OpenShift

OpenShift is a platform based on Kubernetes to host and manage applications in containers.

Core concepts

Software

Containers & pods

Containers: Lightweight, standalone executable packages that include everything needed to run an application. Modern containers use the Open Container Initiative (OCI) standard and aren’t limited to Docker. They enable consistent deployment across different environments.
Images: Immutable templates used to create containers. They follow a layered architecture and can be built using various tools like Buildah, Podman, or Docker. Images are defined using Containerfiles or Dockerfiles.
Image tags: Metadata identifiers for image versions, variants, and architectures. Modern practices include using content-addressable digests alongside tags for immutable references.
Container registries: Centralized repositories that store and distribute container images. Support features like vulnerability scanning, signing, and RBAC. Popular options include Quay.io, Docker Hub, and private registries.
Pods: Smallest deployable units in Kubernetes/OpenShift. Can contain multiple containers that share network namespace, storage, and lifecycle. Pods are ephemeral and should be managed through higher-level controllers.
Pod lifecycle: Managed through phases including Pending, Running, Succeeded, Failed, and Unknown. Containers within pods can have individual restart policies and health checks.
Services: Abstract way to expose applications running in pods. Types include ClusterIP, NodePort, LoadBalancer, and ExternalName. Support features like service mesh integration.
Labels and annotations: Key-value pairs for organizing and selecting Kubernetes resources. Annotations provide non-identifying metadata for automation and tooling.

Projects & users

Users: Identity management integrated with enterprise systems (LDAP, OAuth, etc.). Supports Role-Based Access Control (RBAC) with custom roles and bindings.
Kubernetes namespaces: Virtual clusters within a physical cluster. Support resource quotas, network policies, and service isolation. Enable multi-tenancy and environment separation.
Projects: OpenShift’s extension of namespaces with additional security controls, routing, and monitoring features. Support for project templates and operator integration.

Builds & Deployments

Builds: Pipeline-based image creation process. Supports multiple build strategies including Source-to-Image (S2I), Containerfile, and custom builds. Integration with modern CI/CD tools like Tekton.
Image streams: OpenShift abstraction for managing container images. Support automatic updates, rollbacks, and deployment triggers. Enable image promotion across environments.
Deployments: Declarative updates to applications. Use ReplicaSets (replacing older ReplicationControllers) for maintaining desired pod state. Support advanced deployment strategies like rolling, blue-green, and canary.
Jobs and CronJobs: Manage pods that run to completion. Support for parallel processing, retry policies, and scheduled execution. Integration with cluster autoscaling.
Operators: Software extensions to Kubernetes that use custom resources to manage applications and their components. Automate operational tasks and complex deployments.

Infrastructure

Nodes: Physical or virtual machines running containerized workloads. Support various runtime classes and compute profiles. Can be managed through machine sets and autoscaling.
Clusters: Distributed systems for container orchestration. Support hybrid and multi-cloud deployments, federation, and advanced networking models.
Service mesh: Infrastructure layer for service-to-service communication. Provides traffic management, security, and observability features.

More information: