About

OpenShift Container Platform 4.8

Introduction to OpenShift Container Platform

Red Hat OpenShift Documentation Team

Abstract

This document provides an overview of the OpenShift Container Platform features.

Chapter 1. OpenShift Container Platform 4.8 Documentation

Welcome to the official OpenShift Container Platform 4.8 documentation, where you can learn about OpenShift Container Platform and start exploring its features.

To navigate the OpenShift Container Platform 4.8 documentation, you can use one of the following methods:

  • Use the left navigation bar to browse the documentation.
  • Select the task that interests you from the contents of this Welcome page.

Start with Architecture and Security and compliance. Then, see the release notes.

1.1. Cluster installer activities

Explore these OpenShift Container Platform installation tasks.

1.2. Developer activities

Develop and deploy containerized applications with OpenShift Container Platform. OpenShift Container Platform is a platform for developing and deploying containerized applications. OpenShift Container Platform documentation helps you:

Use the Developer perspective in the OpenShift Container Platform web console to create and deploy applications.

Use the Topology view to see your applications, monitor status, connect and group components, and modify your code base.

  • Use the developer CLI tool (odo): The odo CLI tool lets developers create single or multi-component applications easily and automates deployment, build, and service route configurations. It abstracts complex Kubernetes and OpenShift Container Platform concepts, allowing you to focus on developing your applications.
  • Create CI/CD Pipelines: Pipelines are serverless, cloud-native, continuous integration and continuous deployment systems that run in isolated containers. They use standard Tekton custom resources to automate deployments and are designed for decentralized teams that work on microservices-based architecture.
  • Deploy Helm charts: Helm 3 is a package manager that helps developers define, install, and update application packages on Kubernetes. A Helm chart is a packaging format that describes an application that can be deployed using the Helm CLI.
  • Understand image builds: Choose from different build strategies (Docker, S2I, custom, and pipeline) that can include different kinds of source materials (from places like Git repositories, local binary inputs, and external artifacts). Then, follow examples of build types from basic builds to advanced builds.
  • Create container images: A container image is the most basic building block in OpenShift Container Platform (and Kubernetes) applications. Defining image streams lets you gather multiple versions of an image in one place as you continue its development. S2I containers let you insert your source code into a base container that is set up to run code of a particular type, such as Ruby, Node.js, or Python.
  • Create deployments: Use Deployment and DeploymentConfig objects to exert fine-grained management over applications. Manage deployments using the Workloads page or OpenShift CLI (oc). Learn rolling, recreate, and custom deployment strategies.
  • Create templates: Use existing templates or create your own templates that describe how an application is built or deployed. A template can combine images with descriptions, parameters, replicas, exposed ports and other content that defines how an application can be run or built.
  • Understand Operators: Operators are the preferred method for creating on-cluster applications for OpenShift Container Platform 4.8. Learn about the Operator Framework and how to deploy applications using installed Operators into your projects.
  • Develop Operators: Operators are the preferred method for creating on-cluster applications for OpenShift Container Platform 4.8. Learn the workflow for building, testing, and deploying Operators. Then, create your own Operators based on Ansible or Helm, or configure built-in Prometheus monitoring using the Operator SDK.
  • REST API reference: Learn about OpenShift Container Platform application programming interface endpoints.

1.3. Cluster administrator activities

Manage machines, provide services to users, and follow monitoring and logging reports. This documentation helps you:

1.3.1. Manage cluster components

1.3.2. Change cluster components

1.3.3. Monitor the cluster

Chapter 2. Learn more about OpenShift Container Platform

Use the following sections to find content to help you learn about and use OpenShift Container Platform.

2.1. Architect

2.2. Cluster Administrator

2.3. Application Site Reliability Engineer (App SRE)

2.4. Developer

2.5. Understanding OpenShift Container Platform

OpenShift Container Platform is a Kubernetes environment for managing the lifecycle of container-based applications and their dependencies on various computing platforms, such as bare metal, virtualized, on-premise, and in cloud. OpenShift Container Platform deploys, configures and manages containers. OpenShift Container Platform offers usability, stability, and customization of its components.

OpenShift Container Platform utilises a number of computing resources, known as nodes. A node has a lightweight, secure operating system based on Red Hat Enterprise Linux (RHEL), known as Red Hat Enterprise Linux CoreOS (RHCOS).

After a node is booted and configured, it obtains a container runtime, such as CRI-O or Docker, for managing and running the images of container workloads scheduled to it. The Kubernetes agent, or kubelet schedules container workloads on the node. The kubelet is responsible for registering the node with the cluster and receiving the details of container workloads.

OpenShift Container Platform configures and manages the networking, load balancing and routing of the cluster. OpenShift Container Platform adds cluster services for monitoring the cluster health and performance, logging, and for managing upgrades.

The container image registry and OperatorHub provide Red Hat certified products and community built softwares for providing various application services within the cluster. These applications and services manage the applications deployed in the cluster, databases, frontends and user interfaces, application runtimes and business automation, and developer services for development and testing of container applications.

You can manage applications within the cluster either manually by configuring deployments of containers running from pre-built images or through resources known as Operators. You can build custom images from pre-build images and source code, and store these custom images locally in an internal, private or public registry.

The Multicluster Management layer can manage multiple clusters including their deployment, configuration, compliance and distribution of workloads in a single console.

Red Hat OpenShift Kubernetes Engine

Chapter 3. About OpenShift Kubernetes Engine

As of 27 April 2020, Red Hat has decided to rename Red Hat OpenShift Container Engine to Red Hat OpenShift Kubernetes Engine to better communicate what value the product offering delivers.

Red Hat OpenShift Kubernetes Engine

Red Hat OpenShift Kubernetes Engine is a product offering from Red Hat that lets you use an enterprise class Kubernetes platform as a production platform for launching containers. You download and install OpenShift Kubernetes Engine the same way as OpenShift Container Platform as they are the same binary distribution, but OpenShift Kubernetes Engine offers a subset of the features that OpenShift Container Platform offers.

3.1. Similarities and differences

You can see the similarities and differences between OpenShift Kubernetes Engine and OpenShift Container Platform in the following table:

Table 3.1. Product comparison for OpenShift Kubernetes Engine and OpenShift Container Platform

 OpenShift Kubernetes EngineOpenShift Container Platform

Fully Automated Installers

Yes

Yes

Over the Air Smart Upgrades

Yes

Yes

Enterprise Secured Kubernetes

Yes

Yes

Kubectl and oc automated command line

Yes

Yes

Operator Lifecycle Manager (OLM)

Yes

Yes

Administrator Web console

Yes

Yes

OpenShift Virtualization

Yes

Yes

User Workload Monitoring

 

Yes

Metering and Cost Management SaaS Service

 

Yes

Platform Logging

 

Yes

Developer Web Console

 

Yes

Developer Application Catalog

 

Yes

Source to Image and Builder Automation (Tekton)

 

Yes

OpenShift Service Mesh (Maistra, Kiali, and Jaeger)

 

Yes

OpenShift distributed tracing (Jaeger)

 

Yes

OpenShift Serverless (Knative)

 

Yes

OpenShift Pipelines (Jenkins and Tekton)

 

Yes

Embedded Component of IBM Cloud Pak and RHT MW Bundles

 

Yes

3.1.1. Core Kubernetes and container orchestration

OpenShift Kubernetes Engine offers full access to an enterprise-ready Kubernetes environment that is easy to install and offers an extensive compatibility test matrix with many of the software elements that you might use in your data center.

OpenShift Kubernetes Engine offers the same service level agreements, bug fixes, and common vulnerabilities and errors protection as OpenShift Container Platform. OpenShift Kubernetes Engine includes a Red Hat Enterprise Linux (RHEL) Virtual Datacenter and Red Hat Enterprise Linux CoreOS (RHCOS) entitlement that allows you to use an integrated Linux operating system with container runtime from the same technology provider.

The OpenShift Kubernetes Engine subscription is compatible with the Red Hat OpenShift support for Windows Containers subscription.

3.1.2. Enterprise-ready configurations

OpenShift Kubernetes Engine uses the same security options and default settings as the OpenShift Container Platform. Default security context constraints, pod security policies, best practice network and storage settings, service account configuration, SELinux integration, HAproxy edge routing configuration, and all other standard protections that OpenShift Container Platform offers are available in OpenShift Kubernetes Engine. OpenShift Kubernetes Engine offers full access to the integrated monitoring solution that OpenShift Container Platform uses, which is based on Prometheus and offers deep coverage and alerting for common Kubernetes issues.

OpenShift Kubernetes Engine uses the same installation and upgrade automation as OpenShift Container Platform.

3.1.3. Standard infrastructure services

With an OpenShift Kubernetes Engine subscription, you receive support for all storage plugins that OpenShift Container Platform supports.

In terms of networking, OpenShift Kubernetes Engine offers full and supported access to the Kubernetes Container Network Interface (CNI) and therefore allows you to use any third-party SDN that supports OpenShift Container Platform. It also allows you to use the included Open vSwitch software defined network to its fullest extent. OpenShift Kubernetes Engine allows you to take full advantage of the OVN Kubernetes overlay, Multus, and Multus plugins that are supported on OpenShift Container Platform. OpenShift Kubernetes Engine allows customers to use a Kubernetes Network Policy to create microsegmentation between deployed application services on the cluster.

You can also use the Route API objects that are found in OpenShift Container Platform, including its sophisticated integration with the HAproxy edge routing layer as an out of the box Kubernetes ingress controller.

3.1.4. Core user experience

OpenShift Kubernetes Engine users have full access to Kubernetes Operators, pod deployment strategies, Helm, and OpenShift Container Platform templates. OpenShift Kubernetes Engine users can use both the oc and kubectl command line interfaces. OpenShift Kubernetes Engine also offers an administrator web-based console that shows all aspects of the deployed container services and offers a container-as-a service experience. OpenShift Kubernetes Engine grants access to the Operator Life Cycle Manager that helps you control access to content on the cluster and life cycle operator-enabled services that you use. With an OpenShift Kubernetes Engine subscription, you receive access to the Kubernetes namespace, the OpenShift Project API object, and cluster-level Prometheus monitoring metrics and events.

3.1.5. Maintained and curated content

With an OpenShift Kubernetes Engine subscription, you receive access to the OpenShift Container Platform content from the Red Hat Ecosystem Catalog and Red Hat Connect ISV marketplace. You can access all maintained and curated content that the OpenShift Container Platform eco-system offers.

3.1.6. OpenShift Container Storage compatible

OpenShift Kubernetes Engine is compatible and supported with your purchase of OpenShift Container Storage.

3.1.7. Red Hat Middleware compatible

OpenShift Kubernetes Engine is compatible and supported with individual Red Hat Middleware product solutions. Red Hat Middleware Bundles that include OpenShift embedded in them only contain OpenShift Container Platform.

3.1.8. OpenShift Serverless

OpenShift Kubernetes Engine does not include OpenShift Serverless support. Use OpenShift Container Platform for this support.

3.1.9. Quay Integration compatible

OpenShift Kubernetes Engine is compatible and supported with a Red Hat Quay purchase.

3.1.10. OpenShift Virtualization

OpenShift Kubernetes Engine includes support for the Red Hat product offerings derived from the kubevirt.io open source project.

3.1.11. Advanced cluster management

OpenShift Kubernetes Engine is compatible with your additional purchase of Red Hat Advanced Cluster Management (RHACM) for Kubernetes. An OpenShift Kubernetes Engine subscription does not offer a cluster-wide log aggregation solution or support Elasticsearch, Fluentd, or Kibana based logging solutions. Similarly, the chargeback features found in OpenShift Container Platform or the console.redhat.com Cost Management SaaS service are not supported with OpenShift Kubernetes Engine. Red Hat Service Mesh capabilities derived from the open source istio.io and kiali.io projects that offer OpenTracing observability for containerized services on OpenShift Container Platform are not supported in OpenShift Kubernetes Engine.

3.1.12. Advanced networking

The standard networking solutions in OpenShift Container Platform are supported with an OpenShift Kubernetes Engine subscription. OpenShift Container Platform’s Kubernetes CNI plugin for automation of multi-tenant network segmentation between OpenShift Container Platform projects is entitled for use with OpenShift Kubernetes Engine. OpenShift Kubernetes Engine offers all the granular control of the source IP addresses that are used by application services on the cluster. Those egress IP address controls are entitled for use with OpenShift Kubernetes Engine. OpenShift Container Platform offers ingress routing to on cluster services that use non-standard ports when no public cloud provider is in use via the VIP pods found in OpenShift Container Platform. That ingress solution is supported in OpenShift Kubernetes Engine. OpenShift Kubernetes Engine users are supported for the Kubernetes ingress control object, which offers integrations with public cloud providers. Red Hat Service Mesh, which is derived from the istio.io open source project, is not supported in OpenShift Kubernetes Engine. Also, the Kourier ingress controller found in OpenShift Serverless is not supported on OpenShift Kubernetes Engine.

3.1.13. Developer experience

With OpenShift Kubernetes Engine, the following capabilities are not supported:

  • The CodeReady developer experience utilities and tools, such as CodeReady Workspaces.
  • OpenShift Container Platform’s pipeline feature that integrates a streamlined, Kubernetes-enabled Jenkins and Tekton experience in the user’s project space.
  • The OpenShift Container Platform’s source-to-image feature, which allows you to easily deploy source code, dockerfiles, or container images across the cluster.
  • Build strategies, builder pods, or Tekton for end user container deployments.
  • The odo developer command line.
  • The developer persona in the OpenShift Container Platform web console.

3.1.14. Feature summary

The following table is a summary of the feature availability in OpenShift Kubernetes Engine and OpenShift Container Platform. Where applicable, it includes the name of the Operator that enables a feature.

Table 3.2. Features in OpenShift Kubernetes Engine and OpenShift Container Platform

FeatureOpenShift Kubernetes EngineOpenShift Container PlatformOperator name

Fully Automated Installers (IPI)

Included

Included

N/A

Customizable Installers (UPI)

Included

Included

N/A

Disconnected Installation

Included

Included

N/A

Red Hat Enterprise Linux (RHEL) or Red Hat Enterprise Linux CoreOS (RHCOS) entitlement

Included

Included

N/A

Existing RHEL manual attach to cluster (BYO)

Included

Included

N/A

CRIO Runtime

Included

Included

N/A

Over the Air Smart Upgrades and Operating System (RHCOS) Management

Included

Included

N/A

Enterprise Secured Kubernetes

Included

Included

N/A

Kubectl and oc automated command line

Included

Included

N/A

Auth Integrations, RBAC, SCC, Multi-Tenancy Admission Controller

Included

Included

N/A

Operator Lifecycle Manager (OLM)

Included

Included

N/A

Administrator web console

Included

Included

N/A

OpenShift Virtualization

Included

Included

OpenShift Virtualization Operator

Compliance Operator provided by Red Hat

Included

Included

Compliance Operator

File Integrity Operator

Included

Included

File Integrity Operator

Gatekeeper Operator

Not Included - Requires separate subscription

Not Included - Requires separate subscription

Gatekeeper Operator

Klusterlet

Not Included - Requires separate subscription

Not Included - Requires separate subscription

N/A

Kube Descheduler Operator provided by Red Hat

Included

Included

Kube Descheduler Operator

Local Storage provided by Red Hat

Included

Included

Local Storage Operator

Node Feature Discovery provided by Red Hat

Included

Included

Node Feature Discovery Operator

Performance Add-on Operator

Included

Included

Performance Add-on Operator

PTP Operator provided by Red Hat

Included

Included

PTP Operator

Service Telemetry Operator provided by Red Hat

Included

Included

Service Telemetry Operator

SR-IOV Network Operator

Included

Included

SR-IOV Network Operator

Vertical Pod Autoscaler

Included

Included

Vertical Pod Autoscaler

Cluster Monitoring (Prometheus)

Included

Included

Cluster Monitoring

Device Manager (for example, GPU)

Included

Included

N/A

Log Forwarding (with fluentd)

Included

Included

Red Hat OpenShift Logging Operator (for log forwarding with fluentd)

Telemeter and Insights Connected Experience

Included

Included

N/A

Feature

OpenShift Kubernetes Engine

OpenShift Container Platform

Operator name

OpenShift Cloud Manager SaaS Service

Included

Included

N/A

OVS and OVN SDN

Included

Included

N/A

MetalLB

Included

Included

MetalLB Operator

HAProxy Ingress Controller

Included

Included

N/A

Red Hat OpenStack Platform (RHOSP) Kuryr Integration

Included

Included

N/A

Ingress Cluster-wide Firewall

Included

Included

N/A

Egress Pod and Namespace Granular Control

Included

Included

N/A

Ingress Non-Standard Ports

Included

Included

N/A

Multus and Available Multus Plugins

Included

Included

N/A

Network Policies

Included

Included

N/A

IPv6 Single and Dual Stack

Included

Included

N/A

CNI Plugin ISV Compatibility

Included

Included

N/A

CSI Plugin ISV Compatibility

Included

Included

N/A

RHT and IBM middleware à la carte purchases (not included in OpenShift Container Platform or OpenShift Kubernetes Engine)

Included

Included

N/A

ISV or Partner Operator and Container Compatibility (not included in OpenShift Container Platform or OpenShift Kubernetes Engine)

Included

Included

N/A

Embedded OperatorHub

Included

Included

N/A

Embedded Marketplace

Included

Included

N/A

Quay Compatibility (not included)

Included

Included

N/A

RHEL Software Collections and RHT SSO Common Service (included)

Included

Included

N/A

Embedded Registry

Included

Included

N/A

Helm

Included

Included

N/A

User Workload Monitoring

Not Included

Included

N/A

Metering and Cost Management SaaS Service

Not Included

Included

N/A

Platform Logging

Not Included

Included

Red Hat OpenShift Logging Operator

OpenShift Elasticsearch Operator provided by Red Hat

Not Included

Cannot be run standalone

N/A

Developer Web Console

Not Included

Included

N/A

Developer Application Catalog

Not Included

Included

N/A

Source to Image and Builder Automation (Tekton)

Not Included

Included

N/A

OpenShift Service Mesh

Not Included

Included

OpenShift Service Mesh Operator

Service Binding Operator

Not Included

Included

Service Binding Operator

Feature

OpenShift Kubernetes Engine

OpenShift Container Platform

Operator name

Red Hat OpenShift Serverless

Not Included

Included

OpenShift Serverless Operator

Web Terminal provided by Red Hat

Not Included

Included

Web Terminal Operator

Jenkins Operator provided by Red Hat

Not Included

Included

Jenkins Operator

Red Hat OpenShift Pipelines Operator

Not Included

Included

OpenShift Pipelines Operator

Embedded Component of IBM Cloud Pak and RHT MW Bundles

Not Included

Included

N/A

Red Hat OpenShift GitOps

Not Included

Included

OpenShift GitOps

Red Hat CodeReady Workspaces

Not Included

Included

CodeReady Workspaces

Red Hat CodeReady Containers

Not Included

Included

N/A

Quay Bridge Operator provided by Red Hat

Not Included

Included

Quay Bridge Operator

Quay Container Security provided by Red Hat

Not Included

Included

Quay Operator

Red Hat OpenShift distributed tracing platform

Not Included

Included

Red Hat OpenShift distributed tracing platform Operator

Red Hat OpenShift Kiali

Not Included

Included

Kiali Operator

Metering provided by Red Hat (deprecated)

Not Included

Included

N/A

Migration Toolkit for Containers Operator

Not Included

Included

Migration Toolkit for Containers Operator

Cost management for OpenShift

Not included

Included

N/A

Red Hat JBoss Web Server

Not included

Included

JWS Operator

Red Hat Build of Quarkus

Not included

Included

N/A

Kourier Ingress Controller

Not included

Included

N/A

RHT Middleware Bundles Sub Compatibility (not included in OpenShift Container Platform)

Not included

Included

N/A

IBM Cloud Pak Sub Compatibility (not included in OpenShift Container Platform)

Not included

Included

N/A

OpenShift Do (odo)

Not included

Included

N/A

Source to Image and Tekton Builders

Not included

Included

N/A

OpenShift Serverless FaaS

Not included

Included

N/A

IDE Integrations

Not included

Included

N/A

Windows Machine Config Operator

Community Windows Machine Config Operator included - no subscription required

Red Hat Windows Machine Config Operator included - Requires separate subscription

Windows Machine Config Operator

Red Hat Quay

Not Included - Requires separate subscription

Not Included - Requires separate subscription

Quay Operator

Red Hat Advanced Cluster Management

Not Included - Requires separate subscription

Not Included - Requires separate subscription

Advanced Cluster Management for Kubernetes

Red Hat Advanced Cluster Security

Not Included - Requires separate subscription

Not Included - Requires separate subscription

N/A

OpenShift Container Storage

Not Included - Requires separate subscription

Not Included - Requires separate subscription

OpenShift Container Storage

Feature

OpenShift Kubernetes Engine

OpenShift Container Platform

Operator name

Ansible Automation Platform Resource Operator

Not Included - Requires separate subscription

Not Included - Requires separate subscription

Ansible Automation Platform Resource Operator

Business Automation provided by Red Hat

Not Included - Requires separate subscription

Not Included - Requires separate subscription

Business Automation Operator

Data Grid provided by Red Hat

Not Included - Requires separate subscription

Not Included - Requires separate subscription

Data Grid Operator

Red Hat Integration provided by Red Hat

Not Included - Requires separate subscription

Not Included - Requires separate subscription

Red Hat Integration Operator

Red Hat Integration - 3Scale provided by Red Hat

Not Included - Requires separate subscription

Not Included - Requires separate subscription

3scale

Red Hat Integration - 3Scale APICast gateway provided by Red Hat

Not Included - Requires separate subscription

Not Included - Requires separate subscription

3scale APIcast

Red Hat Integration - AMQ Broker

Not Included - Requires separate subscription

Not Included - Requires separate subscription

AMQ Broker

Red Hat Integration - AMQ Broker LTS

Not Included - Requires separate subscription

Not Included - Requires separate subscription

 

Red Hat Integration - AMQ Interconnect

Not Included - Requires separate subscription

Not Included - Requires separate subscription

AMQ Interconnect

Red Hat Integration - AMQ Online

Not Included - Requires separate subscription

Not Included - Requires separate subscription

 

Red Hat Integration - AMQ Streams

Not Included - Requires separate subscription

Not Included - Requires separate subscription

AMQ Streams

Red Hat Integration - Camel K

Not Included - Requires separate subscription

Not Included - Requires separate subscription

Camel K

Red Hat Integration - Fuse Console

Not Included - Requires separate subscription

Not Included - Requires separate subscription

Fuse Console

Red Hat Integration - Fuse Online

Not Included - Requires separate subscription

Not Included - Requires separate subscription

Fuse Online

Red Hat Integration - Service Registry Operator

Not Included - Requires separate subscription

Not Included - Requires separate subscription

Service Registry

API Designer provided by Red Hat

Not Included - Requires separate subscription

Not Included - Requires separate subscription

API Designer

JBoss EAP provided by Red Hat

Not Included - Requires separate subscription

Not Included - Requires separate subscription

JBoss EAP

JBoss Web Server provided by Red Hat

Not Included - Requires separate subscription

Not Included - Requires separate subscription

JBoss Web Server

Smart Gateway Operator

Not Included - Requires separate subscription

Not Included - Requires separate subscription

Smart Gateway Operator

Kubernetes NMState Operator

Included

Included

N/A

3.2. Subscription limitations

OpenShift Kubernetes Engine is a subscription offering that provides OpenShift Container Platform with a limited set of supported features at a lower list price. OpenShift Kubernetes Engine and OpenShift Container Platform are the same product and, therefore, all software and features are delivered in both. There is only one download, OpenShift Container Platform. OpenShift Kubernetes Engine uses the OpenShift Container Platform documentation and support services and bug errata for this reason.

Chapter 4. Kubernetes overview

Kubernetes is an open source container orchestration tool developed by Google. You can run and manage container-based workloads by using Kubernetes. The most common Kubernetes use case is to deploy an array of interconnected microservices, building an application in a cloud native way. You can create Kubernetes clusters that can span hosts across on-premise, public, private, or hybrid clouds.

Traditionally, applications were deployed on top of a single operating system. With virtualization, you can split the physical host into several virtual hosts. Working on virtual instances on shared resources is not optimal for efficiency and scalability. Because a virtual machine (VM) consumes as many resources as a physical machine, providing resources to a VM such as CPU, RAM, and storage can be expensive. Also, you might see your application degrading in performance due to virtual instance usage on shared resources.

Figure 4.1. Evolution of container technologies for classical deployments

247 OpenShift Kubernetes Overview

To solve this problem, you can use containerization technologies that segregate applications in a containerized environment. Similar to a VM, a container has its own filesystem, vCPU, memory, process space, dependencies, and more. Containers are decoupled from the underlying infrastructure, and are portable across clouds and OS distributions. Containers are inherently much lighter than a fully-featured OS, and are lightweight isolated processes that run on the operating system kernel. VMs are slower to boot, and are an abstraction of physical hardware. VMs run on a single machine with the help of a hypervisor.

You can perform the following actions by using Kubernetes:

  • Sharing resources
  • Orchestrating containers across multiple hosts
  • Installing new hardware configurations
  • Running health checks and self-healing applications
  • Scaling containerized applications

4.1. Kubernetes components

Table 4.1. Kubernetes components

ComponentPurpose

kube-proxy

Runs on every node in the cluster and maintains the network traffic between the Kubernetes resources.

kube-controller-manager

Governs the state of the cluster.

kube-scheduler

Allocates pods to nodes.

etcd

Stores cluster data.

kube-apiserver

Validates and configures data for the API objects.

kubelet

Runs on nodes and reads the container manifests. Ensures that the defined containers have started and are running.

kubectl

Allows you to define how you want to run workloads. Use the kubectl command to interact with the kube-apiserver.

Node

Node is a physical machine or a VM in a Kubernetes cluster. The control plane manages every node and schedules pods across the nodes in the Kubernetes cluster.

container runtime

container runtime runs containers on a host operating system. You must install a container runtime on each node so that pods can run on the node.

Persistent storage

Stores the data even after the device is shut down. Kubernetes uses persistent volumes to store the application data.

container-registry

Stores and accesses the container images.

Pod

The pod is the smallest logical unit in Kubernetes. A pod contains one or more containers to run in a worker node.

4.2. Kubernetes resources

A custom resource is an extension of the Kubernetes API. You can customize Kubernetes clusters by using custom resources. Operators are software extensions which manage applications and their components with the help of custom resources. Kubernetes uses a declarative model when you want a fixed desired result while dealing with cluster resources. By using Operators, Kubernetes defines its states in a declarative way. You can modify the Kubernetes cluster resources by using imperative commands. An Operator acts as a control loop which continuously compares the desired state of resources with the actual state of resources and puts actions in place to bring reality in line with the desired state.

Figure 4.2. Kubernetes cluster overview

247 OpenShift Kubernetes Overview 1

Table 4.2. Kubernetes Resources

ResourcePurpose

Service

Kubernetes uses services to expose a running application on a set of pods.

ReplicaSets

Kubernetes uses the ReplicaSets to maintain the constant pod number.

Deployment

A resource object that maintains the life cycle of an application.

Kubernetes is a core component of an OpenShift Container Platform. You can use OpenShift Container Platform for developing and running containerized applications. With its foundation in Kubernetes, the OpenShift Container Platform incorporates the same technology that serves as the engine for massive telecommunications, streaming video, gaming, banking, and other applications. You can extend your containerized applications beyond a single cloud to on-premise and multi-cloud environments by using the OpenShift Container Platform.

Figure 4.3. Architecture of Kubernetes

247 OpenShift Kubernetes Overview 2

A cluster is a single computational unit consisting of multiple nodes in a cloud environment. A Kubernetes cluster includes a control plane and worker nodes. You can run Kubernetes containers across various machines and environments. The control plane node controls and maintains the state of a cluster. You can run the Kubernetes application by using worker nodes. You can use the Kubernetes namespace to differentiate cluster resources in a cluster. Namespace scoping is applicable for resource objects, such as deployment, service, and pods. You cannot use namespace for cluster-wide resource objects such as storage class, nodes, and persistent volumes.

4.3. Kubernetes conceptual guidelines

Before getting started with the OpenShift Container Platform, consider these conceptual guidelines of Kubernetes:

  • Start with one or more worker nodes to run the container workloads.
  • Manage the deployment of those workloads from one or more control plane nodes.
  • Wrap containers in a deployment unit called a pod. By using pods provides extra metadata with the container and offers the ability to group several containers in a single deployment entity.
  • Create special kinds of assets. For example, services are represented by a set of pods and a policy that defines how they are accessed. This policy allows containers to connect to the services that they need even if they do not have the specific IP addresses for the services. Replication controllers are another special asset that indicates how many pod replicas are required to run at a time. You can use this capability to automatically scale your application to adapt to its current demand.

The API to OpenShift Container Platform cluster is 100% Kubernetes. Nothing changes between a container running on any other Kubernetes and running on OpenShift Container Platform. No changes to the application. OpenShift Container Platform brings added-value features to provide enterprise-ready enhancements to Kubernetes. OpenShift Container Platform CLI tool (oc) is compatible with kubectl. While the Kubernetes API is 100% accessible within OpenShift Container Platform, the kubectl command-line lacks many features that could make it more user-friendly. OpenShift Container Platform offers a set of features and command-line tool like oc. Although Kubernetes excels at managing your applications, it does not specify or manage platform-level requirements or deployment processes. Powerful and flexible platform management tools and processes are important benefits that OpenShift Container Platform offers. You must add authentication, networking, security, monitoring, and logs management to your containerization platform.

Legal Notice

Copyright © 2023 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.