OpenShift Container Platform Architecture 1.1 & 2.1
Describe the components of a pod
-A pod is one or more containers deployed together on one host, and the smallest compute unit that can be defined, deployed, and managed -Pods are the rough equivalent of a machine instance (physical or virtual) to a container. Each pod is allocated its own internal IP address, therefore owning its entire port space, and containers within pods can share their local storage and networking
Describe the steps of pod creation
-Create a Database Kubernetes service to identify which pod will provide the database service to Kubernetes in a YAML file -Create a Database service replication controller file also in YAML -Create a Web server Kubernetes Service file YAML -a Web server replication controller YAML file -then Orchestrate the containers with kubectl
Purpose of the load balancer?
-balancing IP traffic across a set of real servers -keepalived - uses Linux virtual server to balance and perform failover tasks on active and passive routers HAProxy - performs load balancing and high-availability services to TCP and HTTP applications
Describe how a load balancer host is used in a multiple master (HA) topology
-distributes requests between 3 master/infrastructure nodes -external access to OpenShift cluster -single entry point to OpenShift cluster
Describe the Cloud Pak for Data editions
1. Cloud Native Edition 2. Enterprise Edition 3. System Edition
Hosts needed for an openshift container platform to support a minimal IPC4D base environment?
3 master nodes (8 vcpu, 32 GB) 3+ worker nodes (16 vcpu 64 GB, 128 rec) 1 load balancer (4 core, 8 GB)
List various services that a container can provide
A Docker container consists of the necessary infrastructure, operating system, Docker Engine, and the application with any libraries or binaries needed to run; the concept of Docker containers is similar to that of shipping containers, because everything that is necessary for the application to run resides within the container, it can be shipped to any infrastructure with no problem!!
Explain the purpose of the replication controller
A replication controller ensures that a specified number of replicas of a Pod are running at all times; if Pods are exited or deleted, the controller acts to instantiate more up to the defined number; likewise, if more Pod replicas are running than specified by the user, it will delete as many as needed
Explain how containers are used within pods
A single pod consists of a co-located group of containers with shared resources such as volumes and IP addresses; therefore a pod may contain one or more tightly coupled, co-located applications run with shared context such as a Web server and application to pull and sync files (in the pre-container world, applications executed on the same physical or virtual host)
Add-ons
Also known as Services. The IBM Cloud Pak for Data web client includes a catalog of services that you can use to extend the functionality of Cloud Pak for Data. These modular services can be added to the base CPD installation leveraging base VPC licenses.
Explain the contents of the Ansible inventory file
Ansible inventory files describe the details about the hosts in your cluster, as well as the cluster configuration details for your OpenShift Container Platform installation. The OCP installation playbooks read your inventory file to know where and how to install OCP across your set of hosts.
Describe the config files used for network DNS
By default, containers receive their DNS config file (/etc/resolv.conf) from their host and OCP then sets the pod's first nameserver to the IP address of the node. -Make sure each host in your environment is configured to resolve hostnames from your DNS server. The configuration for hosts' DNS resolution depend on whether DHCP is enabled. There are three main config files associated with the DNS: hosts, nsswitch.conf, and resolv.conf, when your application looks for another application on a TCP/IP network such as the Internet, it typically looks in hosts or on any DNS servers that you've set up for the network; hosts keeps a local name database, nsswitch.conf determines whether the DNS searches hosts or for DNS servers first, and resolv.conf contains directives with IP addresses of nameservers available to the host.
Explain the impact of pushing an image into the OpenShift Container Registry
By pushing an image to the container registry, others can use the image as a template for building and deploying containers. It also includes a runtime environment, all libraries and config files for them to use. Analogy used in explanation: container is a dish, image is a recipe (can be tweaked, adjusted), and the repository is a cookbook! You can make multiple dishes from one recipe.
Cloud Native Edition
Cloud Native Edition is a great way for a new Cloud Pak for Data enterprise to get started on some use cases. All functionality is available; however, the consumption restriction is up to a maximum of 64 VPCs
Describe the sizing units for Cloud Pak for Data
Cloud Pak for Data is sized based off of Virtual Processing Cores (VPCs). The number of these compute units depend on what an enterprise is trying to accomplish. IBM provides a general guideline for customers that work best to get started that can then be adjusted based off of usage. -Extra Small: 48 VPCs. Minimum starter configuration. Good for PoCs and basic starter footprints. Up to 21 concurrent users recommended. -Small: 96 VPCs. Minimum configuration recommended to start with Data Virtualization use cases. Up to 33 concurrent users recommended. -Medium: 192 VPCs. Minimum configuration recommended to start with Db2 Warehouse use cases. Up to 67 concurrent users recommended. -Large+: 288+ VPCs. Consider this configuration for 103+ concurrent users.
System Edition
Converged Hardware and Software environment with Cloud Pak for Data pre-installed so you can get up and running, behind your firewall, in just 4 hours.
Purpose of etcd?
Distributed key - value datastore for cluster state, RBAC rules, application environment information, etc.
Why are multiple master hosts needed?
For HA (high availability) ensures that the cluster has no single point of failure
Explain how a service is used for external and internal communication
For external communication: an external IP access must be assigned. The external IP sets up table rules that allow traffic arriving at any cluster node targeting that IP address to be sent to one of the internal pods. The IP address must be assigned to a host (node) interface on one of the nodes in the cluster. -This is similar to the internal service IP addresses, but the external IP tells OCP that this service should also be exposed externally at the given IP. Services are assigned an IP address and port pair that, when accessed, proxy to an appropriate backing pod. A service uses a label selector to find all the containers running that provide a certain network service on a certain port. A service provides an internal IP address for internal communication and a hostname for external communication.
Identify the supported environments where Cloud Pak for Data can be run
In the cloud -If you have an OpenShift deployment on IBM Cloud, AWS, Microsoft Azure, orGoogle Cloud, you can deploy Cloud Pak for Data on your cluster. On premises - You can run Cloud Pak for Data on your private, on-premises cluster. If most of your enterprise data lives behind your firewall, it makes sense to put the applications that access your data behind your firewall to prevent accidentally sharing your data.
Explain how to meter usage and monitor for entitlement overages.
Integrating CP4D with IBM Cloud Platform Common Services allows for the use of the License Service which measures your Virtual Processor Core (VPC) usage data so that you can stay within the terms of your license. To access point-in-time resource allocations in the Cloud Pak for Data administration tool, log in to the web client as an administrator, and from the navigation menu, select Administer > Manage platform. From here you can: -Track resource usage (CPU virtual cores and memory) over time for each deployment. -Set resource target limits. -See an aggregated view of the monthly usage of all services. -Drill down to the pods, dynamic runtimes, and service instances to view details on resource usage and logs, and to perform administrative tasks, such as starting, stopping, and deleting pods -View and download usage reports -Run diagnostic jobs to collect logs for all services so that you can troubleshoot problems.
Describe storage solutions available for OpenShift
Kubernetes persistent volume (PV) framework -NFS-HostPath-GlusterFS -gluster-block-OpenShift container storage file-OpenShift container storage block-Ceph RBD-OpenStack Cinder-AWS Elastic Block Store-GCE Persistent DiskoiSCSI-Fibre Channel-Azure Disk -Azure File-VMWare vSphere -Local
Explain how pods are used to increase performance
Pods provide the ability to scale horizontally across your IT infrastructure, allowing for the increased performance of applications as needed
Premium Add-ons
Provide more extensive capabilities on top of the default services in specific areas. These include DataStage Edition, Watson Studio Premium, Watson OpenScale, Watson Knowledge Catalog Pro Edition, and InfoSphere Regulatory Accelerator. Customers must pay a premium for these additional add-ons beyond the standard CP4D base VPC Licenses.
What is the purpose of the OpenShift router (aka Ingress Controller)?
Provides external access to applications deployed on OpenShift
Cloud based installations and IBM POWER8 need what to run OCP for CP4D?
RHEL 7.5 or later w/latest packages from the Extras channel
x86-64 need what to run OCP for CP4D?
RHEL 7.5 or later w/latest packages from the Extras channel or RHEL Atomic Host 7.4.2 or later
IBM Power 9 needs what to run OCP for CP4D?
RHEL ALT 7.5 or later w/ latest packages from Extras channel
What is the purpose of the scheduler?
Responsible for determining pod placement
Explain what components provide data to outside the cluster from a pod
Services provide a single, persistent IP and port combination that provides access to a pool of pods. Any time a pod dies, it's supposed to get a new IP, so the service exists outside of the pod so that it can always direct and load balance to that pod with the same IP. Routes provide external access in order to map an external port (IP address) to the internal port (service) of the Pod
3rd Party Add-ons
Software services integrated into CPD that are 3rd party products or open source tools. These add-ons are integrated into CPD so that these popular capabilities will work as a whole.
What is the purpose of the registry?
Stores and manages container images
Application instances and components run in containers--with many containers per OpenShift node.
TRUE
OpenShift 4 master nodes are only supported to run on Red Hat Enterprise Linux CoreOS. Worker nodes run any environment that Red Hat Enterprise Linux runs on.
TRUE
The OpenShift master host is the API endpoint and the orchestrator of the system.
TRUE
Explain the functions of a route
They are built on top of services and serve the purposes of exposing those services to the outside internet. An OCP route exposes a service at a host name, such as www.example.com, so that external clients can reach it by name; each route consists of a host name, a route name, a service selector, and an optional security configurations. The route is also capable of providing load balancing traffic across healthy pods.
What is NOT true about pods?
They are permanent, long term datastores
Explain the security model of an OpenShift Project containing various namespaces
Users authorized in a namespace can only access files and applications from that namespace, even CP4D instances on the same cluster cannot see one another's' assets if they are on different namespaces
Describe when it would be necessary to add more worker nodes to the cluster?
when you need to increase the workload
Enterprise Edition
will grow from beginning use cases all the way throughout your enterprise. Utilize capabilities requiring higher compute capacity, leverage the platform behind your firewall with the System, and take your enterprise's data strategy to the next level. No VPC restriction
