Showing posts with label Openshift. Show all posts
Showing posts with label Openshift. Show all posts

Sunday, February 2, 2025

OpenShift - Helm - Part 5

February 02, 2025 0

 

Helm

Helm uses a packaging format called charts.  A chart is a collection of files that describe a related set of Kubernetes resources. A simple chart is deploying a simple application or collection of complex application.
Kubernetes Persistent Volumes:
Kubernetes Persistent Volumes (PVs) provide a robust framework for managing durable storage in containerized environments.
Persistent Volumes is crucial for effectively managing stateful applications in Kubernetes, ensuring that data persists as needed and storage resources are utilized efficiently.
A Persistent Volume (PV) is a storage resource in a Kubernetes cluster that exists independently of any individual Pod, allowing data to persist beyond the lifecycle of Pods.
Persistent Volume Claims (PVCs): A Persistent Volume Claim (PVC) is a request by a user for storage, specifying size, access modes, and other parameters. Kubernetes then binds the PVC to an appropriate PV that meets the requested.
PVs support different access modes, such as:
1.ReadWriteOnce (RWO): Mounted as read-write by a  single node.
2.ReadOnlyMany (ROX): Mounted as read-only by multiple nodes.
3. ReadWriteMany (RWX): Mounted as read-write by multiple nodes.
Storage Classes: Storage Classes in Kubernetes define different classes of storage, allowing for dynamic provisioning of PVs with varying performance and availability characteristics. This enables administrators to offer multiple storage options to end users.
Dynamic vs. Static Provisioning: PVs can be statically provisioned by administrators or dynamically provisioned based on Storage Classes when a PVC is created, providing flexibility in how storage is allocated.
Lifecycle Management: The lifecycle of a PV is independent of any Pod that uses the PV. This means that data stored in a PV can outlive the Pods that access it, ensuring data persistence across Pod restarts and rescheduling.
Reclaim Policy: PVs have a reclaim policy that determines what happens to the underlying storage resource after the PVC is released. 
    1.Retain: Keeps the data intact for manual reclamation.
    2.Recycle: Performs a basic scrub 
    3.Delete: Deletes the storage resource, such as an AWS EBS volume. These policies help manage the lifecycle of storage resources effectively.
Binding Process: When a PVC is created, Kubernetes matches it to a suitable PV based on the requested storage size and access modes. Once bound, the PV is exclusively associated with that PVC, ensuring consistent and reliable storage for the requesting Pod.

Tuesday, January 28, 2025

OpenShift - Services - Part 4

January 28, 2025 0

 

Services:

Service is a method for exposing a network application that is running as one or more Pods in your cluster.
The Service API is an abstraction to help you expose groups of Pods over a network. Each Service object defines a logical set of endpoints (usually these endpoints are Pods) along with a policy about how to make those pods accessible.
service.yaml
apiVersion: v1
kind: Service
metadata:
  name: test
spec:
  selector:
    app:scale
  ports:
    - protocol: TCP
  port: 80
  targetport: 8080



Thursday, January 23, 2025

OpenShift - Scaling and Autoscaling - Part 4

January 23, 2025 0

 

Scaling and Autoscaling:

Horizontal scaling adds more machines into the system while vertical scaling add more resources to existing system.




#oc scale dc/name --replica=<number>
Monitoring the pod:
#oc adm top pods
#oc get events
Autoscaling:
It will increase the CPU and memory depends upon the requirement by automatically.
#oc autoscale dc/<name> --min=3 --max=6 --cpu-limit=60

List the information about the project:
#oc describe project projectname

Patching the Pod:
#oc patch dc/<name> -p '{"spec":{"template":{"spec":{"containers":{"image":"quay.io/existimage/newimage"}}}}}'

Secret and configMap:
Secrets is a encrypted data (Sensitive information)
configMap is a plain text (hostname, ceritificate)

Secret types:
1) Generic 
2) TLS (SSL)
3)docker-cfg

secret is using a base64 format encreption method.

Decode the secret file
#base64 --decode secretfile

List the secret
#oc get secret
#oc set env dc/mytest --from=secret/mytest-secret

Login into Pod:
#oc exec -it podname -- bash

#oc get pod -o yaml | grep -i scc
#oc get pod podname -o yaml | oc adm scc-subject-review -f -
#oc adm policy add-scc-to-user username
#oc adm policy remove-scc-to-uesr username

Templete is not found Error:
#oc login -u kubeadmin -p $(cat /usr/local/etc/kube-admin-password) https://api.example.com:6443
#oc edit projects.config.openshift.io 
Removed projectRequestTemplete & name parameter and place a empty {} 

Tuesday, January 21, 2025

OpenShift - Quota - Part 3

January 21, 2025 0

 

Quota:

Quota is a set a limit from project level

#oc create quota --help | more

Resource Quota:

#oc create resourcequota --help | more

We can set a limit for the resource through resourcequota.

* CPU

* Memory

* Number of Deployments

* number of services

* number of service accounts

* config Map

* Service accounts

* number of Pods

It will allow the restriction of users and avoid over provision.

Example:

#oc create quota my-quota --hard=cpu=1,memory=1G,pods=2,services=3,replicationcontroller=1,secrets=5,persistentvolumeclaims=10 -n testquota

List resource under core group:

#oc api-resources --api-group="" --namespaced=true

Resource group:

#oc create resourcequota test --hard=count/pods=1

Utilization of resources in OCP cluster:

#oc adm top nodes

Create an APP for testing purpose:

#oc new-app --name myapp --image=registry.example.com:8443/helloworld-nginx

Set a resources for the app

#oc set resources deployment myapp --limits=cpu=200m,memory=300M --requests=cpu=100m,memory=200M

#oc set resources dc/myapp --limits=memory=60Mi --requests=memory=20Mi

Monitoring the process of resources:

#watch oc get all

List the events with timestamp:

#oc get events --sort-by=.metadata.creationTimestamp

Delete a pod:

#oc delete pod -l deploymentconfig=myapp1

Scale out the pods:

#oc scale dc/myapp1 --replicas=5

Create a quota:

#oc create quota my-quota --hard=limits.cpu=2,limits.memory=200Mi,requests.cpu=1,requests.memory=100Mi,pods=3,services=10


Friday, January 17, 2025

OpenShift - Authentication and Authorization - Part 2

January 17, 2025 0

 


Authentication and authorization:

Authentication will check whether user has access or not from the system

Authorization : It will user has a right role or access for application side.

Openshift has a two roles 1) cluster role 2) Project role

#oc get clusterrolebinding

#oc get rolebinding

1) Create users

2) Integrate users with OCP

3) How to assign roles as per requirement of user

4) How to create groups

5) How to add users to the groups

Create a user through htpasswd

#htpasswd -c -B -b filename username password

-B option is encrypied the password

-b - single line command

#oc get secret -n openshift-config

Secret has 3 types such as Docker-registry, generic and tls.

#oc create secret generic mysecret --from-file=test -n openshift-config

Create users

#htpasswd -B -b myusers test1 passwd

Integrate users with OCP environment

#oc create secret generic mysecret --from-file=htpasswd=myusers -n openshift-config

#oc get secret mysecret -n openshift-config -o yaml

#oc get oauth cluster -o yaml > oauth.yaml

#oc replace -f oauth.yaml

Testing the login with OCP environment

#oc login -u test -p passwd

#oc new-project testing1

#oc describe project testing1

Edit the yaml file through vim with GUI

#vi .vimrc

autocmd FileType yaml setlocal ts=2 cuc curl

cuc - cursal problem

curl - cursal line

aicuc - Auto indentation 

We can able to get a roles details under clusterrolebinding:

#oc get clusterrolebinding | grep -i cluster-admin

#oc describe clusterrolebinding cluster-admin

Delete a role under clusterrolebinding:

#oc delete clusterrolebinding cluster-admin


Do view the policy

#oc adm policy

Default role of cluster and project policy:

Cluster - Cluster-admin and self-provisioner

Project - admin, edit and view

Adding a user into role

#oc adm policy add-cluster-role-to-user cluster-admin username

Remove a role from user

#oc adm policy remove-cluster-role-from-group self-provisioner user

#oc adm policy remove-cluster-role-from-group self-provisioner system:authenticated:oauth


Sunday, January 5, 2025

OpenShift - Private Registry configuration

January 05, 2025 0

 

Private Registry Diagram:

#yum install container-tools -y

* It will install the podman, skopeo and buildah packages.
Default configuration path: /etc/containers/registries.conf

unqulified-search-registries = ["Private Registry host"]
insure = true
blocked = false
location = "private registry host"

* Create a local user for login into private registry hub.
#mkdir /var/lib/containers/registry
#podman run -d --name registry --privileged -v /var/lib/containers/registry:/var/lib/registry -p 5000:5000 --restart=always
#cd /var/lib/containers/registry
#podman pull registry.access.redhat.com/rhscl/httpd-24-rhel7
*Tag the images from registry.
#podman tag registry.access.redhat.com/rhscl/httpd-24-rhel7 private_registry_host:5000/prod/rhel7
#podman push egistry.access.redhat.com/rhscl/httpd-24-rhel7

* We can able to copy an image from docker through skopeo command
#skopeo copy docker://docker.io/redhat/ubi8-minimal  docker://Private_registry_host:5000/prod

buildah is a tool which we can build a image as per our requirement.

#buildah ps
#buildah from fedora [fetch a base image]
#buildah exec -it fedora-working-container bash [access the container]
#buildah images
#buildah run fedora-working-container dnf install httpd [install the pacakge]
#echo "Welcome to Internet world" > index.html [create a web config file]
#buildah copy fedora-working-container index.html > /var/www/html/index.html
#buildah config --entrypoint "/usr/sbin/httpd -DFOREGROUND" fedora-working-container 
#buildah cmd "/usr/sbin/httpd -DFOREGROUND" fedora-working-container
#buildah run "/usr/sbin/httpd -DFOREGROUND" fedora-working-container
#buildah config --entrypoint "/usr/sbin/httpd -DFOREGROUND" fedora-working-container

#buildah commit fedora-working-container myapp

#buildah images

Saturday, December 28, 2024

OpenShift - Part 1

December 28, 2024 0

 


OpenShift:
  • OpenShift is provide a platform as service [PaaS]. It is an enterprise product of Kubernetes.
  • OpenShift is a top layer of orchestration ith K8S. K8S will use in the Development or Staging environment and OpenShift will be use in the Production environment.
Container is a light weight, standalone and executable package that includes needed to run a piece of software, libraries or your application codes.
Advantages of Containers:
    * Efficiency - Containers are share the host OS kernel and reducing over head compare to virtual machines.
    * Consistency - Application can run any of the environment irrespective of host OS.
    * Portability - It will portable to any environment and doesn't have any dependencies.
    * Scalability - Containers are scaled up or down easily.
Container components:
    * Container Image - It is a read only template and create along with application and codes.
    * Container -   A running instance from the image.  
    * Registry - It is storing and distributing the images.

Parameter for a Container file creation:

FROM - Sets the base image for the resulting container image. 
WORKDIR - Sets the current working directory with in the container.
COPY and ADD - Copy files from the build host into the file system of the resulting container image. ADD instruction copy a files from URL or untar of file into container image.
RUN - Runs a command in the container and commits with new layer with in the image.
ENTRYPOINT - Sets the executable to run when the container is started. 
CMD - Runs a command when the container has started.  This command is passed to the executable defined by ENTRYPOINT.
LABEL - Add a key pair value to the metadata of the image for organization and image selection.
ENV - Environment variables
ARG - build time variables
Volume - Define a storing data outside of container.


K8S:

Kubernetes is combination of resources such storage, compute and networking.
K8S is not having a container registry by default. [Registry means container images]


K8S will support container such as crio, docker and containerd 
OpenShift will support crio by default.
ssh is restrict into master and worker node from OpenShift 4.0 onwards.

OpenShift 3.x:
Operating System - RHEL/CentOS/Fedora
Allow ssh access to Master and Worker nodes by default.

OpenShift 4.x:
Operating System - RHEL Core O/S

Core OS is means Container Ready OS and It is not mutable.
ssh access is restrict into Master and Worker nodes.

We must setup the SSH key pair for accessing a master and worker nodes, otherwise we must use OC debug node/node name.
#oc debug node/master1
#oc debug node/workernodename
#oc login -u admin -p password API (https://api.hostname.com:6443)

We can check the node status through kubeconfig as well
#oc get nodes --kubeconfig=/home/user/auth/kubeconfig

Logout of current session:
#oc logout


Saturday, August 24, 2024

Openshift introduction

August 24, 2024 0




Openshift is a platform as service.

Open shift origin - It is based on Docker container and the Kubernetes cluster manager with added developer and operational centric tools that enable rapid application development, deployment and lifecycle management. It is classified as 4 different types as bellow's.

* Openshift origin - Open source application platform

* Openshift online - Public version of Openshift origin by Redhat.

* Openshift dedicate - Managed a dedicate private cloud

* Openshift enterprise

Containerization: 

* Docker utilize a LXCI container

* LXC container often consider as something in the middle of chroot and full fledged virtual machine.

* LXCFS is a simple userspace file system designed to work around some current limitation of the linux kernel.


 Orchestration Technologies

* Docker Swarm , Kubernetes and MESOS

Openshift Architecture:

* Openshift container registery 

* Openshift console web - Users & Project

Openshift setup

* All in one deployment

* Single master and multiple nodes

* We can installed through 2 methods.

* Package manager (RPM) & Containerized

=> Rest API 

*getting a authroization token

>oc whoami -t

Openshift project:

* project is created a top of the K8S as namespace.

* Openshift comes with default 3 types of users.

* regular user, system user and service account

Regular user - Developer

System User - system.admin and system.master

Service account - It is need for each project

Master configuration file - /etc/openshift/master/master-config.yaml

>oc get users [list the users]

Openshift build and deployment:

Source code management 

Create Build -> Download source -> Build image -> Push to Registry -> Deploy 

Openshift is introduce an image stream- It will manage an images across the hosts.

Image stream is not point out the target names instead of point out for the target id which is unique.

*Web hook is a advance technology for https request.

* Replicas used to set as 1 by default and strategy get as Rolling.

* Blue/green deployment method and Advance strategy method

CLI:

>oc rollout latest dc/simpleweb-docker

>oc rollout history dc/simpleweb-docker

>oc rollout describe dc simpleweb-docker

>oc rollout undo dc/simpleweb-docker

Openshift network:

Openshift software define network [SDN] will ensure the communication between the pods.

*Open Vswitch

* Vlan tagging, Trunking, LACP and Port mirroring

*Openshift has a DNS server and maintain an IP address with hosts.

*ovs-multitenant will assign a unique IP address of each pods.

Route-Load balance:

* source is a default routing in Openshift.

* roundrobin 

* least connection

Add template in Openshift:

github -> openshift => Origin -> examples -> db-templates

Import json object from Openshift console

copy the template and create via import option

Project:

Front end page:

github -> mmumshad -> example-voting-app -> vote

select advance option incase if you delcare with sub branch under master branch.