-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
6 changed files
with
167 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,121 @@ | ||
--- | ||
title: Application using images from the internal registry | ||
summary: On this exercise, we will deploy an application, tag and push a new version of the image to the Internal Registry, find where the image is hosted and patch the deployment to use the new image. | ||
authors: | ||
- Hevellyn | ||
date: | ||
created: 2024-04-29 | ||
updated: 2024-04-29 | ||
categories: | ||
- Labs | ||
slug: images | ||
tags: | ||
- podman, images, internal registry | ||
--- | ||
On this exercise[^1], we will deploy an application, tag and push a new version of the image to the Internal Registry, find where the image is hosted and patch the deployment to use the new image. | ||
<!-- more --> | ||
|
||
[^1]: This exercise was particularly interesting because it was how I was able to test and reproduce a bug once. | ||
|
||
### Steps | ||
- Exposing the registry | ||
- Application deployment | ||
- Finding image inside the node | ||
- Tagging and pushing an image to the internal registry | ||
- Patching deployment image | ||
|
||
#### 1. Exposing the registry | ||
- Patch the Image Registry | ||
``` | ||
oc patch config.imageregistry.operator.openshift.io/cluster --patch='{"spec":{"defaultRoute":true}}' --type=merge | ||
oc patch config.imageregistry.operator.openshift.io/cluster --patch='[{"op": "add", "path": "/spec/disableRedirect", "value": true}]' --type=json | ||
``` | ||
|
||
- Take note of the registry route: | ||
``` | ||
oc get route -n openshift-image-registry default-route --template='{{ .spec.host }}' | ||
``` | ||
|
||
#### 2. Application deployment | ||
- This example will use an image that assumes authentication to Red Hat registry, but any other image can be used. | ||
``` | ||
oc apply -f - <<EOF | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
labels: | ||
app: new-default-deploy | ||
app.kubernetes.io/component: new-default-deploy | ||
app.kubernetes.io/instance: new-default-deploy | ||
app.kubernetes.io/part-of: new-default-deploy | ||
app.openshift.io/runtime: redhat | ||
name: new-default-deploy | ||
spec: | ||
replicas: 1 | ||
selector: | ||
matchLabels: | ||
app: new-default-deploy | ||
type: Recreate | ||
template: | ||
metadata: | ||
labels: | ||
app: new-default-deploy | ||
deploymentconfig: new-default-deploy | ||
spec: | ||
containers: | ||
- image: registry.access.redhat.com/ubi8/ubi:latest | ||
imagePullPolicy: Always | ||
name: new-default-deploy | ||
command: | ||
- /bin/sh | ||
- -c | ||
- | | ||
sleep infinity | ||
resources: {} | ||
EOF | ||
``` | ||
|
||
#### 3. Finding image inside the node | ||
- Inspect in which node the pod is hosted | ||
``` | ||
$ oc get pods -o wide | ||
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES | ||
new-default-deploy-786d477969-thcqt 1/1 Running 0 5m8s 10.128.2.6 hgomes-default-lab-grxh8-worker-westeurope3-xqdss <none> <none> | ||
``` | ||
|
||
- Inspect the node where the image is hosted. | ||
``` | ||
$ oc debug node/hgomes-default-lab-grxh8-worker-westeurope3-xqdss | ||
sh-4.4# chroot /host | ||
sh-5.1# podman images | grep ubi | ||
registry.access.redhat.com/ubi8/ubi latest 179275e28757 3 days ago 213 MB | ||
sh-5.1# crictl images | grep ubi | ||
registry.access.redhat.com/ubi8/ubi latest 179275e28757e 213MB | ||
``` | ||
|
||
#### 4. Tagging and pushing an image to the internal registry | ||
- Take note of your user token | ||
``` | ||
oc whoami -t | ||
``` | ||
|
||
- Tagging and pushing image to the internal registry. | ||
> Use the exposed route to tag and push | ||
``` | ||
sh-5.1# podman login -u myuser -p <token> | ||
Login Succeeded! | ||
sh-5.1# podman tag registry.access.redhat.com/ubi8/ubi:latest default-route-openshift-image-registry.apps.hhmkrp84.westeurope.aroapp.io/new-default-app/ubi8:latest | ||
sh-5.1# podman push default-route-openshift-image-registry.apps.hhmkrp84.westeurope.aroapp.io/new-default-app/ubi8:latest --remove-signatures | ||
``` | ||
#### 5. Patching the deployment to use a new image | ||
- Patch command to add the image recently pushed to the internal registry. | ||
``` | ||
oc patch deployment new-default-deploy -p '{"spec":{"template":{"spec":{"containers":[{"name":"new-default-deploy","image":"default-route-openshift-image-registry.apps.hhmkrp84.westeurope.aroapp.io/new-default-app/ubi8:latest"}]}}}} | ||
``` | ||
|
||
- New pod running in the same node with the new image: | ||
``` | ||
oc get deployment -o wide | ||
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR | ||
new-default-deploy 1/1 1 1 14m new-default-deploy default-route-openshift-image-registry.apps.hhmkrp84.westeurope.aroapp.io/new-default-app/ubi8:latest app=new-default-deploy | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,19 +1,27 @@ | ||
# Home | ||
## Welcome! | ||
|
||
!!! warning "Disclaimer" | ||
<div class="grid cards" markdown> | ||
|
||
These notes are my own comprehension and lessons learned. | ||
Does **not** represent Red Hat, nor replaces official documentation. | ||
- :hammer_pick:{ .lg .middle } [__Cheatsheets__](/blog/category/cheatsheet/) jq, aws and oc. | ||
- :test_tube:{ .lg .middle } [__Labs__](/blog/category/labs/) Deployments, experiments. | ||
- :simple-prometheus:{ .prometheus .lg .middle } [__Monitoring__](/blog/category/monitoring/) PromQL expressions. | ||
- :fontawesome-solid-network-wired:{ .lg .middle } __Networking__ TBD | ||
- :fontawesome-brands-aws:{ .aws .lg .middle } __ROSA__ TBD | ||
|
||
</div> | ||
<div class="grid cards" markdown> | ||
- :rocket:{ .lg .middle } __About Me__ | ||
|
||
--- | ||
|
||
![Hevellyn Gomes](https://raw.githubusercontent.com/ehvs/notes/main/images/hevs-180x250.jpg){ align=left } | ||
|
||
For the last 7 years I have been working with OpenShift, since v3.7 with the old and gold `openshift-install` with Ansible, migrating then to a more robust OpenShift 4 approach using ignite files, and for the last 2 years, focused on the Cloud, with managed services in Azure and AWS. During these years, learning the value of the customer experience has been rewarding while also working across multiple teams, always learning a new and shiny technical bit. This blog is a compilated of everything that have been most useful for me. 🧵 An eternal work in progress. | ||
This page will be an eternal work in progress with troubleshooting steps/commands and from time to time some labs. 🧵 Working for the last 7 years with OpenShift, since Ansible days (v3.7) and now currently inserted in the Cloud world with Azure :simple-microsoftazure:{ .azure } and AWS :simple-amazonaws:{ .aws } with OpenShift managed offers. | ||
|
||
:simple-linkedin:{ .linkedin } [Find me](https://www.linkedin.com/in/hevellyngomes/) | ||
|
||
</div> | ||
* * * | ||
test, `backticks` | ||
!!! warning "Disclaimer" | ||
|
||
These notes are my own comprehension and lessons learned. | ||
Does **not** represent Red Hat, nor replaces official documentation. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters