Notice: Our URL has changed! Please update your bookmarks. Dismiss

Building Blocks of OpenShift

A guide to the pieces that make up Kubernetes and OpenShift

Concepts & Terminology

  • Containers

    • A container is an operating system level construct that allows for the running of isolated software systems within a single OS

  • Images

    • An image is a portable package containing all content, binaries, and configuration data that define a container instance

  • Pods

    • A pod is a wrapper around one or more containers which adds a networking & configuration layer for managing containers across hosts

  • Replication

    • Replication is the act of instantiating multiple copies of a pod definition in order to provide multiple instances of a runtime environment

    • Managed by a replication controler

    • Accomplished by re-instantiating a container image

  • Services

    • A service is a set of replicated pods.

  • Routes

    • A route is a load balancing mechanism used to expose services externally

  • Projects

    • A project is an isolation mechanism used to provide users ability to create resources while keeping them separate and secure from other OpenShift users

    • Wraps around Kubernetes namespace

  • Labels and Selectors

    • A label is a key-pair value tag that can be applied to most resources in OpenShift to give extra meaning or context to that resource for later filtering for selecting.

    • A selector is a parameter used by many resources in OpenShift to associate a resource with another resource by specifying a label.

    • Labels and Selectors can be used to:

      • Assign certain projects, services, pods to run on a certain set of nodes

      • Create regions, zones and other network topology constructs

      • Assign pods to services

      • Assign a router to a certain set of projects (perhaps internal/external apps)

      • Much more…​

  • Builds and Deployments

    • A build in OpenShift is the process by which application content, code, or packages are build into a container image (we call this an application image)

    • A deployment in OpenShift is the process of instantiating an application image to create running containers/pods running the application

Implementation: Components of OpenShift

  • Master

    • Components:

      • API/authentication

      • Scheduler

      • Management/replication

      • Data store (etcd)

      • Web console

    • Responsible for:

      • Manage authentication and authorization

      • Manage the state of the cluster

  • Nodes

    • Hosting workloads

    • Achieved through:

      • Pods

      • Containers

      • Kubeproxy

      • Kubelet

      • iptables

  • OpenShift Image Registry

    • Containerized docker registry + namespace isolation & security context constraints built in

    • Pretty much required for OSE

  • OpenShift SDN

    • Internal private network (IPs not visible outside OpenShift)

    • Currently OpenVSwitch implementation

      • UDP-based physical

      • Extra header added to packet

    • Used for pod to pod communication

    • Multi-tenant (project based VXLAN network isolation)

  • Service Layer

    • Provides internal communication between application components in OpenShift

    • Service

      • A service is a set of replicated pods.

      • Generally used to define a consumable application function (e.g. a database or microservice)

      • Pods are grouped into a service

      • A service has a dedicated IP address

    • Service Layer Example:

      Service Layer
  • Routing Layer

    • Provides external access to OpenShift Services

    • Routers

      • A router is a special service within OpenShift that Load Balances to external traffic to internal services

      • Listens on port 80/443 on the node host

      • HAProxy based

      • Supports scale up for HA

      • Can have multiple routers for "regional" routing

    • Routes

      • A route is the mapping of an individual service to an external address (hostname)

      • Requires a hostname and a service name at minimum

      • Optional support for TLS termincation, including unique certificates

    • Routing Layer Example:

      Routing Layer