Difference between revisions of "OpenShift"

From Christoph's Personal Wiki
Jump to: navigation, search
(External links)
 
(8 intermediate revisions by the same user not shown)
Line 42: Line 42:
 
# Push image to OpenShift Container Registry (OCR)
 
# Push image to OpenShift Container Registry (OCR)
 
# Deploy
 
# Deploy
 +
 +
==Services==
 +
 +
OpenShift DNS leverages SkyDNS.
 +
 +
* SDN plugins
 +
** Default: ovs-subnet
 +
** ovs-multitenant plugin (allows for isolation of networks between OpenShift Projects)
 +
** neagenetworks
 +
** Contiv
 +
** flannel
 +
 +
==Networking==
 +
 +
; OpenShift Software Defined Network (SDN)
 +
 +
OpenShift uses Open vSwitch as its SDN
 +
* Open vSwitch is an "Overlay Network"
 +
* VLAN tagging
 +
* Trunking
 +
* LACP
 +
* Port mirroring
 +
* Default network: <code>10.128.0.0/14</code>
 +
** Each node's subnet: (e.g.) <code>10.128.0.0/23</code>, <code>10.128.2.0/23</code>, <code>10.128.4.0/23</code>
 +
** All Pods get a unique IP within a given subnet on a given node (e.g., <code>10.128.0.5</code> or <code>10.128.2.2</code>)
 +
 +
* Get IP address assigned to a given pod(s):
 +
<pre>
 +
$ oc get pods -o wide
 +
NAME                    READY    STATUS      RESTARTS  AGE      IP          NODE
 +
sample-webapp-1-build  0/1      Completed  0          55m      172.17.0.2  localhost
 +
sample-webapp-1-k2xqv  1/1      Running    0          55m      172.17.0.2  localhost
 +
</pre>
 +
 +
; OpenShift DNS
 +
 +
Uses SkyDNS to implement DNS functionality (on top of etcd)
 +
 +
$ mysql.connect(10.128.0.5)  # <- Bad
 +
$ mysql.connect(<pod_name>)  # <- Good
 +
 +
; SDN Plugins
 +
* Default plugin: ovs-subnet
 +
** ovs-multitenant (each "project" gets its on unique virtual private network)
 +
* nuagenetworks
 +
* Contiv
 +
* flannel
 +
 +
; External connectivity
 +
 +
; Route - Load Balancing
 +
* Algorithms:
 +
** source (default)
 +
** roundrobin
 +
** leastconn
 +
 +
==Storage==
 +
 +
OpenShift leverages Kubernetes' ''Persistent Volumes'' for storage.
 +
 +
* Plugins include:
 +
** Local
 +
** iSCSI
 +
** Fibre Channel
 +
** NFS
 +
** GlusterFS
 +
** Ceph RDB
 +
** OpenStack Cinder
 +
** AWS Elastic Block Store (EBS)
 +
** GCE Persistent Disk
 +
** Azure Disk
 +
** Azure File
 +
** VMware vSphere
 +
 +
* Storage access modes (same as in Kubernetes):
 +
** Single user (RWO)
 +
** Shared access (RWX)
 +
** Read only (ROX)
  
 
==Minishift==
 
==Minishift==
Line 66: Line 144:
  
 
* Get a list of OpenShift users:
 
* Get a list of OpenShift users:
  $ curl -kH "Authorization: Bearer ${TOKEN}" <nowiki>https://192.168.99.101:8443/oapi/v1/users</nowiki>
+
  $ curl -kH "Authorization: Bearer ${TOKEN}" <nowiki>https://192.168.99.100:8443/oapi/v1/users</nowiki>
 
<pre>
 
<pre>
 
{
 
{
Line 119: Line 197:
 
</pre>
 
</pre>
 
  $ TOKEN=$(oc whoami -t)
 
  $ TOKEN=$(oc whoami -t)
  $ curl -kH "Authorization: Bearer ${TOKEN}" <nowiki>https://192.168.99.101:8443/oapi/v1/projects</nowiki>
+
  $ curl -kH "Authorization: Bearer ${TOKEN}" <nowiki>https://192.168.99.100:8443/oapi/v1/projects</nowiki>
 
<pre>
 
<pre>
 
{
 
{
Line 162: Line 240:
  
 
[[Category:Technical and Specialized Skills]]
 
[[Category:Technical and Specialized Skills]]
 +
[[Category:DevOps]]

Latest revision as of 00:08, 30 August 2018

OpenShift is a computer software product from Red Hat for container-based software deployment and management. It is a supported distribution of Kubernetes using Docker containers and DevOps tools for accelerated application development.

Introduction

In the world of Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS), OpenShift is Red Hat's PaaS.

Different flavours of OpenShift:

OpenShift Origin 
Open source application container platform
OpenShift Online 
Public Application Development hosting service
OpenShift Dedicated 
Managed private cluster on AWS/Google Clouds
OpenShift Enterprise 
On-premise private PaaS

This article will mainly discuss OpenShift Origin.

OpenShift Origin is based on top of Docker containers and the Kubernetes cluster manager, with added developer and operational-centric tools that enable rapid application development, deployment, and lifecycle management.

  • OpenShift Tools:
    • Source Code Management (SCM) -> git
    • Pipelines (CI/CD)
    • Container Registry (OCR), for Docker images
    • Software Defined Networking (SDN) => Open vSwitch (VLAN tagging, trunking, LACP, port mirroring)
    • API
    • etcd (stores the state of the various OpenShift components)
    • Governance (managing teams and users to provide access to applications and services)
  • Three ways to interact with OpenShift:
    • Web console (default port: 8443)
    • CLI (OpenShift Client, oc)
    • REST API
  • Types of users:
    • Regular (e.g., developers; bob, alice)
    • System (e.g., admins; system:admin, system:master)
    • Service (e.g., system:serviceaccount:project01:db_user)

Deployments

  1. Link to SCM (e.g., git, GitHub, GitLab, BitBucket, etc.)
  2. Create build
  3. Download source code
  4. Build image
  5. Push image to OpenShift Container Registry (OCR)
  6. Deploy

Services

OpenShift DNS leverages SkyDNS.

  • SDN plugins
    • Default: ovs-subnet
    • ovs-multitenant plugin (allows for isolation of networks between OpenShift Projects)
    • neagenetworks
    • Contiv
    • flannel

Networking

OpenShift Software Defined Network (SDN)

OpenShift uses Open vSwitch as its SDN

  • Open vSwitch is an "Overlay Network"
  • VLAN tagging
  • Trunking
  • LACP
  • Port mirroring
  • Default network: 10.128.0.0/14
    • Each node's subnet: (e.g.) 10.128.0.0/23, 10.128.2.0/23, 10.128.4.0/23
    • All Pods get a unique IP within a given subnet on a given node (e.g., 10.128.0.5 or 10.128.2.2)
  • Get IP address assigned to a given pod(s):
$ oc get pods -o wide
NAME                    READY     STATUS      RESTARTS   AGE       IP           NODE
sample-webapp-1-build   0/1       Completed   0          55m       172.17.0.2   localhost
sample-webapp-1-k2xqv   1/1       Running     0          55m       172.17.0.2   localhost
OpenShift DNS

Uses SkyDNS to implement DNS functionality (on top of etcd)

$ mysql.connect(10.128.0.5)  # <- Bad
$ mysql.connect(<pod_name>)  # <- Good
SDN Plugins
  • Default plugin: ovs-subnet
    • ovs-multitenant (each "project" gets its on unique virtual private network)
  • nuagenetworks
  • Contiv
  • flannel
External connectivity
Route - Load Balancing
  • Algorithms:
    • source (default)
    • roundrobin
    • leastconn

Storage

OpenShift leverages Kubernetes' Persistent Volumes for storage.

  • Plugins include:
    • Local
    • iSCSI
    • Fibre Channel
    • NFS
    • GlusterFS
    • Ceph RDB
    • OpenStack Cinder
    • AWS Elastic Block Store (EBS)
    • GCE Persistent Disk
    • Azure Disk
    • Azure File
    • VMware vSphere
  • Storage access modes (same as in Kubernetes):
    • Single user (RWO)
    • Shared access (RWX)
    • Read only (ROX)

Minishift

Minishift is a tool that helps you run OpenShift locally by launching a single-node OpenShift cluster inside a virtual machine. With Minishift you can try out OpenShift or develop with it, day-to-day, on your local machine.

  • Start up a single node OpenShift "cluster":
$ minishift start --vm-driver virtualbox
$ kubectl config set-context minishift
  • Install and configure oc:
$ minishift oc-env
$ export PATH="/home/champ/.minishift/cache/oc/v3.9.0/linux:$PATH"
$ eval $(minishift oc-env)
  • Add ability to login as Admin:
$ minishift addon apply admin-user
$ oc login -u admin  # password = admin
  • Get token for API (valid for 24 hours):
$ TOKEN=$(oc whoami -t)  # E.g., ZndWHOAc7SfJspq3-CwBsb1Wxn7R3zqt9gI2RsABt6M
  • Get a list of OpenShift users:
$ curl -kH "Authorization: Bearer ${TOKEN}" https://192.168.99.100:8443/oapi/v1/users
{
  "kind": "UserList",
  "apiVersion": "v1",
  "metadata": {
    "selfLink": "/oapi/v1/users",
    "resourceVersion": "9069"
  },
  "items": [
    {
      "metadata": {
        "name": "admin",
        "selfLink": "/oapi/v1/users/admin",
        "uid": "270ab9d2-6f44-11e8-bb58-527977685b9f",
        "resourceVersion": "8551",
        "creationTimestamp": "2018-06-13T19:58:33Z"
      },
      "fullName": "admin",
      "identities": [
        "anypassword:admin"
      ],
      "groups": null
    },
    {
      "metadata": {
        "name": "developer",
        "selfLink": "/oapi/v1/users/developer",
        "uid": "f3ed520b-6f37-11e8-bb58-527977685b9f",
        "resourceVersion": "1083",
        "creationTimestamp": "2018-06-13T18:31:14Z"
      },
      "identities": [
        "anypassword:developer"
      ],
      "groups": null
    }
  ]
}

OpenShift Client

  • REST API:
$ oc login -u developer -p developer
Login successful.

You have one project on this server: "myproject"

Using project "myproject".
$ TOKEN=$(oc whoami -t)
$ curl -kH "Authorization: Bearer ${TOKEN}" https://192.168.99.100:8443/oapi/v1/projects
{
  "kind": "ProjectList",
  "apiVersion": "v1",
  "metadata": {
    "selfLink": "/oapi/v1/projects"
  },
  "items": [
    {
      "metadata": {
        "name": "myproject",
        "selfLink": "/oapi/v1/projects/myproject",
        "uid": "f3f818ed-6f37-11e8-bb58-527977685b9f",
        "resourceVersion": "1090",
        "creationTimestamp": "2018-06-13T18:31:14Z",
        "annotations": {
          "openshift.io/description": "Initial developer project",
          "openshift.io/display-name": "My Project",
          "openshift.io/requester": "developer",
          "openshift.io/sa.scc.mcs": "s0:c8,c7",
          "openshift.io/sa.scc.supplemental-groups": "1000070000/10000",
          "openshift.io/sa.scc.uid-range": "1000070000/10000"
        }
      },
      "spec": {
        "finalizers": [
          "openshift.io/origin",
          "kubernetes"
        ]
      },
      "status": {
        "phase": "Active"
      }
    }
  ]
}

External links