How to deploy Docker images on OpenShift?

July 19, 2017 2 69
Share
How to deploy Docker images on OpenShift?

OpenShift is a container application platform which sits on top of Kubernetes and is a superset. Anything that works in Kubernetes will also run in OpenShift with an added advantage that it lets you easily and quickly build, develop, and deploy any of your infrastructures. It is a PaaS that abstracts the underlying components by providing an interface that runs on top of IaaS.

How to deploy applications using Docker on OpenShift cluster?

You can deploy applications within a few minutes using Docker images.
Here we will consider using an image from DockerHub which is a cloud-based registry service that allows you to link to code repositories, builds your images and tests them, stores manually pushed images, and links to Docker Cloud so you can deploy images to your hosts.

Steps to deploy a nginx server on OpenShift cluster:

1) Login to your project:
oc project <projectname>

[root@localhost ~]# oc new-project appdeployment
Now using project "appdeployment" on server.

2) Create a new application:
oc new-app <applicationname>

[root@localhost ~]# oc new-app nginx:latest

--> Found Docker image e4e6d42 (4 days old) from Docker Hub for "nginx:latest"
* An image stream will be created as "nginx:latest" that will track this image
* This image will be deployed in deployment config "nginx"
* Port 80/tcp will be load balanced by service "nginx"
* Other containers can access this service through the hostname "nginx"
* WARNING: Image "nginx:latest" runs as the 'root' user which may not be permitted by your cluster administrator

--> Creating resources ...
    imagestream "nginx" created
    deploymentconfig "nginx" created
    service "nginx" created
--> Success
    Run 'oc status' to view your app.

That’s it! Your nginx application is deployed.

You can check status of your app by running command:
oc status <applicationname>

[root@localhost ~]# oc status nginx

OpenShift takes the stage and writes definition for a pod, service, deployment config, and replication controller and then spawns up a new container.

You can get pod information with command:

[root@localhost ~]# oc get pods
NAME             READY     STATUS             RESTARTS   AGE
nginx-1-s4dbq    0/1       CrashLoopBackOff   3          1m

You can see logs for your deployed nginx application:

[root@localhost ~]# oc logs -p nginx-1-s4dbq
2017/07/15 19:18:09 [warn] 1#1: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:2
nginx: [warn] the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:2
2017/07/15 19:18:09 [emerg] 1#1: mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied)
nginx: [emerg] mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied)

Boom! The error you see is because nginx image tried to run as root user and OpenShift prevented it from running as root. This can be fixed by either changing the Docker nginx image or by telling OpenShift to allow this project to be run as root. This can be configured in OpenShift by changing security context constraints as follows:

[root@localhost ~]# oadm policy add-scc-to-user anyuid -z default

After adding security constraint, you need to re-deploy the application and you can see our nginx is up and running.

[root@localhost ~]# oc deploy nginx

You can test your application by doing a curl:


[root@localhost ~]# oc get endpoints
NAME      ENDPOINTS        AGE
nginx     10.129.0.74:80   41m

[root@localhost ~]# curl 10.129.0.74:80Welcome to nginx!


<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>

<h3>Welcome to nginx!</h3>
&nbsp;

If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.

&nbsp;

For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.

&nbsp;

<em>Thank you for using nginx.</em>

&nbsp;

You can create a route by providing a public hostname for that route which is configured with the DNS server to make the application publicly visible.

Conclusion:

OpenShift provides an easy platform to bring Docker and Kubernetes to the enterprise which makes building, deploying, testing, and running applications faster and easier.

Tags
Leave Comment

Your email address will not be published.

  1. Nice article. However it would have beneficial to people on how to build a image without using rather using a trick or opening a security by opening SCC.I also doubt on your SCC command. it should be something like to open SCC to specific project

    # oadm policy add-scc-to-user anyuid -z appdeployment

    • Thanks for your comment.
      To answer your question, when a project is created a default account will be created which will be used to launch pods. In this case, we are using “default” service account so we are executing the mentioned command.
      In terms of security risk, I agree with you but here the scope is limited to simple deployment of any standard docker image.

Stay up to date with the latest and the best from the world of automation!