Difference between revisions of "OpenShift"
(→External links) |
|||
(8 intermediate revisions by the same user not shown) | |||
Line 42: | Line 42: | ||
# Push image to OpenShift Container Registry (OCR) | # Push image to OpenShift Container Registry (OCR) | ||
# Deploy | # Deploy | ||
+ | |||
+ | ==Services== | ||
+ | |||
+ | OpenShift DNS leverages SkyDNS. | ||
+ | |||
+ | * SDN plugins | ||
+ | ** Default: ovs-subnet | ||
+ | ** ovs-multitenant plugin (allows for isolation of networks between OpenShift Projects) | ||
+ | ** neagenetworks | ||
+ | ** Contiv | ||
+ | ** flannel | ||
+ | |||
+ | ==Networking== | ||
+ | |||
+ | ; OpenShift Software Defined Network (SDN) | ||
+ | |||
+ | OpenShift uses Open vSwitch as its SDN | ||
+ | * Open vSwitch is an "Overlay Network" | ||
+ | * VLAN tagging | ||
+ | * Trunking | ||
+ | * LACP | ||
+ | * Port mirroring | ||
+ | * Default network: <code>10.128.0.0/14</code> | ||
+ | ** Each node's subnet: (e.g.) <code>10.128.0.0/23</code>, <code>10.128.2.0/23</code>, <code>10.128.4.0/23</code> | ||
+ | ** All Pods get a unique IP within a given subnet on a given node (e.g., <code>10.128.0.5</code> or <code>10.128.2.2</code>) | ||
+ | |||
+ | * Get IP address assigned to a given pod(s): | ||
+ | <pre> | ||
+ | $ oc get pods -o wide | ||
+ | NAME READY STATUS RESTARTS AGE IP NODE | ||
+ | sample-webapp-1-build 0/1 Completed 0 55m 172.17.0.2 localhost | ||
+ | sample-webapp-1-k2xqv 1/1 Running 0 55m 172.17.0.2 localhost | ||
+ | </pre> | ||
+ | |||
+ | ; OpenShift DNS | ||
+ | |||
+ | Uses SkyDNS to implement DNS functionality (on top of etcd) | ||
+ | |||
+ | $ mysql.connect(10.128.0.5) # <- Bad | ||
+ | $ mysql.connect(<pod_name>) # <- Good | ||
+ | |||
+ | ; SDN Plugins | ||
+ | * Default plugin: ovs-subnet | ||
+ | ** ovs-multitenant (each "project" gets its on unique virtual private network) | ||
+ | * nuagenetworks | ||
+ | * Contiv | ||
+ | * flannel | ||
+ | |||
+ | ; External connectivity | ||
+ | |||
+ | ; Route - Load Balancing | ||
+ | * Algorithms: | ||
+ | ** source (default) | ||
+ | ** roundrobin | ||
+ | ** leastconn | ||
+ | |||
+ | ==Storage== | ||
+ | |||
+ | OpenShift leverages Kubernetes' ''Persistent Volumes'' for storage. | ||
+ | |||
+ | * Plugins include: | ||
+ | ** Local | ||
+ | ** iSCSI | ||
+ | ** Fibre Channel | ||
+ | ** NFS | ||
+ | ** GlusterFS | ||
+ | ** Ceph RDB | ||
+ | ** OpenStack Cinder | ||
+ | ** AWS Elastic Block Store (EBS) | ||
+ | ** GCE Persistent Disk | ||
+ | ** Azure Disk | ||
+ | ** Azure File | ||
+ | ** VMware vSphere | ||
+ | |||
+ | * Storage access modes (same as in Kubernetes): | ||
+ | ** Single user (RWO) | ||
+ | ** Shared access (RWX) | ||
+ | ** Read only (ROX) | ||
==Minishift== | ==Minishift== | ||
Line 66: | Line 144: | ||
* Get a list of OpenShift users: | * Get a list of OpenShift users: | ||
− | $ curl -kH "Authorization: Bearer ${TOKEN}" <nowiki>https://192.168.99. | + | $ curl -kH "Authorization: Bearer ${TOKEN}" <nowiki>https://192.168.99.100:8443/oapi/v1/users</nowiki> |
<pre> | <pre> | ||
{ | { | ||
Line 119: | Line 197: | ||
</pre> | </pre> | ||
$ TOKEN=$(oc whoami -t) | $ TOKEN=$(oc whoami -t) | ||
− | $ curl -kH "Authorization: Bearer ${TOKEN}" <nowiki>https://192.168.99. | + | $ curl -kH "Authorization: Bearer ${TOKEN}" <nowiki>https://192.168.99.100:8443/oapi/v1/projects</nowiki> |
<pre> | <pre> | ||
{ | { | ||
Line 162: | Line 240: | ||
[[Category:Technical and Specialized Skills]] | [[Category:Technical and Specialized Skills]] | ||
+ | [[Category:DevOps]] |
Latest revision as of 00:08, 30 August 2018
OpenShift is a computer software product from Red Hat for container-based software deployment and management. It is a supported distribution of Kubernetes using Docker containers and DevOps tools for accelerated application development.
Contents
Introduction
In the world of Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS), OpenShift is Red Hat's PaaS.
Different flavours of OpenShift:
- OpenShift Origin
- Open source application container platform
- OpenShift Online
- Public Application Development hosting service
- OpenShift Dedicated
- Managed private cluster on AWS/Google Clouds
- OpenShift Enterprise
- On-premise private PaaS
This article will mainly discuss OpenShift Origin.
OpenShift Origin is based on top of Docker containers and the Kubernetes cluster manager, with added developer and operational-centric tools that enable rapid application development, deployment, and lifecycle management.
- OpenShift Tools:
- Source Code Management (SCM) -> git
- Pipelines (CI/CD)
- Container Registry (OCR), for Docker images
- Software Defined Networking (SDN) => Open vSwitch (VLAN tagging, trunking, LACP, port mirroring)
- API
- etcd (stores the state of the various OpenShift components)
- Governance (managing teams and users to provide access to applications and services)
- Three ways to interact with OpenShift:
- Web console (default port: 8443)
- CLI (OpenShift Client,
oc
) - REST API
- Types of users:
- Regular (e.g., developers;
bob
,alice
) - System (e.g., admins;
system:admin
,system:master
) - Service (e.g.,
system:serviceaccount:project01:db_user
)
- Regular (e.g., developers;
Deployments
- Link to SCM (e.g., git, GitHub, GitLab, BitBucket, etc.)
- Create build
- Download source code
- Build image
- Push image to OpenShift Container Registry (OCR)
- Deploy
Services
OpenShift DNS leverages SkyDNS.
- SDN plugins
- Default: ovs-subnet
- ovs-multitenant plugin (allows for isolation of networks between OpenShift Projects)
- neagenetworks
- Contiv
- flannel
Networking
- OpenShift Software Defined Network (SDN)
OpenShift uses Open vSwitch as its SDN
- Open vSwitch is an "Overlay Network"
- VLAN tagging
- Trunking
- LACP
- Port mirroring
- Default network:
10.128.0.0/14
- Each node's subnet: (e.g.)
10.128.0.0/23
,10.128.2.0/23
,10.128.4.0/23
- All Pods get a unique IP within a given subnet on a given node (e.g.,
10.128.0.5
or10.128.2.2
)
- Each node's subnet: (e.g.)
- Get IP address assigned to a given pod(s):
$ oc get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE sample-webapp-1-build 0/1 Completed 0 55m 172.17.0.2 localhost sample-webapp-1-k2xqv 1/1 Running 0 55m 172.17.0.2 localhost
- OpenShift DNS
Uses SkyDNS to implement DNS functionality (on top of etcd)
$ mysql.connect(10.128.0.5) # <- Bad $ mysql.connect(<pod_name>) # <- Good
- SDN Plugins
- Default plugin: ovs-subnet
- ovs-multitenant (each "project" gets its on unique virtual private network)
- nuagenetworks
- Contiv
- flannel
- External connectivity
- Route - Load Balancing
- Algorithms:
- source (default)
- roundrobin
- leastconn
Storage
OpenShift leverages Kubernetes' Persistent Volumes for storage.
- Plugins include:
- Local
- iSCSI
- Fibre Channel
- NFS
- GlusterFS
- Ceph RDB
- OpenStack Cinder
- AWS Elastic Block Store (EBS)
- GCE Persistent Disk
- Azure Disk
- Azure File
- VMware vSphere
- Storage access modes (same as in Kubernetes):
- Single user (RWO)
- Shared access (RWX)
- Read only (ROX)
Minishift
Minishift is a tool that helps you run OpenShift locally by launching a single-node OpenShift cluster inside a virtual machine. With Minishift you can try out OpenShift or develop with it, day-to-day, on your local machine.
- Start up a single node OpenShift "cluster":
$ minishift start --vm-driver virtualbox $ kubectl config set-context minishift
- Install and configure
oc
:
$ minishift oc-env $ export PATH="/home/champ/.minishift/cache/oc/v3.9.0/linux:$PATH" $ eval $(minishift oc-env)
- Add ability to login as Admin:
$ minishift addon apply admin-user $ oc login -u admin # password = admin
- Get token for API (valid for 24 hours):
$ TOKEN=$(oc whoami -t) # E.g., ZndWHOAc7SfJspq3-CwBsb1Wxn7R3zqt9gI2RsABt6M
- Get a list of OpenShift users:
$ curl -kH "Authorization: Bearer ${TOKEN}" https://192.168.99.100:8443/oapi/v1/users
{ "kind": "UserList", "apiVersion": "v1", "metadata": { "selfLink": "/oapi/v1/users", "resourceVersion": "9069" }, "items": [ { "metadata": { "name": "admin", "selfLink": "/oapi/v1/users/admin", "uid": "270ab9d2-6f44-11e8-bb58-527977685b9f", "resourceVersion": "8551", "creationTimestamp": "2018-06-13T19:58:33Z" }, "fullName": "admin", "identities": [ "anypassword:admin" ], "groups": null }, { "metadata": { "name": "developer", "selfLink": "/oapi/v1/users/developer", "uid": "f3ed520b-6f37-11e8-bb58-527977685b9f", "resourceVersion": "1083", "creationTimestamp": "2018-06-13T18:31:14Z" }, "identities": [ "anypassword:developer" ], "groups": null } ] }
OpenShift Client
- REST API:
$ oc login -u developer -p developer
Login successful. You have one project on this server: "myproject" Using project "myproject".
$ TOKEN=$(oc whoami -t) $ curl -kH "Authorization: Bearer ${TOKEN}" https://192.168.99.100:8443/oapi/v1/projects
{ "kind": "ProjectList", "apiVersion": "v1", "metadata": { "selfLink": "/oapi/v1/projects" }, "items": [ { "metadata": { "name": "myproject", "selfLink": "/oapi/v1/projects/myproject", "uid": "f3f818ed-6f37-11e8-bb58-527977685b9f", "resourceVersion": "1090", "creationTimestamp": "2018-06-13T18:31:14Z", "annotations": { "openshift.io/description": "Initial developer project", "openshift.io/display-name": "My Project", "openshift.io/requester": "developer", "openshift.io/sa.scc.mcs": "s0:c8,c7", "openshift.io/sa.scc.supplemental-groups": "1000070000/10000", "openshift.io/sa.scc.uid-range": "1000070000/10000" } }, "spec": { "finalizers": [ "openshift.io/origin", "kubernetes" ] }, "status": { "phase": "Active" } } ] }