There are lots of cloud platform that have same core concept of pod and how they behave and work. OpenShift platform seems to have a similar way of implementation as Kubernetes has if you are familiar with it.
Here we will try to explain readers on what Pods in simpler terms are,
Let’s say there is one host called A and one pod called B and one container called C. So, this diagram can be a taken as a simpler and basic architectural design on how we can interpret it before we try to understand furthermore about Pods.
Let’s start by listing some important features of Pods.
- Pod are unique, based on IP address as they are allocated with its own internal IP address.
- Since they have their own IP address, they also have their own ports and space.
- Container which is inside a pod can share its local storage and can have its own networking defined.
- Pods have a lifecycle.
a.
b. Pods are retained (Not always exited right away) in some cases to enable access to the logs of their containers. This is usually a case for an application that is running on Production and that might depend on logs to troubleshoot issues. - Good news from security perspectives, they are mostly and largely immutable and we cannot change the definition of a running pod. I have attached the Pod object definition in context of YAML below and explained some of the important feature to know before deploying. apiVersion: v1 kind: Pod metadata: annotations: { … } labels: deployment: MY_SAMPLE_APP deploymentconfig: MY_SAMPLE_APP docker-registry: default generateName: MY_SAMPLE_APP_DEMO spec: containers:
- env:
- name: OPENSHIFT_CA_DATA
value: … - name: OPENSHIFT_CERT_DATA
value: … - name: OPENSHIFT_INSECURE
value: “false” - name: OPENSHIFT_KEY_DATA
value: … - name: OPENSHIFT_MASTER
value: https://some.app.location.com:8443
image: openshift/origin-docker-registry:v1.1.1.1
imagePullPolicy: IfNotPresent
name: registry
ports: - containerPort: 7510
protocol: TCP
resources: { }
securityContext: { … }
volumeMounts: - mountPath: /registry
name: registry-storage - mountPath: /my/custome/path/secrets/
name: default-token-demo
readOnly: true
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: OPENSHIFT_CA_DATA
- name: default-some-secret
restartPolicy: Always
serviceAccount: default
volumes: - emptyDir: { }
name: registry-storage - name: default-token-demo
secret:
secretName: default-token-demo
These are the features we should at least know and modify based on our needs.
Pods need to have a unique name within their namespace.
Pods can be “tagged‿ with one or more labels, which can then be used to select and manage groups of pods in a single operation.
Pod has three restart policy: Always, OnFailure and Never.
Restart policy‿ Always‿ which is default. Tries restarting a successfully exited container on the pod continuously, with an exponential back-off delay (10s, 20s, 40s) until the pod is restarted.
Restart policy‿ OnFailure‿ Tries restarting a failed container on the pod with an exponential back-off delay (10s, 20s, 40s) capped at 5 minutes.
Restart policy‿ Never‿ Does not try to restart exited or failed containers on the pod. Pods immediately fail and exit.
This should get you started with the basics on Pods but for further core details you should visit the official website of RedHat OpenShift. And more importantly start deploying and start learning from that process itself.
- env:
Leave a Reply