containers | Tom's Notes

Mastering Docker – Fourth Edition

By Tomica Kaniski in Review 11/03/2021 0 Comment

I’ve got yet another book from Packt Publishing (thanks, Sanjana!) – this one is called “Mastering Docker, Fourth Edition“, written by Russ McKendrick.

As this is already the fourth edition of a book, it can’t really be bad, right?!

Spoiler alert… it isn’t! 😊

I liked this book because it covers pretty much everything you’ll need to get started with containerization and Docker… and much more!

Really liked the format and the direction it takes – first part starts with introduction to Docker and why actually you may need it (and let’s face it – in today’s world, everything is about containers and you need Docker or something similar!), then goes through usual tasks of preparing the environment for Docker, building and distributing images, and finally – managing containers brought up from those images.

Next, it introduces Docker Compose for multi-container apps and Docker App for sharing Docker Compose bundles (something that’s been missing so far, and people at Docker recognized and built it recently). Following chapters cover bootstrapping of Docker hosts, which is also helpful and good to know.

Second part of the book covers mostly clustering (Docker Swarm), introduces Kubernetes and explores options for running containers in the public clouds, while the last part of this book covers best practices, security, monitoring and other important things you need to know when dealing with containers.

Overall – I really liked the practical examples and the whole “flow” of the book (from introduction to more complex parts of a subject). Also, I liked the broad picture presented in this book, because containers are really a broad subject nowadays… there is so much to learn and so many options.

For people that are dealing with containers for years now and have deep understanding topics surrounding them, this book will maybe be “too shallow”, because it’s written broadly and you can’t put everything there is about containers, Kubernetes, Docker, clouds, … in one book (I mean – you could, but who would then read it? 😃). So, it’s on you to decide where you stand and what do you need.

Lastly, I think author did a very well job covering everything you need to start with Docker and containers, content is up-to-date, and would recommend you to go through this book if you have a chance. It would also be a good start for those taking a Docker Certified Associate exam, I believe.

You can order this book here.

Also, feel free to leave a comment of your impressions below, if you’ve read it already.

Cheers!

CRC – OpenShift 4 cluster in your pocket

By Tomica Kaniski in Other 01/05/2020 0 Comment

… but only if you have large pockets, that is! 🙂

I suppose that, by now, you’ve already heard of minishift – tool which helps you run a single-node OpenShift 3.x cluster inside a virtual machine (on your preferred hypervisor), which is extremely convenient if you need to do some local development, testing, etc. Of course, you can always deploy what you need on top of Azure or any other cloud provider, but having OpenShift cluster locally can have its benefits.

And what if you need, let’s say, an OpenShift 4.x cluster “to go”?

Don’t worry, there is a solution for you as well! It’s called CodeReady Containers (CRC) (version 1.9 at the time of writing), and is basically a single node OpenShift 4.x cluster, inside a virtual machine (sounds a lot like minishift, doesn’t it?).

So, how can you get your hands on CRC and make it work?

There are a couple of steps involved:

look at the prerequisites:

create a free Red Hat account:

download the CRC disk image and your pull secret file:

download the OpenShift tools (as I’m using Windows, so I’ll use this one):

unzip all to a location you like (mine is C:\PocketOpenShift):

(optional) add this location to PATH for easier usage (as already mentined, I’m using Windows & PowerShell):

[System.Environment]::SetEnvironmentVariable("PATH", $Env:Path + ";C:\PocketOpenShift", "Machine")

1	[System.Environment]::SetEnvironmentVariable("PATH", $Env:Path + ";C:\PocketOpenShift", "Machine")

run “crc setup” which will prepare the environment:

crc setup
# INFO Checking if oc binary is cached
# INFO Checking if podman remote binary is cached
# INFO Checking if CRC bundle is cached in '$HOME/.crc'
# INFO Checking if running as normal user
# INFO Checking Windows 10 release
# INFO Checking if Hyper-V is installed and operational
# INFO Checking if user is a member of the Hyper-V Administrators group
# INFO Checking if Hyper-V service is enabled
# INFO Checking if the Hyper-V virtual switch exist
# INFO Found Virtual Switch to use: Default Switch
# Setup is complete, you can now run 'crc start' to start the OpenShift cluster

crc setup

# INFO Checking if oc binary is cached

# INFO Checking if podman remote binary is cached

# INFO Checking if CRC bundle is cached in '$HOME/.crc'

# INFO Checking if running as normal user

# INFO Checking Windows 10 release

# INFO Checking if Hyper-V is installed and operational

# INFO Checking if user is a member of the Hyper-V Administrators group

# INFO Checking if Hyper-V service is enabled

# INFO Checking if the Hyper-V virtual switch exist

# INFO Found Virtual Switch to use: Default Switch

# Setup is complete, you can now run 'crc start' to start the OpenShift cluster

run “crc start” (with one or more options, if needed – as you can see, I’ll be using custom number of vCPUs, amount of RAM and a custom nameserver):

crc start --cpus 4 --memory 8192 --nameserver 8.8.8.8 --pull-secret-file ".\pull-secret.txt"
# INFO Checking if oc binary is cached
# INFO Checking if podman remote binary is cached
# INFO Checking if running as normal user
# INFO Checking Windows 10 release
# INFO Checking if Hyper-V is installed and operational
# INFO Checking if user is a member of the Hyper-V Administrators group
# INFO Checking if Hyper-V service is enabled
# INFO Checking if the Hyper-V virtual switch exist
# INFO Found Virtual Switch to use: Default Switch
# INFO Loading bundle: crc_hyperv_4.3.10.crcbundle ...
# INFO Checking size of the disk image C:\Users\tomica\.crc\cache\crc_hyperv_4.3.10\crc.vhdx ...
# INFO Creating CodeReady Containers VM for OpenShift 4.3.10...
# INFO Verifying validity of the cluster certificates ...
# INFO Adding 8.8.8.8 as nameserver to the instance ...
# INFO Will run as admin: add dns server address to interface vEthernet (Default Switch)
# INFO Check internal and public DNS query ...
# INFO Check DNS query from host ...
# INFO Copying kubeconfig file to instance dir ...
# INFO Adding user's pull secret ...
# INFO Updating cluster ID ...
# INFO Starting OpenShift cluster ... [waiting 3m]
# INFO
# INFO To access the cluster, first set up your environment by following 'crc oc-env' instructions
# INFO Then you can access it by running 'oc login -u developer -p developer https://api.crc.testing:6443'
# INFO To login as an admin, run 'oc login -u kubeadmin -p <a_secret_password> https://api.crc.testing:6443'
# INFO
# INFO You can now run 'crc console' and use these credentials to access the OpenShift web console
# Started the OpenShift cluster
# WARN The cluster might report a degraded or error state. This is expected since several operators have been disabled to lower the resource usage. For more information, please consult the documentation

crc start --cpus 4 --memory 8192 --nameserver 8.8.8.8 --pull-secret-file ".\pull-secret.txt"

# INFO Checking if oc binary is cached

# INFO Checking if podman remote binary is cached

# INFO Checking if running as normal user

# INFO Checking Windows 10 release

# INFO Checking if Hyper-V is installed and operational

# INFO Checking if user is a member of the Hyper-V Administrators group

# INFO Checking if Hyper-V service is enabled

# INFO Checking if the Hyper-V virtual switch exist

# INFO Found Virtual Switch to use: Default Switch

# INFO Loading bundle: crc_hyperv_4.3.10.crcbundle ...

# INFO Checking size of the disk image C:\Users\tomica\.crc\cache\crc_hyperv_4.3.10\crc.vhdx ...

# INFO Creating CodeReady Containers VM for OpenShift 4.3.10...

# INFO Verifying validity of the cluster certificates ...

# INFO Adding 8.8.8.8 as nameserver to the instance ...

# INFO Will run as admin: add dns server address to interface vEthernet (Default Switch)

# INFO Check internal and public DNS query ...

# INFO Check DNS query from host ...

# INFO Copying kubeconfig file to instance dir ...

# INFO Adding user's pull secret ...

# INFO Updating cluster ID ...

# INFO Starting OpenShift cluster ... [waiting 3m]

# INFO

# INFO To access the cluster, first set up your environment by following 'crc oc-env' instructions

# INFO Then you can access it by running 'oc login -u developer -p developer https://api.crc.testing:6443'

# INFO To login as an admin, run 'oc login -u kubeadmin -p <a_secret_password> https://api.crc.testing:6443'

# INFO

# INFO You can now run 'crc console' and use these credentials to access the OpenShift web console

# Started the OpenShift cluster

# WARN The cluster might report a degraded or error state. This is expected since several operators have been disabled to lower the resource usage. For more information, please consult the documentation

at any time, you can check the status of your cluster by using “crc status” command:

crc status
# CRC VM:          Running
# OpenShift:       Running (v4.3.10)
# Disk Usage:      10.67GB of 32.72GB (Inside the CRC VM)
# Cache Usage:     14.27GB
# Cache Directory: C:\Users\tomica\.crc\cache

crc status

# CRC VM: Running

# OpenShift: Running (v4.3.10)

# Disk Usage: 10.67GB of 32.72GB (Inside the CRC VM)

# Cache Usage: 14.27GB

# Cache Directory: C:\Users\tomica\.crc\cache

once it is up, you can use “oc login” or console (bring it up with “crc console“) to connect to it, either as an (kube)admin or a developer, and continue working as you would normally with any other OpenShift cluster:

oc login -u kubeadmin -p <a_secret_password> https://api.crc.testing:6443
# The server uses a certificate signed by an unknown authority.
# You can bypass the certificate check, but any data you send to the server could be intercepted by others.
# Use insecure connections? (y/n): <strong>y</strong>
# 
# Login successful.
# 
# You have access to 53 projects, the list has been suppressed. You can list all projects with 'oc projects'
# 
# Using project "default".
# Welcome! See 'oc help' to get started.

oc login -u kubeadmin -p <a_secret_password> https://api.crc.testing:6443

# The server uses a certificate signed by an unknown authority.

# You can bypass the certificate check, but any data you send to the server could be intercepted by others.

# Use insecure connections? (y/n): <strong>y</strong>

# Login successful.

# You have access to 53 projects, the list has been suppressed. You can list all projects with 'oc projects'

# Using project "default".

# Welcome! See 'oc help' to get started.

one other thing I like to do is to enable monitoring and other disabled stuff (note though – your VM should have 12+ GB RAM) – you can do it with two commands – first one lists all that is disabled, and the second one, with the index at the end, enables it (also note that in the official documentation there is an issue with “” and ” (they are switched), if you’re working in PowerShell):

oc get clusterversion version -ojsonpath="{range .spec.overrides[*]}{.name}{'\n'}{end}" | % {$nl++;"`t$($nl-1) `t $_"};$nl=0
# 0 cluster-monitoring-operator
# 1 machine-config-operator
# 2 etcd-quorum-guard
# 3 machine-api-operator
# 4 cluster-autoscaler-operator
# 5 insights-operator
# 6 prometheus-k8s

oc patch clusterversion/version --type="json" -p "[{'op':'remove', 'path':'/spec/overrides/0'}]" -oyaml
# ...
# state: Completed
# ...

oc get clusterversion version -ojsonpath="{range .spec.overrides[*]}{.name}{'\n'}{end}" | % {$nl++;"`t$($nl-1) `t $_"};$nl=0

# 0 cluster-monitoring-operator

# 1 machine-config-operator

# 2 etcd-quorum-guard

# 3 machine-api-operator

# 4 cluster-autoscaler-operator

# 5 insights-operator

# 6 prometheus-k8s

oc patch clusterversion/version --type="json" -p "[{'op':'remove', 'path':'/spec/overrides/0'}]" -oyaml

# ...

# state: Completed

# ...

monitoring should now be working as well:

And that’s it – you’re ready to work on your own “pocket OpenShift cluster”! 🙂

Of course, don’t forget that there is also the official documentation, including the Getting Started guide and Release Notes and Known Issues document. So… take a look!

Cheers!

Deploying Kubernetes on top of Azure Stack (Development Kit)

By Tomica Kaniski in Other 07/08/2019 0 Comment

If you had a chance to deploy Azure Stack or Azure Stack Development Kit (ASDK) in your environment, maybe you’ve asked yourself “OK, but what should I do with it now?“.

Well, one of many things you “can do with it” is offer your users to deploy Kubernetes clusters on top of it (at least, that was what I did the other day… on my ASDK deployment) – in short, official documentation has you pretty much covered. I know, Azure enables it as well… and the process here is similar, or – the same.

The main thing you have to decide at the beginning, is if you’ll use Azure AD or ADFS for identity management (the same as with Azure Stack deployment, if you remember, from my previous posts). Why – because the installation steps differ a bit.

Once you decide it (or you ask your Azure Stack administrator how it’s done in your case), you can proceed with the installation – I assume you have your Azure Stack/ASDK up and running.

Next, in the admin portal (https://adminportal.local.azurestack.external/), you’ll need to add the prerequisites from Azure Marketplace (for this, if you remember, your Azure Stack/ASDK has to be registered):

Once done, you’re ready to set up the service principal, to which you’ll then assign the required permissions on both – the Azure side and on the Azure Stack side! (don’t forget this detail… it is well documented, but easy to overlook)

In case you don’t give your service principal the required permissions on both “sides”, you’ll probably get the “error 12” and your deployment will fail:

And you can see details in the log:

So… be careful with service principal and permissions! 🙂

Next thing you’ll need to make sure of is that you create a plan and an offer, but set your quotas right! It depends on your Kubernetes cluster deployment settings, but if you’ll go with the defaults, the default quotas (disk, in particular) need to be expanded!

If not, you’ll probably get this error:

If you were careful while reading the official docs (with a few “lessons learned” in this post), and you’ve made it to here… you’re probably set to deploy your first Kubernetes cluster on top of your Azure Stack/ASDK.

In the user portal (https://portal.local.azurestack.external/), you now have the option to deploy something called Kubernetes Cluster (preview):

Here you really can’t miss much – you’ll give your deployment a brand new (or empty) resource group, user details (together with your public SSH key, of course), DNS prefix, number and size of nodes and service principal details:

After that, your deployment starts and runs for some time (it, again, depends on your hardware and settings you’ve chosen for your cluster). Hopefully, it will end with this message:

If all is good, you can SSH into one of your master nodes and see the details of your cluster:

One other thing that would be nice to have is the Kubernetes dashboard – the process of enabling it is well documented here:

And – you’re done!

You now have your own Kubernetes cluster deployment on top of your Azure Stack/ASDK! How cool is that?! 🙂

One last thing to note – currently, this is in preview (as it says on the template), but… it works. 🙂

Cheers!