Note that the process still runs as a foreground process within the container.
Containers on the same host can be linked together
Links between containers are not accessible outside the host
Links are shared via ENV and /etc/hosts
Docker: Pros and Cons
Extreme application portability
Very easy to create and work with derivative images
Fast boot on containers
Host-centric solution; not aware of anything else
No higher-level provisioning
No Developer Workflow
How we use Kubernetes
Kubernetes Node A Docker host running the kubelet and the proxy service.
One or more inter-related (linked) Docker containers.
A collection of one or more Minions.
Node Daemon: kubernetes-kubelet
Primary responsilibity: pod metadata and management
Maintain a record of pod state
Take instructions from the cluster master
Kubernetes Daemon: kubernetes-proxy
Mapping of a minion host port to a pod label is called a service
The proxy service maps a common port on every node to relevant pods across the entire cluster
It can forward both HTTP and UDP
Kubernetes Cluster Management - the control pane
RESTful web API for Kubernetes, running on nginx
One job: choose minions for pods
Monitoring service for deployed pods
(A newer iteration of this is now called kubectl ) CLI for working with a Kubernetes cluster
Highly available key/value data store
Built-in clustering support
RAFT consensus-based algorithm for updates
controller-manager and Replication Controllers
You tell it what you need, it decides which minions to deploy on
Constant monitoring; starts and stops pods as necessary to match the count
Decoupled from service proxying
The Kubernetes API
A REST api to interact with Kubernetes
Minions (docker hosts)
Pods (docker container configurations)
Services (port proxy mappings)
Replication Controllers (replicated, monitored pod deployments)
What does OpenShift Bring to the Party
A Built-in Software Defined Network
A Well Defined Workflow from Code to Deployed Application
A Much Friendlier Interface with Monitoring and Reporting
Handles IP routing at the application level in terms of isolation and discoverability
Provides Load Balancing - HAProxy in it's own pod
Applications in OpenShift 3
config, n. A collection of Kubernetes and OpenShift 3 objects that describes any combination of pods, services, replicationControllers, environment variables and OpenShift 3 objects that we'll discuss in a few slides.
template, n. A parameterized version of a config for generalized re-use.
docker-builder - pulls docker images and merges code
Source-to-Image (STI) - take a docker image and source and run it through a build
BuildConfig - A url for code + a build type above + auth code for using webhooks
Integrating with CI and CD through "triggers"
Make a platform that is aware of changes:
In source code
On a CI system
In an image repository
...so that the entire product lifecycle is repeatable, fault-tolerant and automated.
What we make easier
Collections of Kubernetes and OpenShift 3 objects
Where is the code coming from?
How do we turn it into a Docker image?
When do we deploy?
How do we deploy?
What should the deployment look like?
Teams and Management
Users, Teams and Projects
A project controls access to a set of resources
Projects have hard and soft resource limits
Projects are based on organizational boundaries
Quota and Usage
Leverage Kubernetes to get fine-grained resource control
Performance policies can be specified along many dimensions