My experiments with Openshift

Contents
What?
Advantages
Create dotnet
Create Nodejs
Create angular/react
Create python
Large model
Custom starter project
About java ecosystem
Tools
Secrets/Config maps/env variables
Resource limits
volumes
Dockerfile
Image deployment
tinker with kube side
rsh ssh
Courses

Links

https://www.youtube.com/channel/UCGngiDaHqxdat2aotHm-bDA

Free course https://www.udemy.com/course/deploying-containerized-applications-technical-overview/

https://www.tutorialspoint.com/openshift/index.htm

Approximate Transcript

Part 1

This is a Technology Icing podcast and you are listening to Karan Bhandari and in this episode we will be covering my experiments with openshift. Why open shift? I will show you? How do you deploy an application?In an container world without actually knowing what is a container, what is a docker and what is Cuban at ease?Open shift is away too abstract, even what is the underlying infrastructure you can be cloud agnostic. You did not know what is GDP? The GCE? Sorry the EC2 and as your VM or whether you are using any other underlying machine from maybe any other cloud provider like electrify.You can be cloud agnostic completely by using openshift. So open shift.I’m going to explain you from a user’s perspective, not as an operations person, so someone who is an application writer.And someone who just wants to put their workloads onto a container without actually knowing what a container is. I’m also going to talk to you about how if you were an operations guy, how do you modify the container to make it more amenable for your applications to be up and running in.The same Cuban 80s environment, an also if needed. You can modify the underlying yamil files of Cuban 80s if you wish to get into the nitty gritty’s and The Dirty parts.So these are the advantages you have ready made templatesavailableof.net, node, JS, Python, react, angular and Java ecosystem starter projects.All your concepts can map easily to.Open shift if you know communities and if you do not know.It’s OK, you can still be onboarded so you go to the GY.You click, you go to the catalog and want to deploy dot net application. I just go to dot net, add to cart an.I just give it to the GitHub Location an it will deploy it for me. It will give me a pod running with the service and I if I click on create route and exposes service it will do that for me. It will go ahead an just give me an end point without me knowing what is underlying machinery. What is a container? What is apart and there you go. A.net application is ready now if I need to give it a different starter project. For example if it’s not there in the route.Then I give it an environmentvariablelike.net speed underscore starter project and I tell it’s under source slash Myproject Slash Service Slash Project Dot CSS Praj an if I need to give it another nougat location, you can either commit a new Newgate dot config file within GitHub, or you can give it as an environment variable, and if your new gate is using a custom certificate that is not see S certified.You can give it another wreck.Directorywithin.net to contain your CSS words.Anosimilarlynotjust.net you can also deploy a node JS application. Most people typically right as a node, JS Express application and there is one more side which rights angle and react application. Now there is no template. If you go to Openshift catalog and search for an angular react will not get one.Some people use the NPX equal system and use a project called node shift. So in the root directory of the angular react application they typed spaced node shift an the name of the disk directory and it will you know do the deployment an give you an end point. But some people will also create an express index dot JS file and use a middleware called.Used Arctic so which is used to deliver the public directory. But you can make it point to the disk slash or application folder.If you are using wooden express, that’s a clever way to deploy an angular or react application.And you can also deploy a Python application by going to the catalog and you know make sure your GitHub location has a requirements dot TXT file, an app dot PY file.If your starter project is not app dot pie, or maybe something like underscore, underscore, net dot pie, you could tell it in an environment variable and even your pip configurations like your paper index URL or your pip.SSL checks could be configured from environment variables.Whatever I’ve seen, I’m seeing that you could do in the GY. You can also do in the command line. Now, in the GY you create something called a projects or many of projects, and one project is a collection of numerous applications. For example, if you’re in a library, the library and will have a set of applications for itself. A set of applications for the accountants, a set of applications for the end users. So it’s like a namespace that categorizes your your set of applications into numerous apps, so in.Or in Openshift, you create a new project and then you create an application within it.Now there are some challenges that come with you want to go away from what is considered like, uh, like you know a typical project like a Java project. Some people have some patterns that OK the that they will have to have a rabbit MQ running with Mongo DB running an A set of Micro Services communicating with each other. For some of them have some monitoring solutions like Cabana Prometheus.So they want to make their own template. You can create a template with the you know, like an orchestration you know orchestrate multiple pods.Or you can also create a project that is not very typical of being a.netbuta.net, which steroids then what you can do is you can make a custom STY image. Now an STI image enables you to make a similar.Type of application that is available in the catalog.And but you know, your developers can use that directly instead of using the default one that is generated for you. So for example, soon in an STI image you need to download the STI command line. In this you need to have Docker knowledge. What you will also create is set of executable scripts like will create a build script and assemble script and run script. So it will Anna Dockerfile and another assemble it. Will you have to tell it how to.Assemble all the binaries into one cohesive unit and the dockerfile is the one that you know pulled your dependency. Does your Yum installer app get and?In your runtime, you need to tell ok.net space. Run or maybe something like Docker compose up so you can write your own runtime instructions in a custom STY image and this can be available as one more image that the developers can use, so they will give something like.Use that image and use this GitHub URL so the GitHub URL will belong to the developer the the new image that you created from S2 I will belong to the operations team and you can separate the operations from the developers by making this custom arrangement.I’ve also seen that in Python people struggle with the deploying their AI solutions. With large models you can’t put a massive file onto github.com and just assume that it will work. Some of them use a new concept called as git, LF switches agate large file service. I don’t think you can directly use a large file system as is if you use a Python template, but you can get around by writing this application specific code. For example, use a bow to.Library to download a model from S3. Once the application starts and then you can mention that OK, my board is not ready with a separate readiness URL now I have mentioned that OK, you know the.Or just the superficial way of creating an application. But once an application is created, you can also go to the UI and click on the pod and you can click on edit Hamill and what you see underlying isn’t exactly abilities jamall file that has been generated for you in the background an you can toy around with it, tinker with it. You know you can play with it, you can change resource limits for storage that is a separate module.You cannot directly create storage on the UI an associated with your container is some path an it will map to the PVC concept of the provision volume concept of Cuban 80s within it.AnnThis way you can work with.Some applications that need storage.And I will talk about.How to even debug your containers? You could use RSH.And this other search will help you to SSH into the pod and debug what’s going on.So get cracking with it.Now in the dockerfile that you create, if you want to create a dockerfile then communities will allow you to do it and you can tell Cuban it is to use a dockerfile strategy. Just be aware that you cannot use any other.Um?Non Docker hub image as a starting project.If you.Want to use a custom image that is there in a private repository? You can directly make the image and push it to the Docker Registry private Docker Registry that is given by default to your project that has been created. Or you can also you know.Click you know create or.Oh OC secret aura which Maps to community secrets and makes it point to that private registry. But you cannot make a dockerfile out of it. I’ve had trouble doing that, but you can get around it with by using the concept of already premade image from an existing private registry.Know what you do on the on the graphical user interface can also be done with the command line and the command line directly Maps to Cuban 80s concepts or you can also just do oversee space, new app and the GitHub project name after you do OC. Login. That login command can be copied from your user profile section of the Geoeye.

Part 2

As mentioned, openshift can also work with Dockerfiles, an in this docker files. I think it’s mandatory for you to use an existing image from Docker hub an if for some reason you want to extend the existing functionality of.net or node JS. Then there are some specific openshift.net starter.Images that you can begin with.AnnI have. I’ve had trouble with deploying any application that had.An image which is the starting point of a dockerfile that is not a part of Docker hub. So for example, if I made a custom image in a private registry and I’m extending that in the dockerfile, I’ve had trouble with doing that. So what I generally do is I build it and put it into the private registry of Openshift. So when you make a new openshift project or default part of that is giving you a private Docker registry an.You can build your existing dockerfile.And then diploid diploid as an image. So you can directly deploye or Docker image.It could be from a private registry like AWSECR or something like the Azure Container Registry an or maybe your your custom one. You just need to link your secrets like you do OC. Create secretan you tell it it’s a Docker Secret and then open shift will be able to deploy the image and you mentioned the port that you want to deploy. An open shift will be able to do that for you. That’s for those users who want to get around the limitation of using a docker.Hub one, but yeah with I know that and an image from a private registry can be deployed as is into their into their registry. Or it could directly be diploid from the private registry if you give it the secret file for the Docker.An one disadvantage with open shifters. Or maybe it’s a good security feature, but I’m looking at it as a disadvantage is none of your containers will have root access, so you need to really right application. Well to ensure that you know your it’s not writing into random directories that are not declared in your configuration, like for example in Openshift you can create a volume on the Geo. Why you just create a volume and you say I want 1GB.Oh, like you create a storage an that will use the Docker and communities concept of PwC.Anne will link the volume to your container and in that you can write and in that the openshift will create a dummy user an accordingly you can play around and tinker with the volumes, but in general if you need root access then open shift will disallow it as a part of its security feature. You can also make a custom starter project like for example if you want to make a specific type of project template that belongs to organization that OK.You have this, uh, you know. Do you have this, this and this configuration? Your SRC file belongs here. You have a set of three other microservices depends on, so you can abstract this away from the developer by using a concept called is source to image still source to images? Nothing but you need to give a few executable files. For example, assemble, run and build in an STI folder within a GitHub.And then you need to give it a dockerfile.And you need to then extend an existing. You can either extend from one of the existing open open shiftstarterprojectslike.net node JS or Python And you can.If you want to.Go ahead an customize what is there in the assemble and build directory and then what should be running in the run directory. For example in the run directory you want to spin up a Dynamo DB database and you want to, you know link some micro service with the other or do some token exchange or handshake protocol with something else. Then you have to get into the world of Esther. Why Nesta Wise generally should be written by the operations team who have good knowledge in Dhaka?But many times people run into issues, for example out of memory in the bills. So your builds you need to go and you can go to the build and click on edit an you edit the resource limits. For example you can by default I think it just gives few mil equals an few MB of ram to build auto deploy you can increase that an you can also click on you know go to the building, edit the Yammer of the build so you can get into the fine grained communities.Controls with the help of the Yammer file an if you want to also modifier running pod you can actually go to the pod or you go to the deployment and click on edit deployment. Annual have direct access to the pod, the communities file and there you can tinker with things if need be, but in general you can. You know what your typical.You know, start up projects are in your organization or how much space would you need for your project so it will be good for you know to tell the operations team that OK, my Cuban it is. Could you please set this as a default while creating a cluster? And yeah, just be mindful that OK it is still using an easy to machine in the background or GCP compute engine or sorry or Google compute engine an GC engine so it will in current cost. So try your best to.Always think of Skilling so you can do OC scale an you can scale or an application to two pods or three pods horizontal scaling as their vertical scaling is also possible.By you know, increasing the number of CPUs that the particular pod pod needs.You can also set resource limits Ann. You can manage the underlying community secrets with the help of OC secrets and the overseas the overseas command line is very similar to cube SL. If you have work with Cuban at ease you can still do OC, get pods or see get SV CS or she gets services or see get deployments and you can still play around with the.Uh, the same concepts as community is. If you want to start getting into the nitty gritty’s in Python or to get a large model. Most people have this habit of using Git Alofs which is get large file system I. I think I had. I had difficulty with git LFS be’cause it did not work for me unless I made my own custom dockerfile and S2. I image. But those people who didn’t want to undergo the pain of making an STI image or just making an image pushing it to.You know the private registry of your project. What you can do is you can take care of some complexity at the application layer itself. For example, when the app starts up. Then you can use the bottle library to pull in from an S3 location, and then you can define one health check endpoint or readiness endpoint very similar to Cuban at ease and you will say that your pod is not ready if the model has not downloaded. So you can make an end point to check if.You know the file system has any file or not and that we large model issue could be tackled an similarly. For example, NPX node shift is one simple way to deploy angle application, but you can also use the node JS Express static framework to deploy the angle application so you can abstract away most of the complexity in the code if you don’t want to get into a dockerfile and the Cuban 80s part an just like you see TL you can exactly into the computer with OCR research.And if needed, you can tinker with the community side of things for the courses courses, I recommend that you subscribe to shape blocks from Openshift. He’s done numerous projects. An redhead itself has released numerous courses in Udemy there is one free course which I came across that you know makes you undergo the basics of Docker and communities and then it explains you what how you can deploy a simple application and open shift.In the Udemy course so have fun with openshift. I think it’s a very good way to apps you don’t need to know docker. You don’t need to know communities. You can still use the goodness of the same platform without actually having the knowledge. So play around with it. And yeah, get kickstarted. Be cloud agnostic. Don’t be tide to a single cloud vendor an don’t have to upscale yourself so much that you know all these concepts but you can still use them so.Reduce, take care.Thank you for listening to me by. I’m current bhandari working as a technical lead and associated generally.This is technology icing podcast goodbye.

Podcast: Play in new window | Download