This post appeared originally in our sysadvent series and has been moved here following the discontinuation of the sysadvent microsite

OpenShift Container Platform (OCP) builds on Docker for container-technology and Kubernetes for orchestration of those containers. OpenShift solves the network annoyances in Kubernetes and adds features like authentication and authorization, multi-tenancy, source-to-image (S2I) and templating of applications.

To easily get started with OpenShift development, the OpenShift client (oc) includes an all-in-one cluster that provides a seamless way to get up-and-running with a local OpenShift installation. The prerequisites are:

  • a functioning installation of Docker
  • the oc binary available in your PATH

These requirements mean that this environment can be run on most Linux distributions, Apple MacOS and Microsoft Windows!

Starting the cluster

For the available options for installation of Docker for your platform, read the documentation.

Now start of by making sure you have Docker and the OpenShift client properly installed:

$ docker --version
Docker version 17.09.0-ce, build afdb6d4
$ oc version
oc v3.6.1+008f2d5
kubernetes v1.6.1+5115d708d7
features: Basic-Auth

Docker needs to be configured to allow an insecure registry (i.e. a registry that is not configured to use SSL) at 172.30.0.0/16. How this is configured, depends on your platform and can be found in the documentation.

To check if your configuration is correct, use the following:

$ docker info --format ''
["172.30.0.0/16","127.0.0.0/8"]

If all of the above is OK, then you can start the cluster:

$ oc cluster up
Starting OpenShift using openshift/origin:v3.6.1 ...
Pulling image openshift/origin:v3.6.1
Pulled 1/4 layers, 26% complete
Pulled 2/4 layers, 94% complete
Pulled 3/4 layers, 97% complete
Pulled 4/4 layers, 100% complete
Extracting
Image pull complete
OpenShift server started.

The server is accessible via web console at:
    https://127.0.0.1:8443

You are logged in as:
    User:     developer
    Password: <any value>

To login as administrator:
    oc login -u system:admin

This setup gives you a complete and self-contained OpenShift installation and includes the internal OpenShift Docker registry and the OpenShift router.

Deploying the Hello World application

An example Hello World application, written in Flask (python) is available on GitHub. This application is used in the following:

After OpenShift is done with building and deploying (i.e. it shows that one pod is running), the following application is available:

Hello Python World!

The same can be achieved from a terminal by using the following:

$ oc new-app https://github.com/Redpill-Linpro/hellopythonapp.git
--> Found image dc9404a (4 days old) in image stream "openshift/python" under tag "3.5" for "python"

    Python 3.5
    ----------
    Python 3.5 available as docker container is a base platform for building and running various Python 3.5 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.

    Tags: builder, python, python35, rh-python35

    * The source repository appears to match: python
    * A source build using source code from https://github.com/Redpill-Linpro/hellopythonapp.git will be created
      * The resulting image will be pushed to image stream "hellopythonapp:latest"
      * Use 'start-build' to trigger a new build
    * This image will be deployed in deployment config "hellopythonapp"
    * Port 8080/tcp will be load balanced by service "hellopythonapp"
      * Other containers can access this service through the hostname "hellopythonapp"

--> Creating resources ...
    imagestream "hellopythonapp" created
    buildconfig "hellopythonapp" created
    deploymentconfig "hellopythonapp" created
    service "hellopythonapp" created
--> Success
    Build scheduled, use 'oc logs -f bc/hellopythonapp' to track its progress.
    Run 'oc status' to view your app.
$ oc logs -f bc/hellopythonapp
Cloning "https://github.com/Redpill-Linpro/hellopythonapp.git" ...
  Commit:  603e92af52a9cf5dabf9389165d2c9699ed5b3b7 (adjust for openshift 3)
  Author:  Pip Oomen <pepijn@redpill-linpro.com>
  Date:  Mon Dec 19 15:19:06 2016 +0100
---> Installing application source ...
---> Installing dependencies ...
Collecting gunicorn (from -r requirements.txt (line 1))
Downloading gunicorn-19.7.1-py2.py3-none-any.whl (111kB)
Collecting Flask (from -r requirements.txt (line 2))
Downloading Flask-0.12.2-py2.py3-none-any.whl (83kB)
Collecting Werkzeug>=0.7 (from Flask->-r requirements.txt (line 2))
Downloading Werkzeug-0.12.2-py2.py3-none-any.whl (312kB)
Collecting Jinja2>=2.4 (from Flask->-r requirements.txt (line 2))
Downloading Jinja2-2.10-py2.py3-none-any.whl (126kB)
Collecting click>=2.0 (from Flask->-r requirements.txt (line 2))
Downloading click-6.7-py2.py3-none-any.whl (71kB)
Collecting itsdangerous>=0.21 (from Flask->-r requirements.txt (line 2))
Downloading itsdangerous-0.24.tar.gz (46kB)
Collecting MarkupSafe>=0.23 (from Jinja2>=2.4->Flask->-r requirements.txt (line 2))
Downloading MarkupSafe-1.0.tar.gz
Installing collected packages: gunicorn, Werkzeug, MarkupSafe, Jinja2, click, itsdangerous, Flask
Running setup.py install for MarkupSafe
Running setup.py install for itsdangerous
Successfully installed Flask-0.12.2 Jinja2-2.10 MarkupSafe-1.0 Werkzeug-0.12.2 click-6.7 gunicorn-19.7.1 itsdangerous-0.24
You are using pip version 7.1.2, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.

Pushing image 172.30.1.1:5000/myproject/hellopythonapp:latest ...
Pushed 5/10 layers, 50% complete
Pushed 6/10 layers, 60% complete
Pushed 7/10 layers, 70% complete
Pushed 8/10 layers, 80% complete
Pushed 9/10 layers, 90% complete
Pushed 10/10 layers, 100% complete
Push successful
$ oc status
In project My Project (myproject) on server https://127.0.0.1:8443

svc/hellopythonapp - 172.30.100.9:8080
  dc/hellopythonapp deploys istag/hellopythonapp:latest <-
    bc/hellopythonapp source builds https://github.com/Redpill-Linpro/hellopythonapp.git on openshift/python:3.5
    deployment #1 deployed about a minute ago - 1 pod

View details with 'oc describe <resource>/<name>' or list everything with 'oc get all'.
$ oc get pods
NAME                     READY     STATUS      RESTARTS   AGE
hellopythonapp-1-build   0/1       Completed   0          2m
hellopythonapp-1-pmghc   1/1       Running     0          2m
$ oc expose service hellopythonapp
route "hellopythonapp" exposed
$ curl http://hellopythonapp-myproject.127.0.0.1.nip.io/
Hello Python World!

The magic behind the new-app command

OpenShift starts off by creating a build configuration (bc). The build is then started by cloning the project from the source repository in order to determine the correct build strategy. If a Dockerfile is present, OpenShift will choose the Docker strategy, building a docker image from the Dockerfile.

When no Dockerfile is found in the repository, OpenShift will try the Source-to-Image strategy. This strategy tries to assess the source code language found in the source files, then locating the correct language specific S2I image. This process is documented in the build documentation

The docker image resulting from the build will be stored in the internal OpenShift container registry, to make it available for deployment. The deployment is described by the deployment configuration (dc).

In addition to the build configuration and the deployment configuration, the new-app command also creates a service (svc) which provides a stable IP address on the OpenShift service SDN for access to the containers (i.e. PODs) backing the application. This is a Kubernetes feature and is required because Docker assigns a unique IP address to each and every container it starts.

Through the expose command, the service is assigned a HTTP address, which enables access from outside of the cluster to the application.

When you’re done, don’t forget to take the cluster down by running:

oc cluster down

And finally

While Docker is a fine tool for developers who want to solve the challenges of library dependencies by using containers, deploying applications in the cloud is not feasible without the extra features provided by Kubernetes and OpenShift. The above is a great way to familiarize yourself with OpenShift for easily deploying scalable applications.

Pip Oomen

OpenShift Solution Manager at Redpill Linpro

Pip – aka. Pepijn for his Dutch countrymen – started in Redpill Linpro in 2012. He is a Red Hat Certified Instructor, Examiner and OpenShift Specialist and – as developer turned system-administrator – always looking for ways to 'Automate all the Things'."

The irony of insecure security software

It can probably be understood from my previous blog post that if it was up to me, I’d avoid products like CrowdStrike - but every now and then I still have to install something like that. It’s not the idea of “security software” per se that I’m against, it’s the actual implementation of many of those products. This post lists up some properties that should be fulfilled for me to happy to install such a product.

Free and ... [continue reading]

Thoughts on the CrowdStrike Outage

Published on July 23, 2024

Alarms made right

Published on June 27, 2024