Red Hat

OPENSHIFT
for the absolute beginners
Who am I?

About me!
Course Structure
Lecture

Demos

Quiz

Coding Exercises

Assignment

Q&A
Who is this for?

Developers System Admins Managers

How to attend this course?

Lectures

Demos

Quizzes

Coding Exercises

Lab Environment Local AWS|GCP Play-with-k8s

Objectives
• Introduction • Microservices Application
• Architectural Overview • Example Voting Application
Deployment in Openshift
• Setup - Minishift
• Management – Web, CLI, API
• Projects and Users
• Builds and Image Streams
• Build Triggers
• Deployments
• Networking • Pre-Requisite – Containers
• Services and Routes • Pre-Requisite – Kubernetes
• Scaling • Pre-Requisite – Source Code Management
• Pre-Requisite – Builds and CI/CD
• Storage
• Pre-Requisite – YAML
• Catalog and Templates
 Red Hat

OPENSHIFT
Introduction
 PaaS
IaaS SaaS
 OPENSHIFT
OPENSHIFT OPENSHIFT OPENSHIFT
Origin Online Dedicated Enterprise

Open source application

Public Application Managed private cluster On-Premise private
container platform
Development hosting service on AWS/Google Clouds PaaS
 OPENSHIFT

Origin

Open source application

container platform
 OPENSHIFT

Origin

Open source application

container platform
OPENSHIFT Origin is based on top of Docker containers
and the Kubernetes cluster manager, with added
developer and operational centric Tools that enable
rapid application development, deployment and
lifecycle management.
Tools

Kubernetes

Docker
Tools

Governance

SCM

Registry
API

Pipeline
Software
Defined
Networking
 Red Hat

OPENSHIFT
Architecture
 Components
OPENSHIFT
Container Registry (OCR) Deployments

Services
Images

OPENSHIFT
CI/CD

POD
etcd
Containers
SCM

Users Project
OPENSHIFT
Web Console
Master - Node
 Red Hat

OPENSHIFT
Setup - Minishift
Setup OPENSHIFT

All-in-One Single Master Multiple Master

Multiple Nodes Multiple Nodes

On-Premise Package Manager (RPM)

Cloud Containerized (Docker)

All-in-One

Kubernetes

etcd

OpenShift

Minishift
 Docker Registry Router Web Console

Minishift.exe
openshift/
origin

Single Node Openshift Cluster

 Red Hat

OPENSHIFT
Setup – Using Docker
 All-in-One

04 START
OPENSHIFT Cluster
oc cluster up

03 DOWNLOAD
Origin Client Client Tools

without 02 INSTALL
Docker Version 1.13.1
Minishift

01 PROVISION Operating System Fedora CentOS RHEL

Containerized (Docker)
 Red Hat

OPENSHIFT
Web Console and CLI
Management Tools

Web Console CLI REST API

Web Console - Homepage
Web Console - Project View
Management Tools

Web Console CLI REST API

CLI
> oc
OpenShift Client

This client helps you develop, build, deploy, and run your applications on any
OpenShift or Kubernetes compatible
platform. It also includes the administrative commands for managing a cluster
under the 'adm' subcommand.

To create a new application, login to your server and then run new-app:

oc login https://mycluster.mycompany.com
oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-ex.git
oc logs -f bc/ruby-ex
CLI - Login
> oc login
OpenShift server [https://localhost:8443]: https://openshift.example.com

Username: developer
Authentication required for https://openshift.example.com (openshift)
Password: ******
Login successful.

> oc login –u developer –p developer

Login successful.

> oc logout
User, developer, logged out of https://openshift.example.com
Management Tools

Web Console CLI REST API

 REST API

> curl https://localhost:8443/oapi/v1/users \

-H “Authorization: Bearer <Token>”
"kind": "UserList",
"apiVersion": "v1",
"metadata": {
"selfLink": "/oapi/v1/users",
},
"items": [
> oc whoami -t
{
"metadata": { 27pZjHWn9GU5B5De4H3ICP6ZBd_7txQJMvz79d
27pZjHWn9GU5B5De4H3ICP6ZBd_7txQJMvz79dH0tsY
"name": "developer",
"selfLink": "/oapi/v1/users/developer",
"uid": "271e2b49-47f0-11e8-afb8-4a1a95a6dbc1",
"resourceVersion": "1289",
"creationTimestamp": "2018-04-24T18:49:00Z"
},
"identities": [
"anypassword:developer"
],
"groups": null
},
{
"metadata": {
"name": "mmumshad",
"selfLink": "/oapi/v1/users/mmumshad",
"uid": "c905343d-48a6-11e8-afb8-4a1a95a6dbc1",
"resourceVersion": "108365",
"creationTimestamp": "2018-04-25T16:36:20Z"
},
"identities": [
"anypassword:mmumshad"
],
"groups": null
},
 Red Hat

OPENSHIFT
Projects and Users
Projects

Service: team1.myservice
Service: myservice Service: team2.myservice
Service: myservice Service: team3.myservice
Service: myservice Service: team4.myservice
Service: myservice
Users

Regular System Service

developer system:admin system:serviceaccount:proj1:db_user

system:master
OAuth Server

Allow All

Deny All

/etc/openshift/master/master-config.yaml
 Red Hat OPENSHIFT

Pre-Requisite
Source Code Management
Source Code Management
Application |-- README.md
|-- Dockerfile
|-- bower.json
|-- package.json
|-- app
|-- app.js
|-- web
Web Console API Backend |-- index.html
|-- mddir.js
|-- routing.js
|-- server.js
|-- api
|-- api.groups.js
|-- api.posts.js
|-- api.users.js
|-- api.widgets.js
|-- authentication
|-- oauth.js
Source Code Management System |-- vendor
|-- database
|-- db.js
|-- integration
Developers |-- servicenow.js
 Source Code Management

GitHub
Analyze

GitLab
Revision History Release

BitBucket
File Merging Access Control.

Host
 Red Hat OPENSHIFT

Pre-Requisite
CI/CD - Builds and Pipeline
Build
Java Python Ruby

Maven DistUtils Bundler

SCM

app.jar app.tar.gz app.gem

> java –jar app.jar > pip install app.tar.gz > gem install app.gem
Build

Java Python Ruby

Maven DistUtils Bundler

01
Dockerfile
app.jar app.tar.gz app.gem Install Platform

> java –jar app.jar > pip install app.tar.gz > gem install app.gem
02
> docker build Dockerfile

Install and Configure Pre-

requisites
03
Configure Services

04
Start Services
> docker run app
Test
Java Ruby
Python

Maven Bundler
DistUtils

Dockerfile
app.jar app.gem
app.tar.gz

> java –jar app.jar

> pip install app.tar.gz > gem install app.gem
Release
Build Test Release

Dockerfile
Docker Registry
Deploy
Build Test Release Deploy

Dockerfile
Docker Registry Kubernetes
Build Pipeline
Jenkins

Source Code Build Test Release Deploy

Dockerfile Dockerfile
Docker Registry Kubernetes

Continuous Integration

Continuous Delivery

Continuous Deployment
 Red Hat

OPENSHIFT
SCM, Builds and Deployments in OPENSHIFT
Pre-Requisites

• Docker
• Docker Image
• Docker Registry
Source Code Management

https://github.com/openshift/django-ex.git
 Build
https://github.com/openshift/django-ex.git

01 Create Build

02 Download Source

03 Build Image

04 Push to Registry

Docker Registry
Deployment
04 Push to Registry

Docker Registry

05 Deploy

apiVersion: apps/v1 apiVersion: apps.openshift.io/v1

kind: Deployment kind: DeploymentConfig
Deployment https://github.com/openshift/django-ex.git

01 Create Build

02 Download Source

https://github.com/openshift/django-ex.git

03 Build Image

04 Push to Registry

Docker Registry

05 Deploy
 Red Hat

OPENSHIFT
Builds in OPENSHIFT
Objectives

• Build Strategies
• Create a new Build Configuration

Pre-Requisites
• YAML Files
Build Strategy 1 Docker Build
Build Strategy 2 Source-To-Image (S2I)

Python Image

App Image
Build Strategy 3 Custom Build

Python Ruby
Java

app.jar app.tar.gz app.gem

Image Stream

Python Image Application Image

Code
Image Streams

OpenShift Registry Docker Hub Other Registry

sha256:08b750083d53e8fdcf09ab99bc30549141ea44c90763d3e972be264fbec8d706

Java Python Ruby

java:latest python-27:latest ruby:latest

docker.io/centos/python-27:latest

172.30.1.1:5000/myproject/java:latest
Other-registry/ruby/ruby:2.0
View Build Config S2i-build-config.yaml
kind: "BuildConfig"
apiVersion: "v1"
metadata:
name: "simple-webapp"
spec:
runPolicy: "Serial"
triggers:
-
type: "GitHub"
github:
secret: "b5e471d57f79f52e"
- type: "Generic"
generic:
secret: "4be5b473f9985dcf"
-
type: "ImageChange"
source:
git:
uri: "https://github.com/mmumshad/simple-webapp-flask.git"
strategy:
type: Source
sourceStrategy:
from:
kind: "ImageStreamTag"
name: "python:3.6"
output:
to:
kind: "ImageStreamTag"
name: "simple-webapp:latest"
Create Build Configuration
S2i-build-config.yaml
Docker-build-config.yaml
kind: "BuildConfig"
apiVersion: "v1" kind: "BuildConfig"
metadata: apiVersion: "v1"
name: "simple-webapp" metadata:
spec: name: "simple-webapp-docker"
runPolicy: "Serial" spec:
triggers: runPolicy: "Serial"
- triggers:
type: "GitHub" -
github: type: "GitHub"
secret: "b5e471d57f79f52e" github:
- type: "Generic" secret: "b5e471d57f79f52e"
generic: - type: "Generic"
secret: "4be5b473f9985dcf" generic:
- secret: "4be5b473f9985dcf"
type: "ImageChange" -
source: type: "ImageChange"
git: source:
uri: "https://github.com/mmumshad/simple-webapp- git:
flask.git" uri: "https://github.com/mmumshad/simple-webapp-docker.git"
strategy: strategy:
type: Source type: Docker
sourceStrategy: dockerStrategy:
from: from:
kind: "ImageStreamTag" kind: "DockerImage"
name: "python:3.6" name: "ubuntu:16.04"
output: output:
to: to:
kind: "ImageStreamTag" kind: “ImageStreamTag"
name: "simple-webapp:latest" name: "simple-webapp:latest"
Create Build Configuration
Docker-build-config.yaml
kind: "BuildConfig"
apiVersion: "v1"
metadata:
name: "simple-webapp-docker"
spec:
runPolicy: "Serial"
triggers:
-
type: "GitHub"
github:
secret: "b5e471d57f79f52e"
- type: "Generic"
generic:
secret: "4be5b473f9985dcf"
-
type: "ImageChange"
source:
git:
uri: "https://github.com/mmumshad/simple-webapp-docker.git"
strategy:
type: Docker
sourceStrategy:
from:
kind: "DockerImage"
name: "ubuntu:16.04"
output:
to:
kind: “ImageStreamTag"
name: "simple-webapp:latest"
Start a build
 Red Hat

OPENSHIFT
Build Triggers
Trigger Build

Automated
ManualBuild
Openshift Code Repository
Webhook

https://192.168.56.115:8443/oapi/v1/namespaces/......

Openshift Code Repository

 Red Hat

OPENSHIFT
Deployments
Deployment Controller

Container POD Replication Controller Deployment Controller

Deployment
Deployment
deployment-config.yaml
apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
name: sample-webapp-docker
spec:
replicas: 1
selector:
deploymentconfig: sample-webapp-docker
strategy:
type: Rolling
template:
metadata:
labels:
app: sample-webapp-docker
deploymentconfig: sample-webapp-docker
spec:
containers:
- image: myproject/sample-webapp-docker
imagePullPolicy: Always
name: sample-webapp-docker
ports:
- containerPort: 8080
protocol: TCP
triggers:
- imageChangeParams:
automatic: true
containerNames:
- sample-webapp-docker
from:
kind: ImageStreamTag
name: 'sample-webapp-docker:latest'
namespace: myproject
lastTriggeredImage: >-
172.30.1.1:5000/myproject/sample-webapp-
docker@sha256:08b750083d53e8fdcf09ab99bc30549141ea44c90763d3e972be264fbec8d706
type: ImageChange
- type: ConfigChange
Edit Deployment Configuration
History
Rollback
 Deployment Strategies

nginx:1.7.0 nginx:1.7.0 nginx:1.7.0 nginx:1.7.0 nginx:1.7.0 nginx:1.7.1 nginx:1.7.1 nginx:1.7.1 nginx:1.7.1 nginx:1.7.1
Recreate
Application
Down

Rolling nginx:1.7.1
nginx:1.7.0 nginx:1.7.1 nginx:1.7.0 nginx:1.7.1 nginx:1.7.0 nginx:1.7.1 nginx:1.7.0
Update nginx:1.7.0 nginx:1.7.1

Application Up
Advanced Strategies – Blue/Green

app:v1 app:v1 app:v2 app:v2

 Advanced Strategies – A/B

10%
50%
40%
0%
30%
20%
70%
60%
80% 100%
40%
90%
30%
80%
70%
20%
60%
50%

app:v1 app:v1 app:v1 app:v1 app:v2 app:v2 app:v2 app:v2

Commands - Review
> oc rollout latest dc/simple-webapp-docker

> oc rollout history dc/simple-webapp-docker

> oc rollout describe dc simple-webapp-docker

> oc rollout undo dc/simple-webapp-docker

 Red Hat

OPENSHIFT
Networking
Challenge

IP Address

IP Address OPENSHIFT
??
IP Address SDN
POD

POD
POD
OPENSHIFT SDN
> oc get pods –o wide
my-web-app 1/1 Running 0 2d 10.128.0.5 localhost
my-sql-db 1/1 Running 0 1d 10.128.2.2 localhost

Open vSwitch
10.128.0.5 10.128.2.2
• VLAN tagging
• Trunking
POD POD • LACP
• Port Mirroring

Overlay Network (10.128.0.0/14)

10.128.0.0/23 10.128.2.0/23 10.128.4.0/23
 OPENSHIFT DNS

10.128.2.2
mysql.connect( mysql) )

10.128.0.5 10.128.2.2
SkyDNS

POD POD

DNS Overlay Network (10.128.0.0/14)

10.128.0.0/23 10.128.2.0/23 10.128.4.0/23
SDN Plugins

ovs-multitenant ovs-multitenant ovs-multitenant ovs-multitenant

ovs-subnet
Additional Plugins
External Connectivity

Route
Service

10.128.0.5 10.128.2.2

POD POD

DNS Overlay Network (10.128.0.0/14)

10.128.0.0/23 10.128.2.0/23 10.128.4.0/23
 Red Hat

OPENSHIFT
Services and Routes
Service

Service

Front-end

Service
Service

Back-end Data Processing

 Service

Service

172.30.85.124
8080
deploymentconfig=simple-webapp-docker

8080

172.17.0.7
simple-webapp-docker
 Route

www.somewebapp.com
Load Balancing
Route
Security

Split Traffic

Service
172.30.85.124
8080

deploymentconfig=simple-webapp-docker

8080

172.17.0.7
simple-webapp-docker
 Route – Load Balancing

www.somewebapp.com
Load Balancing

source
192.168.1.12 Route
roundrobin

leastconn
Service
172.30.85.124
8080

8080

172.17.0.7
simple-webapp-docker
 Route – Load Balancing

www.somewebapp.com
Load Balancing

source
Route
roundrobin

leastconn
Service
172.30.85.124
8080

8080

172.17.0.7
simple-webapp-docker
 Route – Load Balancing

www.somewebapp.com
Load Balancing

source
Route
roundrobin

leastconn
Service
172.30.85.124
8080

8080

172.17.0.7
simple-webapp-docker
 Route - Security

https://www.somewebapp.com

Route
Security

Service
172.30.85.124
8080

deploymentconfig=simple-webapp-docker

8080

172.17.0.7
simple-webapp-docker
 Route – Split Traffic

https://www.somewebapp.com

Route

Split Traffic

Service Service
172.30.85.124 172.30.85.125
8080 8080

8080 8080

172.17.0.7 172.17.0.8
simple-webapp-docker simple-webapp-docker-new
 Red Hat

OPENSHIFT
Example Voting Application
 Design www.vote.myapp.com www.result.myapp.com

Service Service

voting-app result-app
voting-app result-app

redis db

Service

Service
Route Secret Secret

Secrets
DB Credentials

Deployment
worker

Build worker

Image Stream

Service
 Red Hat

OPENSHIFT
Scaling
Scale Deployment

52134
spec:
replicas: 1

Replication Controller

Deployment Controller
 Red Hat

OPENSHIFT
Storage
Persistent Volume

/data
Plugins
• Local
• iSCSI
• Fibre Channel
• NFS
• GlusterFS
• Ceph RDB
• OpenStack Cinder
• AWS Elastic Block Store
• GCE Persistent Disk
• Azure Disk
• Azure File
• VMWare vSphere
 PVC – 20GB

PVC – 100GB

PVC – 10GB

PV Resources – 1TB
Create Storage
Create Storage
Deployments - Volumes
 Red Hat

OPENSHIFT
Templates and Catalog
Catalog
Template
Parameters
Route
Application - 8080

Service
Application - 8080

Service
Database - 5432

Deployment Secrets Deployment

Application DB Credentials Database

Build
Application

Custom App

Image Stream
Application
 template-config.yaml

Template apiVersion: v1
kind: Template
metadata:
name: custom-app
objects:
- apiVersion: v1
Parameters kind: Secret
<.. code hidden ..>
Route
Application - 8080 - apiVersion: v1
kind: Service
<.. code hidden ..>
- apiVersion: v1
kind: Service
Service <.. code hidden ..>
Application - 8080
- apiVersion: v1
kind: Route
Service <.. code hidden ..>
Database - 5432
- apiVersion: v1
kind: BuildConfig
Deployment Secrets Deployment <.. code hidden ..>
Application DB Credentials Database

- apiVersion: v1
kind: DeploymentConfig
<.. code hidden ..>
Build
Application > oc create –f template-config.yml - apiVersion: v1
kind: DeploymentConfig
template “custom-app" created <.. code hidden ..>
- apiVersion: v1
kind: ImageStream
Image Stream <.. code hidden ..>
Application
parameters:
- displayName: "Namespace"
name: "NAMESPACE"
Export
> oc export service db
apiVersion: v1
kind: Service
metadata:
annotations:
template.openshift.io/expose-uri:
postgres://{.spec.clusterIP}:{.spec.ports[?(.name=="postgresq
l")].port}
creationTimestamp: null
labels:
app: postgresql-persistent
template: postgresql-persistent-template
name: db
spec:
ports:
- name: postgresql
port: 5432
protocol: TCP
targetPort: 5432
selector:
name: db
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
Conclusion
OpenShift Overview
Architecture
Projects and Users
Builds and Deployments
Networking
Services and Routes
YAML Definition Files
Example Voting Application