
Let us begin me introducing my self so you could get to know me, and perhaps I can get to know you more in the future. I may not have the sexiest voice in town but I know what I am talking about in terms of technology. I am excited with you guys as we move forward in our lecture.
Disclaimer:
I am not connected or working to any of the technologies used in this class, nor is selling or endorsing any of them. Using these technologies are for educational demonstration purposes only.
Discusses the architecture of Docker and Virtual Machine(VM). Covers technology advancement of Docker over VM such as the elimination of Hypervisor causing some latency, and the storage savings.
A short video describing the process of installing Docker in Linux. Linux environment were chosen since as of todays writting OpenShift only runs in Linux particular to RedHat based system.
A straight forward approach of installing Docker in Linux CentOS. We focuses on Linux here since as of todays writing, OpenShift only runs in Linux.
Focuses on the basic Docker commands. This lectures launches a HTTPD web server image from the Docker hub. to create container. The newly launched container will be used to demonstrate starting, stopping, deleting, and some other concepts in Docker.
A theoretical discussion on the process involve in building a application and have it deployed to OpenShift as a cloud native application. This will be the actual process to be used in this class in building a Microservice REST API.
Docker is by default non-persistent. Data stored in Docker are lost after container has been turned off or deleted.
Learn to attach storage to Docker container to persist / save the state of data even after removing or deleting container.
This topic focuses on Dockerfile configuration. The basic foundation to build a Dockerized application. In this lecture; students are prepared to build a GoLang REST API microservice by configuring a Dockerfile.
Note: All resources and sources can be downloaded via link
Build simple GoLang REST webservice that gets the current system time and hostname. Learn to build the source into an image that runs in Docker container.
GoLang build command:
# sudo docker build -t webservice:latest . -f Dockerfile
Run Docker container in background
# sudo docker run -itd --name webservice -p 8000:8000 webservice:latest
Overview of the SpringBoot REST API sample application.
Covers hands-on tutorial on building SpringBoot REST web service API. This class builds a API called Movie. The API allows basic CRUD operation to database to a Movie table.
Here are the steps in building the REST API using the template:
Import and Configure Project Template
Create Java Entity / Model
Add Java Repository
Add Java Service Repository
Create the Controller and URL endpoints
Prepare sample movie data
Start container DB and run the project
Dockerize the Spring Boot API
Please download the project template attachment named api.zip.
OpenShift Docker Installation (CentOS / Redhat)
Install Docker
Please refer to lecture 5 to Install Docker.
Configure Docker Installation
Configure Docker Daemon
Edit or create a file /etc/docker/daemon.json in the server
Add the following line (/etc/docker/daemon.json)
{
"insecure-registries": [
"172.30.0.0/16"
]
}
sudo systemctl daemon-reload
sudo systemctl restart docker
Edit Firewall Configuration
firewall-cmd --permanent --new-zone dockerc
firewall-cmd --permanent --zone dockerc --add-source 172.17.0.0/16
firewall-cmd --permanent --zone dockerc --add-port 8443/tcp
firewall-cmd --permanent --zone dockerc --add-port 53/udp
firewall-cmd --permanent --zone dockerc --add-port 8053/udp
firewall-cmd --reload
Download and Install OpenShift Origin
wget https://github.com/openshift/origin/releases/download/v3.10.0/openshift-origin-client-tools-v3.10.0-dd10d17-linux-64bit.tar.gz
tar -xvf openshift-origin-client-tools-v3.10.0-dd10d17-linux-64bit.tar.gz
mv openshift-origin-client-tools-v3.10.0-dd10d17-linux-64bit /opt/openshift
cd /opt/openshift
Run OpenShift
./oc cluster up
Note:
--public-hostname=Your IP
Add the flag above and define the server IP address to make OpenShift accessible outside
sysctl net.ipv4.ip_forward=1
Make sure it is set to 1
Test OpenShift Origin
Open a browser e.g. Chrome
Go to https://yourserver_ip:8443/console e.g https://127.0.0.1:8443/console
Done!
Minishift
Minishift is a tool that helps you run OKD locally by launching a single-node OKD cluster inside a virtual machine. With Minishift you can try out OKD or develop with it, day-to-day, on your local machine.
You can run Minishift on the Windows, macOS, and GNU/Linux operating systems. Minishift uses libmachine for provisioning virtual machines, and OKD for running the cluster. Linux Installation Procedure(CentOS)
Install Linux Pre-Requisites
Run the following commands in Linux terminal as root.
yum update
reboot
yum install -y kernel-devel kernel-headers gcc make perl
yum -y install wget
Install VirtualBox
wget https://www.virtualbox.org/download/oracle_vbox.asc
rpm --import oracle_vbox.asc
wget http://download.virtualbox.org/virtualbox/rpm/el/virtualbox.repo -O /etc/yum.repos.d/virtualbox.repo
yum install -y VirtualBox-5.2
systemctl status vboxdrv
Install Minishift
wget https://github.com/minishift/minishift/releases/download/v1.23.0/minishift-1.23.0-linux-amd64.tgz
tar -xvf minishift-1.23.0-linux-amd64.tgz
mv minishift-1.23.0-linux-amd64.tgz minishift
cd minishift
./minishift start --vm-driver=virtualbox
Secure your OpenShift Installation
This tutorial shows how to secure publicly accessible OpenShift installation such as those that are deployed in AWS. Note that this tutorial uses OpenShift version 3.9 as compared to 3.10 on previous lecture. That is because there were changes in the security installation procedures on version 3.10 above that significantly affect configurations causing complexity. I decided to stick with the simpler one when it comes to security.
Create AWS Instance (Red Hat Linux)
Please refer on the video.
Install and Configure Docker in AWS
sudo yum-config-manager --enable "Red Hat Enterprise Linux Server 7 Extra(RPMs)"
sudo yum install docker -y
sudo systemctl start docker
Download and Install OpenShift Version 3.9
sudo yum install wget
wget https://github.com/openshift/origin/releases/download/v3.9.0/openshift-origin-client-tools-v3.9.0-191fece-linux-64bit.tar.gz
tar -xvf openshift-origin-client-tools-v3.9.0-191fece-linux-64bit.tar.gz
Edit /etc/sysconfig/ and add --insecure-registry 172.30.0.0/16 in OPTIONS
e.g. OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --default-ulimit nofile=1024:4096 --insecure-registry 172.30.0.0/16'
sudo systemctl restart docker
Test OpenShift Installation (Unsecured)
Start OpenShift
./oc cluster up --routing-suffix=[public ip].nip.io --public-hostname=[public dns]1.compute.amazonaws.com
Test OpenShift by logging in console https://your public dns:8443
Notice that it will accept any username and password
Turn off unsecured installation
./oc cluster down
Secure OpenShift htpasswd Configuration
Install htpasswd
sudo yum install httpd-tools
Create allowed username in OpenShift, please supply a password when prompted
sudo htpasswd -c /var/lib/origin/openshift.local.config/master/users.htpasswd secureduser
Edit the master-config.yaml (see attached sample file configfile.zip). This is likely to be located at /var/lib/origin/openshift.local.config/master/master-config.yaml.
identityProviders:
- name: my_allow_provider
challenge: true
login: true
mappingMethod: claim
provider:
apiVersion: v1
kind: HTPasswdPasswordIdentityProvider
file: users.htpasswd
Test OpenShift Installation (Secured)
sudo ./oc cluster up --routing-suffix=18.136.4.220.nip.io --public-hostname=ec2-18-136-4-220.ap-southeast-1.compute.amazonaws.com --use-existing-config=true
Test OpenShift by logging in console https://your public dns:8443
Login with the username and password you created in htpasswd. Notice that it no longer accept any users
Note: Replace --routing-suffix with your AWS public IP and --public-hostname with your AWS public DNS. Remember to suffix the IP with .nip.io.
Discuss how to create project in OpenShift. Project are like a namespace / folder where one can add Applications to run.
Application is the process of adding an image or a source to the project. The application are binary that runs in your containers / Pods. This lecture will use Apache HTTPD as sample application for demo.
Allows your application running in container / pods accessible in the outside world.
A virtual environment that runs group of containers. Pods can be scaled up or down. Pod is like a virtual compute processing that run containers. Note though that pod is not a virtual machine as it does not use hypervisor.
Redirect traffic going in to you local server into specific pods in OpenShift such that applications and running inside the container appear to be installed and configured locally. This is essential for development purposes.
This lecture discusses on how to create a disk storage in OpenShift and have it mounted to Pods. I attached a script that creates 10 persistent storage. You may use this this for your own.
Note:
We are using local volume mount for testing purposes only not for production.
Commercial grade volume mounting are out of scope of this lecture such as Container Native volumes, NFS, AWS EBS, etc.
Step 1: Run OpenShift with ETCD mounted locally
# sudo mkdir /opt/etcd
# sudo ./oc cluster up --routing-suffix=<your Public IP> --public-hostname=<your public hostname if exist> --use-existing-config=true --host-data-dir='/opt/etcd'
Step 2: Run the pv.sh to generate script
# sudo ./pv.sh
Watch the video for full demonstration of the persistent volume mounted locally.
Deploy the Spring Boot REST API into OpenShift. The following are the process:
Build the Docker image
Push the image to Docker Hub
Create Application in OpenShift
Point the image of the Application to Docker Hub
Edit the the expose the service and create new route
Test the REST API
Please refer to the video for detailed process and explanation. I also attached the source code for this. Make sure to edit some parameters in the code such as database url, username, and password on the application.properties.
This lecture shows how to create Application by pointing OpenShift to a source repository like git.
Step 1: Login to OpenShift console
# sudo ./oc login -u <username>
Step 2: Select a project
# sudo ./oc project testproject
Step 3: Create the Application
# sudo ./oc new-app https://github.com/teodoroaricoiii/webservice.git
Step 4: Expose the Service
# sudo ./oc expose <name of the service> --port=<golang REST API port> --hostname=<service>.ipaddress.nip.io
e.g. sudo ./oc expose svc/webservice --port=8000 --hostname=webservice.13.251.123.237.nip.io
Step 5: Test the Application by accessing URL endpoints in browser
http://servicename.youripaddress.nip.io/getresource
e.g. http://webservice.13.251.123.237.nip.io/getresource
GitHub repository:
https://github.com/teodoroaricoiii/webservice.git
Summary
This shows how to install OpenShift Origin 3.9 in a multi-clustered environment. We will be using Vagrant to simulate different machines.
Step 1: Install Dependencies
yum -y install gcc dkms make qt libgomp patch
yum -y install kernel-headers kernel-devel binutils glibc-headers glibc-devel font-forge
cd /etc/yum.repo.d/
wget http://download.virtualbox.org/virtualbox/rpm/rhel/virtualbox.repo
Step 2: Install VirtualBox
yum install -y VirtualBox-5.1
/sbin/rcvboxdrv setup
Step 3: Install Vagrant
# Accept default values and do not put password
ssh-keygen
yum -y install https://releases.hashicorp.com/vagrant/2.1.5/vagrant_2.1.5_x86_64.rpm
Step 4: Launch Bastion Host
# Install git if you do not have one
yum install git
# You must download our sample vagrant configuration file
# Note, you can also download it in the attachment of this article
git clone https://github.com/corpbob/openshift_ansible_vagrant.git
cd openshift_ansible_vagrant/vagrant
# At this point, there will be three virtual machines that will be created. A bastion host, master node, and worker node. It will take sometime running this command, go get some coffee first.
vagrant up
Step 5: Run Ansible Automated Install
# Login to the created Bastion Host
username: vagrant
password: vagrant
# Run Ansible script to prepare openshift in the master and node
ansible-playbook -i hosts openshift.yaml
#Run Ansible script to install and setup pre-requisites
ansible-playbook -i hosts openshift-ansible/playbooks/prerequisites.yml
# Run the actual cluster deployment
ansible-playbook -i hosts openshift-ansible/playbooks/deploy_cluster.yml
# Fix some configurations
ansible-playbook -i hosts fix.yml
Step 6: Add a admin role to a user
# Login to the master node
username: vagrant
password: vagrant
# Add the role
oc adm policy add-cluster-role-to-user cluster-admin admin
Step 7: Login to admin console
https://master.10.1.3.2.nip.io:8443/
username: admin
password: admin
Summary
This course teaches student how to build a Cloud Native Micro Services (SpringBoot Java and GoLang) running in OpenShift Origin version 3.9 - 3.10.
It begins by creating two REST API in Java and GoLang. Once the applications were built, students learns how to build Image and Dockerize the application and have it published to Docker Hub.
After familiarising and getting comfortable to Docker, lecture transitions to OpenShift installation, administration, and basic concepts. From the knowledge gained in OpenShift, the SpringBoot and GoLang application will then be deployed as micro service running in OpenShift.
Outline
About the Author
Docker Overview
Docker Step by Step Installation
MySQL Container
Persistent Storage
Dockerfile
Build Micro Service in Docker
GoLang Micro Service
Java SpringBoot Micro Service
Cloud Native Build Process
DockerHub
OpenShift Architecture
Three Types of OpenShift Installation
OpenShift in Docker
OpenShift in MiniShift
OpenShift Cluster
Securing OpenShift Installation
OpenShift Key Concepts
Projects
Applications
Routes
Pods
MySQL in OpenShift
Port Forwarding
Persistent Storage
Deploy SpringBoot REST API Project in OpenShift
Source to Image using GoLang REST Project