DO180 - ch04s06

Bookmark this page

Guided Exercise: Kubernetes Pod and Service Networks

Deploy a database server and access it through a Kubernetes service.

Outcomes

You should be able to deploy a database server, and access it indirectly through a Kubernetes service, and also directly pod-to-pod for troubleshooting.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command ensures that all resources are available for this exercise. It also creates the deploy-services project and the /home/student/DO180/labs/deploy-services/resources.txt file. The resources.txt file contains some commands that you use during the exercise. You can use the file to copy and paste these commands.

[student@workstation ~]$ lab start deploy-services

Note

It is safe to ignore pod security warnings for exercises in this course. OpenShift uses the Security Context Constraints controller to provide safe defaults for pod security.

Instructions

Log in to the OpenShift cluster as the developer user with the developer password. Use the deploy-services project.

[student@workstation ~]$ oc login -u developer -p developer \
  https://api.ocp4.example.com:6443
Login successful.
...output omitted...

Set the deploy-services project as the active project.

[student@workstation ~]$ oc project deploy-services
...output omitted...

Use the registry.ocp4.example.com:8443/rhel8/mysql-80 container image to create a MySQL deployment named db-pod. Add the missing environment variables for the pod to run.

Create the db-pod deployment.

[student@workstation ~]$ oc create deployment db-pod --port 3306 \
  --image registry.ocp4.example.com:8443/rhel8/mysql-80
deployment.apps/db-pod created

Add the environment variables.

[student@workstation ~]$ oc set env deployment/db-pod \
  MYSQL_USER=user1 \
  MYSQL_PASSWORD=mypa55w0rd \
  MYSQL_DATABASE=items
deployment.apps/db-pod updated

Confirm that the pod is running.

[student@workstation ~]$ oc get pods
NAME                      READY   STATUS    RESTARTS   AGE
db-pod-6ccc485cfc-vrc4r   1/1     Running   0          2m30s

Your pod name might differ from the previous output.

Expose the db-pod deployment to create a ClusterIP service.

View the deployment for the pod.

[student@workstation ~]$ oc get deployment
NAME     READY   UP-TO-DATE   AVAILABLE   AGE
db-pod   1/1     1            1           3m36s

Expose the db-pod deployment to create a service.

[student@workstation ~]$ oc expose deployment/db-pod
service/db-pod exposed

Validate the service. Confirm that the service selector matches the label on the pod. Then, confirm that the db-pod service endpoint matches the IP of the pod.
1. Identify the selector for the db-pod service. Use the oc get service command with the -o wide option to retrieve the selector that the service uses.
```
[student@workstation ~]$ oc get service db-pod -o wide
NAME     TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE    SELECTOR
db-pod   ClusterIP   172.30.108.92   <none>        3306/TCP   108s   app=db-pod
```
  The selector shows an app=db-pod key:value pair.
2. Capture the name of the pod in a variable.
```
[student@workstation ~]$ PODNAME=$(oc get pods \
  -o jsonpath='{.items[0].metadata.name}')
```
3. Query the label on the pod.
```
[student@workstation ~]$ oc get pod $PODNAME --show-labels
NAME                     READY   STATUS    RESTARTS   AGE     LABELS
db-pod-6ccc485cfc-vrc4r  1/1     Running   0          6m50s   app=db-pod ...
```
  Notice that the label list includes the app=db-pod key-value pair, which is the selector for the db-pod service.
4. Retrieve the endpoints for the db-pod service.
```
[student@workstation ~]$ oc get endpoints
NAME     ENDPOINTS        AGE
db-pod   10.8.0.85:3306   4m38s
```
  Your endpoints values might differ from the previous output.
5. Verify that the service endpoint matches the db-pod IP address. Use the oc get pods command with the -o wide option to view the pod IP address.
```
[student@workstation ~]$ oc get pods -o wide
NAME                      READY   STATUS    RESTARTS   AGE   IP        ...
db-pod-6ccc485cfc-vrc4r   1/1     Running   0          54m   10.8.0.85 ...
```
  The service endpoint resolves to the IP address that is assigned to the pod.

Delete and then re-create the db-pod deployment. Confirm that the db-pod service endpoint automatically resolves to the IP address of the new pod.

Delete the db-pod deployment.

[student@workstation ~]$ oc delete deployment.apps/db-pod
deployment.apps "db-pod" deleted

Verify that the service still exists without the deployment.

[student@workstation ~]$ oc get service
NAME     TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)    AGE
db-pod   ClusterIP   172.30.108.92  <none>        3306/TCP   9m53s

The list of endpoints for the service is now empty.

[student@workstation ~]$ oc get endpoints
NAME     ENDPOINTS   AGE
db-pod   <none>      12m

Re-create the db-pod deployment.

[student@workstation ~]$ oc create deployment db-pod --port 3306 \
  --image registry.ocp4.example.com:8443/rhel8/mysql-80
deployment.apps/db-pod created

Add the environment variables.

[student@workstation ~]$ oc set env deployment/db-pod \
  MYSQL_USER=user1 \
  MYSQL_PASSWORD=mypa55w0rd \
  MYSQL_DATABASE=items
deployment.apps/db-pod updated

Confirm that the newly created pod has the app=db-pod selector.

[student@workstation ~]$ oc get pods --selector app=db-pod -o wide
NAME                    READY   STATUS    RESTARTS   AGE   IP        ...
db-pod-6ccc485cfc-l2x   1/1     Running   0          32s   10.8.0.85 ...

Notice the change in the pod name. The pod IP address might also change. Your pod name and IP address might differ from the previous output.

Confirm that the endpoints for the db-pod service include the newly created pod.

[student@workstation ~]$ oc get endpoints
NAME     ENDPOINTS        AGE
db-pod   10.8.0.85:3306   16m

Create a pod to identify the available DNS name assignments for the service.
1. Create a pod named shell to use for troubleshooting. Use the oc run command and the registry.ocp4.example.com:8443/openshift4/network-tools-rhel8 container image.
```
[student@workstation ~]$ oc run shell -it \
  --image registry.ocp4.example.com:8443/openshift4/network-tools-rhel8
If you don't see a command prompt, try pressing enter.
bash-4.4$
```
2. From the prompt inside the shell pod, view the /etc/resolv.conf file to identify the cluster-domain name.
```
bash-4.4$ cat /etc/resolv.conf
search deploy-services.svc.cluster.local svc.cluster.local ...
nameserver 172.30.0.10
options ndots:5
```
  The container uses the values from the search directive as suffix values on DNS searches. The container appends these values to a DNS query, in the written order, to resolve the search. The cluster-domain name is the last few components of these values that start after svc.
3. Use the nc and echo commands to test the available DNS names for the service.
```
nc -z <service>_<server>_ <port>
```
  The long version of the DNS name is required when accessing the service from a different project. When the pod is in the same project, you can use a shorter version of the DNS name.
```
bash-4.4$ nc -z db-pod.deploy-services 3306 && \
 echo "Connection success to db-pod.deploy-services:3306" || \
 echo "Connection failed"
Connection success to db-pod.deploy-services:3306
```
4. Exit the interactive session.
```
bash-4.4$ exit
Session ended, resume using 'oc attach shell -c shell -i -t' command when the pod is running
```
5. Delete the pod for the shell.
```
[student@workstation ~]$ oc delete pod shell
pod "shell" deleted
```

Use a new project to test pod communications across namespaces.

Create a second namespace with the oc new-project command.

[student@workstation ~]$ oc new-project deploy-services-2
Now using project "deploy-services-2" on server "https://api.ocp4.example.com:6443".
...output omitted...

Execute the nc and echo commands from a pod to test the DNS name access to another namespace.

[student@workstation ~]$ oc run shell -it --rm \
  --image registry.ocp4.example.com:8443/openshift4/network-tools-rhel8 \
  --restart Never -- nc -z db-pod.deploy-services.svc.cluster.local 3306 && \
  echo "Connection success to db-pod.deploy-services.svc.cluster.local:3306" \
  || echo "Connection failed"
pod "shell" deleted
Connection success to db-pod.deploy-services.svc.cluster.local:3306

Return to the deploy-services project.

[student@workstation ~]$ oc project deploy-services
Now using project "deploy-services" on server "https://api.ocp4.example.com:6443".

Use a Kubernetes job to add initialization data to the database.

Create a job named mysql-init that uses the registry.ocp4.example.com:8443/redhattraining/do180-dbinit:v1 container image. This image uses the mysql-80 container image as a base image, and it includes a script that adds a few initial records to the database.
```
[student@workstation ~]$ oc create job mysql-init \
  --image registry.ocp4.example.com:8443/redhattraining/do180-dbinit:v1 \
  -- /bin/bash -c "mysql -uuser1 -pmypa55w0rd --protocol tcp \
  -h db-pod -P3306 items </tmp/db-init.sql"
job.batch/mysql-init created
```
The -h option of the mysql command directs the command to communicate with the DNS short name of the db-pod service. The db-pod short name can be used here, because the pod for the job is created in the same namespace as the service.
The double dash -- before /bin/bash separates the oc command arguments from the command in the pod. The -c option of /bin/bash directs the command interpreter in the container to execute the command string. The /tmp/db-init.sql file is redirected as input for the command. The db-init.sql file is included in the image, and contains the following script.
```
DROP TABLE IF EXISTS `Item`;
CREATE TABLE `Item` (`id` BIGINT not null auto_increment primary key, `description` VARCHAR(100), `done` BIT);
INSERT INTO `Item` (`id`,`description`,`done`) VALUES (1,'Pick up newspaper', 0);
INSERT INTO `Item` (`id`,`description`,`done`) VALUES (2,'Buy groceries', 1);
```

Confirm the status of the mysql-init job. Wait for the job to complete.

[student@workstation ~]$ oc get job
NAME         COMPLETIONS   DURATION   AGE
mysql-init   1/1                      22m

Retrieve the status of the mysql-init job pod, to confirm that the pod has a Completed status.

[student@workstation ~]$ oc get pods
NAME                      READY   STATUS      RESTARTS      AGE
db-pod-6ccc485cfc-2lklx   1/1     Running     0             4h24m
mysql-init-ln9cg          0/1     Completed   0             23m

Delete the mysql-init job, because it is no longer needed.

[student@workstation ~]$ oc delete job mysql-init
job.batch "mysql-init" deleted

Verify that the corresponding mysql-init pod is also deleted.

[student@workstation ~]$ oc get pods
NAME                      READY   STATUS    RESTARTS      AGE
db-pod-6ccc485cfc-2lklx   1/1     Running   0             4h2

Create a query-db pod by using the oc run command and the registry.ocp4.example.com:8443/redhattraining/do180-dbinit:v1 container image. Use the pod to execute a query against the database service.

Create the query-db pod. Configure the pod to use the MySQL client to execute a query against the db-pod service. You can use the db-pod service short name, which provides a stable reference.

[student@workstation ~]$ oc run query-db -it --rm \
  --image registry.ocp4.example.com:8443/redhattraining/do180-dbinit:v1 \
  --restart Never \
  -- mysql -uuser1 -pmypa55w0rd --protocol tcp \
  -h db-pod -P3306 items -e 'select * from Item;'
mysql: [Warning] Using a password on the command line interface can be insecure.
+----+-------------------+------------+
| id | description       | done       |
+----+-------------------+------------+
|  1 | Pick up newspaper | 0x00       |
|  2 | Buy groceries     | 0x01       |
+----+-------------------+------------+
pod "query-db" deleted

It might be necessary to use pod-to-pod communications for troubleshooting. Use the oc run command to create a pod that executes a network test against the IP address of the database pod.

Confirm the IP address of the MySQL database pod. Your pod IP address might differ from the output.

[student@workstation ~]$ oc get pods -o wide
NAME                     READY  STATUS     RESTARTS     AGE  IP         ...
db-pod-6ccc485cfc-2lklx  1/1    Running    0            4h5  10.8.0.69  ...

Capture the IP address in an environment variable.

[student@workstation ~]$ POD_IP=$(oc get pod -l app=db-pod \
  -o jsonpath='{.items[0].status.podIP}')

Create a test pod named shell with the oc run command. Execute the nc command to test against the $POD_IP environment variable and the 3306 port for the database.

[student@workstation ~]$ oc run shell --env POD_IP=$POD_IP -it --rm \
  --image registry.ocp4.example.com:8443/openshift4/network-tools-rhel8 \
  --restart Never \
  -- nc -z $POD_IP 3306 && echo "Connection success to $POD_IP:3306" \
 || echo "Connection failed"
pod "shell" deleted
Connection success to 10.8.0.69:3306

Finish

On the workstation machine, use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish deploy-services

Discuss Red Hat OpenShift Administration I: Operating a Production Cluster

Go to community

Version 4.12.2 versus 4.12 of DO180 course?

DRobitaille

21 lis 2023

I just noticed that there is now a version 4.12.2 of the DO180. Currently without any new updated videos. Do we have access to some sort of changelog to judge how different the new version is compared to 4.12. I'm currently in the process of reviewing the content of DO180/DO280 in preparation for my upcoming EX280 exam (based on "4.12"), so I'm wondering if it's worth studying the 4.12.2 version instead of 4.12.

470

Red Hat OpenShift Administration I: Containers & Kubernetes (DO180)

Haley_Ruccio

20 lip 2023

Deploy, manage, and troubleshoot containerized applications running as Kubernetes workloads in OpenShift clusters.Course DescriptionRed Hat OpenShift Administration I: Managing Containers and Kubernetes (DO180) prepares OpenShift cluster administrators to manage Kubernetes workloads and to collaborate with developers, DevOps engineers, system administrators, and SREs to ensure the availability of application workloads. This course focuses on managing typical end-user applications that are often accessible from a web or mobile UI and that represent most cloud-native and containerized workloads. Managing applications also includes deploying and updating their dependencies, such as databases, messaging, and authentication systems.The skills that you learn in this course apply to all versions of OpenShift, including Red Hat OpenShift on AWS (ROSA), Azure Red Hat OpenShift, and OpenShift Container Platform.This course is based on Red Hat OpenShift 4.12.Course Content SummaryManaging OpenShift clusters from the command-line interface and from the web console.Troubleshooting network connectivity between applications inside and outside an OpenShift cluster.Connecting Kubernetes workloads to storage for application data.Configuring Kubernetes workloads for high availability and reliability.Managing updates to container images, settings, and Kubernetes manifests of an application.Target AudienceSystem administrators and platform operators who are interested in managing OpenShift clusters and containerized applications.Site Reliability Engineers who are interested in maintaining and troubleshooting containerized applications on Kubernetes.System and software architects who are interested in learning and using the features and functions of an OpenShift cluster.Developers and Site Reliability Engineers that are new to container technology should enroll in Red Hat OpenShift Development I: Introduction to Containers with Podman (DO188).Recommended trainingTake our free assessment to gauge whether this offering is the best fit for your skills.Prerequisite: Containers, Kubernetes and Red Hat OpenShift Technical Overview or equivalent knowledge of Linux containers.Technology considerationsThis course requires internet access to access the cloud-based classroom environment that provides an OpenShift cluster and a remote administrator’s workstation.

Welcome to the Red Hat OpenShift Administration (DO180) group in the Red Hat Learning Community!

Deanna

18 lip 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat OpenShift Administration I - Containers & Kubernetes! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home screen.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to DO180.Read more about Red Hat OpenShift Administration I here.

114

Revision: do180-4.14-b6cd706