About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Article
OpenShift 101
Get started with Red Hat OpenShift
On this page
OpenShift, a powerful Kubernetes-based platform by Red Hat, has become an essential tool for developers and IT operations teams. It streamlines the process of developing, deploying, and managing containerized applications. This article provides an in-depth understanding of OpenShift’s architecture, its web console and CLI tools, and the role of pipelines in automating the application lifecycle.
OpenShift architecture
OpenShift’s architecture is designed to offer a robust, scalable environment for deploying and managing applications.
The core components of OpenShift’s architecture include:
Infrastructure layer: In the infrastructure layer, you can host your applications on physical servers, virtual servers, or in the cloud (private/public).
Service layer: The service layer defines pods and access policies, providing permanent IP addresses and host names to the pods. It connects applications and enables simple internal load balancing, distributing tasks across application components.
Master nodes: Master nodes are responsible for managing the OpenShift cluster. They host critical components such as the API server, the controller manager, and the scheduler. The API server handles all RESTful operations and provides the frontend to the control plane, managing the communication between the components. The controller manager ensures the desired state of the system is maintained by monitoring the cluster and making necessary adjustments. The scheduler assigns workloads to nodes based on resource availability.
Worker nodes: Worker nodes are the machines where containerized applications run. Each worker node includes the Kubelet, which communicates with the master nodes, ensuring that containers are running in the desired state. The Kube-proxy is another key component that maintains network rules on nodes, allowing communication to and from containers.
Registry: The registry saves images locally within the cluster. When a new image is pushed to the registry, it notifies OpenShift and passes image information.
Persistent storage: Persistent storage is crucial because containers are ephemeral. This storage saves data and connects it to containers, preventing data loss and enabling the use of stateful applications.
Routing layer: The routing layer provides external access to the applications in the cluster from any device. It also offers load balancing and auto-routing around unhealthy pods.
OpenShift operators
A significant improvement in OpenShift 4 is the introduction of operators, which automate and streamline the installation, updates, and management of container-based services. Operators extend the Kubernetes control plane and API, making the management of containerized applications at scale more efficient.
You can install operators from OperatorHub or customize your own using the Operator SDK. OperatorHub, introduced in OpenShift 4, is a catalog of applications that can be installed by administrators and added to individual projects by developers. It supports quick deployments and integrations with IBM Cloud and Red Hat. OperatorHub offers both Community Operators and Certified Operators.
OpenShift web console and CLI
Managing an OpenShift cluster involves interaction through both the web console and the Command-Line Interface (CLI). Each provides unique functionalities tailored to different user preferences and requirements. These tools are pivotal for managing and orchestrating resources within the OpenShift environment.
OpenShift web console
The OpenShift web console is a graphical interface designed to simplify the management and deployment of applications. It features two main perspectives: the Developer and Administrator perspectives, each tailored to specific user roles and tasks.
Developer perspective
The developer perspective provides specific workflows related to the developer use case, such as:
- Project management: Developers can create and manage projects (namespaces) to organize their resources.
- Application deployment: The web console provides streamlined workflows for deploying applications, including integration with source-to-image (S2I) processes and deployment templates.
- Monitoring and logs: Developers have access to tools for monitoring application health and viewing logs, facilitating easy debugging and performance tuning.
Administrator perspective
The administrator perspective in the OpenShift cluster is responsible for managing the cluster resources, users, and projects:
- Cluster management: Administrators can manage the overall cluster, including nodes, networking, and storage.
- User management: The console allows administrators to manage user access and permissions using role-based access control (RBAC).
- Resource quotas: Administrators can set and enforce resource quotas to manage the allocation of cluster resources efficiently.
OpenShift CLI
The CLI, accessed through the oc command, provides a more granular and scriptable interface for managing OpenShift resources. It complements the web console by offering capabilities that are essential for automation and complex configurations.
Key features of OpenShift CLI
- Resource management: You can create, modify, and delete resources like pods, services, and routes.
- Automation: You can script common tasks, making the CLI ideal for integrating with CI/CD pipelines and other automated workflows.
- Detailed control: You have access to advanced configuration options that might not be available through the web console, giving users more control over their deployments and configurations.
If you are interested in learning more about oc commands, see OpenShift documentation.
OpenShift pipelines
OpenShift pipelines is based on Tekton, a powerful Kubernetes-native framework for creating CI/CD systems, enabling each step of a pipeline to run in its own container and scale independently.
Key components of OpenShift pipelines
The following diagram shows the components of Tekton pipelines that are the same in OpenShift pipelines.
Pipeline: Defines a sequence of tasks to be executed, representing the workflow for building, testing, and deploying applications. Pipelines are highly configurable, allowing for parallel execution, conditional logic, and retries.
Task: The smallest unit of work in a pipeline. Tasks are composed of multiple steps, each performing a specific operation such as compiling code, running tests, or deploying artifacts.
PipelineRun: An instantiation of a pipeline, representing a single execution. PipelineRuns track the progress and results of each pipeline execution.
TaskRun: Similar to PipelineRun, but for individual tasks. TaskRuns provide detailed information about the execution of each task within a pipeline.
PipelineResource: Defines the inputs and outputs for tasks and pipelines. Resources can include source code repositories, Docker images, and storage volumes.
Key features of OpenShift pipelines
Kubernetes-native: OpenShift pipelines leverages Kubernetes' capabilities, allowing it to natively integrate with the OpenShift platform. This ensures that pipelines can scale efficiently and that each pipeline step can be executed in a separate container.
Flexibility and reusability: pipelines in OpenShift are composed of reusable tasks, which can be defined and managed independently. This modularity makes it easier to build and maintain complex workflows by reusing existing components.
Event-driven automation: Tekton triggers are used to automate pipeline execution based on various events, such as code commits or pull requests. This ensures that the CI/CD process is continuously and automatically kept up-to-date with the latest code changes.
Pipeline as code: OpenShift pipelines allows you to define your pipelines declaratively in YAML. This approach aligns with the "infrastructure as code" philosophy, making it easier to version, review, and manage pipeline definitions alongside your application code.
Integration with GitOps: OpenShift pipelines integrates seamlessly with GitOps practices, enabling automated deployments and updates based on Git repository changes. This integration supports continuous delivery and promotes a consistent, reliable deployment process.
Example pipeline workflow
A typical pipeline in OpenShift might involve several stages, each represented by a task. Here’s a simple example:
- Clone the source code from a Git repository.
- Use a build tool like Buildah or Kaniko to build a container image from the source code.
- Execute unit and integration tests to ensure the code functions correctly.
- Deploy the built container image to a staging or production environment using Kubernetes deployment resources.
Benefits of OpenShift pipelines
- Scalability: Each pipeline step runs in its own container, which can be scaled independently to meet varying loads and demands.
- Resilience: The containerized nature of each step ensures that failures in one part of the pipeline do not necessarily affect others, enhancing overall resilience.
- Efficiency: By leveraging Kubernetes-native capabilities, OpenShift Pipelines can efficiently utilize cluster resources and optimize the CI/CD process.
- Security: Pipelines benefit from the security features of Kubernetes and OpenShift, including namespace isolation, role-based access control (RBAC), and network policies.
Integrating architecture, web console, CLI, and pipelines
Understanding how these components interrelate is crucial for leveraging the full potential of OpenShift. Here’s how they come together:
- Cluster management: The architecture provides the foundation, with master and worker nodes handling workloads and maintaining the desired state. The web console and CLI offer different interfaces for interacting with the cluster, each catering to different user needs.
- Resource management: Whether through the web console or CLI, users can manage resources such as deployments, services, and storage. Pipelines can automate these management tasks, ensuring consistent and repeatable deployments.
- Security and access control: The web console and CLI facilitate access control, ensuring secure management of the cluster. Pipelines can be configured to run with specific permissions, enhancing security during automated workflows.
- Monitoring and logging: OpenShift’s architecture includes tools for monitoring and logging. The web console provides a graphical interface for viewing metrics and logs, while the CLI allows for detailed querying and troubleshooting. Pipelines can incorporate monitoring steps to ensure application health and performance.
Summary
OpenShift’s robust architecture, combined with its powerful web console, CLI, and pipelines, offers a comprehensive platform for developing, deploying, and managing containerized applications. By understanding these components and their interactions, developers and IT operations teams can fully leverage OpenShift’s capabilities, ensuring efficient, secure, and scalable application delivery.