Getting Started With OpenShift - Using Containers for SysOps and Engineering
Devops: Own from code to server
- Infrastructure (Ops)
- Why openShift?
- Parts of OpenShift
- Planning your clusert
- Maintenace
- Troubleshoot common problems
- OpenShift Usage (Dev)
- High level overview
- Step by Step
- Real world
- Why
- Get started fast
- Only as complex as you need it to be
- Kubernetes under the hood
- Infrastructure as YAML/JSON
- Ease of Use
- Interface
- Tagging
- Containers all the way down
- Get started fast
- Parts of OpenShift
- Master Nodes
- Manage the cluser itself
- Kubernetes APIs/Scheduler
- etcd
- Webconsole
- Infrastructure notes
- Routers
- Shared services
- Monitoring, registry
- Master Nodes
- Compute nodes
- Where your apps will go
Planning your 1st cluster
- OpenShift 3.11 is latest stable
- Operating System
- Nodes
- An "Atomic Distribution"
- Hypervisor
- Upfront considerations
- Consider carefully
- Physical Layout
- Network Plugin
- osm_cluster_network_cidr
- This will cause you to run out of IPs if you don't doo this right
- Storage
- Type
- Location
- (Gluster (triplicates data), OpenS doubles)
- Strict separation between nodes, so that they dev and prod can be separated
- Can configure to limit who can talk to shom
Maintenance
- Cleanup/Pruning
- Registry (docker)
- Projects
- Can "spin down", not gone, just not running
- Backups
- etcd node
- configs
- Monitoring
- Alerts sent somewhere YOU WILL WATCH!
- Upgrading nodes
- If using ansible, git pulll branch, and run upgrade
troubleshooting Common Issues
- The Events Page
- First place to look
- Cattle not pets
- All applicatins like cattle
- Development environment
- If you used atomic and the node is dead...
- Delete the node, reload, and scale-up
- GlusterFS
Developer
High Level Overview
- Docker Image
- What is it?
- The operating system
- (And sometimes more!)
- Based on an Upstream Image
- Why?
- Upstream updates
- Security Fixes/Patches
- What is it?
- Build Config
- Recipes for making an images
- Docker Build
- Got root?
- Install rpms and other server applications
- Anything you need to run yout app
- Setting up the s2i Scripts
- Image Stream
- Builder
gitfor completed builds- Collection of builds
- Tagged
- Latest
- Version Numbers
- Watchable
- Trigger downstram events
- Builder
- Source Build Config
- s21
- Incorporates Source Code
- Runs as unprivileged user
- Puts stuff in the right place
- Produces a runnable image
- Source Image Stream
- Deployable Image
- Managed using tags
- Development
- Dev secrets
- Staging
- Prod secrets
- Not customer accissible
- Production
- Prod secrets
- Customer Accessible
- Development
- Deployment Config
- Container(s)
- s2i run
- Mounts
- Secrets
- mounted to the filesystem
- Config
- In the environment
- Volumes (data)
- Secrets
- Environment
- POD
- Really the application
- Resource Allocation
- CPU
- Memory
- Health Checks
- Liveness Probe
- Kill and reload
- Readiness Probe
- Load balance
- Liveness Probe
- Triggerable
- Versioned
- Container(s)
- Service (Networking)
- Internal Connectivity
- Internal Load Balancer
- Proxy to Pods
- Route
- External Connectivity
- Exposes a Service
- via a hostname
- Only for somethnig that understands a hostname
- OpenShift doesn't listen on sockets, routes by hostname
- TLS Termination
Learnings
- Started at production worked backward
- May not have been the best way
- Focus on how devs work and then make work production
- Resistance to moving into Dockerized approach
- Security
- Engineering/Operations leadership
- Dev time
- Hardware
- Engineers
- Can't work directly on prod
- Not comfortable with building the whole
- Agile
- Can't work directly on prod
The presentation is available as a PowerPoint deck.
We had 10 people attending this month. As always, we'd like to thank cPanel, L.L.C for providing the meeting space and food for the group.
