OpenShift 3.x: Features/Functions/Future

OpenShift Commons Gathering - Austin, Tx December 5, 2017

Clayton Coleman - Architect, Red HatMike Barrett - Product Manager, Red Hat OpenShift

Platform and Distribution

What’s new this time around?

1.8 WAS BIGGER THAN EVER

● 2000+ pull requests and 2500 commits● 380+ committers● 39 features across 29 SIGs and 5 WG● 1.8: 4 features to stable, 16 features to beta● 1.9: 2 features to stable, 16 features to beta

And that’s just the technical part

COMMUNITY IS THE BEST FEATURE

● Kubernetes Steering Committee formed● New top level SIG - SIG-Architecture● Formalizing K8S proposal process (KEP)● Continuing investment in the community

Everyone is welcome here!

Focus Areas Over the Next Year

Cloud-Native & Traditional Apps● RHOAR cloud-native frameworks● Service Catalog / Brokers● Windows Containers● RHOADS intelligent apps● Service Mesh / Istio

Middleware & ISVs● ISV certifications & packaged apps● Fuse Online, RHOM, and other services

Invest in New Services● NFV / Telco + Containers● Serverless● Analytics & ML/AI● HPC & Low Latency● High-Performance MFV

Developer Experience● Focus on simplified, app-centrix UXD● Enable OpenShift.io for hybrid● Incorporate Dev Tools acquisitions

Core Platform Features● CRI-O investment● Security enhancements● Logging & Metrics● OVN

Install, Upgrades & Management● Ansible install/upgrade enhancements● Deliver CloudForms CM-Ops in CF 4.6● Cluster Federation ● OCP+CNS integrated monitoring/Mgmt● OCP+OSP integration enhancements

APPLICATIONS & SERVICES CORE PLATFORM FEATURES

Focus on Stability

STABILITY IS A FEATURE

● Strong focus on fixing bugs since 1.72605 issues resolved since 1.7 (June 30th)

● Mature existing features to beta or stable 40 features moved to beta or stable

● Production mattersRefine, polish, scale, tighten

EVENTS AND SCALE

● Events expose important transient info to users

● Key debugging tool● In large clusters, excessive

events observed● FIX: Streamline sources● FIX: Client-side rate limit● 1.9: Server-side throttle

master

Nodes

master

NodesNodes Nodes

Before:100 event/s

After:3 event/s

DENSE CLUSTER SCALING● On very dense clusters

clients retrieve a lot of data

● Alpha: gzip compression● Alpha: clients can receive

results in chunks● Result: reduce 95th

percentile latencies and improve client experience

master

LIST Pods (3.5MB)

master

LIST PodsResults returned in chunks of 500

20KB 20KB 20KB

20KB ...

MONITORING

● Prometheus cluster monitoring tech preview in OpenShift 3.7

● Fixed 10+ bugs around component monitoring

● Used experience at scale to guide new metrics

● Improve observability

Improvements in network and memory use before and after etcd3 migration

Runtime Features

METRICS AND AUTOSCALING

● Beta metrics API for pods and nodes, replacing heapster

● Custom metrics API to expose arbitrary application metrics

● HPA v2 autoscaler targeting custom metrics● Improve visibility into HPA status● Lay foundations for usage based scheduling

EXTENSIBILITY EVERYWHERE

● FlexVolumes can more easily be deployed○ New opportunities for node extension

● Custom resource definitions support validation● Admission webhooks move to beta● CRI continues to mature (see CRI-O)

NETWORKING

● Improvements to service load balancing○ Iptables performance and scale improvements○ Beta IPVS kube-proxy implementation

■ Promises better failover handling and detection● Network policy improvements

○ Pod egress support added to NetworkPolicy● IPv6 Alpha support in Kubernetes 1.9

STORAGE

● Local storage○ Scheduler assigns local disk, just like CPU○ PVCs that are bound to that node○ Still in alpha, but helping improve a number of

key areas:■ Scheduler awareness of nodes and volumes■ Local IO isolation and guarantees■ Resource accounting for disk

● Resize and Snapshotting

PERFORMANCE SENSITIVE APPS

● Goal○ Support more workload types○ With better performance○ Without sacrificing reliability

● Focus areas○ CPU management○ Device plugins○ HugePages

BETTER CONTAINER RUNTIME

CRI-O is nearing production readiness

Performance, reliability, and overhead improvements.

Platform Features

OPENSHIFT SERVICE CATALOG

OpenShiftAnsibleBroker

OpenShiftTemplateBroker

AWSServiceBroker

OtherServiceBrokers

ANSIBLE

OPENSHIFT

AMAZON WEB SERVICES

OTHER COMPATIBLE SERVICES

Ansible Playbook Bundles

OpenShiftTemplates

PublicCloudServices

OtherServices

Service BrokersExpose and Provision Services

SERVICE BROKERS

NEW!

Service Catalog - What’s Next

Injection of Binding Data

Objective: reduce manual steps

After a service is provisioned, and bound, a secret is created

secret will be added to a deployment configuration using PodPreset

Deployment Config Change trigger will cause redeployment of pods, which will include binding data.

Service Governance

Objective: allow fine-grained control on who can provision and bind to services.

Scenario: in my organization developers can only provision and bind to development services. Production apps have access to services tagged as production-ready and are controlled by a different group

INSTALL AND UPGRADE

● Multi-Version upgrades○ Rolling update versions during OCP upgrade (i.e. 3.7 to 3.9)○ Under investigation for targeted “LTS” versions (3.9)

● Provider-specific installs○ Configures OpenShift Container Platform & underlying

infrastructure, based on reference architecture recommendations

○ AWS and OpenStack initially; Azure, Google and VMWare next

CLOUD NODES

● Build Golden Images for most cloud providers○ Same configuration path as today w/ Ansible

● Bootstrap nodes from the masters○ Centralized master config, cert management○ Nodes check in, download config, run pods

● Leads to autoscaling node groups● Problematic nodes can just be deleted

● Containerized (aka podified) CF○ Installed on OpenShift with Installer or

Template● OpenShift Provider for Prometheus

○ Metrics and Alerts in container dashboards

○ Alerts management ● Chargeback

○ By Allocation (vs. Usage)

MANAGEMENT Object Relationships, Usage, CrossLinking

and Beyond

(SOME) 1.10 GOALS● Stability and bug fixes (obv!)● Everything is extensible● Scaling improvements

● Initializers and webhook admission being used internally

● De-scheduler● Priority and preemption● More node level improvements

in resource management

● Better core multitenancy● Get volume snapshots and

resizing to beta● Better Prometheus

integration into metrics● Block device support

SERVERLESS COMPUTING

Service Microservice Function

f( )> Single Purpose> Stateless> Independently Scalable> Automated

> Single Action> Event-sourced> Ephemeral

> Autonomous> Loosely-coupled

APP CONFIG & DEFINITION

● No core “application” concept in Kubernetes○ Define conventions for user-defined apps○ Leads to be better ecosystem experience

● Work to simplify and improve config mgmt in K8s○ Better Ansible tooling○ Reuse more work across different solutions

● Improve interoperation across clusters

Istio

● Intelligent Routing and Load

Balancing

● Resilience Across Languages

and Platforms

● Telemetry and Reporting

● Policy Enforcement

OCPGateway(for outbound/as a consumer API

control)

north

south

service billing

Gateway(for inbound API control)

service booking service invoicing

west east

Envoy proxy

SERVICE MESH

Questions?

OpenShift 3.7 is out, Kube 1.9 releases soon!

Clayton Coleman - @smarterclaytonMike Barrett - @gadfly_io