HackMDDO180 "Introduction to Containers, Kubernetes, and Red Hat OpenShift" notes in the margin
tags: red hat, openshift, docker, containers
Course description: DO180 Introduction to Containers, Kubernetes, and Red Hat OpenShift
Image Not Showing
Possible Reasons
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →
Table of contents
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
1. Getting Started with Container Technology
https://developers.redhat.com/blog/2018/02/22/container-terminology-practical-introduction/
https://access.redhat.com/containers/guide
https://learn.openshift.com/
https://cookbook.openshift.org/
https://blog.nody.cc/posts/container-breakouts-part1/
https://www.redhat.com/en/topics/containers/whats-a-linux-container
Medium.com Article: Kubernetes Architecture
RedHat KB: Red Hat Container Support Policy
Youtube Video: Red Hat OpenShift - Much more than Kubernetes
Openshift blog: Enterprise Kubernetes with OpenShift (Part one)
https://www.redhat.com/sysadmin/podman-windows-wsl
https://developers.redhat.com/blog/2016/03/31/no-cost-rhel-developer-subscription-now-available#
RedHat CodeReady Containers
Deep Dive into CodeReady Containers Deployment on Linux
YouTube Video: Deep Dive into CodeReady Containers Deployment on Linux
2. Creating Containerized Services
Register Red Hat Developer Subscription
Getting Red Hat Developer Subscription: What RHEL users need to know
Getting Started with Red Hat OpenShift
Deploy Openshift Enterprise and CakePHP with oc cluster up
Environment variables that are used directly or indirectly by MySQL
OpenShift Linux|MacOSX|Windows Client download link
Install OpenShift Container Platform 4 in Azure
https://itnext.io/guide-installing-an-okd-4-5-cluster-508a2631cbee
Deploying and Managing OpenShift 3.9 on different platforms
Deploy OpenShift Container Platform 3.11 in Azure with AzureRM template
Redhat Blogs: OpenShift All-in-One (AIO) for Labs and Fun (Openshift 3.11 edition)
Redhat Blogs: Revamped OpenShift All-in-One (AIO) for Labs and Fun (Openshift 4.2 edition)
https://www.openshift.com/blog/openshift-4-bare-metal-install-quickstart
https://www.richardwalker.dev/ocp-setup.html
ITNext.io story: OKD 4.5 Single Node Cluster on Windows 10 using Hyper-V
https://www.redhat.com/sysadmin/rootless-podman-makes-sense
https://developers.redhat.com/blog/2020/09/25/rootless-containers-with-podman-the-basics
3. Managing Containers
Learn how to correctly start and stop Docker containers
CTRL-C is ignored by mysqld and mariadb
Mysql container does not catch signals and exit (Ctrl+C)
Mariadb ignore SIGINT (Ctrl+C). Use SIGQUIT(Control+\)
SIGINT normally is ignored by the Mysql 5.7 Server
HTTPD catches SIGWINCH window change signal and gracefully stop
Graceful Stop httpd with WINCH signal
Container Namespaces – Deep Dive into Container Networking
habr blog: сеть контейеров это просто
4. Managing Container Images
Red Hat Container Registry Authentication
/etc/containers/registries.conf
How to get a list of images on docker registry v2
jq is a lightweight and flexible command-line JSON processor.
Docker Registry HTTP API V2 docs
https://www.docker.com/blog/checking-your-current-docker-pull-rate-limits-and-status/
bash script to demonstrate auth in registry
Listing image tags for Red Hat's Container Registry
Docker Registry CLI - Provides search functionality for Docker Registry (UI and CLI)
Official rhscl/httpd-24-rhel7 docker image
USING RED HAT SOFTWARE COLLECTIONS 3 CONTAINER IMAGES
USING RED HAT SOFTWARE COLLECTIONS 2.4 CONTAINER IMAGES
Docker Registry This is DEPRECATED! Please go to https://github.com/docker/distribution
Docker Distribution: The Docker toolset to pack, ship, store, and deliver content
propose registry search functionality #206
Docker Registry User Interface
Using in-home Registry without authentication is a Security Problem
Anatomy of a hack: Docker Registry
[RFP] replace catalog API functionality
https://access.redhat.com/RegistryAuthentication
https://access.redhat.com/terms-based-registry/#
5. Creating Custom Container Images
https://docs.docker.com/storage/storagedriver/overlayfs-driver/
https://developers.redhat.com/products/rhel/ubi/
https://www.redhat.com/en/blog/introducing-red-hat-universal-base-image
https://habr.com/ru/company/redhatrussia/blog/451090/
Dockerfile reference
Best practices for writing Dockerfiles
Understand how CMD and ENTRYPOINT interact
Both CMD and ENTRYPOINT instructions define what command gets executed when running a container. There are few rules that describe their co-operation.
- Dockerfile should specify at least one of CMD or ENTRYPOINT commands
- ENTRYPOINT should be defined when using the container as an executable
- CMD should be used as a way of defining default arguments for an ENTRYPOINT command or for executing an ad-hoc command in a container
- CMD will be overridden when running the container with alternative arguments
The table below shows what command is executed for different ENTRYPOINT / CMD combinations:
| No ENTRYPOINT | ENTRYPOINT exec_entry p1_entry | ENTRYPOINT [“exec_entry”, “p1_entry”] | |
|---|---|---|---|
| No CMD | error, not allowed | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry |
| CMD [“exec_cmd”, “p1_cmd”] | exec_cmd p1_cmd | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry exec_cmd p1_cmd |
| CMD [“p1_cmd”, “p2_cmd”] | p1_cmd p2_cmd | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry p1_cmd p2_cmd |
| CMD exec_cmd p1_cmd | /bin/sh -c exec_cmd p1_cmd | /bin/sh -c exec_entry p1_entry | exec_entry p1_entry /bin/sh -c exec_cmd p1_cmd |
If CMD is defined from the base image, setting ENTRYPOINT will reset CMD to an empty value. In this scenario, CMD must be defined in the current image to have a value.
Gracefully Stopping Docker Containers
Gracefully Shutdown Docker Container
https://12factor.net/ru/
https://medium.com/@ruslanfg/12-факторов-для-разработки-по-a8585aaaf252
RedHatRussia Habr Blog: Red Hat Universal Base Image (UBI) строить и жить помогает
Where’s The Red Hat Universal Base Image Dockerfile
RedHat Developers blog: Red Hat Universal Base Image and Docker Hub: Why should developers care?
RedHat free Ebook: Red Hat Universal Base Images (UBI)
Crunchtools blog: All You Need To Know About Red Hat Universal Base Image
SHA256 Digests of images only compute in manifest when you push them on Docker Registry with V2 API
GitHub: docker-cli issue: docker images –digest image does not display digest. Opened bug
GitHub: moby issue: Docker build should compute image digests #32016
6. Deploying Containerized Applications on OpenShift
Openshift Docs: Getting started with the CLI
https://github.com/jamiehannaford/what-happens-when-k8s
https://kubernetes.io/ru/docs/concepts/overview/working-with-objects/kubernetes-objects/
Kubernetes hands on series: What happens when you create a Pod in Kubernetes?
Openshift SDN diagram
The Interfaces on a Node
These are the interfaces that the OpenShift SDN creates:
br0: The OVS bridge device that containers will be attached to. OpenShift SDN also configures a set of non-subnet-specific flow rules on this bridge.
tun0: An OVS internal port (port 2 on br0).
This gets assigned the cluster subnet gateway address, and is used for external network access.
OpenShift SDN configures netfilter and routing rules
to enable access from the cluster subnet to the external network via NAT.
vxlan_sys_4789: The OVS VXLAN device (port 1 on br0), which provides access to containers on remote nodes. Referred to as vxlan0 in the OVS rules.
vethX (in the main netns): A Linux virtual ethernet peer of eth0 in the Docker netns. It will be attached to the OVS bridge on one of the other ports.
SDN Flows Inside a Node
Depending on what you are trying to access (or be accessed from) the path will vary. There are four different places the SDN connects (inside a node). They are labeled in red on the diagram above.
Pod: Traffic is going from one pod to another on the same machine (1 to a different 1)
Remote Node (or Pod): Traffic is going from a local pod to a remote node or pod in the same cluster (1 to 2)
External Machine: Traffic is going from a local pod outside the cluster (1 to 3)
Of course the opposite traffic flows are also possible.
Openshift.com blogs: Enhancing your Builds on OpenShift: Chaining Builds
Youtube Video: OpenShift for Beginners - CI/CD & DevOps - Builds and Build Triggers
OpenShift 4(and 3): Image Builds
Github repo: sclorg containers doc
Using Red Hat OpenShift image streams with Kubernetes deployments
How to Simplify Container Image Management in Kubernetes with OpenShift Image Streams
Pic. 1. Image Stream python pointing to two external docker registries (tags 3.5 and 3.6), one internal registry, and to a different tag.
Using a custom builder image on Red Hat OpenShift with OpenShift Do
Sticking with HEAD on OpenShift with Image Streams
Variations on imagestreams in OpenShift 4
OpenShift Commons Briefing #43: Source-to-Image Deep Dive
https://www.openshift.com/blog/linux-capabilities-in-openshift
https://cookbook.openshift.org/
opensource.com free e-book: A guide to Kubernetes for SREs and sysadmins
E-BOOK Managing your Kubernetes clusters for dummies
https://itnext.io/4-container-design-patterns-for-kubernetes-a8593028b4cd
7. Deploying Multi-Container Applications
docker networks: bridge, overlay
8. Troubleshooting Containerized Applications
Learnk8s blog: A visual guide on troubleshooting Kubernetes deployments
OpenShift 3.11: Triaging Disasters and Outages
RedHat Article: Consolidated Troubleshooting Article OpenShift Container Platform 4.x
9. Comprehensive Review of Introduction to Containers, Kubernetes, and Red Hat OpenShift
https://www.richardwalker.dev/pages/openshift.html
https://access.redhat.com/articles/5059881
https://www.certdepot.net/openshift-articles/
https://kodekloud.com/blog/best-kubernetes-books/
https://github.com/redhat-scholars/redhat-scholars.github.io
Cloud Native workshops and tutorials
OpenShift Starter Guides Developing Java Applications on OpenShift - Starter Lab
You will find here notes and links to official docs with additional information on products and technologies that described on RedHat Cources.
THIS DOCUMENT DOES NOT REPRINT ANY COPYRIGHTED CONTENT FROM REDHAT TRAINING. You will find here only public accessible outline.
