Introduction to OpenShift: Part 2
Red Hat OpenShift Container Platform (OCP) is a set of modular components and services built on top of Red Hat Enterprise Linux and Docker. OCP adds PaaS capabilities such as remote management, multi-tenancy, increased security, application life-cycle management, and self-service interfaces for developers.
In the above figure, going from bottom to top, and from left to right, the basic container infrastructure is shown, integrated and enhanced by Red Hat:
- The base OS is Red Hat Enterprise Linux (RHEL).
- Docker provides the basic container management API and the container image file format.
- Kubernetes manages a cluster of hosts (physical or virtual) that run containers. It works with resources that describe multi-container applications composed of multiple resources, and how they interconnect. If Docker is the “core” of OCP, Kubernetes is the “heart” that keeps it moving.
- Etcd is a distributed key-value store, used by Kubernetes to store configuration and state information about the containers and other resources inside the Kubernetes cluster.
OpenShift adds the capabilities required to provide a production PaaS platform to the Docker + Kubernetes container infrastructure. Continuing from bottom to top and from left to right:
- OCP-Kubernetes extensions are additional resource types stored in Etcd and managed by Kubernetes. These additional resource types form the OCP internal state and configuration.
- Containerized services fulfill many PaaS infrastructure functions, such as networking and authorization. OCP leverages the basic container infrastructure from Docker and Kubernetes for most internal functions. That is, most OCP internal services run as containers orchestrated by Kubernetes.
- Runtimes and xPaaS are base container images ready for use by developers, each preconfigured with a particular runtime language or database. The xPaaS offering is a set of base images for JBoss middleware products such as JBoss EAP and ActiveMQ.
- DevOps tools and user experience: OCP provides Web and CLI management tools for managing user applications and OCP services. The OpenShift Web and CLI tools are built from REST APIs which can be leveraged by external tools such as IDEs and CI platforms.
Kubernetes Keywords:
- Master: A server that manages the workload and communications in a Kubernetes cluster.
- Node: A server that performs work in a Kubernetes cluster.
- Label: A key/value pair that can be assigned to any Kubernetes resource. A selector uses labels to filter eligible resources for scheduling and other operations.
Kubernetes Resource Types
Kubernetes has five main resource types that can be created and configured using a YAML or a JSON file, or using OpenShift management tools.
- Pods: Represent a collection of containers that share resources, such as IP addresses and persistent storage volumes. It is the basic unit of work for Kubernetes.
- Services: Define a single Ip/port combination that provides access to a pool of pods. By default, services connect clients to pods in a round-robin fashion.
- Replication Controllers: A framework for defining pods that are meant to be horizontally scaled. A replication controller includes a pod definition that is to be replicated, and the pods created from it can be scheduled to different nodes.
- Persistent Volumes(PV): Provision persistent networked storage to pods that can be mounted inside a container to store data.
- Persistent Volume Claims(PVC): Represent a request for storage by a pod to Kubernetes.
OpenShift Resource Types
The main resource types added by OCP to Kubernetes are as follows:
- Deployment Configurations(dc): Represent a set of pods created from the same container image, managing workflows such as rolling updates. A dc also provides a basic but extensible Continuous Delivery workflow.
- Build Configurations(bc): Used by the OpenShift Source-to-Image (S2I) feature to build a container image from application source code stored in a Git server. A bc works together with a dc to provide a basic but extensible Continuous Integration/Continuous Delivery workflow.
- Routes: Represent a DNS host recognized by the OpenShift router as an ingress point for applications and microservices.
Networking
- Each container deployed by a docker daemon has an IP address assigned from an internal network that is accessible only from the host running the container. Because of the container’s ephemeral nature, IP addresses are constantly assigned and released.
- Kubernetes provides a software-defined network (SDN) that spawns the internal container networks from multiple nodes and allows containers from any pod, inside any host, to access pods from other hosts. Access to the SDN only works from inside the same Kubernetes cluster.
- Containers inside Kubernetes pods are not supposed to connect to each other’s dynamic IP address directly. It is recommended that they connect to the more stable IP addresses assigned to services, and thus benefit from scalability and fault tolerance.
- External access to containers, without OpenShift, requires redirecting a port on from host to the internal container IP address, or from the node to a service IP address in the SDN. A Kubernetes service can specify a NodePort attribute that is a network port redirected by all the cluster nodes to the SDN. Unfortunately, none of these approaches scale well.
- OpenShift makes external access to containers both scalable and simpler, by defining route resources. HTTP and TLS accesses to a route are forwarded to service addresses inside the Kubernetes SDN. The only requirement is that the desired DNS host names are mapped to the OCP routers nodes’ external IP addresses.
Thank you for reading…
Source & References:
- Docker official website
- Kubernetes official website
- RedHat OpenShift website
- edX Learning Platform
Next ->