Learn OpenShift
Deploy, build, manage, and migrate applications with OpenShift Origin 3.9
Denis Zuev, Artemii Kropachev, Aleksey Usov
- 504 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
Learn OpenShift
Deploy, build, manage, and migrate applications with OpenShift Origin 3.9
Denis Zuev, Artemii Kropachev, Aleksey Usov
About This Book
Gain hands-on experience of installing OpenShift Origin 3.9 in a production configuration and managing applications using the platform you built
Key Features
- Gain hands-on experience of working with Kubernetes and Docker
- Learn how to deploy and manage applications in OpenShift
- Get a practical approach to managing applications on a cloud-based platform
- Explore multi-site and HA architectures of OpenShift for production
Book Description
Docker containers transform application delivery technologies to make them faster and more reproducible, and to reduce the amount of time wasted on configuration. Managing Docker containers in the multi-node or multi-datacenter environment is a big challenge, which is why container management platforms are required. OpenShift is a new generation of container management platforms built on top of both Docker and Kubernetes. It brings additional functionality to the table, something that is lacking in Kubernetes. This new functionality significantly helps software development teams to bring software development processes to a whole new level.
In this book, we'll start by explaining the container architecture, Docker, and CRI-O overviews. Then, we'll look at container orchestration and Kubernetes. We'll cover OpenShift installation, and its basic and advanced components. Moving on, we'll deep dive into concepts such as deploying application OpenShift. You'll learn how to set up an end-to-end delivery pipeline while working with applications in OpenShift as a developer or DevOps. Finally, you'll discover how to properly design OpenShift in production environments.
This book gives you hands-on experience of designing, building, and operating OpenShift Origin 3.9, as well as building new applications or migrating existing applications to OpenShift.
What you will learn
- Understand the core concepts behind containers and container orchestration tools
- Understand Docker, Kubernetes, and OpenShift, and their relation to CRI-O
- Install and work with Kubernetes and OpenShift
- Understand how to work with persistent storage in OpenShift
- Understand basic and advanced components of OpenShift, including security and networking
- Manage deployment strategies and application's migration in OpenShift
- Understand and design OpenShift high availability
Who this book is for
The book is for system administrators, DevOps engineers, solutions architects, or any stakeholder who wants to understand the concept and business value of OpenShift.
Frequently asked questions
Information
Security in OpenShift
- Authenticationâusers and identities, service accounts, and identity providers
- Authorization and role-based access control
- Admission controllers
- Security context constraints
- Storing sensitive data in OpenShift
Technical requirements
$ cat Vagrantfile
$lab_idm = <<SCRIPT
cat <<EOF >> /etc/hosts
172.24.0.11 openshift.example.com openshift
172.24.0.12 idm.example.com idm
EOF
sed -i '/^127.0.0.1.*idm.*$/d' /etc/hosts
yum -y update
yum -y install ipa-server
systemctl restart dbus
ipa-server-install -r IDM.EXAMPLE.COM -n idm.example.com -p idmsecret -a idmsecret --unattended
echo idmsecret | kinit admin
echo supersecret | ipa user-add alice --first Alice --last Springs --password
SCRIPT
$lab_openshift = <<SCRIPT
cat <<EOF >> /etc/hosts
172.24.0.12 idm.example.com idm
EOF
yum -y update
yum install -y epel-release git docker
yum install -y ansible
systemctl start docker
systemctl enable docker
git clone -b release-3.9 https://github.com/openshift/openshift-ansible /root/openshift-ansible
ssh-keygen -f /root/.ssh/id_rsa -N ''
cp /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
ssh-keyscan 172.24.0.11 >> .ssh/known_hosts
cp .ssh/known_hosts /root/.ssh/known_hosts
ssh-copy-id -i /root/.ssh/id_rsa [email protected]
reboot
SCRIPT
Vagrant.configure(2) do |config|
config.vm.define "openshift" do |conf|
conf.vm.box = "centos/7"
conf.vm.hostname = 'openshift.example.com'
conf.vm.network "private_network", ip: "172.24.0.11"
conf.vm.provider "virtualbox" do |v|
v.memory = 4096
v.cpus = 2
end
conf.vm.provision "shell", inline: $lab_openshift
end
config.vm.define "idm" do |conf|
conf.vm.box = "centos/7"
conf.vm.hostname = 'idm.example.com'
conf.vm.network "private_network", ip: "172.24.0.12"
conf.vm.provider "virtualbox" do |v|
v.memory = 2048
v.cpus = 1
end
conf.vm.provision "shell", inline: $lab_idm
end
end
We used the same simple password for both the directory manager and IPA admin for simplicity, but in a production setup, make sure that you use complex and unique passwords!
$ vagrant up
Bringing machine 'openshift' up with 'virtualbox' provider...
Bringing machine 'idm' up with 'virtualbox' provider...
...
<output omitted>
...
$ vagrant ssh openshift
[vagrant@openshift ~]$ sudo -i
[root@openshift ~]#
# cat /etc/ansible/hosts
...
<output omitted>
...
[masters]
172.24.0.11
[nodes]
172.24.0.11 openshift_node_labels="{'region': 'infra', 'zone': 'default'}" openshift_schedulable=true
[etcd]
172.24.0.11
[OSEv3:vars]
openshift_deployment_type=origin
openshift_disable_check=memory_availability,disk_availability
openshift_ip=172.24.0.11
ansible_service_broker_install=false
openshift_master_cluster_hostname=172.24.0.11
openshift_master_cluster_public_hostname=172.24.0.11
openshift_hostname=172.24.0.11
openshift_public_hostname=172.24.0.11
openshift_master_identity_providers=[{'name': 'LDAP', 'challenge': 'true', 'login': 'true', 'kind': 'LDAPPasswordIdentityProvider', 'mappingMethod': 'claim', 'attributes': {'id': ['dn'], 'email': ['mail'], 'name': ['cn'], 'preferredUsername': ['uid']}, 'insecure': 'true', 'bindDN': 'uid=admin,cn=users,cn=accounts,dc=idm,dc=example,dc=com', 'bindPassword': 'idmsecret', 'url': 'ldap://idm.example.com/cn=users,cn=accounts,dc=idm,dc=example,dc=com?uid'}, {'name': 'PASSWORD_FILE', 'challenge': 'true', 'login': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'mappingMethod': 'claim', 'filename': '/etc/origin/master/.users'}]
[OSEv3:children]
masters
nodes
etcd