Red Hat providing value through OpenShift and developer experience tools
Ryan Niksch (AWS) and Shaozhen Ding (Red Hat) discuss the value of Red Hat OpenShift as an application platform for developers and application owners, and take a look at add-ons which can compliment the developer and administrator experience.
To learn more about developer and admin tools with Red Hat products, please visit our developers website. You can also experiment within a cluster yourself with a 30-day no-cost trial Developer Sandbox trial, where you can practice building within OpenShift.
Ryan Niksch (00:00):
Greetings. My name is Ryan Niksch. I'm a Principal Solutions Architect with Amazon Web Services. Joining me here today is Shaozhen from Red Hat. Shaozhen, say hi.
Shaozhen Ding (00:10):
Hi. I'm Shaozhen Ding. I'm a Red Hat Managed Service Black Belt.
Ryan Niksch (00:13):
And today I'm going to pick a fight, because I want to talk about how Red Hat OpenShift is Kubernetes, and I don't think that's important. And before you get excited, let me tell you why. We commonly talk about OpenShift, whether that is self-managed OCP, or whether that is a managed service such as ROSA. And when we are engaging with people, we talk about how this is enterprise Kubernetes, this is Kubernetes that can be run at scale, and everybody fixates on the Kubernetes layer of OpenShift. And if we compare OpenShift to other Kubernetes products, let's compare it to Native Kubernetes as an example, or a DIY Kubernetes environment, we end up comparing OpenShift just at the Kubernetes layer.
Enterprise Kubernetes
(01:15):
And I feel that that doesn't do justice to OpenShift. There is so much more here. Immediately, what I want to draw attention to is... Yes, there's Kubernetes, fantastic, that's great for container orchestration. There is a run time under the hood that I think OpenShift does a very good job of extracting the complexity away from the container run time. I feel OpenShift also does a really great job of extracting away the real nuts and bolts of Kubernetes. I don't need to be a Kubernetes expert to use OpenShift, which might be a little bit different for something like Native Kubernetes, but there's stuff on top here. Build pipeline processes, logging, monitoring, security. Let's spend a second on this, zoom in on those. And then what I want you to do is run me through what are the things that Red Hat is providing developers in terms of productivity and experience that are not necessarily coming from OpenShift itself. Other components, and complimentary add-ons that really make a difference. So we've got the Kubernetes layer, we've got the container run time over here. So there is a run time, but then we've got sitting on top of this, and I'm just going to add some of the things that are standing out for me. There is a build, there's a pipeline process, there is deployment and there is monitoring and logging. Super important to all of our customers, there is security across the board. And I find OpenShift is a little bit more prescriptive in its security model. It's not just the case of the customer can turn things on and they don't just have the knobs and dials. There is actual recommendation in terms of the security there. What else am I missing that is OpenShift out of the box? I think, options?
Shaozhen Ding (03:28):
Yeah. So let's talk a little bit on developer experience or inner loop experience. So there's a product called OpenShift Dev Spaces.
OpenShift Dev Spaces
Ryan Niksch (03:40):
This is the older container workspaces?
Shaozhen Ding (03:45):
Yes.
Ryan Niksch (03:47):
Okay. Right.
(03:47):
And this is a developer IDE where if I'm a developer and I don't have a laptop or I don't have something, I can literally log in from anywhere and have my environment.
Shaozhen Ding (03:58):
Yeah.
Ryan Niksch (03:59):
So for me, this is fantastic because if my laptop dies, I don't end up dead in the water. I can literally find any system, connect to my OpenShift Dev Space and continue working.
Shaozhen Ding (04:10):
Yeah. Yes. It’s just trying to improve the inner loop of developer experience. Have you heard about inner loop?
Ryan Niksch (04:18):
I haven't. Tell me a little bit more about it.
Shaozhen Ding (04:20):
Yeah, so the Dev Space is trying to give you just an application, just a workspace pod. And the developer can actually do all the things within the inner loop including develop the code, test the code, and deploy the code to OpenShift or ROSA. And so they can finish all this kind of code editing, testing, the whole cycle, and then they can commute the code, for example, to a GitHub repo and then the pipeline and to pick up from the GitHub repo and then enter the production deployment. So-
Ryan Niksch (04:55):
This is really my OpenShift environment shrunk down into a developer local environment where I can run through a similar experience, but without needing to deploy all of the infrastructure of OpenShift itself.
Shaozhen Ding (05:11):
Yes.
Ryan Niksch (05:12):
But then taking the next step that once I'm ready for there, I can actually bring it into my OpenShift environment through a CI/CD pipeline process.
Shaozhen Ding (05:21):
So we have our two products, right? So OpenShift Dev Space is for developers' inner loop experience. For pipeline building, OpenShift provides another open source product, which is called OpenShift Pipelines.
OpenShift Pipelines
Ryan Niksch (05:38):
When I think of pipelines, I immediately think of CI/CD processes in OpenShift of old, that was stereotypically like a Jenkins-type platform. This is Tekton and I think Argo CD as well under the hood, so.
Shaozhen Ding (05:54):
Yeah. Argo CD's branded as another product called OpenShift GitOps. Right. So Tekton is a very popular open-source product. It's trying to build building blocks for pipelines. It's not like Jenkins because all the Tekton processes act as one as a Kubernetes pod. So you have a lot of the elastic advantage by using Tekton. And the other thing... So Tekton is pipelines, right? So it is for a CI process, you can use this to create a customizable, composable CI building block. And then for the GitOps, it is based on Argo CD and is focused on the continuous delivery process. Basically, GitHub has a declarative of your application in the Manifesto way to describe your application. And Argo CD is able to reconcile this to the OpenShift cluster. So you can see we have this inner loop experience for developers to code, test, and deploy their own application within a pod. And then you have pipelines actually building all the CI processes as native Kubernetes. And then you can use GitOps to actually deploy to various environments and even promote the environments, for example, from staging to production.
Ryan Niksch (07:23):
I think we're missing something here when we talk about pipelines and the CI/CD process to store the objects created by the build and pipeline process. I think Quay should come into the picture here somewhere.
Shaozhen Ding (07:37):
Yeah, when you build the pipelines, right? So there are multiple processes, right? And when you build the pipelines, for example, you probably do the unit task first and do some code analysis or scanning, and if you like building Java stuff, you have a release cycle, you may need a Artifactory, right? And the next step is you're going to build an image. For building images, you definitely need an image registry. Luckily, like OpenShift itself provides an internal registry.
Ryan Niksch (08:20):
Yes, it does.
Shaozhen Ding (08:22):
A lot of customers, they prefer using their existing or externalized registry.
Ryan Niksch (08:28):
That could be AWS ECR, it could be Red Hat Quay. There's a lot of different options over here.
Shaozhen Ding (08:34):
Yeah.
(08:40):
ECR, right? Yeah. So there are a lot of options, Docker registry, all these kinds of things.
Ryan Niksch (08:47):
You mentioned over here a scanning, and when you say scanning, I think of scanning in two ways. Sort of static content scanning, code level scanning. But then there's also scanning of the typical container objects. And now I'm thinking security tools like Aqua Security, Snyk, Prisma. These all hook into this process and they all have a very close partnership with both AWS and Red Hat. And they become instrumental in this part of the process here. The other thing that I'm curious about is, as you're going through this sort of flow, if we look at OpenShift's abstractions, and we look at something like source-to-Image, S2I, does a customer or a developer using source-to-image where they're just writing code, bypass some of the inner loop experience or bypass some of this?
Shaozhen Ding (09:53):
Yeah. So source-to-image is one way to build your image, right? So as you mentioned, there's an abstraction. So when you build the image, source-to-image is what OpenShift provided based on if theyhave a good abstraction of a container and then you can pull that container and you want through the build process for different kinds of code framework, for example, Java, Golang, those kinds of stuff.
Ryan Niksch (10:18):
I think the real benefit for me for source-to-image is as a developer, or I'm focusing on what I'm really good at, what is important to me, I'm writing my application code. I'm not overly concerned about building containers. OpenShift does that for me, which becomes an acceleration factor.
Shaozhen Ding (10:37):
And it also has a benefit for operators to standardize the security image because source-to-image, you have a base image. So that can actually make sure the base image is secure, is standardized. Everyone is using the same thing to build Java. Everyone is using the same thing... Same base image for Golang, those kind of-
Ryan Niksch (10:57):
Now, those base images, those are maintained by Red Hat, they're patched by Red Hat, they are validated from a security perspective, from Red Hat. So the same benefit I get from a trusted operating system like RHEL or CoreOS is now applying to the containers as well. What I like about this is when I think of OpenShift, I tend to think of it from an infrastructure perspective, and I'm getting all of this, but there really is a lot more developer-centric benefit to OpenShift. It's not just a Kubernetes orchestration platform. It really is a comprehensive developer experience. And the intent is to accelerate my business at every single step of the process. And for me, OpenShift 4 has done a really good job of moving away from not just providing benefits to developers or application owners, but really to those operations teams and sort of sysadmins in the back end that are managing the infrastructure side. So it's become a very much more encompassing, inclusive benefit that provides overall business benefit.
Shaozhen Ding (12:11):
Kubernetes, to me, is kind of like a container scheduler, right? But on top of that, you have operational... Like you mentioned observability, monitoring, logging. Then we have developer experience. As you said, OpenShift is... It's beyond just Kubernetes.
Ryan Niksch (12:27):
Yeah. I see it as a turnkey solution that brings everything that my business needs in one box. Shaozhen, thank you very much for joining me, as always a pleasure having you here.
Shaozhen Ding (12:39):
Thank you.
Ryan Niksch (12:40):
And thank you for joining us.