Lab: Deploy Web Applications
Use image streams with Kubernetes workload resources to ensure reproducibility of application deployments.
Configure applications by using Kubernetes secrets to initialize environment variables.
Provide applications with persistent storage volumes.
Expose applications to clients outside the cluster.
Outcomes
You should be able to create and configure OpenShift and Kubernetes resources, such as projects, secrets, deployments, persistent volumes, services, and routes.
As the student
user on the workstation
machine, use the lab
command to prepare your system for this exercise.
This command ensures that all resources are available for this exercise. The command also creates the /home/student/DO180/labs/compreview-deploy/resources.txt
file. The resources.txt
file contains the URLs of your OpenShift cluster and the image names that you use in the exercise. You can use the file to copy and paste these URLs and image names.
[student@workstation ~]$ lab start compreview-deploy
Specifications
The API URL of your OpenShift cluster is https://api.ocp4.example.com:6443, and the oc
command is already installed on your workstation
machine.
The URL of the OpenShift web console is https://console-openshift-console.apps.ocp4.example.com. When you access the web console, select Red Hat Identity Management as the authentication mechanism.
Log in to the OpenShift cluster as the developer
user with the developer
password. The password for the admin
user is redhatocp
, although you do not need administrator privileges to complete the exercise.
In this exercise, you deploy a web application and its database for testing purposes. The resulting configuration is not ready for production, because you do not configure probes and resource limits, which are required for production. Another comprehensive review exercise covers these subjects.
Perform the following tasks to complete the exercise:
Create a project named
review
to store all of your work.Configure your project so that its workloads refer to the database image by the
mysql8:1
short name.The short name must point to the
registry.ocp4.example.com:8443/rhel9/mysql-80:1-228
container image. The database image name and its source registry are expected to change in the near future, and you want to isolate your workloads from that change.The classroom setup copied the image from the Red Hat Ecosystem Catalog. The original image is
registry.redhat.io/rhel9/mysql-80:1-228
.Ensure that the workload resources in the
review
project can use themysql8:1
resource. You create these workload resources in a later step.
Create the
dbparams
secret to store the MySQL database parameters. Both the database and the front-end deployment need these parameters. Thedbparams
secret must include the following variables:| Name | Value | | --- | --- | |
user
|operator1
| |password
|redhat123
| |database
|quotesdb
|Create the
quotesdb
deployment and configure it as follows:Use the
mysql8:1
image for the deployment.The database must automatically roll out whenever the source container in the
mysql8:1
resource changes.To test your configuration, you can change the
mysql8:1
image to point to theregistry.ocp4.example.com:8443/rhel9/mysql-80:1-237
container image that the classroom provides, and then verify that thequotesdb
deployment rolls out. Remember to reset themysql8:1
image to theregistry.ocp4.example.com:8443/rhel9/mysql-80:1-228
container image before grading your work.Define the following environment variables in the deployment from the keys in the
dbparams
secret:| Environment variable |
dbparams
secret key | | --- | --- | |MYSQL_USER
|user
| |MYSQL_PASSWORD
|password
| |MYSQL_DATABASE
|database
|Ensure that OpenShift preserves the database data between pod restarts. This data does not consume more than 2 GiB of disk space. The MySQL database stores its data under the
/var/lib/mysql
directory. Use thelvms-vg1
storage class for the volume.
Create a
quotesdb
service to make the database available to the front-end web application. The database service is listening on port 3306.Create the
frontend
deployment and configure it as follows:Use the
registry.ocp4.example.com:8443/redhattraining/famous-quotes:2-42
image. For this deployment, you refer to the image by its full name, because your organization develops the image and controls its release process.Define the following environment variables in the deployment:
| Environment variable name | Value | | --- | --- | |
QUOTES_USER
| Theuser
key from thedbparams
secret | |QUOTES_PASSWORD
| Thepassword
key from thedbparams
secret | |QUOTES_DATABASE
| Thedatabase
key from thedbparams
secret | |QUOTES_HOSTNAME
|quotesdb
|
You cannot yet test the application from outside the cluster. Expose the
frontend
deployment so that the application can be reached at http://frontend-review.apps.ocp4.example.com.The
frontend
deployment is listening to port 8000.When you access the http://frontend-review.apps.ocp4.example.com URL, the application returns a list of quotations from famous authors.
Log in to the OpenShift cluster from the command line, and then create the
review
project.Log in as the
developer
user.[student@workstation ~]$ oc login -u developer -p developer \ https://api.ocp4.example.com:6443 Login successful. ...output omitted...
Create the
review
project.[student@workstation ~]$ oc new-project review Now using project "review" on server "https://api.ocp4.example.com:6443". ...output omitted...
Create the
mysql8:1
image stream tag from theregistry.ocp4.example.com:8443/rhel9/mysql-80:1-228
image. Enable image stream resolution for themysql8
image stream so that Kubernetes resources in the current project can use it.Use the
oc create istag
command to create the image stream and the image stream tag.[student@workstation ~]$ oc create istag mysql8:1 \ --from-image registry.ocp4.example.com:8443/rhel9/mysql-80:1-228 imagestreamtag.image.openshift.io/mysql8:1 created
Use the
oc set image-lookup
command to enable image lookup resolution.[student@workstation ~]$ oc set image-lookup mysql8 imagestream.image.openshift.io/mysql8 image lookup updated
Run the
oc set image-lookup
command without any arguments to verify your work.[student@workstation ~]$ oc set image-lookup NAME LOCAL mysql8 true
Create the
dbparams
secret.[student@workstation ~]$ oc create secret generic dbparams \ --from-literal user=operator1 --from-literal password=redhat123 \ --from-literal database=quotesdb secret/dbparams created
Create the
quotesdb
deployment from themysql8:1
image stream tag. Set the number of replicas to zero, to prevent OpenShift from deploying the database before you finish its configuration. Ignore the warning message.[student@workstation ~]$ oc create deployment quotesdb --image mysql8:1 \ --replicas 0 Warning: would violate PodSecurity "restricted:v1.24": ...output omitted... deployment.apps/quotesdb created
Add an image trigger to the
quotesdb
deployment.Retrieve the name of the container from the
quotesdb
deployment.[student@workstation ~]$ oc get deployment quotesdb -o wide NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS ... quotesdb 0/0 0 0 11s mysql8 ...
Use the
oc set triggers
command to add the trigger for themysql8:1
image stream tag to themysql8
container. Ignore the warning message.[student@workstation ~]$ oc set triggers deployment/quotesdb \ --from-image mysql8:1 --containers mysql8 Warning: would violate PodSecurity "restricted:v1.24": ...output omitted... deployment.apps/quotesdb triggers updated
Add environment variables to the
quotesdb
deployment from thedbparams
secret. Add theMYSQL_
prefix to each variable name. Ignore the warning message.[student@workstation ~]$ oc set env deployment/quotesdb \ --from secret/dbparams --prefix MYSQL_ Warning: would violate PodSecurity "restricted:v1.24": ...output omitted... deployment.apps/quotesdb updated
Add a 2 GiB persistent volume to the
quotesdb
deployment. Use thelvms-vg1
storage class. Inside the pods, mount the volume under the/var/lib/mysql
directory. Ignore the warning message.[student@workstation ~]$ oc set volumes deployment/quotesdb --add \ --claim-class lvms-vg1 --claim-size 2Gi --mount-path /var/lib/mysql info: Generated volume name: volume-n7xpd Warning: would violate PodSecurity "restricted:v1.24": ...output omitted... deployment.apps/quotesdb volume updated
Start the database by scaling up the
quotesdb
deployment to one replica.Scale up the deployment.
[student@workstation ~]$ oc scale deployment/quotesdb --replicas 1 deployment.apps/quotesdb scaled
Wait for the pod to start. You might have to rerun the command several times for the pod to report a
Running
status. The name of the pod on your system probably differs.[student@workstation ~]$ oc get pods NAME READY STATUS RESTARTS AGE quotesdb-99f9b4ff8-ggs7z 1/1 Running 0 4s
Create the
quotesdb
service for thequotesdb
deployment. The database server is listening on port 3306.Use the
oc expose deployment
command to create the service.[student@workstation ~]$ oc expose deployment quotesdb --port 3306 service/quotesdb exposed
Verify that OpenShift associates the IP address of the MySQL server with the endpoint. The endpoint IP address on your system probably differs.
[student@workstation ~]$ oc describe service quotesdb Name: quotesdb Namespace: review ...output omitted... TargetPort: 3306/TCP Endpoints: 10.8.0.123:3306 Session Affinity: None Events: <none>
Create the
frontend
deployment from theregistry.ocp4.example.com:8443/redhattraining/famous-quotes:2-42
image. Set the number of replicas to zero, to prevent OpenShift from deploying the application before you finish its configuration. Ignore the warning message.[student@workstation ~]$ oc create deployment frontend \ --image registry.ocp4.example.com:8443/redhattraining/famous-quotes:2-42 \ --replicas 0 Warning: would violate PodSecurity "restricted:v1.24": ...output omitted... deployment.apps/frontend created
Add environment variables to the
frontend
deployment from thedbparams
secret, and add theQUOTES_HOSTNAME
variable with thequotesdb
value.Add the variables from the
dbparams
secret. Add theQUOTES_
prefix to each variable name. Ignore the warning message.[student@workstation ~]$ oc set env deployment/frontend \ --from secret/dbparams --prefix QUOTES_ Warning: would violate PodSecurity "restricted:v1.24": ...output omitted... deployment.apps/frontend updated
Declare the
QUOTES_HOSTNAME
variable. Ignore the warning message.[student@workstation ~]$ oc set env deployment/frontend QUOTES_HOSTNAME=quotesdb Warning: would violate PodSecurity "restricted:v1.24": ...output omitted... deployment.apps/frontend updated
Start the application by scaling up the
frontend
deployment to one replica.Scale up the deployment.
[student@workstation ~]$ oc scale deployment/frontend --replicas 1 deployment.apps/frontend scaled
Wait for the pod to start. You might have to rerun the command several times for the pod to report a
Running
status. The name of the pod on your system probably differs.[student@workstation ~]$ oc get pods NAME READY STATUS RESTARTS AGE frontend-86cdd7c7bf-hpnwz 1/1 Running 0 44s quotesdb-99f9b4ff8-ggs7z 1/1 Running 0 2m11s
Expose the
frontend
deployment so that the application is accessible from outside the cluster. The web application is listening on port 8000.Create the
frontend
service for thefrontend
deployment.[student@workstation ~]$ oc expose deployment frontend --port 8000 service/frontend exposed
Create the route.
[student@workstation ~]$ oc expose service frontend route.route.openshift.io/frontend exposed
Retrieve the application URL from the route.
[student@workstation ~]$ oc get route NAME HOST/PORT PATH SERVICES ... frontend frontend-review.apps.ocp4.example.com frontend ...
Use the
curl
command to test the application.[student@workstation ~]$ curl http://frontend-review.apps.ocp4.example.com <html> <head> <title>Quotes</title> </head> <body> <h1>Quote List</h1> <ul> <li>1: When words fail, music speaks. - William Shakespeare </li> ...output omitted...
Evaluation
As the student
user on the workstation
machine, use the lab
command to grade your work. Correct any reported failures and rerun the command until successful.
[student@workstation ~]$ lab grade compreview-deploy
Finish
As the student
user on the workstation
machine, use the lab
command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.
[student@workstation ~]$ lab finish compreview-deploy