OpenShift in Action
Jamie Duncan, John Osborne
  • MEAP began August 2017
  • Publication in May 2018 (estimated)
  • ISBN 9781617294839
  • 300 pages (estimated)
  • printed in black & white

Enterprise infrastructure has a lot of moving parts, and it's your job to keep everything running smoothly. OpenShift, an innovative enterprise infrastructure management system from RedHat, radically simplifies the day-to-day operation of deploying and maintaining large-scale applications. The OpenShift container management platform (CMP) uses Docker, Kubernetes, and other container-oriented technologies to ease cluster management, scaling, and upgrades. By providing an intuitive shell over established technologies, OpenShift gives you the reliability and stability you need with the ease of use you want.

"It's a great book on the subject. Goes well past the RedHat docs."

~ Tony Sweets

"In order to learn Openshift I've used this book not just to learn but for improve previous knowledge acquired."

~ Feria Vila

"A great introduction to OpenShift."

~ Michael Bright

"Great source for anyone interested in learning the new version of the platform."

~ Juan Lopez

Table of Contents detailed table of contents

Part 1: Fundamentals

1 Getting to know OpenShift

1.1 What is a container platform?

1.1.1 Containers in OpenShift

1.1.2 Orchestrating containers

1.1.3 Realizing the promise of containers

1.2 Examining the architecture

1.2.1 Integrating container images

1.2.2 Accessing applications

1.2.3 Handling network traffic in your cluster

1.3 Examining an application

1.3.1 Building applications

1.3.2 Deploying and serving applications

1.4 Use cases for container platforms

1.4.1 Technology use cases

1.4.2 Use cases for businesses

1.4.3 When containers are not the answer

1.5 Solving container storage needs

1.6 Scaling applications

1.7 Integrating stateful and stateless applications

1.8 Summary

2 Getting started

2.1 Logging in

2.1.1 Using the oc command-line application

2.2 Creating projects

2.3 Application components

2.3.1 Custom container images

2.3.2 Buildconfigs

2.3.3 Deploymentconfigs

2.3.4 Imagestreams

2.4 Deploying an application

2.4.1 Services provide consistent application access

2.4.2 Exposing services to the outside world with routes

2.5 Deploying applications using the web interface

2.5.1 Logging in to OpenShift web interface

2.6 Deploying applications with the web interface

2.7 Summary

3 Containers are Linux

3.1 Defining containers

3.2 How OpenShift components work together

3.2.1 OpenShift manages deployments

3.2.2 Kubernetes schedules applications across nodes

3.2.3 Docker creates containers

3.2.4 Linux isolates and limits resource

3.2.5 Putting it all together

3.3 Application isolation with kernel namespaces

3.3.1 The mount namespace

3.3.2 The UTS namespace

3.3.3 PIDS inside containers

3.3.4 Shared memory resources

3.3.5 Container networking

3.4 Summary

Part 2: Cloud-native applications

4 Working with services

4.1 Testing application resiliency

4.1.1 Understanding replication controllers

4.1.2 Labels and selectors

4.2 Scaling applications

4.2.1 Modifying the deploymentconfig

4.3 Maintaining healthy applications

4.3.1 Creating liveness probes

4.3.2 Creating readiness probes

4.4 Summary

5 Autoscaling with metrics

5.1 Determining expected workloads is hard

5.2 Installing OpenShift metrics

5.2.1 Examining the metrics available

5.3 Using pod metrics to trigger pod autoscaling

5.3.1 Creating an HPA object

5.3.2 Testing your autoscaling implementation

5.4 Summary

6 Continuous integration and continuous deployment

6.1 Container images as the centerpiece of a CI/CD pipeline

6.2 Promoting images

6.3 CI/CD part 1: creating a development environment

6.3.1 Triggers

6.3.2 Enabling automated and consistent deployments with ImageStreams

6.4 CI/CD part 2: promoting dev images into a test environment

6.4.1 Service discovery

6.4.2 Automate the promotion of images from build to test

6.5 CI/CD part 3: masking sensitive data in a production environment

6.5.1 Secrets

6.5.2 ConfigMaps

6.6 Jenkins as the backbone of a CI/CD pipeline

6.6.1 Triggering Jenkins from Gogs

6.6.2 Native integration with a Jenkinsfile

6.6.3 Deployment strategies

6.7 Summary

Part 3: Stateful applications

7 Creating and managing persistent storage

7.1 Container storage is ephemeral

7.2 Handling permanent data requirements

7.3 Creating a persistent volume

7.3.1 Logging in as the admin user

7.3.2 Creating new resources from the command line

7.3.3 Creating a physical volume

7.4 Using persistent storage

7.4.1 How persistent volume claims match up with persistent volumes

7.4.2 Creating a persistent volume claim using the command line

7.4.3 Adding a volume to an application on the command line

7.4.4 Adding persistent storage to an application using the web interface

7.5 Testing applications after adding persistent storage

7.5.1 Data doesn’t get mixed up

7.5.2 Forcing a pod restart

7.5.3 Investigating persistent volume mounts

7.6 Summary

8 Stateful Applications

8.1 Clustering Applications

8.1.1 Other Use Cases For Direct Pod Access

8.2 Sticky sessions

8.3 Graceful shutdown

8.3.1 Grace period

8.3.2 Container Lifecycle Hooks

8.4 StatefulSets

8.4.1 Deterministic start-up and shutdown order sequencing

8.4.2 Predictable Network identity

8.4.3 Consistent Persistent Storage Mappings

8.5 Supporting Concepts

8.6 Examples in Chapter

8.7 Summary

Part 4: Operations and Security

9 Authentication and resource access

9.1 Working with user roles

9.1.1 Assigning new user roles

9.1.2 Creating administrators

9.2 Setting default user roles

9.2.1 Testing default roles

9.3 Limit ranges

9.3.1 Defining resource limit ranges

9.4 Resource quotas

9.4.1 Creating compute quotas

9.4.2 Creating resource quotas

9.5 Working with quotas and limits

9.5.1 Applying quotas and limits to existing applications

9.5.2 Changing quotas for deployed applications

9.6 Using cgroups to limit resources

9.6.1 Cgroups overview

9.6.2 Identifying container cgroups

9.6.3 Confirming cgroup resource limits

9.7 Summary

10 Networking

10.1 Network Design

10.1.1 The pod network

10.2 OpenShift SDN

10.2.1 Application node network configuration

10.2.2 Linking containers to host interfaces

10.2.3 Working with OVS

10.3 Routing application requests

10.3.1 HAProxy

10.3.2 The HAProxy pod

10.3.3 How HAProxy gets requests to the correct pods

10.4 Internal DNS

10.4.1 DNS resolution in the pod network

10.5 Configuring OpenShift SDN

10.5.1 Ovs-subnet plugin

10.5.2 The ovs-multitenant plugin

10.5.3 The ovs-networkpolicy plugin

10.5.4 Enabling the ovs-multitenant plugin

10.5.5 Testing the multitenant plugin

10.6 Summary

11 Security

11.1 SELinux

11.1.1 Labels

11.1.2 Contexts

11.1.3 Policies

11.1.4 MCS level

11.2 Pod security contexts

11.2.1 MCS levels

11.2.2 Pod capabilities

11.2.3 Controlling the pod user ID

11.3 Scanning container images

11.3.1 Obtaining the image scanning application

11.3.2 Deploying the image scanning application

11.3.3 Viewing events on the command line

11.3.4 Changing SCCs for an application deployment

11.3.5 Viewing security scan results

11.4 Annotating images with security information

11.5 Thank you

11.6 Summary


Appendix A: Installation and initial configuration

A.1 Prerequisites

A.1.1 Available systems or ability to create virtual machines

A.1.2 Administrator or root access

A.1.3 Internet access

A.1.4 Access to the servers

A.1.5 Communication between servers

A.1.6 DNS Resolution

A.1.7 Networking information

A.2 Machine resource requirements

A.3 Installing CentOS 7

A.3.1 Launching the installer.

A.3.2 Configuring the disk setup

A.3.3 Setting up networking

A.3.4 Setting the permanent configurations on the servers

A.3.5 Starting the installation

A.3.6 Wrapping up and reboot

A.4 Preparing to install OpenShift

A.4.1 Software prerequisites

A.4.2 Configuring DNS resolution on both servers

A.4.3 Configuring container storage for application nodes

A.4.4 Enabling and starting docker on your OpenShift nodes

A.4.5 Configuring SELinux on your OpenShift nodes

A.5 Installing OpenShift

A.5.1 Creating the OpenShift inventory

A.5.2 OpenShift inventoy file

A.5.3 Running the deployment playbook

A.6 Installation complete

A.7 Installing the oc OpenShift command line utility

A.7.1 Installing oc on Windows

A.7.2 Installing oc on OS X

A.7.3 Installing oc on Linux

A.7.4 Confirming oc is installed and functioning correctly

A.8 Adding an OpenShift node

A.8.1 Preparing the new application node

A.9 Configuring the master node

A.9.1 Updating OpenShift playbooks

A.9.2 Updating your OpenShift inventory

A.10 Adding the node

Appendix B: Setting up a persistent storage source

B.1 Installing the NFS server software

B.2 Configuring storage for NFS

B.2.1 Creating a filesystem on your storage disk

B.3 Mounting your storage disk at startup

B.3.1 Creating a mountpoint directory

B.3.2 Getting your storage drive’s block ID

B.3.3 Editing /etc/fstab to include your volume

B.3.4 Activating your new mount point

B.4 Configuring NFS

B.4.1 Setting ownership of the mountpoint

B.5 Setting firewall rules to allow NFS traffic

B.6 Enabling and starting NFS

B.6.1 Starting NFS services

B.6.2 Confirming your NFS volume is exported and ready to use

Appendix C: Working directly with docker

C.1 Getting running containers

C.2 Using docker inspect

C.3 Interactive shells inside a container

Appendix D: Configuring identity providers

D.1 htpasswd

D.2 Creating the htpasswd database

D.3 Changing authentication providers

About the book

OpenShift in Action teaches you how to set up and manage container-based infrastructure using OpenShift. You'll explore the core concepts of containers from the ground up: from the kernel all the way through the application. You'll use OpenShift workflows to deploy and scale container applications across multiple nodes. You'll also deploy and troubleshoot a microservices-oriented OpenShift web app and learn to perform rolling application and a base-image upgrades. Along the way, you'll also discover techniques for handling persistent storage and best practices for security and other fundamental tasks.

What's inside

  • Creating and managing persistent storage
  • Scaling applications
  • Authentication and resource access
  • Continuous integration and deployment workflows
  • Application and cluster security
  • Managing software-defined networking
  • Troubleshooting best practices

About the reader

Written for operations engineers and developers with experience in a Linux-based distributed environment.

About the authors

Jamie Duncan is a Cloud Solutions Architect for Red Hat, focusing on large-scale OpenShift deployments. John Osborne is a Lead Linux Container Architect for Red Hat with years of experience developing high-performance technologies using JBoss Middleware.

Manning Early Access Program (MEAP) Read chapters as they are written, get the finished eBook as soon as it’s ready, and receive the pBook long before it's in bookstores.
MEAP combo $44.99 pBook + eBook + liveBook
MEAP eBook $35.99 pdf + ePub + kindle + liveBook

FREE domestic shipping on three or more pBooks