June 7, 2021

Two Hats Are Redder Than One: Openshift Introduction (Week 5)

Two Hats Are Redder Than One: Openshift Introduction (Week 5)

Hi everyone!

We hope you are having a great week. As the weather starts to warm up here in Raleigh we have decided to move onto one of the hottest products that we currently offer. Like all posts this is going to be a two parter. We will most likely set the stage for why you could use a product like Red Hat OpenShift Container Platform and in the second post we will pick parts of OpenShift that we want to discuss. We hope you enjoy the series and as always please feel free to post comments /questions or discussions below and we will do our best to answer anything as soon as we can. Enjoy the next two weeks of Red Hat OpenShift Container Platform!

Cody

Like all of our products it is really difficult to distill Openshift Container Platform (OpenShift for short) into 2 blog posts but I am going to focus on a few different aspects of OpenShift and then pass it off to my companion for his take. As with all of our products there is some pre-knowledge required, and as always there are better people than I to explain some of the concepts. If you are not familiar with kubernetes or containers in general please read up on that before continuing. If you need a quick refresher, containers are a method of delivering software that removes a lot of underlying requirements that virtual machines come with. Kubernetes is a technology that allows you to manage containers at scale. There are many implementations of that technology and OpenShift Container Platform is one of those implementations.

Like many, my understanding of containers is relatively new. It was not something that was taught in my formal education and in my role prior to coming to Red Hat we mainly focused on virtualization. Even that concept was new to me so coming to containers with a small understanding of virtualization made for an interesting transition. My experience with virtualization software showed that, at scale, VM’s needed to be managed utilizing some sort of management software (RHEV, VSphere, Hyper-V, etc). Organizations can have thousands of VM’s running and likewise they can have thousands of containers running in production. Operating Systems (like RHEL) have tools (Podman, Buildah) that can manage and build a few containers but in large quantities you need a tool like OpenShift. OpenShift allows you to run, monitor, and organize large amounts of containers. It even simplifies new constructs like operators which allow you to automate container operations using tools like GoLang or Helm to do so. It even allows you access to marketplaces like OperatorHub or the Red Hat Marketplace. These marketplaces provide you, as a customer, with access to Red Hat certified operators (through the official Red Hat Marketplace) and 3rd party operators (through OperatorHub).

Having access to a plethora of tools is important in a production environment but even more so in a trusted development tool. Developers require access to a range of tools in order to create the most effective applications. Without consistent access, development can stall or not reach its full potential and this can have a negative impact on production applications.

One of the arguments that we at Red Hat hear a lot of. “You take Open Source technology and make us pay for it. Why can’t I just do the same thing?” The answer to this is “you can” but DIY Kubernetes is very hard. Making sure you integrate all of the tools your developers will need is hard. Supporting these tools is also hard and ensuring all of the right people have the right access is also hard. OpenShift simplifies all of this by doing kubernetes for you and giving you all of those tools. With that being said I will pass it on to Cameron for his discussion. Next post I will dive into some of the interesting tools that OpenShift provides access to. I hope you enjoyed this brief intro to OpenShift. Thanks!

Cam

Thanks Cody!  I would like to double down on you saying Kubernetes DIY is difficult.  More specifically it is difficult to DIY Kubernetes at scale on top of the demands of production environments.  The more applications you are deploying, the more sensitive the data you are handling, and the more demanding your infrastructure’s availability the more unwieldy DIY Kuberetes becomes.  This is even more true for efficiently administering Kubernetes at scale.  Without the right tools for automation, security, and development it will become increasingly burdensome to implement Kubernetes and even if you overcome that burden it will still create massive costs in the long run as well as risks.

Just to be extra clear OpenShift IS Kubernetes.   It just is much more than Kubernetes.  OpenShift has the tools you need to enable scaling without sacrificing security.  This is particularly evident when you look at the OS that OpenShift runs on top of which is RHEL CoreOS.  CoreOS limits the attackserice of your OpenShift environment by being immutable and by only having as part of the OS what you need to run OpenShift, nothing more and nothing less.  This has the added benefit of having a smaller footprint for increased efficiency on hardware resource consumption.  Finally, CoreOS can be administered at the container level through the OpenShift platform itself.  This is incredibly convenient but also practical when you realize that OpenShift can then spin up more nodes running on top of CoreOS in cloud environments.  This can be done dynamically to scale up to meet demands and back down when demand subsides.

RHEL CoreOS is just one small part of the tools and services offered by OpenShift.  Another one that I really enjoy talking about is Istio or rather Red Hat’s version of the Istio open source project, Red Hat OpenShift Service Mesh.  At no added cost OpenShift users get access to the Red Hat OpenShift Service Mesh to help with networking different microservices into logical applications within their clusters.  

Red Hat builds on the Istio project by adding Jaegar (an open source project) for tracing traffic within your cluster to provide better insights for the journey a request entering your environment takes to get back to the user.  Also, Red Hat includes Kiali (another open source project) which adds visualization for easier configuration, traffic monitoring, and analysis of traces. Visualization helps you see communication between services and what is being implemented at the network management level for your services.  All this information is kept up to date for current views of how your environment is working.

I’ve still only scratched the surface and next week I’d like to dive into the added tools around security that OpenShift offers.  Cody, maybe you could tackle the developer side?