The Docker image format and container runtime are now available in OpenShift / Kubernetes, which allows you import images from Docker Hub or any other external Docker registry.

OpenShift restrictions on containers

OpenShift Online being a public service puts high requirements on the security of user data. And for this particular reason, not every single container is allowed to run on the platform.
The general problem we see everyday is that containers are trying to run as root. Is that a good idea? Not really, would you let the application running directly on the OS run as root? No! You would not and the same is true with containers. Applications should run as a regular use.

OpenShift does enforce this and because not all images are built in the sane way, you may run into problems with some containers. What's going to happen in that case? As you try to create the application you will see this notice:

<code>* WARNING: Image "&lt;something&gt;" runs as the 'root' user which may not be permitted by your cluster administrator</code>

In such a case you would need to build (if you are the owner) or rebuild (if you just want to use someone’s image) the image to not expect to be run as root.

Deploying the containers

To deploy custom containers, you need to use the terminal as it's not yet exposed in the web UI. You will use the oc client tool with the new-app command as you usually use for deploying stuff on OpenShift (oc new-app [image]~[source code]).

<code>oc new-app centos/python-35-centos7~</code>
Running this command deploys the Python 3.5 CentOS 7 container from Docker Hub with our example Django project. You should see output something like this:
--> Found Docker image 59a9d28 (34 hours old) from Docker Hub for "centos/python-35-centos7"

Python 3.5
Platform for building and running Python 3.5 applications

Tags: builder, python, python35, rh-python35

* An image stream will be created as "python-35-centos7:latest" that will track the source image
* A source build using source code from will be created
* The resulting image will be pushed to image stream "django-ex:latest"
* Every time "python-35-centos7:latest" changes a new build will be triggered
* This image will be deployed in deployment config "django-ex"
* Port 8080/tcp will be load balanced by service "django-ex"
* Other containers can access this service through the hostname "django-ex"

--> Creating resources with label app=django-ex ...
imagestream "python-35-centos7" created
imagestream "django-ex" created
buildconfig "django-ex" created
deploymentconfig "django-ex" created
service "django-ex" created
--> Success
Build scheduled, use 'oc logs -f bc/django-ex' to track its progress.
Run 'oc status' to view your app.

Once deployed, you need to expose the service provided by the container, in this case it would be:

<code>oc expose svc django-ex</code>

And check what your URL looks like:

<code>oc status</code>

Open the URL in your browser and you will be able to view your running application.

Voilà, you just deployed Python 3.5 on CentOS 7 using a pre-built container from Docker Hub.


News, OpenShift Online

< Back to the blog