Red Hat Atomic Details Dockah, Dockah,...
Transcript of Red Hat Atomic Details Dockah, Dockah,...
![Page 1: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/1.jpg)
Red Hat Atomic DetailsDockah, Dockah, Dockah!Containerization as a shift of paradigm for the GNU/Linux OS
Daniel RiekSr. Director Systems Design & Engineering
![Page 2: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/2.jpg)
In the beginning there was Stow...
… and /usr/local, and tar, and binaries mounted from the network, ...● Works well for a Unix host.● Too fragile due to dependencies on each host's environment.● Not efficient for managing artifacts.● Doesn't scale in distributed environments (aka PCs).
![Page 3: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/3.jpg)
Then, There Be RPM...
… and dpkg, and...● Frozen binary distribution, reproducable builds.● Metadata, signatures.● Transport format for a curated content stream from a trusted source.● Management of installed artifacts, updates.● Implicit move to a single instance, single version model.● Implements a late-binding model for deploying software in Ops based
on an ABI contract.● Layers move across dev/test/ops independently.
![Page 4: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/4.jpg)
Traditional application deployment
● Single userspace runtime shared between applications.
● Environment and life cycle defined by host OS.
● OS generations define software lifecycle.● Trend to isolate apps on hardware level.● Managed by IT, very limited delegation.● Stable, long maintenance, few updates,
hardware-centric.
TRADITIONAL
OS & SHARED SERVICES
HARDWARE
BINS/LIBS
APP A APP B APP C
![Page 5: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/5.jpg)
Traditional application deployment
● Very limited flexibility, resources underutilized● Component-level life cycle management
fragile in large environments.● Stacks too complex to map into a common
single instance, single version namespace.● Side-effects of shared dependencies can not
be managed at scale, induce unwanted change.
● Full distribution model with monolithic generations of content create artificial tie of userspace stacks to low level components and hardware.
TRADITIONAL
OS & SHARED SERVICES
HARDWARE
BINS/LIBS
APP A APP B APP C
![Page 6: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/6.jpg)
Userspace Stacks Too Complex
http://www.modulecounts.com/
![Page 7: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/7.jpg)
Application Deployment via Virt & IaaS
● Application isolation per VM.● Guest environment and lifecycle defined
by application.● Application and runtime abstracted from
hardware.● Higher flexibility at cost of increased
redundancy and overhead.● Complex multi-level management of host
and VM layers● Delegation along the Host / VM
boundary.
INFRASTRUCTURE AS A SERVICE (IAAS)
HOST OS
SERVER
HYPERVISOR
GUESTOS
APP A
BINS/LIBS
GUESTOS
APP A
BINS/LIBS
GUESTOS
APP B
BINS/LIBS
![Page 8: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/8.jpg)
Application Deployment via Virt & IaaS
● Too much overhead per application.● Management too complex.● Delegation model inefficient.● Life cycle management in practice still
too fragile.● Power shifting from Ops to application
owner.
– Everything business is software now, so the business spends the money, not IT.
INFRASTRUCTURE AS A SERVICE (IAAS)
HOST OS
SERVER
HYPERVISOR
GUESTOS
APP A
BINS/LIBS
GUESTOS
APP A
BINS/LIBS
GUESTOS
APP B
BINS/LIBS
![Page 9: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/9.jpg)
App Delivery Using Docker Containers
● Separation of system runtime and application-centric userspace runtimes
● Application consist of orchestrated services.
● Services packaged with individual runtime stack in containers.
● Maximal flexibility, minimal overhead.● Delegation along container boundaries.
HOST OS, SHARED SERVICES
HARDWARE, VIRT, CLOUD
SR
VC
A
BINS/LIBS
SR
VC
B
BINS/LIBS
SR
VC
A
BINS/LIBS
SR
VC
C
BINS/LIBS
SR
VC
D
BINS/LIBS
APPLICATION-CENTRIC IT & PaaS
APP A APP B
![Page 10: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/10.jpg)
App Delivery Using Docker Containers
● Multi-instance, multi-version, multi-tenant.
– Multi-tenant in the enterprise required to support multiple lines of business.
● Everything is a cluster, everything is scale-out, everything is high-available.
● Integration with IaaS.
APPLICATION-CENTRIC IT & PaaS
APP A
APP B
![Page 11: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/11.jpg)
Docker as Aggregate Packaging
● Frozen binary distribution, reproducable builds.● Metadata, signatures (soon).● Transport format for a curated content stream from a trusted source.● Management of installed artefacts, updates.● Move to a multi-instance, multi-version, multi-tenant model.● Implements an early-binding model for deploying applications
packaged by a developer.● Whole stack artefacts move across dev/test/ops unmodified.
![Page 12: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/12.jpg)
A Shift In the Personas
● The traditional Linux Distribution provides a curated content stream to ops.
● Ops aggregate the content from the distro, 3rd party ISVs and developers based on the ABI contract.
VS
![Page 13: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/13.jpg)
A Shift In the Personas
● The container-driven model makes the developer the primary consumer above the core system runtime.
VS
![Page 14: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/14.jpg)
The Atomic Architecture and The Atomic Architecture and Red Hat's Container StrategyRed Hat's Container Strategy
![Page 15: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/15.jpg)
![Page 16: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/16.jpg)
![Page 17: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/17.jpg)
![Page 18: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/18.jpg)
Open Standards
REGISTRY / CONTAINER DISCOVERY
● Easily find and consume trusted container images
● Federate consumption libraries
● Promote consistency and reuse
CONTAINER FORMAT WITH DOCKER
● Interface for communications, configuration, data persistence, provisioning
● Content agnostic
● Infrastructureagnostic
ISOLATION WITH LINUX CONTAINERS
● Isolating applications on host operating system
● Security
● Portability across host systems
ORCHESTRATION WITH
KUBERNETES
● Orchestrate containers at scale
● Define app topologies
● Handle container networking
● Manage container state
● Schedule across hosts
Red Hat works with the open source community to drive standards for containerization.
PAAS & DEVOPSWITH
OPENSHIFT
● End-to-end application lifecycle workflow on a PaaS leveraging the Red Hat ecosystem.
![Page 19: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/19.jpg)
Project Atomic
● The Atomic Architecture describes the end-to-end design of an containerized OS.
● Project Atomic is an umbrella project to drive the Red Hat vision of the next generation Operating System:Transition from a monolithic UNIX OS model to a modularized, multi-Instance, multi-version, multi-tennant, application/service-centric environment.
● Not RH-specific, but driven by Red Hat into RH family of Linux OSs.
![Page 20: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/20.jpg)
Kubernetes: Multi-Container App Definition
● Docker packages individual services into containers.
– Multi-service containers possible but not ideal.
● Applications typically consist of multiple services.
● Kubernetes provides the generic definition and orchestration layer for containerized applications.HOST OS, SHARED SERVICES
HARDWARE, VIRT, CLOUD
SR
VC
A
BINS/LIBS
SR
VC
C
BINS/LIBS
SR
VC
D
BINS/LIBS
APP B
![Page 21: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/21.jpg)
Containerization vs. Virtualization
● Generally complementary concepts● Virtualization: vertical abstraction● Containerization: horizontal segmentation● Containers used to replace virtualization where
container paradigms more applicable:– Application isolation
– Lightweight delegation
– “Application Virtualization”
– Density
● Containers on top of Virt/Cloud common.
![Page 22: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/22.jpg)
Red Hat Registry
RH Index / Registry
API
RHEL 7
∙A Red Hat image registry to deliver Red Hat content.
∙Everything can be used with RHEL or Atomic.
![Page 23: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/23.jpg)
Container Development Kit
Vagrant
Linux Win Mac
RHEL / RHEL Atomic
CDK
RHEL Base
Platform Layer
Custom Layer
Build Certify Publish Consume
∙A Container Development Kit (CDK) to build RHEL-based containers.
∙Based on vagrant with official Red Hat-provided vagrant images.
∙Supported on Linux, Windows, Mac
![Page 24: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/24.jpg)
Building a Docker Image – EAP Example
JBoss EAP
RHEL7 Base
OpenJDK
RHEL User Space
JBoss
3rd Party COntent
SCLsRed HatCDN
Custom Content
3rd Party
Customer
Component Repositories
Docker / OSBS / STI build
App
DockerFile
docker pull
Build tool chain encapsulated in Vagrant environment – will set up RHEL environment.
Developer pulls EAP image from Red Hat
Complete layer stack is automatically retrieved.
Layers are statically linked.Developer builds new layered imageBuild controlled by DockerfileContent pulled in from RHEL, JBoss, 3rd Party, custom content repositories.
Dockerfile and source based (STI – Source To Image) builds provided by OpenShift
Docker Image Repositories
App Template
![Page 25: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/25.jpg)
Building a Docker Image – EAP Example
JBoss EAP
RHEL7 Base
OpenJDK
RHEL User Space
JBoss
Npm,PyPI, Gem, CPAN,
JAR and WAR and EAR, and so on
SCLsRed HatCDN
3rd Party
Customer
Component Repositories
App
DockerFile
docker pull
Container content built directly from native components, externally produced binary artifacts, source.
Docker Image Repositories
App Template
Docker / OSBS / STI build
![Page 26: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/26.jpg)
26
RED HAT ATOMIC ENTERPRISE PLATFORM AND OPENSHIFT 3
![Page 27: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/27.jpg)
CONTAINER-BASED APPLICATION DELIVERY SOLUTIONS
![Page 28: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/28.jpg)
CONTAINER-BASED APPLICATION DELIVERY SOLUTIONS
![Page 29: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/29.jpg)
CONTAINER-BASED APPLICATION DELIVERY SOLUTIONS
![Page 30: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/30.jpg)
CONTAINER-BASED APPLICATION DELIVERY SOLUTIONS
![Page 31: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/31.jpg)
OpenStack Integration
![Page 32: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/32.jpg)
Atomic App - Full Application Portability
● Docker is great for individual component-containers. - Most applications are more than one container.
● Kubernetes adds multi-container application orchestration. - Kubernetes configs have to be copied manually.
● Atomic App defines packaging and transport multi-container applications.
● New upstream project to define spec and reference implementation.
● Included in Red Hat CDK work.https://github.com/projectatomic/atomicapp
![Page 33: Red Hat Atomic Details Dockah, Dockah, Dockah!people.redhat.com/riek/Presentations/Atomic_Details-20150812-Floc… · PAAS & DEVOPS WITH OPENSHIFT End-to-end application lifecycle](https://reader033.fdocuments.in/reader033/viewer/2022052719/5f0770767e708231d41cfd2d/html5/thumbnails/33.jpg)
Conclusion
● Containers are the future of application packaging.● DevOps is an opportunity, change induced by containerization goes
far beyond it, changing the fundamentals of software distribution.● We have to rethink existing concepts of the GNU/Linux distribution.● Red Hat is embracing the shift of paradigm towards containerization.● A lot of input available from RH Summit Presentations:
– https://www.redhat.com/summit/2015/presentations/