Red Hat OpenShift / Commons Briefings 2017 | OpenShift Commons

Red Hat’s Subin Modeel talks about how we can use OpenShift for Tensorflow application development.

The presentation will cover the following:
* How to build tensorflow binaries with S2I (Source-to-Image) feature on OpenShift.
* How to create custom docker images for Tensorflow for running on GPU with OpenShift.
* Using Jupyter notebook/jupyterab to write tensorflow code, to serialize models to TensorFlow’s SavedModel format and to use Openshift Source-to-image for creating models.
* How to deploy the model as an API endpoint which can be consumed by applications.

Subin will also be demoing some fun applications on OpenShift that leverage the technology:
* MNIST handwritten digit recognition app on OpenShift for CPU & GPU
* Inception app – CPU only
* Neural style transfer app on OpenShift for CPU/GPU

NuoDB is an elastic SQL database for cloud- and container-based environments. NuoDB’s architecture is designed to natively deliver:

* Scale-out by adding more computers and accommodate gracefully when machines are yanked out
* Never needs to be shut down
* Hardware and software fault tolerant
* Multi-site operation for business continuity
* Automatic load balancing

With NuoDB, you can adjust database size and performance on demand – even across data centers or clouds – without sacrificing data integrity, transactional consistency, or the standards-based SQL interface your developers already know.

In this briefing, NuoDb’s Christina Wong and Joe Leslie walk us through standing up your own OpenShift Origin cluster on Centos and pull in NuoDB containers as part of the platform.

No description provided.

In this briefing, Red Hat’s Mark LaMourine outlines the characteristics that define a “container host”, an OS tuned to run software in containers. Explore the benefits and peculiarities of a stripped down, light weight minimal OS image and the implications for CM and update strategies.

lnstall and setup your own Project Atomic environment and follow along as he demonstrates how a container host differs in operation from a conventional package based host.You will learn how to boot and integrate container hosts into your existing infrastructure. He will demonstrate how to install and use traditional host tools from containers and how to manage, update and customize container hosts.

Finally he will look at how a sysadmin’s day to day tasks and operations will differ when running infrastructure services and providing application runtime environments for developers and users on container hosts. We will establish base network services (DNS, NTP, Authentication) on container hosts as well as installing and demonstrating utility containers to provide standard admin tools that are stripped from light-weight hosts.

This briefing is aimed at Sysadmins and service designers interested in learning to use container hosts to reduce host management. Attendees will understand the goals and basic design requirements for container hosts. They will get an overview of the design of both CoreOS and Atomic host, highlighting the differences in architecture and how these inform the choice of container host for an installation.

A live demo session with Red Hat’s Paul Morie on the Service Catalogs in OpenShift 3.7 with Q/A

Release Candidate 0.1.0 of Service Catalog is now out the door and its Kubernetes’ incubation process continues, it’s time for another update from the Kubernetes Service Catalog team lead, Paul Morie (Red Hat) to give a progress report and a demo of Service Catalog in action with OpenShift.

In this session, NGINX’s Mikhail Pleshakov gave an overview and demonstration of the recently released Ingress Controller for OpenShift Container Platform based on the NGINX Plus Ingress Controller for Kubernetes. The NGINX Plus solution for OpenShift includes a high-performance load balancer, content cache, and web server, for delivering applications with greater performance, reliability, and scalability. The extensive feature set of NGINX Plus complements OpenShift, enabling organizations to deploy applications anywhere across a cluster so they can be reached by outside traffic. It can also improve the resilience and scale-out of deployed applications so they are available, and can respond more quickly to increased demand. By utilizing the NGINX Plus, NGINX users, including some of today’s most visited websites and applications, are rapidly adopting containers to gain the essential speed, agility, and flexibility in their application deployments. Ingress Controller solution for Red Hat OpenShift Container Platform, both Red Hat and NGINX customers can build and deliver quality applications at the speed required by their evolving business needs.

No description provided.

In this briefing, Red Hat's James Falkner gives a comprehensive overview and demonstration of Red Hat OpenShift Application Runtimes (RHOAR). RHOAR is the development suite for building microservices-based applications. James focuses on modernizing legacy services as well as developing responsive cloud-native services to demonstrate the power of microservices and provides number of techniques for modernizing your monoliths.

Buildah facilitates building OCI container images and is able to create and run containers without the Docker daemon even being installed. Buildah also allows you to easily create smaller, stronger, purpose-built containers that precisely fit your needs. A common problem people have with building container images with tools like Dockerfile and the run-time-based docker build command is the size of the image, as well as the number of build tools that end up inside of it. Another concern about these unnecessary tools is they can weaken your container by opening potential venues for hackers to take advantage. A really nice feature about Buildah is you can strengthen your container making it “stronger and more fit”. By finely tuning the creation of the container, and then adding or removing pieces as you desire, you can control the size of your container and lessen its vulnerabilities. It’s all under your control. In this briefing, Nalin and Dan will give us an overview of Buildah and a demo how to use it.

The OpenShift platform is enabling enterprise organizations to take advantage of container technologies such as Docker and Kubernetes to build, deploy, and run applications with unprecedented agility, scale, and speed. But containers also create highly dynamic, distributed, fast-moving attack surfaces that create new challenges for security teams. In this briefing, Wei Lien Dang, VP of Product at StackRox, covers the following topics:

– How containers and microservices change the threat landscape
– Examples of container attack vectors
– Best practices for monitoring, detecting, and mitigating threats to containers
– How StackRox complements security measures available in OpenShift
– How Global 2000 enterprises are using OpenShift and StackRox together

The very nature of containers – their minimalistic, declarative, and immutable characteristics – provide an opportunity automate and scale the protection of apps that run within them. In the old world of security, developers needed to manually tell security teams how their app worked and security teams needed to manually configure various tools, like firewalls, IDS/IPS, and vulnerability management suites, to protect them. Invariably, as the apps changed over time, the rules got out of sync and many organizations fell back to basic, parameterized approach to security. With continuers, though, we can apply machine learning to automatically build a predictive runtime model for each unique version of every app you have, helping you both improve your active threat protection but also to do so much more efficiently. In this briefing,Michael Withrow discusses how Twistlock uses these fundamental container characteristics to block vulnerabilities, stop malicious behaviors, and filter app layer traffic, fundamentally change how organizations secure their apps in a cloud native stack.

Our guest speaker for this briefing was Hyde Sugiyama, Senior Principal Technologist, Telecom & NFV in Red Hat’s APAC Office of Technology. He discussed Edge PaaS (RHOCP) running on RHOSP(NFV platform), which is a new collaboration effort amongst Telcos in APAC.

This briefing covers OpenShift & Multi-access Edge Computing for a number of cross-industry use cases ranging from IoT Robotics, Smart City, to Connected Car Network.

MEC (Multi-access Edge Computing) is deployed across distributed edge network nodes rather than deployed at a centralized big data center. To run many real-time value-added service applications for each industry on MEC servers in edge network nodes where rack space is limited, we need high-density virtualization such as container and cloud-native agile solutions across multicentral offices as a virtual data center.

The container virtualization technology orchestrated by Kubernetes(K8s)/OpenShift Container Platform is evolving by the cloud industry while OpenStack becomes the de-facto NFV platform of the Telecom carrier industry. We also discuss an MEC PoC for Edge PaaS at a telecom carrier.

This session will discuss MEC (Multi-access Edge Computing) deployment architectures for Edge PaaS and its challenges by adapting OpenShift Container Platform, SDN technology and Switch fabric along with OpenStack NFV edge platform infrastructure across virtual central offices.

In this briefing, Thomas Qvarnstrom introduces Red Hat OpenShift Application Runtimes (RHOAR) and discusses developing and running Spring applications on OpenShift. W also go over choice of runtimes and frameworks services available in RHOAR.

Another release of Kubernetes is just being released and it’s time for another overview/update from Red Hat’s Clayton Coleman and Derek Carr on all the many and varied new features and functions that are included in Kubernetes 1.8! Clayton and other Kubernetes contributors share details about the next release and beyond.

Clayton Coleman is the lead architect, engineer, and strategic visionary for application platforms in the cloud at Red Hat. Clayton is a core contributor to both OpenShift and Kubernetes, the open source platform as a service and the containerized cluster manager. He has helped set the direction for the evolution of cloud-native applications and the platforms that enable them.

In this era of specialization, no single software framework and architecture is suitable for all types of applications. The choices become overwhelming when combined with infrastructure that could be shaped via code. In this session, we discuss Red Hat’s approach to reducing complexity while providing flexibility to application developers with OpenShift Application Runtimes (RHOAR); a poly-architecture, poly-framework suite designed for OpenShift container platform to develop services-based responsive applications.

No description provided.

How do you securely create OpenShift projects? How do you manage access to those projects? How do you make your developers, stakeholders, and auditors all happy without manually creating accounts, policies, and bindings in OpenShift?

In this briefing Tremolo Security’s CTO, Marc Boorshtein, walks through OpenShift’s options for managing access to projects and describes what pitfalls you may run into in the modern enterprise. Marc will show how their open source solution, OpenUnison, can give you a self-service portal for onboarding and managing access to projects and clusters. Marc will demo OpenUnison, running on OpenShift, providing:

* SAML2 Authentication with the corporate identity provider
* Self-service creation of projects via a request/approval workflow, including the creation of policies, bindings, and approval workflows
* Self-service requests for roles in OpenShift projects
* Self-service reporting for auditors and stakeholders

Kubernetes is a great orchestration tool for containers, but why stop there? Containers and virtual machines are going to coexist in the data center. Let’s re-envision our virtualization and cloud solutions with Kubernetes as a single underlying platform.

In this briefing, get an introduction to KubeVirt – a project to converge the future data center using Kubernetes as its infrastructure. We cover how we are implementing a caring and stateful environment to run pet VMs in containers on top of Kubernetes – without contradicting its core assumptions. We also discuss gaps and how we plan to tackle those, drawing on our experience with KVM and caring for pet VMs (and cats) for many years. The session also includes a demo of how we are doing this today and where we want to go next.

CRI-O provides an integration path between OCI conformant runtimes and the kubelet. Specifically, it implements the Kubelet Container Runtime Interface (CRI) using OCI conformant runtimes. In this Briefing, Red Hat’s Dan Walsh and Mrunal Patel give a deep dive into CRI-O and discuss implications of this initiative and what to expect in future releases.

OpenShift and Kubernetes provide the tools to deploy and manage containers at scale. But how can security be integrated into the workflow? In this briefing, Gary Duan (NeuVector) introduces the container threat landscape and the security requirements for the Build, Ship, and Run phases. Runtime visibility and security is especially difficult and requires automation and built-in intelligence to scale. He shows how NeuVector inspects and visualizes network connections and protects OpenShift managed containers during runtime. NeuVector uses behavioral intelligence to discover the container application stack and network connections, and builds a whitelist-based security policy to protect containers as they scale up or down.

Gary also demonstrates how NeuVector captures network connections for applications deployed with OpenShift and provides multiple security layers for protecting and auditing an OpenShift environment.

The OpenContrail community has developed an integration with OpenShift, now also commercially available through the combination of Juniper Networks Contrail Networking with Red Hat OpenShift Container Platform.

In this briefing, James Kelly, Guilhem Tesseyre, and Savithru Lokanath from Juniper will present and demo how the integration is deployed, works, and adds value. OpenContrail for OpenShift automates the full lifecycle of its networking virtual domains, tenants, subnets, and security policies, all in sync with the lifecycle and workflow of OpenShift users and application builds, deployments and services. Beyond providing SDN multi-tenancy and micro-segmentation, OpenContrail is ideal for collapsing OpenStack and OpenShift SDNs, and adding advanced networking to OpenShift atop any infrastructure.

Monocular is an open source search and discovery front-end for Helm Chart repositories. Monocular has a web-based UI for managing Kubernetes applications packaged as Helm Charts. It allows you to search and discover available charts from multiple repositories and install them in your cluster a single click.

You can see it in action over at https://kubeapps.com, but running it in your own cluster gives you a neat way to create and manage Helm Chart installations inside your cluster. In this briefing, Adnan Abdulhussein of Bitnami will walk us through running Monocular on an OpenShift cluster.

Companies today are facing a multitude of challenges that they need to address in order to remain competitive in their markets. The pace of change in the business environment has increased dramatically, and getting products and services out to customers quickly has never been more important. Automation of the Continuous Delivery pipeline has shown to be an important capability to enabling these initiatives, and Red Hat OpenShift has proven to be key for automating developing, deploying, and maintaining containers within the idea-to-delivery pipeline.

Another critical piece is the continuous feedback loop, in order to measure business value across the idea-to-delivery pipeline. Organizations tried to solve this problem by bringing together metrics from various tools across the idea-to-delivery pipeline, but the lack of automation made these metrics less optimal and, many times, resulted in creating silos of key metrics. Learn how CollabNet are helping customers leverage lean concepts like value stream management with OpenShift to enable continuous monitoring and feedback across their idea-to-delivery toolchains for projects, applications and services.

The Kubernetes service-catalog project is in incubation to bring integration with service brokers to the Kubernetes ecosystem via the Open Service Broker API. A service broker is an endpoint that manages a set of services. The end-goal of the service- catalog project is to provide a way for Kubernetes users to consume services from brokers and easily configure their applications to use those services, without needing detailed knowledge about how those services are created / managed.

In this session, Paul Morie and Andrew Block provid a deep dive into the beta release of the service-catalog that is being made available for use in conjunction with Kubernetes 1.7

In this session, we will discuss how Minishift can be used as a local development environment for OpenShift and demonstrate one approach to developing Node.js applications with OpenShift/Minishift.

A team was assembled and tasked with evaluating Minishift as a local development environment for clients moving to OpenShift. The goal was to create a local environment that mirrored production as much as possible and to upskill people on Openshift at the same time.

A good local development workflow has quick feedback loops, meaning code changes are reflected instantly. OpenShift’s build and deploy process can be too slow in that context, so we set out on a journey to optimise this process.

The end result was a Node.js app running in a local OpenShift cluster that could be live reloaded without rebuilding containers. Along the way we learned about many of the core benefits of OpenShift such as the integrated build system, integrated docker registry, the powerful web console and templates.

We will discuss the various challenges encountered and provide some useful tips to those starting with Node on OpenShift. We’ll also do a live demo of the workflow and discuss some of the material in our open GitHub repo.

Speakers:
Dara Hayes, DevOps Engineer.
Conor O’Neill, Chief Product Officer

The PostgreSQL operator is a controller built on top of the Kubernetes API and works to automate and implement advanced database orchestration features often required by DBA staff in managing large numbers of PostgreSQL databases. In this overview, Jeff McCormick will describe what an operator is, how they are built, and demonstrates the features of the open source Postgres Operator provided by CrunchyData.​

Aporeto’s Cloud Native Security solution works through authentication, authorization, and encryption for all of a distributed application’s components. It generates a cryptographically-signed identity certificate for every application component orchestrated by OpenShift and allows interactions between those components if there is a policy that explicitly allows it. This whitelist security model is simple because it does away with the massive complexities of configuring the different segmentation schemes that would otherwise be required to achieve the same ends. In this briefing, Amir Sharif of Aporeto will give an overview of the solution and demonstrate using with applications deployed on OpenShift, explain the benefits and implications of this security model

Jaeger was inspired by Dapper and OpenZipkin and is a distributed tracing system released as open source by Uber Technologies.

It can be used for monitoring microservice-based architectures:

*Distributed context propagation
*Distributed transaction monitoring
*Root cause analysis
*Service dependency analysis
*Performance / latency optimization

In this briefing, Uber’s Yuri Shkuro and Red Hat’s Gary Brown, both core contributors to the Jaeger project, will give an introduction to using Jaeger with Prometheus on Kubernetes.

Find out more here: https://github.com/uber/jaeger/blob/master/README.md

Frederick Ryckbosch, founder and CTO of CoScale joins us for a discussion of performance considerations of running applications on OpenShift in production, and how to address these with CoScale’s container monitoring platform. A detailed demo will be provided including installation and configuration for OpenShift-specific insights.

Kubernetes is being released and it’s time for an overview/update from Red Hat’s Clayton Coleman on all the many and varied new features and functions that are included in Kubernetes 1.7!

The Kubernetes 1.7 release is focused on on the “theme” which covers Kubernetes extensibility and is easily one of the most important arcs in the entire project (includes admission control extension, initializers, crd, and API extension). This release also includes kubectl extension, the stateful set and daemon set updates. As well this release includes new security features – secrets at rest, node security and continued improvements to other parts as well as pod security policy.

Clayton Coleman, lead architect, engineer, and strategic visionary for application platforms in the cloud at Red Hat will be our guest speaker.

Eclipse Che is a next generation cloud IDE and developer workspace server that allows anyone to contribute to a project without having to install software. Che uses a server to start and snapshot containerized developer workspaces attached to a cloud IDE. This makes developer workspaces portable, recipe-based, and scalable. We’ll demonstrate how Che can be used by a development team with a multi-container application to speed project bootstrapping.

Presenter: Brad Micklea, Red Hat (via Codenvy) is an Eclipse Che committer and he ran marketing, services and operations for Codenvy before it was acquired in May 2017 by Red Hat.

Avi Networks’ Ashish Shah, Senior Director, Product Management, was the guest speaker for this briefing covering key container networking concepts and introducing the capabilities in the Avi Networks’ Service Mesh for OpenShift/Kubernetes applications.

Application networking services needed for OpenShift/Kubernetes applications are very different from traditional three-tier applications. Services such as load balancing within and across clusters, service discovery, application performance monitoring, security, and visibility are needed to deliver robust container applications. Traditional hardware or virtual appliance-based load balancers are not built to handle the dynamic and distributed nature of microservices applications, while lightweight proxies don’t have the analytics, scale, security, nor enterprise class load balancing features that enterprises expect for production deployments.

Monitoring can mean very different things to different people, and this often leads to confusion and misunderstandings. There are many offerings for both free software and commercial software, and it’s not always clear where each fits in the bigger picture. This talk will look a bit at the history of monitoring, and then delve into the general categories of Metrics, Logs, Profiling, and Distributed tracing and how each of these is important in cloud-based environment.

This briefing will explore the core concepts behind monitoring in a Cloud-based environment, and how the inter-related monitoring offerings & OSS projects can help your organization deliver a full monitoring solution for your OpenShift/Kubernetes implementations.

Guest Speaker: Brian Brazil, Founder, RobustPerception.io and core Prometheus developer

In this webcast, Nenad Bogojevic from Amadeus and Diogenes Rettori from Red Hat talk about security mechanisms and protections related to Red Hat OpenShift Container Platform and Amadeus' experiences deploying and using OpenShift, including security mechanisms, such as user and network access control and policies in OpenShift and underlying Openstack, the audit trail of administrative actions, ways to use and protect Kubernetes secrets as well as some best practices for Docker containers. They also present some possibilities to address technical limitations or potentially unknown vectors of attack using compensating controls via auditd, monitoring, and alerting.

Amadeus operates large-scale, secure, Payment Card Industry Data Security Standard (PCI/DSS)-compliant online and e-retail systems. Recently, they started migrating those systems to OpenShift Container Platform. For Amadeus and their customers, security and compliance is paramount.

Guest Speakers:
Nenad Bogojevic – Software Architect, Amadeus
Diogenes Rettori – OpenShift Product Manager, Red Hat

In this session, Brian Brazil, Founder, RobustPerception.io and core Prometheus developer, explains the core ideas behind Prometheus, how to get useful metrics from your applications, processing that data, getting alerts on what matters, and creating dashboards to aid debugging on OpenShift.

Presenters:
Brian Brazil– Founder, RobustPerception.io

Deploying Multi-Container Applications on OpenShift with the Ansible Service Broker

The Kubernetes Service Catalog and Open Service Broker API are creating a new way for users to provision and manage services on OpenShift through a collection of Service Brokers. One of these brokers, the Ansible Service Broker, is focused on providing a mechanism for allowing applications defined with Ansible to be exposed to the Service Catalog. We call this application definition an Ansible Playbook Bundle (APB); a lightweight definition that is essentially a few Ansible playbooks named for each of the Open Service Broker API methods. The bundle is packaged as a container image with an Ansible runtime for distribution to be consumed by the Ansible Service Broker.

In this talk we will introduce the concept of the Ansible Playbook Bundle and Ansible Service Broker. Additionally, we will walk through a few use cases demonstrating how to define and deploy multi-container applications.

Presenters:
Todd Sanders – Director, Software Engineering
John Matthews – Principal Software Engineer

Even in Containers, application security still matters. Running applications in containers means that many processes need to change. And security is no exception. Beyond the security and configuration of the container platform, there are implications to security of the application development, the way it runs, and how it is protected in production.

The very first line in a Docker file: FROM, is where security begins. The choice of the base image, the prerequisite components and the configuration of the image – all impact the security of the eventual container.

Security considerations are necessary when images are pulled and used. Are the images certified to run? Do they pass the risk criteria of the organization? A containerized environment still requires the demonstration of control, for compliance reasons and for the overall security of the application.

And as containers run, there are requirements to monitor their behavior, prevent modifications and protect them from unauthorized actions.

In this session, Aqua’s Tsvi Korren gives an overview of Aqua’s framework for effective application security in a containerized environment. It begins in the development process, progresses as images are built, continues through assurance of image authorization, and protects all running containers.

In this briefing, Eduardo Silva, Open Source Developer at Treasure Data will give us an overview of Fluentd and demonstrate how to use it with OpenShift & Kubernetes. Fluentd was recently added as a Cloud Native Computing Foundation (CNCF) member project.

Background:

Regardless of your environment, logging can be complex. System services and specific application logs need to be consumed different ways and the data retrieved likely comes in a variety of different formats, which presents an interest challenge. In the Cloud Native era, we see this complexity increase when deployment happens at scale. At this point having a non-generic logging tool is not enough to solve the problem. Instead a custom solution capable to integrate, understand and connect the dots between different end-points is highly recommended; that’s why Fluentd was created.

Fluentd allows you to implement an unified logging layer in any type of environment. It was designed with flexibility in mind, with a pluggable architecture of more than 600 extensions provided by the community, and can collect, parse, filter and deliver logs from any source to most of the well known destinations like local databases or cloud services. Find out more at http://www.fluentd.org/

Guest Speaker: Eduardo Silva, Open Source Developer at Treasure Data

A common repetitive task for OpenShift administrators is keeping virtual machines up-to-date with the latest security fixes, patches and managing updates to the installed software packages while still maintaining application uptime for users. We show how Cloudsoft AMP can automate this process of repaving, helping you to achieve a secure and evergreen OpenShift deployment using the latest releases and updates from Red Hat.

Guest Speaker: Andrew Kennedy is a Senior Software Engineer at Cloudsoft and the founder of the Clocker project. He is a contributor to several Open Source projects including jclouds and Qpid and is on the Apache Brooklyn PMC. Areas of interest include Distributed Systems, Virtualization, Messaging, Information Security and LOLcats. Prior to joining Cloudsoft, Andrew worked for various investment banks as a Software Engineer and Security Consultant and has over twenty years experience in the IT industry.

Unravelling the Mysteries of Cloud-Based Virtualization, Containers, and Microservices

Guest Speaker: John H Terpstra, Dell EMC

Nearly everyone has heard about Containers within a Cloud-based information services platform environment. Few can provide a succinct comparative features and benefits of the development environments and the deployment model and few can provide a succinct overview. Brevity is important when describing next-generation software architectures, particularly when the person who needs to hear and understand can unlock a budget necessary for platform acquisition. There is no substitute for a good elevator pitch when asking management to invest in the future. We will review and discuss the key features and benefits of bare metal deployment, use of virtualization, containers, microservices, and unikernels.

Guest Speaker: Zohaib Khan, Practice Lead and Manager PaaS Community of Practice at Red Hat

Guest Speaker: Ray Tsang (Google)

gRPC is a high performance, open source, general RPC framework that puts mobile and HTTP/2 first. gRPC is based on many years of Google’s experience in building distributed systems – it is designed to be low latency, bandwidth and CPU efficient, to create massively distributed systems that span data centers, as well as power mobile apps, real-time communications, IoT devices and APIs. It’s also interoperable between multiple languages.

But beyond that fact that it’s more efficient than REST, we’ll look into how to use gRPC’s streaming API, where you can establish server-side streaming, client-side streaming, and bidirectional streaming! This allows developers to build sophisticated real-time applications with ease.

In addition to learning about gRPC and HTTP/2 concepts with code and demonstrations, we’ll also deep dive into integration with existing build systems such as Maven and Gralde, but also frameworks such as Spring Boot and RxJava.
– Configuring projects to generate gRPC stub code – Using Protobuf3 to define services
– Creating synchronous and asynchronous services, with streaming.
– Load balancing
– Interceptors

Learn how running a storage platform in Kubernetes pods is a game-changer not just for storage administrators but for application developers as well. This ground-breaking technology runs containerized Gluster (a mature distributed open source storage platform) inside Kubernetes and on Red Hat’s OpenShift Container Platform as a completely integrated solution, aggregating storage form local hosts (Kubernetes worker nodes) and serving it out to application containers. This solution integrates a fully-featured enterprise-grade storage platform with a wide variety of data services including snapshots, geo-replication, tiering, cloning, encryption; runs storage and compute containers on the same set of nodes, all provisioned, scaled and upgraded using Kubernetes. The Briefing will feature a demo and a detailed roadmap for this solution.

Guest Speakers:

Sayandeb Saha (Red Hat) Head of Product, Container Storage, Red Hat Gluster Storage & Storage Management, Red Hat – Sayan is responsible for product strategy and leads a team of product managers for Red Hat Gluster Storage, Red Hat’s container native storage solution with Red Hat OpenShift, hyper-converged virt+storage solution with Red Hat Virtualization/KVM, unified storage management platform for Ceph & Gluster and is the technical Product Manager for CephFS.

Michael Adam (Red Hat) is an enthusiastic and experienced open source software developer, interested in all things about storage and containers. One of the main developers of Samba since more than a decade, Michael is today an engineering manager at Red Hat, leading two worldwide teams: The Samba team for Gluster storage, and the team that develops the Container Native Storage solution, which brings distributed and dynamic persistent storage with Gluster to Kubernetes.

OpenShift networking works great out of the box, right? So why would you consider anything else? This briefing examines an alternative approach that has benefits for many scenarios – from tightly securing a few high-value AWS instances to scaling a large private cloud deployment.

Come learn how the Calico solution differs from traditional solutions like OpenShift SDN, and how Calico has now been integrated with Kubernetes and OpenShift to provide a smooth deployment experience, and lessons learned across hundreds of enterprise users.

Guest Speaker: Andrew Randall, Tigera

.NET Core 1.1 is now available (external version) and supported on both Red Hat Enterprise Linux and Red Hat OpenShift Container Platform. This second .NET Core release shows Red Hat’s continued commitment to opening up platform choices for enterprises seeking to use .NET in Linux environments, including container-centric operating systems. We’re also pleased to lead the way in the Linux world yet again with our support for .NET, as Red Hat Enterprise Linux is the only commercial Linux distribution to feature full, enterprise-grade support for .NET Core. In this session, we’ll discuss some of the new application development highlights in Microsoft’s .NET Core 1.1:

• Over 1,300 new APIs since .NET Core 1.0.
• .NET Core 1.1 docker images from Red Hat’s container registry.
• Safe side-by-side installation with .NET Core 1.0.
• Performance improvements

If your development team is using a microservices-based approach where some components are built with .NET and others with Java, you can build and deploy on your choice of Red Hat Enterprise Linux and Red Hat OpenShift Container Platform, please join us for this briefing as we want to hear from you!

It’s been 5 short months since we launched the first commercially supported distribution of .NET Core on Linux. In that time, customer interest has continued to grow. Red Hat is an original member of the .NET Foundation Technical Steering Group, and as such we’re interested in your feedback to help us determine the future direction of .NET

Speakers: Todd Mancini, Senior Principal Product Manager and Don Schenck, Developer Advocate for .NET on Linux (Red Hat)

Microservices are more than just building small services and with it comes operational and architecture challenges. Service integration, fault tolerance, independent development, deployment and scaling without disrupting production and operational monitoring are a few of challenges that need to get resolved for a successful journey into the modern application architecture.

In this session, we will discuss modern application architecture and give a full stack demo of building and running polyglot applications using containers, continuous delivery, JBoss middleware, Netflix OSS, Spring, OpenShift, CloudForms, and other technologies.

Minishift is an open-source project dedicated to developing and supporting Minishift. The code base is forked from the Minikube project. Minishift helps you run OpenShift locally by running a single-node OpenShift cluster inside a VM. You can try out OpenShift or develop with it, day-to-day, on your local host. Minishift uses libmachine for provisioning VMs, and OpenShift Origin for running the cluster.

Hardy Ferentschik and Lalatendu Mohanty will give us an introduction to deploying and using MiniShift and talk a bit about the road ahead for both MiniShift and MiniKube.

Guest Speaker: Harold Wong, Senior Software Development Engineer, Microsoft Azure

Deploying OpenShift in Azure isn’t that radically different than deploying in another cloud provider or on-premises. There are infrastructure items that will need to be configured in Azure that has some uniqueness to it. Although you can do all the work manually and then install OpenShift via Ansible Playbook, the easier way is to take advantage of Azure ARM templates to help automate the deployment of all the “stuff”. In this briefing, Harold Wong will walk us through a live demonstration of how to use some existing ARM templates to deploy OpenShift Origin and OpenShift Container Platform in an automated fashion.

Enterprise complexity yields a new set of challenges as companies mature in their use of Kubernetes and OpenShift. Providing virtual multitenancy on OpenShift allows organizations to share Kubernetes clusters between multiple production applications and/or between development, test, and production. Sharing clusters with non-containerized applications creates a different set of issues altogether. Univa’s CTO, Fritz Ferstl, will demonstrate how Navops Command provides the advanced scheduling and policy framework allowing sharing of OpenShift clusters across teams and for the deployment and execution of non-containerized workloads in a Kubernetes context.

Guest Speaker: Fritz Ferstl, CTO – Univa

ushing Docker and OpenShift-based applications into production will radically change the way you monitor and troubleshoot your environment. Sysdig’s Knox Anderson and Apurva Dave will review the challenges of this new infrastructure and get live examples of monitoring and troubleshooting docker for optimal efficiency. During this webinar you’ll learn:

– How should you monitor services built on top of containers?
– What metrics become more relevant in docker-based environments?
– How do you construct alerts most effectively?
– How do you troubleshoot containers that are rapidly coming and going?

The webinar will focus on demonstrating both open source and commercial tools that can help you solve these new challenges. You’ll walk away with ideas that you can immediately put to work in any scale environment.

Guest Speakers: Alban Crequy of Kinvolk.io and Ilya Dmitrichenko of Weave.works

In an OpenShift Commons Briefing last May, we demoed a prototype of using Weave Scope on OpenShift to do traffic shaping; limit bandwidth, drop packages, change latency. Since then, Weaveworks and Kinvolk worked together to make this available as a proper Scope plugin (https://github.com/weaveworks-plugins/scope-traffic-control).

This time around, we’ll demonstrate the outcome of that work. Specifically, we’ll introduce Weave Scope and look at its plugin architecture, demo a few of the plugins that are currently available, and see how Scope plugins can be installed on OpenShift.

We’ll use the microservices-dem (https://github.com/microservices-demo/microservices-demo), Sock Shop, to see an example of how traffic shaping is useful for testing. Finally, we will introduce you to some of the katacoda (https://katacoda.com/) guides available on the Weave website

(https://www.weave.works/guides/) where you can test out and learn more about Weave Scope.

Apache Spark based applications are often comprised of many separate, interconnected components that are a good match for an orchestrated containerized platform like Kubernetes. But with the increased flexibility afforded by these technologies comes a new set of challenges for building rich data-centric applications.

In this SIG session, we will discuss techniques for building multi-component Apache Spark based applications that can be easily deployed and managed on the OpenShift platform. Building on experiences learned while developing and deploying cloud native applications, we will explore common issues that arise during the engineering process and demonstrate workflows for easing the maintenance factors associated with complex installations.

Guest Speaker: Michael McCune Senior Software Engineer, Red Hat

Michael is a software developer in Red Hat’s emerging technology group. He is a contributor to, and core reviewer for the Oshinko project, the Sahara project, the OpenStack Security Project, and the OpenStack API Working Group. For the last two years, he has been creating and deploying data-driven applications and infrastructure for the OpenStack and OpenShift platforms.

Synopsis:
Any deployment of OpenShift on networks owned by the US federal government, including those owned by the Department of Defense and Intelligence Community, is required to be compliant with FISMA [0] security standards. Making OpenShift Container Platform 3.3 FISMA compliant is easier than ever with the OpenShift Compliance Guide [1].

We’ll discuss how the guide was developed, how we think we can meet the criteria for FISMA High, challenges we encountered, and how the community can contribute.

[0] – https://en.wikipedia.org/wiki/Federal_Information_Security_Management_Act_of_2002
[1] – http://openshift-compliance-guide.readthedocs.io/en/latest/

.Gov SIG Co-chairs are Todd Wilson,(BC .Gov) and John Osbourne (Red Hat)

The Fedora Project recently announced the availability of the Fedora Docker Layered Image Build Service. The Fedora Cloud WG has been the primary maintainers of this project on GitHub. But now the service is available in dist-git as official components of Fedora. From there we will extend an invitation to all Fedora Contributors to maintain Docker Layered Image Containers for official release by the Fedora Project. Currently this effort is to enable the Fedora Cloud/Atomic Working Group goals of targeting Fedora Atomic Host as a primary deliverable to power the future of Cloud. This is also to enable the Fedora Modularity work be delivered as Containers in the future as Fedora becomes fundamentally more modular in nature.

The Fedora Layered Image Build System is built using a combination of open source projects. The main elements are: Docker, Koji, OpenShift Origin, Atomic Reactor, and OSBS Client.

More background on the announcement here: https://communityblog.fedoraproject.org/fedora-docker-layered-image-build-service-now-available/