SlideShare a Scribd company logo

Containers in a Kubernetes World

P
plarsen67

The document discusses containers and Kubernetes (K8S), including an overview of containers and why containerization is useful, how Kubernetes provides a platform to manage containers across multiple hosts, and some key Kubernetes concepts like pods, deployments, services, and projects.

Presentations & Public Speaking
1 of 49
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
Containers in a Kubernetes World Containers and Kubernetes (K8S) – INTLUG April 2023 By Peter Larsen
Containers and K8S 3 April 2023 Why we are here - AGENDA  Talk about containers  Talk about container runtime engines – particular Kubernetes  We'll be using OpenShift's “Single Node OpenShift”/SNO or Code Ready Containers or OpenShift Local  You can run SNO on your computer – 16GB of RAM and 30+ GB of HDD and libvirt/kvm is required.  Was going to talk about https://microshift.io/ - however .....
Containers and K8S 4 April 2023 Word to the wise ..... (that's you!)  OpenShift is Kubernetes + a lot more. It runs Kubernetes everywhere – local workstation, datacenter, cloud, edge (like cars)  Play along or try at home: https://developers.redhat.com/products/openshift/download  https://console.redhat.com/openshift/create/local - download small executable (crc) and pull secret  Upstream: https://www.okd.io/guides/sno/ This is not as easy – but doable!  Kubernetes is a VERY complex platform – we will not cover it all, just dip our toes in it.
April 2023 Questions are absolutely welcome – even during the talk
April 2023 Who has NOT used containers before?
Containers and K8S 7 April 2023 7 LXC Initial release Aug ‘08 OpenShift online May ‘11 Docker initial Mar ‘13 OpenShift Enterprise 3.0 Jun ‘15 OCI CNCF Initial release, Buildah Jun ‘17 Moby Apr ‘17 Sep ‘17 Kubernetes Mid ‘14 Buildah 1.0 Podman New logo May ‘18 buildah.io podman.io Sep ‘18 Buildah Skopeo Podman RHEL May ‘19 Nov ‘15 Mar ‘16 A lot has happened in just over a decade
Containers and K8S 8 April 2023 Containers: Podman – no Docker  For demonstrations Podman is used  Podman is a daemon less container CLI  Podman's “api” commands are docker commands alias docker=podman  Podman can use the exact same container features of Linux like runc (OCI) and crun (written in C not GO)  Rootless containers are safer. With the docker daemon anyone with access to run containers can become root on the host  podman is available on most major distributions  Is default on Fedora, RHEL and CentOS installs
Containers and K8S 9 April 2023 Why containerization?  Containers are everywhere in IT today  Provides lots of advantages over virtualization  Better security  Easier to maintain  Better “DevSecOps”  Easy to distribute/install
April 2023 Typical container structure A quick primer .... Get the coloring book! https://red.ht/3gfVlHF
Containers and K8S 11 April 2023 WHAT ARE CONTAINERS? It Depends Who You Ask ● Application processes on a shared kernel ● Simpler, lighter, and denser than VMs ● Portable across different environments ● Package apps with all dependencies ● Deploy to any environment in seconds ● Easily accessed and shared INFRASTRUCTURE APPLICATIONS
Containers and K8S 12 April 2023 VIRTUAL MACHINES AND CONTAINERS VIRTUAL MACHINES CONTAINERS VM isolates the hardware Container isolates the process VM OS Dependencies Kernel Hypervisor Hardware App App App App Container Host (Kernel) Container App OS deps Container App OS deps Container App OS deps Container App OS deps Hypervisor Hardware
Containers and K8S 13 April 2023 Virtual Machine Application OS dependencies Operating System VIRTUAL MACHINES AND CONTAINERS VM Isolation Complete OS Static Compute Static Memory High Resource Usage Container Isolation Shared Kernel Burstable Compute Burstable Memory Low Resource Usage Container Host Container Application OS dependencies
Containers and K8S 14 April 2023 VIRTUAL MACHINES AND CONTAINERS Container Host Container Application OS dependencies Dev IT Ops Infrastructure Virtual Machine Application OS dependencies Operating System IT Ops (and Dev, sort of) Infrastructure Clear ownership boundary between Dev and IT Ops drives DevOps adoption and fosters agility Optimized for stability Optimized for agility
Containers and K8S 15 April 2023 Virtual machines are NOT portable across hypervisors and do NOT provide portable packaging for applications APPLICATION PORTABILITY WITH VM VM Type X Application OS dependencies Operating System BARE METAL PRIVATE CLOUD PUBLIC CLOUD VIRTUALIZATION LAPTOP Application OS dependencies Operating System VM Type Y Application OS dependencies Operating System VM Type Z Application OS dependencies Operating System Guest VM Application OS dependencies Operating System
Containers and K8S 16 April 2023 APPLICATION PORTABILITY WITH CONTAINERS LAPTOP Container Application OS dependencies Guest VM RHEL BARE METAL Container Application OS dependencies RHEL VIRTUALIZATION Container Application OS dependencies Virtual Machine RHEL PRIVATE CLOUD Container Application OS dependencies Virtual Machine RHEL PUBLIC CLOUD Container Application OS dependencies Virtual Machine RHEL Linux* Containers + Linux Host = Guaranteed Portability Across Any Infrastructure * Distribution Matters
Containers and K8S 17 April 2023 Base Image Image Layer 1 Image Layer 2 Image Layer 3 Base RHEL OS Update Layer Java Runtime Layer Application Layer Container Image Layers Example Container Image RAPID SECURITY PATCHING USING CONTAINER IMAGE LAYERING
Containers and K8S 18 April 2023 DIGITAL WORKLOADS ARE MOVING TO CONTAINERS LIFT & SHIFT Better manage scalability and fast-moving application development cycles Meet user demand, give them the ability to perform common tasks Migrate existing applications into more efficient container environments MOBILE MICROSERVICES Move faster & find time for innovation, aligned to business needs ANALYTICS
April 2023 Highlevel container Architecture
Containers and K8S 20 April 2023 A container is the smallest compute unit CONTAINER
Containers and K8S 21 April 2023 containers are created from container images CONTAINER CONTAINER IMAGE BINARY RUNTIME
Containers and K8S 22 April 2023 IMAGE REGISTRY container images are stored in an image registry CONTAINER CONTAINER IMAGE CONTAINER IMAGE CONTAINER IMAGE CONTAINER IMAGE CONTAINER IMAGE CONTAINER IMAGE
Containers and K8S 23 April 2023 an image repository contains all versions of an image in the image registry IMAGE REGISTRY frontend:latest frontend:2.0 frontend:1.1 frontend:1.0 CONTAINER IMAGE mongo:latest mongo:3.7 mongo:3.6 mongo:3.4 CONTAINER IMAGE myregistry/frontend myregistry/mongo
April 2023 Taking a practical look at containers Demo time
April 2023 That was kinda cool! https://xkcd.com/1988
April 2023 Why more than pure containers?
Containers and K8S 27 April 2023 They're GREAT, but ....  On a single host all is local, all is simple A single host is a single point of failure A single host running hundreds or thousands of workload doesn't work  Keeping container communication private between hosts is “complex”  Allowing fail-over of containers between hosts is “complex”  Storage configuration must transfer between host (no local disk)
Containers and K8S 28 April 2023 Challenges  Cross node consistency  Security integration  Configuration management  Access  Patching/maintenance
Containers and K8S 29 April 2023 Container platform solution  Multi cloud / environment; hybrid  Multi-node deployment with failover handling  Auto-scale vertical and horizontal  State machine Describe what you want – not where, how  Configuration Management - pluggable  Storage Management – pluggable  Network Management - pluggable
Containers and K8S 30 April 2023 Kubernetes – an introduction  Containers are ‘pods’ - a pod is the atomic unit that is run A pod can contain more than one container, but it’s not typical  Compute nodes run pods  Master nodes manages the compute node cluster using a state store  Schedule policy  API entry point  API defined network, storage, authentication
Containers and K8S 31 April 2023 POD POD containers are wrapped in pods which are units of deployment and management CONTAINER CONTAINER CONTAINER IP: 10.1.0.11 IP: 10.1.0.55
Containers and K8S 32 April 2023 pods configuration is defined in a deployment image name replicas labels cpu memory storage POD CONTAINER POD CONTAINER POD CONTAINER DEPLOYMENT
Containers and K8S 33 April 2023 services provide internal load-balancing and service discovery across pods POD CONTAINER POD CONTAINER POD CONTAINER BACKEND SERVICE POD CONTAINER role: backend role: backend role: backend role: backend role: frontend 10.110.1.11 10.120.2.22 10.130.3.33 10.140.4.44 172.30.170.110
Containers and K8S 34 April 2023 apps can talk to each other via services Invoke Backend API POD CONTAINER POD CONTAINER POD CONTAINER BACKEND SERVICE POD CONTAINER role: backend role: backend role: backend role: backend role: frontend 10.110.1.11 10.120.2.22 10.130.3.33 10.140.4.44 172.30.170.110
Containers and K8S 35 April 2023 POD routes add services to the external load-balancer and provide readable urls for the app CONTAINER POD CONTAINER POD CONTAINER BACKEND SERVICE ROUTE app-prod.mycompany.com > curl http://app-prod.mycompany.com “route” was a Red Hat extension to K8S before K8S added “ingress” upstream. Same principle – slightly different implementation.
Containers and K8S 36 April 2023 projects isolate apps across environments, teams, groups and departments POD C POD C POD C PAYMENT DEV POD C POD C POD C PAYMENT PROD POD C POD C POD C CATALOG POD C POD C POD C INVENTORY ❌ ❌ ❌
Containers and K8S 38 April 2023 High level architecture - K8S/OpenShift
Containers and K8S 41 April 2023 Typical System Deployment ENTERPRISE LOAD-BALANCER Application Traffic Dev and Ops User NODE CNTRL CNTRL INFRA CNTRL INFRA NODE NODE NODE NODE NODE INFRA NODE
Containers and K8S 42 April 2023 ● Pluggable routing architecture ○ HAProxy Router ○ F5 Router ○ Cloud based LB ○ Metal LB (VIP) ● Multiple-routers with traffic sharding ● Router supported protocols ○ HTTP/HTTPS ○ WebSockets ○ TLS with SNI ● Non-standard ports via cloud load-balancers, external IP, and NodePort ROUTING AND EXTERNAL LOAD-BALANCING
Containers and K8S 43 April 2023 K8S Persistent Storage System (CSI) “A request for storage” Provider: ABC Capacity: 10 GiB Features: XYZ PersistentVolumeClaim “A provider of storage” Provider URL: … Credentials: … Options: ... StorageClass “Provisioned Storage” Name: … Size: … AccessMode: ... PersistentVolume APPLICATION POD(S) “sets up” “submits” “submitted to” “creates” Storage Backend “instructs” “provisions” “mounted by”
Containers and K8S 44 April 2023 44 ● Built-in internal DNS to reach services by name ● Split DNS is supported via SkyDNS ● Master answers DNS queries for internal services ● Other name servers serve the rest of the queries ● Software Defined Networking (SDN) for a unified cluster network to enable pod-to-pod communication ● OpenShift follows the Kubernetes Container Networking Interface (CNI) plug-in model OPENSHIFT NETWORKING
Containers and K8S 45 April 2023 OPENSHIFT NETWORK PLUGINS OpenShift SDN (OVS) OPENSHIFT KUBERNETES CNI Flannel** Nuage Tigera Calico & CNX Juniper Contrail Cisco Contiv & Contiv-ACI Big Switch Fully Supported Validated VMware NSX-T In-Progress DEFAULT kuryr- kubernetes OpenShift SDN (OVN*) * Default in OCP 4.1 ** Flannel is minimally verified and is supported only and exactly as deployed in the OpenShift on OpenStack reference architecture Open Daylight (CNI & Kuryr) RH-OSP Neutron Plugin
Containers and K8S 46 April 2023 Container++  Knative (Cloud Native)  Serverless / ServiceMesh  CodeReady (IDE in a browser)  AI/ML  HPC …. ?
Containers and K8S 47 April 2023 CONFIDENTIAL - FOR INTERNAL USE ONLY
April 2023 Let's look at containers on K8S / OpenShift Local Demo time
Containers and K8S 49 April 2023 Kubernetes is ...  A runtime platform for containers  A platform – just like Linux – providing fundamental services to run/manage containers  A state machine  An API  Controls Networking Storage Deployments Scheduling And a wide range of custom things
Containers and K8S 50 April 2023 Commands we looked at  podman pull, run, inspect, images  oc / kubectl (for our talk they are the same)  curl
Containers and K8S 51 April 2023 Getting involved  Get involved https://www.okd.io/ https://kubernetes.io/  Try it out!! https://cloud.redhat.com  Play in the cloud (for free!) http://learn.openshift.com/
Containers and K8S 52 April 2023 Get Involved - Podman In Action  Written by Mr. Container and Mr. Security himself Daniel Walsh  Talks about how container engines work what goes on behind the scenes options and why you may choose one cool features/options you don't know https://www.manning.com/books/podman-in-action
Containers and K8S 53 April 2023 Thank you!  The (IT) future is containerized  Unix/Linux has done process isolation for a very long time  Delivering software is sending a container – not 150 packages  Frameworks make microservice and meshes easier to manage  Built in monitoring gives deep insight  Self healing  Self optimization  Secure by default ….  Need more reasons???

More Related Content

PPTX
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Vietnam Open Infrastructure User Group
 
PPTX
Dev opsec dockerimage_patch_n_lifecyclemanagement_
kanedafromparis
 
PDF
20220406 - SDAN_Presentation1_SDANOverview.pdf
ssuser34f58c1
 
PPTX
Docker training
Kiran Kumar
 
PDF
Kubernetes: https://youtu.be/KnjnQj-FvfQ
Rahul Malhotra
 
PDF
Day 2 Kubernetes - Tools for Operability (Velocity London Meetup)
bridgetkromhout
 
PDF
Docker Application to Scientific Computing
Peter Bryzgalov
 
PPTX
Mesos and Kubernetes ecosystem overview
Krishna-Kumar
 
Kata Container - The Security of VM and The Speed of Container | Yuntong Jin
Vietnam Open Infrastructure User Group
 
Dev opsec dockerimage_patch_n_lifecyclemanagement_
kanedafromparis
 
20220406 - SDAN_Presentation1_SDANOverview.pdf
ssuser34f58c1
 
Docker training
Kiran Kumar
 
Kubernetes: https://youtu.be/KnjnQj-FvfQ
Rahul Malhotra
 
Day 2 Kubernetes - Tools for Operability (Velocity London Meetup)
bridgetkromhout
 
Docker Application to Scientific Computing
Peter Bryzgalov
 
Mesos and Kubernetes ecosystem overview
Krishna-Kumar
 

Similar to Containers in a Kubernetes World (20)

PPSX
Containers Docker Kind Kubernetes Istio
Araf Karsh Hamid
 
PDF
20190613 - IBM Cloud Côte d'Azur meetup - "Cloud & Containers"
IBM France Lab
 
PPTX
Docker Kubernetes Istio
Araf Karsh Hamid
 
PPTX
Oscon 2017: Build your own container-based system with the Moby project
Patrick Chanezon
 
PPTX
Deploy at scale with CoreOS Kubernetes and Apache Stratos
Chris Haddad
 
PDF
Docker & kubernetes
NexThoughts Technologies
 
PDF
Kubernetes and Oracle - a guiding whitepaper
Michel Schildmeijer
 
PDF
給 RD 的 Kubernetes 初體驗 (EKS version)
William Yeh
 
PDF
Containers in depth – Understanding how containers work to better work with c...
All Things Open
 
PDF
6 Steps Functionality Hacks To Kubernetes - 2023 Update.pdf
Mars Devs
 
PPTX
Moby Open Source Summit North America 2017
Patrick Chanezon
 
PDF
MayaData Datastax webinar - Operating Cassandra on Kubernetes with the help ...
MayaData Inc
 
PDF
DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...
Docker, Inc.
 
PDF
[WSO2Con Asia 2018] Deploying Applications in K8S and Docker
WSO2
 
PDF
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
Priyanka Aash
 
PDF
Choosing PaaS: Cisco and Open Source Options: an overview
Cisco DevNet
 
PDF
Google Cloud Platform and Kubernetes
Kasper Nissen
 
PPTX
Containers in production with docker, coreos, kubernetes and apache stratos
WSO2
 
PPTX
Understanding the container landscape and it associated projects
Anthony Chow
 
PDF
K8sfor dev parisoss-summit-microsoft-5-decembre-short
Gabriel Bechara
 
Containers Docker Kind Kubernetes Istio
Araf Karsh Hamid
 
20190613 - IBM Cloud Côte d'Azur meetup - "Cloud & Containers"
IBM France Lab
 
Docker Kubernetes Istio
Araf Karsh Hamid
 
Oscon 2017: Build your own container-based system with the Moby project
Patrick Chanezon
 
Deploy at scale with CoreOS Kubernetes and Apache Stratos
Chris Haddad
 
Docker & kubernetes
NexThoughts Technologies
 
Kubernetes and Oracle - a guiding whitepaper
Michel Schildmeijer
 
給 RD 的 Kubernetes 初體驗 (EKS version)
William Yeh
 
Containers in depth – Understanding how containers work to better work with c...
All Things Open
 
6 Steps Functionality Hacks To Kubernetes - 2023 Update.pdf
Mars Devs
 
Moby Open Source Summit North America 2017
Patrick Chanezon
 
MayaData Datastax webinar - Operating Cassandra on Kubernetes with the help ...
MayaData Inc
 
DCEU 18: Use Cases and Practical Solutions for Docker Container Storage on Sw...
Docker, Inc.
 
[WSO2Con Asia 2018] Deploying Applications in K8S and Docker
WSO2
 
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
Priyanka Aash
 
Choosing PaaS: Cisco and Open Source Options: an overview
Cisco DevNet
 
Google Cloud Platform and Kubernetes
Kasper Nissen
 
Containers in production with docker, coreos, kubernetes and apache stratos
WSO2
 
Understanding the container landscape and it associated projects
Anthony Chow
 
K8sfor dev parisoss-summit-microsoft-5-decembre-short
Gabriel Bechara
 
Ad

More from plarsen67 (18)

PDF
FREDLUG - Open Broadcast Studio - OBS
plarsen67
 
PPTX
Bash and regular expressions
plarsen67
 
ODP
Grub and dracut ii
plarsen67
 
ODP
Introduction to linux
plarsen67
 
ODP
Open Source - NOVALUG January 2019
plarsen67
 
ODP
3d printing
plarsen67
 
ODP
The ABC of Linux (Linux for Beginners)
plarsen67
 
ODP
Kvm and libvirt
plarsen67
 
ODP
JBoss Enterprise Data Services (Data Virtualization)
plarsen67
 
ODP
Open shift 2.x and MongoDB
plarsen67
 
ODP
Fredlug networking
plarsen67
 
ODP
Disks and-filesystems
plarsen67
 
ODP
Introduction to linux
plarsen67
 
ODP
Disks and-filesystems
plarsen67
 
ODP
Intro fredlug
plarsen67
 
ODP
Lvm and gang 2015
plarsen67
 
ODP
Bash and regular expressions
plarsen67
 
ODP
Speed Up Development With OpenShift
plarsen67
 
FREDLUG - Open Broadcast Studio - OBS
plarsen67
 
Bash and regular expressions
plarsen67
 
Grub and dracut ii
plarsen67
 
Introduction to linux
plarsen67
 
Open Source - NOVALUG January 2019
plarsen67
 
3d printing
plarsen67
 
The ABC of Linux (Linux for Beginners)
plarsen67
 
Kvm and libvirt
plarsen67
 
JBoss Enterprise Data Services (Data Virtualization)
plarsen67
 
Open shift 2.x and MongoDB
plarsen67
 
Fredlug networking
plarsen67
 
Disks and-filesystems
plarsen67
 
Introduction to linux
plarsen67
 
Disks and-filesystems
plarsen67
 
Intro fredlug
plarsen67
 
Lvm and gang 2015
plarsen67
 
Bash and regular expressions
plarsen67
 
Speed Up Development With OpenShift
plarsen67
 
Ad

Recently uploaded (20)

PPTX
fundraisepro pitch deck elegant and modern
aishanmims
 
PPTX
2025-08-10 Joseph 02 (shared slides).pptx
Dale Wells
 
PPTX
ART-APP-REPORT-FINctrwxsg f fuy L-na.pptx
ajp27480
 
PPTX
The Effect of Human Resource Management Practice on Organizational Performanc...
wemasterconstruction
 
PPTX
Hydrogel Based delivery Cancer Treatment
sgsayan31
 
PPT
The Effect of Human Resource Management Practice on Organizational Performanc...
wemasterconstruction
 
PDF
natwest.pdf company description and business model
palakbakshi13
 
PDF
Nykaa-Strategy-Case-Fixing-Retention-UX-and-D2C-Engagement (1).pdf
VaibhavBansal926958
 
PPTX
nose tajweed for the arabic alphabets for the responsive
Hijabi1
 
PPT
First Aid Training Presentation Slides.ppt
WilliamMigoya
 
PPTX
Relationship Management Presentation In Banking.pptx
ssuser1d0512
 
PDF
oil_refinery_presentation_v1 sllfmfls.pdf
TusharPrajapati65
 
PPTX
Non-Verbal-Communication .mh.pdf_110245_compressed.pptx
ansarihussainh
 
PPTX
AcademyNaturalLanguageProcessing-EN-ILT-M02-Introduction.pptx
nguyenhung549091
 
PPTX
Impressionism_PostImpressionism_Presentation.pptx
PrincessJazminAligan
 
PDF
Instagram's Product Secrets Unveiled with this PPT
mainikunal09
 
PPTX
Role and Responsibilities of Bangladesh Coast Guard Base, Mongla Challenges
Tasnim Alam Safin
 
DOCX
ENGLISH PROJECT FOR BINOD BIHARI MAHTO KOYLANCHAL UNIVERSITY
NewGautamInternateHu
 
PPTX
Effective_Handling_Information_Presentation.pptx
HarisKaimKhani
 
PPTX
lesson6-211001025531lesson plan ppt.pptx
ajp27480
 
fundraisepro pitch deck elegant and modern
aishanmims
 
2025-08-10 Joseph 02 (shared slides).pptx
Dale Wells
 
ART-APP-REPORT-FINctrwxsg f fuy L-na.pptx
ajp27480
 
The Effect of Human Resource Management Practice on Organizational Performanc...
wemasterconstruction
 
Hydrogel Based delivery Cancer Treatment
sgsayan31
 
The Effect of Human Resource Management Practice on Organizational Performanc...
wemasterconstruction
 
natwest.pdf company description and business model
palakbakshi13
 
Nykaa-Strategy-Case-Fixing-Retention-UX-and-D2C-Engagement (1).pdf
VaibhavBansal926958
 
nose tajweed for the arabic alphabets for the responsive
Hijabi1
 
First Aid Training Presentation Slides.ppt
WilliamMigoya
 
Relationship Management Presentation In Banking.pptx
ssuser1d0512
 
oil_refinery_presentation_v1 sllfmfls.pdf
TusharPrajapati65
 
Non-Verbal-Communication .mh.pdf_110245_compressed.pptx
ansarihussainh
 
AcademyNaturalLanguageProcessing-EN-ILT-M02-Introduction.pptx
nguyenhung549091
 
Impressionism_PostImpressionism_Presentation.pptx
PrincessJazminAligan
 
Instagram's Product Secrets Unveiled with this PPT
mainikunal09
 
Role and Responsibilities of Bangladesh Coast Guard Base, Mongla Challenges
Tasnim Alam Safin
 
ENGLISH PROJECT FOR BINOD BIHARI MAHTO KOYLANCHAL UNIVERSITY
NewGautamInternateHu
 
Effective_Handling_Information_Presentation.pptx
HarisKaimKhani
 
lesson6-211001025531lesson plan ppt.pptx
ajp27480
 

Containers in a Kubernetes World

  • 1. Containers in a Kubernetes World Containers and Kubernetes (K8S) – INTLUG April 2023 By Peter Larsen
  • 2. Containers and K8S 3 April 2023 Why we are here - AGENDA  Talk about containers  Talk about container runtime engines – particular Kubernetes  We'll be using OpenShift's “Single Node OpenShift”/SNO or Code Ready Containers or OpenShift Local  You can run SNO on your computer – 16GB of RAM and 30+ GB of HDD and libvirt/kvm is required.  Was going to talk about https://microshift.io/ - however .....
  • 3. Containers and K8S 4 April 2023 Word to the wise ..... (that's you!)  OpenShift is Kubernetes + a lot more. It runs Kubernetes everywhere – local workstation, datacenter, cloud, edge (like cars)  Play along or try at home: https://developers.redhat.com/products/openshift/download  https://console.redhat.com/openshift/create/local - download small executable (crc) and pull secret  Upstream: https://www.okd.io/guides/sno/ This is not as easy – but doable!  Kubernetes is a VERY complex platform – we will not cover it all, just dip our toes in it.
  • 4. April 2023 Questions are absolutely welcome – even during the talk
  • 5. April 2023 Who has NOT used containers before?
  • 6. Containers and K8S 7 April 2023 7 LXC Initial release Aug ‘08 OpenShift online May ‘11 Docker initial Mar ‘13 OpenShift Enterprise 3.0 Jun ‘15 OCI CNCF Initial release, Buildah Jun ‘17 Moby Apr ‘17 Sep ‘17 Kubernetes Mid ‘14 Buildah 1.0 Podman New logo May ‘18 buildah.io podman.io Sep ‘18 Buildah Skopeo Podman RHEL May ‘19 Nov ‘15 Mar ‘16 A lot has happened in just over a decade
  • 7. Containers and K8S 8 April 2023 Containers: Podman – no Docker  For demonstrations Podman is used  Podman is a daemon less container CLI  Podman's “api” commands are docker commands alias docker=podman  Podman can use the exact same container features of Linux like runc (OCI) and crun (written in C not GO)  Rootless containers are safer. With the docker daemon anyone with access to run containers can become root on the host  podman is available on most major distributions  Is default on Fedora, RHEL and CentOS installs
  • 8. Containers and K8S 9 April 2023 Why containerization?  Containers are everywhere in IT today  Provides lots of advantages over virtualization  Better security  Easier to maintain  Better “DevSecOps”  Easy to distribute/install
  • 9. April 2023 Typical container structure A quick primer .... Get the coloring book! https://red.ht/3gfVlHF
  • 10. Containers and K8S 11 April 2023 WHAT ARE CONTAINERS? It Depends Who You Ask ● Application processes on a shared kernel ● Simpler, lighter, and denser than VMs ● Portable across different environments ● Package apps with all dependencies ● Deploy to any environment in seconds ● Easily accessed and shared INFRASTRUCTURE APPLICATIONS
  • 11. Containers and K8S 12 April 2023 VIRTUAL MACHINES AND CONTAINERS VIRTUAL MACHINES CONTAINERS VM isolates the hardware Container isolates the process VM OS Dependencies Kernel Hypervisor Hardware App App App App Container Host (Kernel) Container App OS deps Container App OS deps Container App OS deps Container App OS deps Hypervisor Hardware
  • 12. Containers and K8S 13 April 2023 Virtual Machine Application OS dependencies Operating System VIRTUAL MACHINES AND CONTAINERS VM Isolation Complete OS Static Compute Static Memory High Resource Usage Container Isolation Shared Kernel Burstable Compute Burstable Memory Low Resource Usage Container Host Container Application OS dependencies
  • 13. Containers and K8S 14 April 2023 VIRTUAL MACHINES AND CONTAINERS Container Host Container Application OS dependencies Dev IT Ops Infrastructure Virtual Machine Application OS dependencies Operating System IT Ops (and Dev, sort of) Infrastructure Clear ownership boundary between Dev and IT Ops drives DevOps adoption and fosters agility Optimized for stability Optimized for agility
  • 14. Containers and K8S 15 April 2023 Virtual machines are NOT portable across hypervisors and do NOT provide portable packaging for applications APPLICATION PORTABILITY WITH VM VM Type X Application OS dependencies Operating System BARE METAL PRIVATE CLOUD PUBLIC CLOUD VIRTUALIZATION LAPTOP Application OS dependencies Operating System VM Type Y Application OS dependencies Operating System VM Type Z Application OS dependencies Operating System Guest VM Application OS dependencies Operating System
  • 15. Containers and K8S 16 April 2023 APPLICATION PORTABILITY WITH CONTAINERS LAPTOP Container Application OS dependencies Guest VM RHEL BARE METAL Container Application OS dependencies RHEL VIRTUALIZATION Container Application OS dependencies Virtual Machine RHEL PRIVATE CLOUD Container Application OS dependencies Virtual Machine RHEL PUBLIC CLOUD Container Application OS dependencies Virtual Machine RHEL Linux* Containers + Linux Host = Guaranteed Portability Across Any Infrastructure * Distribution Matters
  • 16. Containers and K8S 17 April 2023 Base Image Image Layer 1 Image Layer 2 Image Layer 3 Base RHEL OS Update Layer Java Runtime Layer Application Layer Container Image Layers Example Container Image RAPID SECURITY PATCHING USING CONTAINER IMAGE LAYERING
  • 17. Containers and K8S 18 April 2023 DIGITAL WORKLOADS ARE MOVING TO CONTAINERS LIFT & SHIFT Better manage scalability and fast-moving application development cycles Meet user demand, give them the ability to perform common tasks Migrate existing applications into more efficient container environments MOBILE MICROSERVICES Move faster & find time for innovation, aligned to business needs ANALYTICS
  • 19. Containers and K8S 20 April 2023 A container is the smallest compute unit CONTAINER
  • 20. Containers and K8S 21 April 2023 containers are created from container images CONTAINER CONTAINER IMAGE BINARY RUNTIME
  • 21. Containers and K8S 22 April 2023 IMAGE REGISTRY container images are stored in an image registry CONTAINER CONTAINER IMAGE CONTAINER IMAGE CONTAINER IMAGE CONTAINER IMAGE CONTAINER IMAGE CONTAINER IMAGE
  • 22. Containers and K8S 23 April 2023 an image repository contains all versions of an image in the image registry IMAGE REGISTRY frontend:latest frontend:2.0 frontend:1.1 frontend:1.0 CONTAINER IMAGE mongo:latest mongo:3.7 mongo:3.6 mongo:3.4 CONTAINER IMAGE myregistry/frontend myregistry/mongo
  • 23. April 2023 Taking a practical look at containers Demo time
  • 24. April 2023 That was kinda cool! https://xkcd.com/1988
  • 25. April 2023 Why more than pure containers?
  • 26. Containers and K8S 27 April 2023 They're GREAT, but ....  On a single host all is local, all is simple A single host is a single point of failure A single host running hundreds or thousands of workload doesn't work  Keeping container communication private between hosts is “complex”  Allowing fail-over of containers between hosts is “complex”  Storage configuration must transfer between host (no local disk)
  • 27. Containers and K8S 28 April 2023 Challenges  Cross node consistency  Security integration  Configuration management  Access  Patching/maintenance
  • 28. Containers and K8S 29 April 2023 Container platform solution  Multi cloud / environment; hybrid  Multi-node deployment with failover handling  Auto-scale vertical and horizontal  State machine Describe what you want – not where, how  Configuration Management - pluggable  Storage Management – pluggable  Network Management - pluggable
  • 29. Containers and K8S 30 April 2023 Kubernetes – an introduction  Containers are ‘pods’ - a pod is the atomic unit that is run A pod can contain more than one container, but it’s not typical  Compute nodes run pods  Master nodes manages the compute node cluster using a state store  Schedule policy  API entry point  API defined network, storage, authentication
  • 30. Containers and K8S 31 April 2023 POD POD containers are wrapped in pods which are units of deployment and management CONTAINER CONTAINER CONTAINER IP: 10.1.0.11 IP: 10.1.0.55
  • 31. Containers and K8S 32 April 2023 pods configuration is defined in a deployment image name replicas labels cpu memory storage POD CONTAINER POD CONTAINER POD CONTAINER DEPLOYMENT
  • 32. Containers and K8S 33 April 2023 services provide internal load-balancing and service discovery across pods POD CONTAINER POD CONTAINER POD CONTAINER BACKEND SERVICE POD CONTAINER role: backend role: backend role: backend role: backend role: frontend 10.110.1.11 10.120.2.22 10.130.3.33 10.140.4.44 172.30.170.110
  • 33. Containers and K8S 34 April 2023 apps can talk to each other via services Invoke Backend API POD CONTAINER POD CONTAINER POD CONTAINER BACKEND SERVICE POD CONTAINER role: backend role: backend role: backend role: backend role: frontend 10.110.1.11 10.120.2.22 10.130.3.33 10.140.4.44 172.30.170.110
  • 34. Containers and K8S 35 April 2023 POD routes add services to the external load-balancer and provide readable urls for the app CONTAINER POD CONTAINER POD CONTAINER BACKEND SERVICE ROUTE app-prod.mycompany.com > curl http://app-prod.mycompany.com “route” was a Red Hat extension to K8S before K8S added “ingress” upstream. Same principle – slightly different implementation.
  • 35. Containers and K8S 36 April 2023 projects isolate apps across environments, teams, groups and departments POD C POD C POD C PAYMENT DEV POD C POD C POD C PAYMENT PROD POD C POD C POD C CATALOG POD C POD C POD C INVENTORY ❌ ❌ ❌
  • 36. Containers and K8S 38 April 2023 High level architecture - K8S/OpenShift
  • 37. Containers and K8S 41 April 2023 Typical System Deployment ENTERPRISE LOAD-BALANCER Application Traffic Dev and Ops User NODE CNTRL CNTRL INFRA CNTRL INFRA NODE NODE NODE NODE NODE INFRA NODE
  • 38. Containers and K8S 42 April 2023 ● Pluggable routing architecture ○ HAProxy Router ○ F5 Router ○ Cloud based LB ○ Metal LB (VIP) ● Multiple-routers with traffic sharding ● Router supported protocols ○ HTTP/HTTPS ○ WebSockets ○ TLS with SNI ● Non-standard ports via cloud load-balancers, external IP, and NodePort ROUTING AND EXTERNAL LOAD-BALANCING
  • 39. Containers and K8S 43 April 2023 K8S Persistent Storage System (CSI) “A request for storage” Provider: ABC Capacity: 10 GiB Features: XYZ PersistentVolumeClaim “A provider of storage” Provider URL: … Credentials: … Options: ... StorageClass “Provisioned Storage” Name: … Size: … AccessMode: ... PersistentVolume APPLICATION POD(S) “sets up” “submits” “submitted to” “creates” Storage Backend “instructs” “provisions” “mounted by”
  • 40. Containers and K8S 44 April 2023 44 ● Built-in internal DNS to reach services by name ● Split DNS is supported via SkyDNS ● Master answers DNS queries for internal services ● Other name servers serve the rest of the queries ● Software Defined Networking (SDN) for a unified cluster network to enable pod-to-pod communication ● OpenShift follows the Kubernetes Container Networking Interface (CNI) plug-in model OPENSHIFT NETWORKING
  • 41. Containers and K8S 45 April 2023 OPENSHIFT NETWORK PLUGINS OpenShift SDN (OVS) OPENSHIFT KUBERNETES CNI Flannel** Nuage Tigera Calico & CNX Juniper Contrail Cisco Contiv & Contiv-ACI Big Switch Fully Supported Validated VMware NSX-T In-Progress DEFAULT kuryr- kubernetes OpenShift SDN (OVN*) * Default in OCP 4.1 ** Flannel is minimally verified and is supported only and exactly as deployed in the OpenShift on OpenStack reference architecture Open Daylight (CNI & Kuryr) RH-OSP Neutron Plugin
  • 42. Containers and K8S 46 April 2023 Container++  Knative (Cloud Native)  Serverless / ServiceMesh  CodeReady (IDE in a browser)  AI/ML  HPC …. ?
  • 43. Containers and K8S 47 April 2023 CONFIDENTIAL - FOR INTERNAL USE ONLY
  • 44. April 2023 Let's look at containers on K8S / OpenShift Local Demo time
  • 45. Containers and K8S 49 April 2023 Kubernetes is ...  A runtime platform for containers  A platform – just like Linux – providing fundamental services to run/manage containers  A state machine  An API  Controls Networking Storage Deployments Scheduling And a wide range of custom things
  • 46. Containers and K8S 50 April 2023 Commands we looked at  podman pull, run, inspect, images  oc / kubectl (for our talk they are the same)  curl
  • 47. Containers and K8S 51 April 2023 Getting involved  Get involved https://www.okd.io/ https://kubernetes.io/  Try it out!! https://cloud.redhat.com  Play in the cloud (for free!) http://learn.openshift.com/
  • 48. Containers and K8S 52 April 2023 Get Involved - Podman In Action  Written by Mr. Container and Mr. Security himself Daniel Walsh  Talks about how container engines work what goes on behind the scenes options and why you may choose one cool features/options you don't know https://www.manning.com/books/podman-in-action
  • 49. Containers and K8S 53 April 2023 Thank you!  The (IT) future is containerized  Unix/Linux has done process isolation for a very long time  Delivering software is sending a container – not 150 packages  Frameworks make microservice and meshes easier to manage  Built in monitoring gives deep insight  Self healing  Self optimization  Secure by default ….  Need more reasons???