5. Manage Application Updates Flashcards

1
Q
  1. Identify images using tags and digests
A

Use oc image info & skopeo command to list image tags and identify the image digest.
See previous section: Locate and examine container images

On the cluster node, you can use crictl images, crictl images –digests to list the locally available images.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. Roll back failed deployments
A

Use oc rollout command.

Rollout
# rollback to the preceding version
oc rollout undo deployment/myapp
oc rollout status deployment/myapp

# list available revisions
oc rollout history deployment/myapp

# rollback to a specific revision
oc rollout undo deployment/myapp2 –to-revision $revision_number

# for imperatives changes, you can pause the deplyment, do the changes and then resume
# to avoid having multiple revisions or failed pods
## pause
oc rollout pause deployment/mydb

## perform the changes
oc set env deployment/mydb MYSQL_PASSWORD=redhat123
oc set image deployment/mydb mysql-80=registry.ocp4.example.com:8443/rhel9/mysql-80:1-228

## resume
oc rollout resume deployment/mydb

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. Manage image streams
A

Image streams are one of the main differentiators between OpenShift and upstream Kubernetes. Kubernetes resources reference container images directly,
but OpenShift resources, such as deployment configurations and build configurations, reference image streams.

Image streams provide a stable, short name to reference a container image that is independent of any registry server and container runtime configuration.

Image Stream Tags

An image stream represents one or more sets of container images. Each set, or stream, is identified by an image stream tag.

Unlike container images in a registry server, which have multiple tags from the same image repository (or user or organization),
an image stream can have multiple image stream tags that reference container images from different registry servers and from different image repositories.

imageStream - Istag
# list openshift namespace imagestream (is)
oc get is -n openshift -o name
…output omitted…
imagestream.image.openshift.io/nodejs
imagestream.image.openshift.io/perl
imagestream.image.openshift.io/php #
…output omitted…

# list imagestreamtag(istag) of is php
oc get istag -n openshift | grep php
8.0-ubi9 image-registry … 6 days ago
8.0-ubi8 image-registry … 6 days ago
7.4-ubi8 image-registry … 6 days ago
7.3-ubi7 image-registry … 6 days ago

# create an imagestream
oc create is keycloak

# create an imagestreamtag
oc create istag keycloak:20.0 –from-image quay.io/keycloak/keycloak:20.0.2
oc create istag keycloak:19.0 –from-image quay.io/keycloak/keycloak:19.0
## oc create istag will create the imagestream(is) if it doesn’t exist yet

# list the istag
oc get istag
# oc get istag display the target image SHA ID not its tag, you can get the tag from the istag attributes
oc get istag keycloak:19.0 -o jsonpath=’{.tag.from.name}{“\n”}’

# create or update an imagestreamtag to point to new image/tag with oc tag
## # will create the istag keycloak:20.0 if it doesn’t exist or update it
oc tag quay.io/keycloak/keycloak:20.0.3 keycloak:20.0

## oc tag has:
## –scheduled : to periodically sync the image SHA ID between the istag and the image source
## –reference-policy local : to locally cache the image after the first pull

# create an alias of istag with oc tag
## # keycloak:20 is an alias of keycloak:20.0.2 (source)
oc tag –alias keycloak:20.0.2 keycloak:20

# you can also use oc import-image to create or update an istag
oc import-image keycloak:20.0.2 –from quay.io/keycloak/keycloak:20.0.2 –confirm

# like oc create istag, both oc tag and oc import-image will also create the the imagestream(is) if it doesn’t exist yet
Using Image Streams in Deployments

When you create a Deployment object, you can specify an image stream instead of a container image from a registry.
Using an image stream in Kubernetes workload resources, such as deployments, requires preparation:

Create the image stream object in the same project as the Deployment object.
Enable the local lookup policy in the image stream object.
In the Deployment object, reference the image stream tag by its name, such as keycloak:20.0, and not by the full image name from the source registry.
When you use an image stream in a Deployment object, OpenShift looks for that image stream in the current project.
However, OpenShift searches only the image streams that you enabled the local lookup policy for

Use the oc set image-lookupcommand to enable the local lookup policy for an image stream

Image-lookup
# enable local lookup
oc set image-lookup keycloak

oc describe is keycloak
Name: keycloak
Namespace: myproject
Created: 3 hours ago
Labels: <none>
Annotations: openshift.io/image.dockerRepositoryCheck=2023-01-31T11:12:44Z
Image Repository: image-registry.openshift-image-registry.svc:5000/.../keycloak
Image Lookup: local=true # local lookup enabled
Unique Images: 3
Tags: 2
...output omitted...</none>

# diable local lookup
oc set image-lookup keycloak –enabled=false

# list the local lookup status of all is
oc set image-lookup
NAME LOCAL
keycloak true
zabbix-agent false
nagios false

# use the is as normal image to deploy a workload
oc create deployment mykeycloak –image keycloak:20.0
More Information on Image Streams in the documentation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. Use triggers to manage images
A

Use triggers to manage images
Automatic Image Updates with OpenShift Image Change Triggers

Image stream tags record the SHA ID of the source container image. Thus, an image stream tag always points to an immutable image.

If a new version of the source image becomes available, then you can change the image stream tag to point to that new image.
However, a Deployment object that uses the image stream tag does not roll out automatically.

For an automatic rollout, you must configure the Deployment object with an image trigger with oc set triggers command.

oc set triggers
oc get deployment mykeycloak

# enable image trigger
oc set triggers deployment/mykeycloak –from-image keycloak:20 –containers keycloak

# check that a trigger is enabled
# The true value under the AUTO column for image indicates that the trigger is enabled.
oc set triggers deployment/mykeycloak
NAME TYPE VALUE AUTO
deployments/mykeycloak config true
deployments/mykeycloak image keycloak:20 (keycloak) true

# disable the image trigger by adding the –manual flag
oc set triggers deployment/mykeycloak –from-image keycloak:20 –containers keycloak –manual

# re-nable the image trigger by adding –auto flag
oc set triggers deployment/mykeycloak –from-image keycloak:20 –containers keycloak –auto

# remove omage trigger from all containers
oc set triggers deployment/mykeycloak –remove-all

How well did you know this?
1
Not at all
2
3
4
5
Perfectly