Getting Started with

Containers, Kubernetes
and Red Hat OpenShift Insert Screenshot of Title Slide

Technical Training for

Academic Institutions

For more information, contact Carahsoft or our reseller partners:

redhat@carahsoft.com | 877-RHAT-GOV
 Kubernetes 101
An introduction to containers,
Kubernetes, and OpenShift

John Walter, Solutions Architect

1
 AGENDA

● Why containers?
● What is Kubernetes?
● What is OpenShift?
● BREAK
● Why Kubernetes?
● What is Kubernetes? Part 2
● BREAK
● Guided demonstrations (with BREAKS)
● Red Hat OpenShift Training
● Q&A

2
 Why containers?

3
 NEW PATTERNS FOR DEVELOPMENT

CI/CD
Waterfall

Web APIs Speed

services

Agility

Container
Data
Micro-
Center
services Control
Monolith

Server Hybrid
/VM Cloud
OUTCOMES
 AGILE INTEGRATION
Modern architectures and app development
Traditional integration incompatible with
requires more agile integration
Cloud development

IoT
ESB

Centralize ⧫ Leverage ⧫ Simplify

Distributed Integration ⧫ Scalability ⧫ Reusability
Internal teams ⧫ Maximize use of resources
Agile Teams ⧫ Distributed App Dev

USE INTEGRATION WHERE NEEDED, RATHER THAN CENTRALIZING

 WHAT ARE CONTAINERS?
It Depends Who You Ask

INFRASTRUCTURE APPLICATIONS

● Application processes on a shared kernel ● Package apps with all dependencies

● Simpler, lighter, and denser than VMs ● Deploy to any environment in seconds
● Portable across different environments ● Easily accessed and shared
VIRTUAL MACHINES AND CONTAINERS

VIRTUAL MACHINES CONTAINERS

VM Container Container Container Container

App App App App

App App App App

OS Dependencies OS deps OS deps OS deps OS deps

Kernel Container Host (Kernel)

Hypervisor Hypervisor

Hardware Hardware

VM isolates the hardware Container isolates the process

VIRTUAL MACHINES AND CONTAINERS
Virtual Machine Container

Application Application

OS dependencies OS dependencies

Operating System
Container Host

VM Isolation Container Isolation

Complete OS Shared Kernel
Static Compute Burstable Compute
Static Memory Burstable Memory
High Resource Usage Low Resource Usage
 VIRTUAL MACHINES AND CONTAINERS

Virtual Machine Container

Application Application
Clear ownership boundary Dev
IT Ops OS dependencies between Dev and IT Ops OS dependencies
(and Dev, sort of)
drives DevOps adoption
Operating System and fosters agility Container Host
IT Ops
Infrastructure Infrastructure

Optimized for stability

Optimized for agility
 APPLICATION PORTABILITY WITH VM

Virtual machines are NOT portable across hypervisor and

do NOT provide portable packaging for applications

Guest VM VM Type X VM Type Y VM Type Z

Application Application Application Application

Application
OS dependencies OS dependencies OS dependencies OS dependencies
OS dependencies

Operating System Operating System Operating System Operating System

Operating System

LAPTOP BARE METAL VIRTUALIZATION PRIVATE CLOUD PUBLIC CLOUD

APPLICATION PORTABILITY WITH CONTAINERS

RHEL Containers + RHEL Host = Guaranteed Portability

Across Any Infrastructure

Container Container Container Container Container

Application Application Application Application Application

OS dependencies OS dependencies OS dependencies OS dependencies OS dependencies

RHEL RHEL RHEL RHEL

RHEL
Guest VM Virtual Machine Virtual Machine Virtual Machine

LAPTOP BARE METAL VIRTUALIZATION PRIVATE CLOUD PUBLIC CLOUD

 LINUX AND CONTAINER INFRASTRUCTURE
CONTAINER CONTAINER CONTAINER

APP APP APP CONTAINERS ARE LINUX

LINUX O/S LINUX O/S LINUX O/S
DEPENDENCY DEPENDENCY DEPENDENCY
Red Hat
LINUX CONTAINER HOST (KERNEL)
Enterprise Linux
is a leader in paid
70%
CY2016 paid
Linux Linux share

Linux OS host Linux is in

1 spans every every single 2
container container
 CONTAINERS IN A NUTSHELL
● Application portability across hybrid cloud environments

● Allow developers to focus on their application vs. underlying infrastructure

● Deployed for shorter periods of time than VMs

● Removing complexity through minimalism

● Presents new challenges for Operations teams

13
 What is Kubernetes?

14
 HOW DO I MANAGE THESE CONTAINERS?
● How do I manage configuration, service
discovery, and resource scaling?

● Where do I configure my cluster?

● How do I update my applications?

● How do I update the underlying cluster?

● How can I simplify my complex applications?

15
 KUBERNETES IN A NUTSHELL
● Application portability across hybrid cloud environments

● Allow developers to focus on their application vs. underlying infrastructure

● Deployed for shorter periods of time than VMs

● Removing complexity through minimalism

● Presents new challenges for Operations teams

16
 KUBERNETES AS CONTAINER ORCHESTRATION

● Schedulers and scheduling

● Service discovery and load balancing

● Resource management

17
 THE BENEFITS OF KUBERNETES

● Scalability

● Portability

● Consistent deployments

● Separated and automated operations

and development

18
 BASIC KUBERNETES ARCHITECTURE

19
 Storage RBAC
Deployment Topologies
Operating Systems Containers

Scaling Alerting Telemetry

Log Aggregation
Metrics
High Availability WHY SO HARD?
Image Management
Security Self Healing
Patching
VMs Networking Monitoring App Servers
Routing Configuration Management
CONFIDENTIAL - FOR INTERNAL
USE ONLY
 Kubernetes done right is hard

INSTALL DEPLOY HARDEN OPERATE

● Templating ● Identity & security access ● Platform monitoring & alerts ● OS upgrade & patch
● Validation ● App monitoring & alerts ● Metering & chargeback ● Platform upgrade & patch
● OS setup ● Storage & persistence ● Platform security hardening ● Image upgrade & patch
● Egress, ingress, & integration ● Image hardening ● App upgrade & patch
● Host container images ● Security certifications ● Security patches
● Build/Deploy methodology ● Network policy ● Continuous security scanning

75%
of enterprise users identify
● Disaster recovery
● Resource segmentation
● Multi-environment rollout
● Enterprise container registry
● Cluster & app elasticity
● Monitor, alert, remediate
complexity of implementation and ● Log aggregation

operations as the top blocker to adoption

Source: The New Stack. The State of the Kubernetes Ecosystem, August 2017.
 What is OpenShift?

23
 Self-Service Standards-based

Multi-language Web-scale

Automation Open Source

Collaboration Enterprise Grade

Multi-tenant Secure
OPENSHIFT IS ENTERPRISE KUBERNETES
Red Hat makes building application with containers easy

Business 3rd party

Red Hat Application Automation
Integration Data Web & Mobile
frameworks
Services
CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER

LIFECYCLE AUTOMATION CONTAINER MANAGEMENT

PaaS

SELF-SERVICE SERVICE CATALOG MONITORING CAPACITY MGMT PUBLIC REGISTRY

(RH Registry)
CI/CD
Red Hat OpenShift (Jenkins)
IMAGE BUILD POLICY MANAGEMENT SECURITY ANALYSIS
Container Platform OPS MANAGEMENT
CaaS

(incl. CloudForms) CONTAINER INFRASTRUCTURE SERVICES

ORCHESTRATION OPS AUTOMATION
CONTAINER ENGINE REGISTRY
(Kubernetes) (Ansible)
STORAGE NETWORKING
SECURITY
(Kubernetes) (Open vSwitch) STORAGE
(RH Storage)
Red Hat Enterprise ENTERPRISE-GRADE CONTAINER OS
IaaS

DEV TOOLS
Linux & Atomic Host ( Developer Studio,
PHYSICAL VIRTUAL PRIVATE CLOUD PUBLIC CLOUD Container Dev Kit)
OpenShift 4 - A smarter Kubernetes platform

Automated, full-stack installation from the

container host to application services
Seamless Kubernetes deployment to any
cloud or on-premises environment
Autoscaling of cloud resources
One-click updates for platform, services,
and applications
With OpenShift you can deliver all your
applications in a whole new way

Traditional apps Cloud-native apps AI/ML, Functions...

Container & DevOps Platform

Edge Datacenter Hybrid & Multi-Cloud

 Over the Air (OTA) Updates

● OpenShift retrieves the

list of available updates
● Admin selects the target
version
● OpenShift is updated
over the air
● Auto-update support
Comprehensive container security

CONTROL Container content CI/CD pipeline

Application
Container registry Deployment policies
security

Container platform Container host multi-tenancy

DEFEND
Network isolation Storage
Infrastructure
Audit & logging API management

EXTEND Security ecosystem

 A consistent container application platform
FROM YOUR DATACENTER TO THE CLOUD

Automated Secure by Network Over-the-air Monitoring Pluggable

Multi-tenant
operations default traffic control updates & chargeback architecture

Bare metal, VMware vSphere, Red Hat Virtualization, Red Hat OpenStack Platform,
Amazon Web Services, Microsoft Azure, Google
 Kubernetes adoption phases

1. Stateless apps 2. Stateful apps 3. Distributed systems

ReplicaSets StatefulSets Data rebalancing

Deployments Storage/CSI Autoscaling
Seamless upgrades
 Full-stack automated install
OPENSHIFT 3 & 4 OPENSHIFT 4 (only)

OPENSHIFT PLATFORM
OPENSHIFT PLATFORM

OPERATING SYSTEM

OPERATING SYSTEM

INFRASTRUCTURE
 Automated container operations
FULLY AUTOMATED DAY-1 AND DAY-2 OPERATIONS

INSTALL DEPLOY HARDEN OPERATE

AUTOMATED OPERATIONS
Infra provisioning Full-stack deployment Secure defaults Multicluster aware

Embedded OS On-premises and cloud Network isolation Monitoring and alerts

Unified experience Audit and logs Full-stack patch & upgrade

Signing and policies Zero-downtime upgrades

Vulnerability scanning
 OperatorHub and certified Operators

● OperatorHub.io launched by Red Hat, AWS,

Microsoft and Google
● OpenShift Operator Certification
● OperatorHub integrated into OpenShift 4

COMMUNITY OPERATORS

OPENSHIFT CERTIFIED OPERATORS

Full control for administrators
 Self-service for developers

apiVersion: mongodb.com/v1
kind: MongoDbReplicaSet
metadata:
name: example
namespace: production
spec:
members: 3
version: 4.0.2
persistent: false
project: example
credentials: my-secret

36
 Getting Started with
OpenShift for Developers
Hands-on Workshop

Presenter’s Name Presenter’s Name

Title Title

37
 What's next in OpenShift Q3CY2020

INTRODUCTION

AGENDA
09:00→ 11:00 <TMZ>
● Why Kubernetes?
● Container Technology
● What is Kubernetes
● Kubernetes Cluster
● Workshop Modules

38
 CONFIDENTIAL Designator

Why Kubernetes?

39
 The Application

40
 Modules

41
 Microservices

42
 Microservices

43
 Microservices

44
 Network of Services

45
 Microservices own their Data

46
 Old School New School

Love Thy Mono

47
 CONTAINERS CONFIDENTIAL Designator

Container
Technology
Easy to scale up

Mature technology

Supporting Modern Apps workloads and Cloud Native

48
 OPENSHIFT & KUBERNETES CONCEPTS

a container is the smallest compute unit

CONTAINER

49
 OPENSHIFT & KUBERNETES CONCEPTS

containers are created from

container images

IMAGE CONTAINER

BINARY RUNTIME

50
OPENSHIFT & KUBERNETES CONCEPTS

container images are structured in layers

Image Layer 3 Application Layer

Image Layer 2 Java Runtime Layer

Image Layer 1 OS Update Layer

Base Image Base RHEL

Container Image Layers Example Container Image

OPENSHIFT & KUBERNETES CONCEPTS

anatomy of a Dockerfile
FROM registry.access.redhat.com/ubi8/ubi 1 Inherit from a base image

ENV foo=text 2 Parameters as environment

variables

RUN dnf install -y java-11-openjdk 3 Install dependencies

(tooling from base image)
ADD my-app.jar /home/my-app.jar 4 Add your app as a new Layer

EXPOSE 8080 5 Expose the port your app will use

CMD java -jar /home/my-app.jar 6 Run the app

Example for Java app

 OPENSHIFT & KUBERNETES CONCEPTS

container images are stored in

an image registry

IMAGE REGISTRY

IMAGE IMAGE IMAGE

CONTAINER

IMAGE IMAGE IMAGE

53
 OPENSHIFT & KUBERNETES CONCEPTS

an image repository contains all versions of an

image in the image registry

IMAGE REGISTRY

myregistry/frontend myregistry/mongo

frontend:latest mongo:latest
frontend:2.0 IMAGE
mongo:3.7
IMAGE
frontend:1.1 IMAGE
IMAGE
IMAGE mongo:3.6 IMAGE
IMAGE
IMAGE
frontend:1.0 mongo:3.4

54
 CONFIDENTIAL Designator

What is
Kubernetes?

55
 What is Kubernetes?
An open source orchestration
system for managing
containerized workloads
across a cluster of nodes.

56
 Understanding Kubernetes Objects
Kubernetes objects are
persistent entities that
represent the desired state
of your cluster that you can
manage with the K8s API

57
 Understanding Kubernetes
Objects
Pod ReplicaSet

Deployment Secret

Namespace ConfigMap

Service PersistentVolume

58
 Kubernetes provides an API

API object primitives include these:

kind
apiVersion
metadata
spec
status
59
 Node
● Node: a host machine where containerized workloads
run
● Node activity is managed by one or more Master
instances

60
 kind: Pod
apiVersion: v1
metadata:

Pod creationTimestamp:
name: hello-k8s
● A group of one or more
labels:
co-located containers
run: hello-k8s
● Minimum unit of scale
spec:
containers:
- name: hello-k8s
image: jkleinert/nodejsint-workshop
ports:
- containerPort: 8080
resources: {}
61
 Pod

kubectl create -f
https://raw.githubusercontent.com/jankleinert/hello-workshop/master/pod.json

kubectl get pods

kubectl describe pod/hello-k8s

62
 kind: Service
apiVersion: v1
metadata:
name: hello-k8s
Service creationTimestamp:
labels:
● Acts as a single endpoint run: hello-k8s
for a collection of spec:
ports:
replicated pods
- protocol: TCP
● Like a load balancer port: 8080
targetPort: 8080
selector:
run: hello-k8s
type: NodePort
status:
loadBalancer: {}
 Service

kubectl expose pod/hello-k8s --port 8080 --type=NodePort

kubectl get svc/hello-k8s -o yaml

curl hello-k8s.<userX>:8080

64
 Clean up

kubectl get pods -l run=hello-k8s

kubectl delete pods -l run=hello-k8s

kubectl delete service hello-k8s

65
 kind: Deployment
apiVersion: apps/v1
metadata:
name: hello-k8s
creationTimestamp:
Deployment labels:
run: hello-k8s
● Helps you specify spec:
replicas: 1
container runtime, in selector:
terms of pods matchLabels:
run: hello-k8s
template:
metadata:
creationTimestamp:
labels:
run: hello-k8s
spec:
containers:
- name: hello-k8s
image: jkleinert/nodejsint-workshop
resources: {}
strategy: {}
status: {}
Kubernetes Cluster - Nodes
kubelet kubelet kubelet
Node Node Node
Master

Dev
api

etcd

scheduler kubelet kubelet kubelet

Node Node Node
controllers

Istio
proxy

Ops
Kubernetes Cluster - Declarative

Dev

Ops
Kubernetes Cluster - 4 Tomcats

kubelet kubelet kubelet

Node Node Node

kubelet kubelet kubelet

Node Node Node

Istio
proxy
Kubernetes Cluster - Pod Fail

kubelet kubelet kubelet

Node Node Node

kubelet kubelet kubelet

Node Node Node

Istio
proxy
Kubernetes Cluster - Correcting

kubelet kubelet kubelet

Node Node Node

kubelet kubelet kubelet

Node Node Node

Istio
proxy
Kubernetes Cluster - Node Fail

kubelet kubelet kubelet

Node Node Node

X
kubelet kubelet kubelet
Node Node Node

Istio
proxy
Kubernetes Cluster - Pods Replaced

kubelet kubelet
Node Node

kubelet kubelet kubelet

Node Node Node

Istio
proxy
 CONFIDENTIAL Designator

OpenShift
Demonstrations

74
 Parksmap Architecture

75
 Parksmap Web
● Spring boot frontend using Mapbox
Javascript API to display a World map
with data points
● Provided as Container Image available
publicly from Quay.io
● Interacts with different backends
exposing same REST endpoints (can
integrate an API Gateway)
● Your First App deployment from
OpenShift Developer Console

76
 Parksmap: Exploring OpenShift
● Scaling Apps
● Logging
● Labels
● Permissions
● Accessing and debugging Containers

77
 NationalParks Backend

● Backend to show worldwide National Parks

● Using MongoDB Database to save and
retrieve data as geo locations
● Exposes REST APIs for Parksmap frontend
● Create Container Image automatically from
source code using S2I (Source-to-Image)
● Available for Java, NodeJS, Python and
.NET Core

78
 NationalParks: Exploring OpenShift
● Health Checks
● Automation with Pipelines
● Web Hooks to build and deploy
automatically from code changes

79
 MLB Parks Backend (Java)

● OpenShift runs nicely also “legacy” apps

● Java EE backend to show Major League
Baseball Stadiums in North America
● Build artifacts (.war) locally with your IDE or
workstation
● Create and deploy Container Image to
OpenShift with S2I Binary Builds

80
 Red Hat OpenShift
Training

81
 Start here - Introduction to OpenShift
DO180 Red Hat OpenShift I: Containers & Kubernetes

EX180 Red Hat Certified Specialist in Containers and Kubernetes

Administrator Track Developer Track

Red Hat OpenShift Administration II: Operating a Red Hat OpenShift Development II: Containerizing
DO280 DO288
Production Kubernetes Cluster Applications
Red Hat Certified Specialist in OpenShift Application
EX280 Red Hat Certified Specialist in OpenShift Administration EX288
Development
Red Hat Cloud-native Microservices Development with
DO322 Red Hat OpenShift Installation Lab DO378
Quarkus
Red Hat OpenShift Administration III: Scaling Kubernetes Building Resilient Microservices with Istio and Red Hat
DO380 DO328
Deployments in the Enterprise Service Mesh
Camel Integration and Development with Red Hat Fuse
AD421
DevSecOps Track on OpenShift

DO425 Red Hat Security: Securing Containers and OpenShift

Red Hat Certified Specialist in Security: Containers and

EX425
OpenShift Container Platform

Suggested
Prerequisite Overview Required Course Complementary
Exam
 Introduction to containers, Kubernetes, and OpenShift (DO180)
Learn to build and manage containers for deployment on a Kubernetes and Red Hat OpenShift cluster
Introduction to Containers, Kubernetes, and Red Hat OpenShift (DO180) helps you build core knowledge in
managing containers through hands-on experience with containers, Kubernetes, and the Red Hat® OpenShift®
Container Platform. These skills are needed for multiple roles, including developers, administrators, and site
reliability engineers.

Topics covered include understanding container and OpenShift architecture, creating containerized services,
and deploying applications on Kubernetes and Red Hat OpenShift.

Audience:
● Developers who wish to containerize software applications
● Administrators who are new to container technology and container orchestration
● Architects who are considering using container technologies in software architectures
● Site reliability engineers who are considering using Kubernetes and Red Hat OpenShift

Prerequisites: Be able to use a Linux terminal session, issue operating system commands, and be familiar with
shell scripting. Experience with web application architectures and their corresponding technologies is
recommended, but not required.
83
 WAYS TO TRAIN

Onsite Training Classroom Training Virtual Training Online Learning

Private On-site training and Training and test in a professional Live instructor-led online training 90 days of access to course
exams delivered at your location classroom environment led by with the same high-quality, content and up to 80 hours of
or at one of our training centers Red Hat Certified Instructors hands-on labs you'd find in our hands on labs – all available
classrooms online, at your pace, and your
schedule.

84
 RED HAT LEARNING SUBSCRIPTION PREMIUM CONFIDENTIAL designator

Red Hat Learning Subscription Evolution

Introducing a Premium subscription tier

+ =
STANDARD MODULARIZED VIRTUAL PREMIUM
TRAINING

85
V0000000
Red Hat Training and Certification
Red Hat Certification: Ways to test

Red Hat classroom exams Red Hat individual exams

Classroom exams are scheduled exams that Individual exams are exams for which examinees
are publicly available and delivered in an IT choose the date, time and place. Two different
classroom, typically to multiple examinees and options exist, though not necessarily for all
monitored by an in-person proctor. exams:

Red Hat testing center exams

Testing center exams are delivered in
locations with a specially-configured exam
Red Hat onsite exams system and for which candidates are
Onsite exams are classroom exams delivered observed by a remote proctor.
privately to an organization at its location or a
location of its choosing. NEW: Red Hat remote exams
Remote exams are delivered online at your
home, office or other location of your
choice and observed by a remote proctor.
 Q&A

87
Thank you for viewing this Red Hat workshop! Carahsoft is the Master GSA and SLSA Dealer and Distributor for Red Hat Enterprise Open Source solutions
available via GSA, SLSA, ITES-SW2, The Quilt, E&I and other contract vehicles.

To learn how to take the next step toward acquiring Red Hat’s solutions, please check out the following resources and information:

For additional resources: For additional Red Hat solutions: To purchase, check out the contract vehicles available for procurement:

carah.io/RedHatResources carah.io/RedHatPortfolio carah.io/RedHatContracts

For upcoming events: For additional Open Source solutions: To set up a meeting:

carah.io/RedHatEvents carah.io/OpenSourceSolutions redhat@carahsoft.com or 877-RHAT-GOV

For more information, contact Carahsoft or our reseller partners:

redhat@carahsoft.com | 877-RHAT-GOV