OpenShift 3.11

# OpenShift 3.11 1. Environment + CentOS 7 + Docker + https://docs.docker.com/engine/install/centos/ + sudo groupadd docker + sudo usermod -aG docker $USER + (relogin) + docker ps (no sudo required) 2. Install OpenShift + vi /etc/docker/daemon.json ```json= { "insecure-registries": [ "172.30.0.0/16" ] } ``` + docker network inspect -f "{{range .IPAM.Config}}{{.Subnet}}{{end}}" bridge + 172.17.0.0/16 + restart docker + systemctl daemon-reload + systemctl restart docker + download and install OpenShift + curl -OL https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz + sudo tar zxvf openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz --strip-components=1 -C /usr/local/bin openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit/oc + sudo tar zxvf openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz --strip-components=1 -C /usr/local/bin openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit/kubectl + oc version + kubectl + create cluster + ip a + 192.168.56.104 + oc cluster up --public-hostname=192.168.56.104 + curl https://192.168.56.104:8443 -k + (optional) login as admin + oc login -u system:admin + oc whoami + kubectl cluster-info + kubectl get nodes -o wide + oc adm registry (twice) 3. Create New Application + (optional) create new project + oc new-project dev + oc projects (show all projects) + oc project myproject (switch to myproject default project) + oc project dev (switch to dev project) + create new app + oc new-app nginxinc/nginx-unprivileged + check and wait + oc status + oc logs dc/nginx-unprivileged + oc get pods (till build pod completed and main pod running) + oc get svc + CLUSTER-IP, PORT + curl http://CLUSTER-IP:PORT + expose a route + oc expose svc/nginx-unprivileged + oc get route + curl http://nginx-unprivileged-dev.192.168.56.104.nip.io 4. Change + baseline + oc get dc -o yaml > dc.yaml + oc delete dc/nginx-unprivileged + oc get dc,po + no resources + curl http://nginx-unprivileged-dev.192.168.56.104.nip.io + error html + oc apply -f dc.yaml + curl http://nginx-unprivileged-dev.192.168.56.104.nip.io + normal response + using host-path + dc -> pvc -> pv0001 ~ pv0100 + using nfs + dc -> pvc -> pv -> nfs 5. Lifecycle + clean project + oc delete all -l app=nginx-unprivileged + oc delete project dev (don't remove the default myproject) + restart cluster + oc cluster down + oc cluster up + rebuild cluster + oc cluster down + rm -rf ~/.kube + for i in $(mount | grep openshift | awk '{print $3}'); do sudo umount $i; done + sudo rm -rf openshift.local.clusterup + oc cluster up --public-hostname=192.168.56.104 6. Reference + https://blog.miniasp.com/post/2020/10/11/Install-OpenShift-Origin-OKD-311-on-Ubuntu-Linux # NFS + oc whoami + system:admin + cat pv.yml ```yaml= apiVersion: v1 kind: PersistentVolume metadata: name: pv1 spec: capacity: storage: 5Gi accessModes: - ReadWriteMany nfs: path: /var/nfsshare server: server.nfs.org ``` + oc apply -f pv.yml + oc get pv/pv1 + status: Available + cat pvc.yml ```yaml= apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pvc1 spec: accessModes: - ReadWriteMany resources: requests: storage: 1Gi volumeName: pv1 ``` + oc apply -f pvc.yml + oc get pvc/pvc1 + status: Bound + https://www.howtoforge.com/nfs-server-and-client-on-centos-7 + https://docs.openshift.com/container-platform/3.11/install_config/persistent_storage/persistent_storage_nfs.html#nfs-volume-security + https://docs.openshift.com/container-platform/3.11/install_config/persistent_storage/pod_security_context.html#user-id # Customize app with NFS + cat pod.yml ```yaml= kind: Pod apiVersion: v1 metadata: name: pod1 labels: app: nginx spec: containers: - name: nginx image: docker.io/nginx ports: - containerPort: 80 protocol: TCP volumeMounts: - mountPath: "/var/log/nginx" name: volume1 volumes: - name: volume1 persistentVolumeClaim: claimName: pvc1 ``` + oc apply -f pod.yml + oc get pod/pod1 + ready: 1+ + status: Running + cat svc.yml ```yaml= apiVersion: v1 kind: Service metadata: name: svc1 spec: selector: app: nginx ports: - port: 8080 protocol: TCP targetPort: 80 ``` + oc apply -f svc.yml + oc get svc/svc1 + CLUSTER-IP, 8080 + curl http://CLUSTER-IP:8080 + CONNECTION refused + oc cluster down + oc cluster up + curl http://CLUSTER-IP:8080 + CONNECTION OK + oc exec -it pod1 \-\- tail /var/log/nginx/access.log + oc expose svc/svc1 + curl http://svc1-dev.192.168.56.104.nip.io # CodeReady Containers + crc start / stop + https://console.redhat.com/openshift/create/local # NFS Server on MacOS + MacOS + mkdir ~/nfsshare + sudo vi /etc/exports + /Users/david/nfsshare -mapall=david -network 192.168.108 -mask 255.255.254.0 + sudo nfsd checkexports + sudo nfsd start + nfsd status + Firewall + Allow 192.168.108.1/23 -> 172.16.4.232 111/2049 TCP/UDP + Linux Client + sudo yum install nfs-utils + mkdir /mnt/nfs + sudo mount -t nfs 172.16.4.232:/Users/david/nfsshare /mnt/nfs/ + df + sudo umount /mnt/nfs + https://docstore.mik.ua/orelly/unix3/mac/ch03_10.htm + https://superuser.com/questions/1196409/how-to-restart-nfsd-service-on-macos + https://www.freebsd.org/cgi/man.cgi?exports(5)