Service
Ingress Router
Cloud Load
Balancers
DNS (`*.cluster.local)
Group by label
HAproxy
A/B Testing
Service
Pod
119. Container
approach
Pod Pod Pod Pod Pod
Service
F5-BIGIPIngress Router
Cloud Load
Balancers
DNS (`*.cluster.local)
Group by label
HAproxy
A/B Testing
Native integration (via
API >=12.*)
Service
Pod
121. Legacy
approach “It will be ready next week, need to configure access”
Your favourite and busy Ops
122. Legacy
approach “It will be ready next week, need to configure access”
Your favourite and busy Ops
Why so long?
123. Legacy
approach “It will be ready next week, need to configure access”
Your favourite and busy Ops
Why so long? Why so slow?
124. Legacy
approach “It will be ready next week, need to configure access”
Your favourite and busy Ops
Why so long? Why so slow?
“I’ll just save it in /opt/myapp/lib/2.1/
inconspicious_dir/critical_data”
125. Legacy
approach “It will be ready next week, need to configure access”
Your favourite and busy Ops
I’m pretty sure it’s
being backed up!
Why so long? Why so slow?
“I’ll just save it in /opt/myapp/lib/2.1/
inconspicious_dir/critical_data”
138. Legacy
approach
Unknown quality with murky cumbersome instruction
Environments like snowflakes
Not this time - wait for new one (“a couple of days”)
scp awesome-app-SNAPSHOT.jar srv:~/app/
ansible -i all web -m service
-a “name=tomcat state=restarted”