Java

What are Pods in context of OpenShift ?

There are lots of cloud platform that have same core concept of pod and how they behave and work. OpenShift platform seems to have a similar way of implementation as Kubernetes has if you are familiar with it.
Here we will try to explain readers on what Pods in simpler terms are,
Let’s say there is one host called A and one pod called B and one container called C. So, this diagram can be a taken as a simpler and basic architectural design on how we can interpret it before we try to understand furthermore about Pods.

Let’s start by listing some important features of Pods.
1.    Pod are unique, based on IP address as they are allocated with its own internal IP address.
2.    Since they have their own IP address, they also have their own ports and space.
3.    Container which is inside a pod can share its local storage and can have its own networking defined.
4.    Pods have a lifecycle.
a.     
b.    Pods are retained (Not always exited right away) in some cases to enable access to the logs of their containers. This is usually a case for an application that is running on Production and that might depend on logs to troubleshoot issues.
2.    Good news from security perspectives, they are mostly and largely immutable and we cannot change the definition of a running pod.
 I have attached the Pod object definition in context of YAML below and explained some of the important feature to know before deploying.
apiVersion: v1
kind: Pod
metadata:
  annotations: { ... }
  labels:
    deployment: MY_SAMPLE_APP
    deploymentconfig: MY_SAMPLE_APP
    docker-registry: default
  generateName: MY_SAMPLE_APP_DEMO
spec:
  containers:
    - env:
        - name: OPENSHIFT_CA_DATA
          value: ...
        - name: OPENSHIFT_CERT_DATA
          value: ...
        - name: OPENSHIFT_INSECURE
          value: "false"
        - name: OPENSHIFT_KEY_DATA
          value: ...
        - name: OPENSHIFT_MASTER
          value: https://some.app.location.com:8443
      image: openshift/origin-docker-registry:v1.1.1.1
      imagePullPolicy: IfNotPresent
      name: registry
      ports:
        - containerPort: 7510
          protocol: TCP
      resources: { }
      securityContext: { ... }
      volumeMounts:
        - mountPath: /registry
          name: registry-storage
        - mountPath: /my/custome/path/secrets/
          name: default-token-demo
          readOnly: true
  dnsPolicy: ClusterFirst
  imagePullSecrets:
    - name: default-some-secret
  restartPolicy: Always
  serviceAccount: default
  volumes:
    - emptyDir: { }
      name: registry-storage
    - name: default-token-demo
      secret:
        secretName: default-token-demo

These are the features we should at least know and modify based on our needs.

  1. Pods need to have a unique name within their namespace.
  2.  Pods can be “tagged” with one or more labels, which can then be used to select and manage groups of pods in a single operation.
  3. Pod has three restart policy: Always, OnFailure and Never.
  4.  Restart policy” Always” which is default. Tries restarting a successfully exited container on the pod continuously, with an exponential back-off delay (10s, 20s, 40s) until the pod is restarted.
  5.  Restart policy” OnFailure” Tries restarting a failed container on the pod with an exponential back-off delay (10s, 20s, 40s) capped at 5 minutes.
  6.  Restart policy” Never” Does not try to restart exited or failed containers on the pod. Pods immediately fail and exit.  

This should get you started with the basics on Pods but for further core details you should visit the official website of RedHat OpenShift. And more importantly start deploying and start learning from that process itself. 

Leave a Reply