Guided Exercise: Update Application Image and Settings
Update the manifests of a database and a web application while minimizing interruption of service to their users.
Outcomes
You should be able to pause, update, and resume a deployment, and roll back a failing application.
As the student user on the workstation machine, use the lab command to prepare your system for this exercise.
This command ensures that all resources are available for this exercise. It also creates the updates-rollout-db project and deploys a MySQL database in that project. It creates the updates-rollout-web project and then deploys a web application with 10 replicas.
The command creates the /home/student/DO180/labs/updates-rollout/resources.txt file. The resources.txt file contains the name of the images and some commands that you use during the exercise. You can use the file to copy and paste these image names and commands.
[student@workstation ~]$ lab start updates-rollout
Procedure 7.2. Instructions
Log in to the OpenShift cluster as the
developeruser with thedeveloperpassword. Use theupdates-rollout-dbproject.Log in to the OpenShift cluster.
[student@workstation ~]$ oc login -u developer -p developer \ https://api.ocp4.example.com:6443 Login successful. ...output omitted...Set the
updates-rollout-dbproject as the active project.[student@workstation ~]$ oc project updates-rollout-db ...output omitted...
Review the resources that the
labcommand created. Confirm that you can connect to the database. The MySQL database uses ephemeral storage.List the
Deploymentobject and confirm that the pod is available. Retrieve the name of the container. You use that information when you update the container image in another step.[student@workstation ~]$ oc get deployment -o wide NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS ... mydb 1/1 0 1 17m mysql-80 ...List the pods and confirm that the pod is running. The name of the pod on your system probably differs.
[student@workstation ~]$ oc get pod NAME READY STATUS RESTARTS AGE mydb-5c79866d48-5xzkk 1/1 Running 0 18mRetrieve the name of the image that the pod is using. The pod is using the
rhel9/mysql-80image version1-224. Replace the pod name with your own from the previous step.[student@workstation ~]$ oc get pod mydb-5c79866d48-5xzkk \ -o jsonpath='{.spec.containers[0].image}{"\n"}' registry.ocp4.example.com:8443/rhel9/mysql-80:1-224The classroom setup copied that image from the Red Hat Ecosystem Catalog. The original image is
registry.redhat.io/rhel9/mysql-80.Confirm that you can connect to the database system by listing the available databases. Run the
mysqlcommand from inside the pod and connect as theoperator1user by usingtestas the password.[student@workstation ~]$ oc rsh mydb-5c79866d48-5xzkk \ mysql --user=operator1 --password=test -e "SHOW DATABASES" mysql: [Warning] Using a password on the command line interface can be insecure. +--------------------+ | Database | +--------------------+ | information_schema | | performance_schema | | quotes | +--------------------+
You must implement several updates to the
Deploymentobject. Pause the deployment to prevent OpenShift from rolling out the application for each modification that you make. After you pause the deployment, change the password for theoperator1database user, update the container image, and then resume the deployment.Pause the
mydbdeployment. Ignore the warning message.[student@workstation ~]$ oc rollout pause deployment/mydb Warning: would violate PodSecurity "restricted:v1.24": ...output omitted... deployment.apps/mydb pausedChange the password of the
operator1database user toredhat123. To change the password, update theMYSQL_PASSWORDenvironment variable in the pod template of theDeploymentobject. Ignore the warning message.[student@workstation ~]$ oc set env deployment/mydb MYSQL_PASSWORD=redhat123 Warning: would violate PodSecurity "restricted:v1.24": ...output omitted... deployment.apps/mydb updatedBecause the
Deploymentobject is paused, confirm that the new password is not yet active. To do so, rerun themysqlcommand by using the current password. The database connection succeeds.[student@workstation ~]$ oc rsh mydb-5c79866d48-5xzkk \ mysql --user=operator1 --password=test -e "SHOW DATABASES" mysql: [Warning] Using a password on the command line interface can be insecure. +--------------------+ | Database | +--------------------+ | information_schema | | performance_schema | | quotes | +--------------------+Update the MySQL container image to the
1-228version. Ignore the warning message.[student@workstation ~]$ oc set image deployment/mydb \ mysql-80=registry.ocp4.example.com:8443/rhel9/mysql-80:1-228 Warning: would violate PodSecurity "restricted:v1.24": ...output omitted... deployment.apps/mydb image updatedBecause the
Deploymentobject is paused, confirm that the pod still uses the1-224image version.[student@workstation ~]$ oc get pod mydb-5c79866d48-5xzkk \ -o jsonpath='{.spec.containers[0].image}{"\n"}' registry.ocp4.example.com:8443/rhel9/mysql-80:1-224Resume the
mydbdeployment. Ignore the warning message.[student@workstation ~]$ oc rollout resume deployment/mydb Warning: would violate PodSecurity "restricted:v1.24": ...output omitted... deployment.apps/mydb resumedConfirm that the new rollout completes by waiting for the new pod to be running. The name of the pod on your system probably differs.
[student@workstation ~]$ oc get pods NAME READY STATUS RESTARTS AGE mydb-dd5dcbddb-rmf85 1/1 Running 0 2m2s
Verify that OpenShift applied all your modifications to the
Deploymentobject.Retrieve the name of the image that the new pod is using. In the following command, use the name of the new pod as a parameter to the
oc get podcommand. The pod is now using the1-228image version.[student@workstation ~]$ oc get pod mydb-dd5dcbddb-rmf85 \ -o jsonpath='{.spec.containers[0].image}{"\n"}' registry.ocp4.example.com:8443/rhel9/mysql-80:1-228Confirm that you can connect to the database system by using the new password,
redhat123, for theoperator1database user.[student@workstation ~]$ oc rsh mydb-dd5dcbddb-rmf85 \ mysql --user=operator1 --password=redhat123 -e "SHOW DATABASES" mysql: [Warning] Using a password on the command line interface can be insecure. +--------------------+ | Database | +--------------------+ | information_schema | | performance_schema | | quotes | +--------------------+
In the second part of the exercise, you perform a rolling update of a replicated web application. Use the
updates-rollout-webproject and review the resources that thelabcommand created.Set the
updates-rollout-webproject as the active project.[student@workstation ~]$ oc project updates-rollout-web ...output omitted...List the
Deploymentobject and confirm that the pods are available. Retrieve the name of the containers. You use that information when you update the container image in another step.[student@workstation ~]$ oc get deployment -o wide NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS ... version 10/10 10 10 32m versioned-hello ...List the
ReplicaSetobjects. Because OpenShift did not yet perform rolling updates, only oneReplicaSetobject exists. The name of theReplicaSetobject on your system probably differs.[student@workstation ~]$ oc get replicaset NAME DESIRED CURRENT READY AGE version-7bfff6b5b4 10 10 10 11mRetrieve the name and version of the image that the
ReplicaSetobject uses to deploy the pods. The pods are using theredhattraining/versioned-helloimage versionv1.0.[student@workstation ~]$ oc get replicaset version-7bfff6b5b4 \ -o jsonpath='{.spec.template.spec.containers[0].image}{"\n"}' registry.ocp4.example.com:8443/redhattraining/versioned-hello:v1.0Confirm that the
versiondeployment includes a readiness probe. The probe performs an HTTP GET request on port 8080.[student@workstation ~]$ oc get deployment version \ -o jsonpath='{.spec.template.spec.containers[0].readinessProbe}' | jq . { "failureThreshold": 3, "httpGet": { "path": "/", "port": 8080, "scheme": "HTTP" }, "initialDelaySeconds": 3, "periodSeconds": 10, "successThreshold": 1, "timeoutSeconds": 1 }
To watch the rolling update that you cause in a following step, open a new terminal window and then run the
~/DO180/labs/updates-rollout/curl_loop.shscript that thelabcommand prepared. The script sends web requests to the application in a loop.Open a new terminal.
Run the
/home/student/DO180/labs/updates-rollout/curl_loop.shscript. Leave the script running and do not interrupt it.[student@workstation ~]$ /home/student/DO180/labs/updates-rollout/curl_loop.sh Hi! Hi! Hi! Hi! ...output omitted...
Change the container image of the
versiondeployment. The new application version creates a web page with a different message.Switch back to the first terminal window, and then use the
oc set imagecommand to update the deployment. Ignore the warning message.[student@workstation ~]$ oc set image deployment/version \ versioned-hello=registry.ocp4.example.com:8443/redhattraining/versioned-hello:v1.1 Warning: would violate PodSecurity "restricted:v1.24": ...output omitted... deployment.apps/version image updatedChanging the image caused a rolling update. Watch the output of the
curl_loop.shscript in the second terminal.Before the update, only pods that run the
v1.0version of the application reply. During the rolling updates, both old and new pods are responding. After the update, only pods that run thev1.1version of the application reply. The following output probably differs on your system....output omitted... Hi! Hi! Hi! Hi! Hi! v1.1 Hi! v1.1 Hi! Hi! v1.1 Hi! Hi! v1.1 Hi! v1.1 Hi! v1.1 Hi! v1.1 ...output omitted...Do not stop the script.
Confirm that the rollout process is successful. List the
ReplicaSetobjects and verify that the new object uses the new image version.Use the
oc rollout statuscommand to confirm that the rollout process is successful.[student@workstation ~]$ oc rollout status deployment/version deployment "version" successfully rolled outList the
ReplicaSetobjects. The initial object scaled down to zero pods. The newReplicaSetobject scaled up to 10 pods. The names of theReplicaSetobjects on your system probably differ.[student@workstation ~]$ oc get replicaset NAME DESIRED CURRENT READY AGE version-7bfff6b5b4 0 0 0 28m version-b7fddfc8c 10 10 10 3m40sRetrieve the name and version of the image that the new
ReplicaSetobject uses. This image provides the new version of the application.[student@workstation ~]$ oc get replicaset version-b7fddfc8c \ -o jsonpath='{.spec.template.spec.containers[0].image}{"\n"}' registry.ocp4.example.com:8443/redhattraining/versioned-hello:v1.1
Roll back the
versiondeployment.Use the
oc rollout undocommand to roll back to the initial application version. Ignore the warning message.[student@workstation ~]$ oc rollout undo deployment/version Warning: would violate PodSecurity "restricted:v1.24": ...output omitted... deployment.apps/version rolled backWatch the output of the
curl_loop.shscript in the second terminal. The pods that run thev1.0version of the application are responding again. The following output probably differs on your system....output omitted... Hi! v1.1 Hi! v1.1 Hi! v1.1 Hi! v1.1 Hi! Hi! v1.1 Hi! Hi! v1.1 Hi! v1.1 Hi! Hi! Hi! ...output omitted...Press Ctrl+C to quit the script. Close that second terminal when done.
List the
ReplicaSetobjects. The initial object scaled up to 10 pods. The object for the new application version scaled down to zero pods.[student@workstation ~]$ oc get replicaset NAME DESIRED CURRENT READY AGE version-7bfff6b5b4 10 10 10 52m version-b7fddfc8c 0 0 0 27m
Finish
On the workstation machine, use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.
[student@workstation ~]$ lab finish updates-rollout