OpenShift in Action
Jamie Duncan, John Osborne
Foreword by Jim Whitehurst
  • May 2018
  • ISBN 9781617294839
  • 320 pages
  • printed in black & white

The first holistic view of OpenShift in print...a soup-to-nuts approach that combines both the developer and operator perspectives.

From the Foreword by Jim Whitehurst, Red Hat

OpenShift in Action is a full reference to Red Hat OpenShift that breaks down this robust container platform so you can use it day-to-day. Combining Docker and Kubernetes, OpenShift is a powerful platform for cluster management, scaling, and upgrading your enterprise apps. It doesn't matter why you use OpenShift—by the end of this book you'll be able to handle every aspect of it, inside and out!

Table of Contents detailed table of contents

Part 1: Fundamentals

1 Getting to know OpenShift

1.1 What is a container platform?

1.1.1 Containers in OpenShift

1.1.2 Orchestrating containers

1.1.3 Realizing the promise of containers

1.2 Examining the architecture

1.2.1 Integrating container images

1.2.2 Accessing applications

1.2.3 Handling network traffic in your cluster

1.3 Examining an application

1.3.1 Building applications

1.3.2 Deploying and serving applications

1.4 Use cases for container platforms

1.4.1 Technology use cases

1.4.2 Use cases for businesses

1.4.3 When containers are not the answer

1.5 Solving container storage needs

1.6 Scaling applications

1.7 Integrating stateful and stateless applications

1.8 Summary

2 Getting started

2.1 Logging in

2.1.1 Using the oc command-line application

2.2 Creating projects

2.3 Application components

2.3.1 Custom container images

2.3.2 Buildconfigs

2.3.3 Deploymentconfigs

2.3.4 Imagestreams

2.4 Deploying an application

2.4.1 Services provide consistent application access

2.4.2 Exposing services to the outside world with routes

2.5 Deploying applications using the web interface

2.5.1 Logging in to OpenShift web interface

2.6 Deploying applications with the web interface

2.7 Summary

3 Containers are Linux

3.1 Defining containers

3.2 How OpenShift components work together

3.2.1 OpenShift manages deployments

3.2.2 Kubernetes schedules applications across nodes

3.2.3 Docker creates containers

3.2.4 Linux isolates and limits resource

3.2.5 Putting it all together

3.3 Application isolation with kernel namespaces

3.3.1 The mount namespace

3.3.2 The UTS namespace

3.3.3 PIDS inside containers

3.3.4 Shared memory resources

3.3.5 Container networking

3.4 Summary

Part 2: Cloud-native applications

4 Working with services

4.1 Testing application resiliency

4.1.1 Understanding replication controllers

4.1.2 Labels and selectors

4.2 Scaling applications

4.2.1 Modifying the deploymentconfig

4.3 Maintaining healthy applications

4.3.1 Creating liveness probes

4.3.2 Creating readiness probes

4.4 Summary

5 Autoscaling with metrics

5.1 Determining expected workloads is hard

5.2 Installing OpenShift metrics

5.2.1 Examining the metrics available

5.3 Using pod metrics to trigger pod autoscaling

5.3.1 Creating an HPA object

5.3.2 Testing your autoscaling implementation

5.4 Summary

6 Continuous integration and continuous deployment

6.1 Container images as the centerpiece of a CI/CD pipeline

6.2 Promoting images

6.3 CI/CD part 1: creating a development environment

6.3.1 Triggers

6.3.2 Enabling automated and consistent deployments with ImageStreams

6.4 CI/CD part 2: promoting dev images into a test environment

6.4.1 Service discovery

6.4.2 Automate the promotion of images from build to test

6.5 CI/CD part 3: masking sensitive data in a production environment

6.5.1 Secrets

6.5.2 ConfigMaps

6.6 Jenkins as the backbone of a CI/CD pipeline

6.6.1 Triggering Jenkins from Gogs

6.6.2 Native integration with a Jenkinsfile

6.6.3 Deployment strategies

6.7 Summary

Part 3: Stateful applications

7 Creating and managing persistent storage

7.1 Container storage is ephemeral

7.2 Handling permanent data requirements

7.3 Creating a persistent volume

7.3.1 Logging in as the admin user

7.3.2 Creating new resources from the command line

7.3.3 Creating a physical volume

7.4 Using persistent storage

7.4.1 How persistent volume claims match up with persistent volumes

7.4.2 Creating a persistent volume claim using the command line

7.4.3 Adding a volume to an application on the command line

7.4.4 Adding persistent storage to an application using the web interface

7.5 Testing applications after adding persistent storage

7.5.1 Data doesn’t get mixed up

7.5.2 Forcing a pod restart

7.5.3 Investigating persistent volume mounts

7.6 Summary

8 Stateful Applications

8.1 Clustering Applications

8.1.1 Other Use Cases For Direct Pod Access

8.2 Sticky sessions

8.3 Graceful shutdown

8.3.1 Grace period

8.3.2 Container Lifecycle Hooks

8.4 StatefulSets

8.4.1 Deterministic start-up and shutdown order sequencing

8.4.2 Predictable Network identity

8.4.3 Consistent Persistent Storage Mappings

8.5 Supporting Concepts

8.6 Examples in Chapter

8.7 Summary

Part 4: Operations and Security

9 Authentication and resource access

9.1 Working with user roles

9.1.1 Assigning new user roles

9.1.2 Creating administrators

9.2 Setting default user roles

9.2.1 Testing default roles

9.3 Limit ranges

9.3.1 Defining resource limit ranges

9.4 Resource quotas

9.4.1 Creating compute quotas

9.4.2 Creating resource quotas

9.5 Working with quotas and limits

9.5.1 Applying quotas and limits to existing applications

9.5.2 Changing quotas for deployed applications

9.6 Using cgroups to limit resources

9.6.1 Cgroups overview

9.6.2 Identifying container cgroups

9.6.3 Confirming cgroup resource limits

9.7 Summary

10 Networking

10.1 Network Design

10.1.1 The pod network

10.2 OpenShift SDN

10.2.1 Application node network configuration

10.2.2 Linking containers to host interfaces

10.2.3 Working with OVS

10.3 Routing application requests

10.3.1 HAProxy

10.3.2 The HAProxy pod

10.3.3 How HAProxy gets requests to the correct pods

10.4 Internal DNS

10.4.1 DNS resolution in the pod network

10.5 Configuring OpenShift SDN

10.5.1 Ovs-subnet plugin

10.5.2 The ovs-multitenant plugin

10.5.3 The ovs-networkpolicy plugin

10.5.4 Enabling the ovs-multitenant plugin

10.5.5 Testing the multitenant plugin

10.6 Summary

11 Security

11.1 SELinux

11.1.1 Labels

11.1.2 Contexts

11.1.3 Policies

11.1.4 MCS level

11.2 Pod security contexts

11.2.1 MCS levels

11.2.2 Pod capabilities

11.2.3 Controlling the pod user ID

11.3 Scanning container images

11.3.1 Obtaining the image scanning application

11.3.2 Deploying the image scanning application

11.3.3 Viewing events on the command line

11.3.4 Changing SCCs for an application deployment

11.3.5 Viewing security scan results

11.4 Annotating images with security information

11.5 Thank you

11.6 Summary


Appendix A: Installation and initial configuration

A.1 Prerequisites

A.1.1 Available systems or ability to create virtual machines

A.1.2 Administrator or root access

A.1.3 Internet access

A.1.4 Access to the servers

A.1.5 Communication between servers

A.1.6 DNS Resolution

A.1.7 Networking information

A.2 Machine resource requirements

A.3 Installing CentOS 7

A.3.1 Launching the installer.

A.3.2 Configuring the disk setup

A.3.3 Setting up networking

A.3.4 Setting the permanent configurations on the servers

A.3.5 Starting the installation

A.3.6 Wrapping up and reboot

A.4 Preparing to install OpenShift

A.4.1 Software prerequisites

A.4.2 Configuring DNS resolution on both servers

A.4.3 Configuring container storage for application nodes

A.4.4 Enabling and starting docker on your OpenShift nodes

A.4.5 Configuring SELinux on your OpenShift nodes

A.5 Installing OpenShift

A.5.1 Creating the OpenShift inventory

A.5.2 OpenShift inventoy file

A.5.3 Running the deployment playbook

A.6 Installation complete

A.7 Installing the oc OpenShift command line utility

A.7.1 Installing oc on Windows

A.7.2 Installing oc on OS X

A.7.3 Installing oc on Linux

A.7.4 Confirming oc is installed and functioning correctly

A.8 Adding an OpenShift node

A.8.1 Preparing the new application node

A.9 Configuring the master node

A.9.1 Updating OpenShift playbooks

A.9.2 Updating your OpenShift inventory

A.10 Adding the node

Appendix B: Setting up a persistent storage source

B.1 Installing the NFS server software

B.2 Configuring storage for NFS

B.2.1 Creating a filesystem on your storage disk

B.3 Mounting your storage disk at startup

B.3.1 Creating a mountpoint directory

B.3.2 Getting your storage drive’s block ID

B.3.3 Editing /etc/fstab to include your volume

B.3.4 Activating your new mount point

B.4 Configuring NFS

B.4.1 Setting ownership of the mountpoint

B.5 Setting firewall rules to allow NFS traffic

B.6 Enabling and starting NFS

B.6.1 Starting NFS services

B.6.2 Confirming your NFS volume is exported and ready to use

Appendix C: Working directly with docker

C.1 Getting running containers

C.2 Using docker inspect

C.3 Interactive shells inside a container

Appendix D: Configuring identity providers

D.1 htpasswd

D.2 Creating the htpasswd database

D.3 Changing authentication providers

About the Technology

Containers let you package everything into one neat place, and with Red Hat OpenShift you can build, deploy, and run those packages all in one place! Combining Docker and Kubernetes, OpenShift is a powerful platform for cluster management, scaling, and upgrading your enterprise apps.

About the book

OpenShift in Action is a full reference to Red Hat OpenShift that breaks down this robust container platform so you can use it day-to-day. Starting with how to deploy and run your first application, you'll go deep into OpenShift. You'll discover crystal-clear explanations of namespaces, cgroups, and SELinux, learn to prepare a cluster, and even tackle advanced details like software-defined networks and security, with real-world examples you can take to your own work. It doesn't matter why you use OpenShift—by the end of this book you'll be able to handle every aspect of it, inside and out!

What's inside

  • Written by lead OpenShift architects
  • Rock-solid fundamentals of Docker and Kubernetes
  • Keep mission-critical applications up and running
  • Manage persistent storage

About the reader

For DevOps engineers and administrators working in a Linux-based distributed environment.

About the authors

Jamie Duncan is a cloud solutions architect for Red Hat, focusing on large-scale OpenShift deployments. John Osborne is a principal OpenShift architect for Red Hat.

OpenShift in Action (combo) added to cart
continue shopping
go to cart

combo $44.99 pBook + eBook + liveBook
OpenShift in Action (eBook) added to cart
continue shopping
go to cart

eBook $35.99 pdf + ePub + kindle + liveBook

FREE domestic shipping on three or more pBooks

At last, a much-needed guide to OpenShift! An excellent read crammed with practical hands-on exercises.

Michael Bright, Containous

The definitive guide to the base technologies of the containers era.

Ioannis Sermetziadis, Numbrs Personal Finance

An essential resource. Gives a clear picture of a complex ecosystem.

Bruno Vernay, Schneider Electric