Make the Shift

If you were looking to place a bet on a piece of software that would still be popular in a few years time, you couldn't go far wrong by choosing Kubernetes [1].

Following the public explosion of interest in containers – courtesy of Docker over the past five years or so – the tool of choice to organize, scale, and add resilience to those containers has been firmly voted as Kubernetes. Along with varying DevOps methodologies, the rapid rise in its adoption has been eye-watering, surpassed only by the interest shown for Docker initially.

Among other contenders in the container orchestrator space, Docker offers "swarm mode" (or Docker Swarm), which enables users to manage the orchestration of containers across a cluster of machines that are running Docker Engine. Red Hat also offer an enterprise solution that has provided some symbiosis with feature developments in Kubernetes, because Red Hat's product OpenShift [2] and its various incarnations are firmly based on it.

OpenShift and its additional features, along with the enterprise-level Red Hat support services, is based on the open source version of Kubernetes. Additionally, a community version, formerly called Origin, which then became OKD [3] in the second half of 2018 [4], is described as "The Origin Community Distribution of Kubernetes that powers Red Hat OpenShift."

An online platform called OpenShift Container Platform [5] allows you to run your applications directly, in a supported manner, in a way that can alleviate much of the overhead of running Kubernetes clusters in-house.

In this article, I install OKD by one of the available methods, namely Minishift [6]. OKD calls Minishift an "all-in-one" virtual machine, which is fully functioning and even boasts its own, private container image registry.

Once you're up and running, you will access the GUI, or console, from a browser followed by the command line with a view to setting up and launching an application. This demonstration should help whet your appetite about what's possible with OpenShift and OKD.

Pick It, Pack It, Fire It Up

To start, I'll be using the well-known KVM [7] Linux virtualization technology to install OKD locally. To use the required virtualization, you will need a compatible machine running the, now relatively standard, CPU extensions called Intel VT or AMD V. If your machine offers one of these features, you need to check that your BIOS has them enabled. The command

$ egrep "(svm|vmx)" /proc/cpuinfo

should return svm or vmx in colored text. On my Ubuntu 18.04 laptop, I see vmx in red text, because Intel VT is available on my machine.

As the root user, you will install KVM:

$ apt install qemu-kvm libvirt-daemon libvirt-daemon-system

In my case, I see about 70MB of files added after running the command. You should really be running many of the OKD commands that follow as the non-root user for extra security. For ease, however, I'll focus on using the root user.

If you want to use another user instead of superuser, you can add your username to the libvirt group:

$ usermod -a -G libvirt $(whoami)

Having done so, you could then log in to the libvirt group for this session with:

$ newgrp libvirt

Now back to the installation. For the next task, you need to download a compatible Docker driver for KVM:

$ curl -L https://github.com/dhiltgen/docker-machine-kvm/releases/download/v0.10.0/docker-machine-driver-kvm-ubuntu16.04 -o /usr/local/bin/docker-machine-driver-kvm

The eagle-eyed among you will spot the 16.04 driver being downloaded and not 18.04. For the purposes here, that should be fine, because it's the latest Ubuntu version currently available. However, you should navigate to the GitHub page for the latest release of the KVM driver for docker-machine and the MD5 checksums [8].

For safety, you should not just blindly install the software. The MD5 checksum is shown as abc34ba69fbdc6c6aea3f59d99962310 for docker-machine-driver-kvm-ubuntu16.04 . To check that, enter:

$ md5sum /usr/local/bin/docker-machine-driver-kvm
abc34ba69fbdc6c6aea3f59d99962310

That looks like a good match, so you can proceed knowing the file is probably as the publisher intended and hasn't been tampered with during the download.

Next, enter:

$ chmod +x /usr/local/bin/docker-machine-driver-kvm

to make that file executable.

Window Within a Window

Once you have installed the software to run on a virtual machine, you can begin to set it up. To start, make sure KVM is happy by using the concatenated command:

$ systemctl start libvirtd; systemctl enable libvirtd.service; systemctl status libvirtd

Assuming the phrase active (running) is returned by systemd, you are ready to go. Just hit the q key to quit.

One last thing worth checking is that you have a "default" network configured correctly in KVM. To check the configuration, use the virsh command:

$ virsh net-list --all

Figure 1 shows the output, which in my case, shows that the network exists but is not running – unfortunately.

Figure 1: Showing the available networks in KVM. However, all is not well in this case.

Potentially, you might have to fix two issues that show in the output of Figure 1. First, make sure that the Autostart column states yes ; if it does not, change it with the command:

$ virsh net-autostart default

Second, make sure the change has taken hold with the net-list command used earlier.

Third, check that inactive is not visible in the State column. If that's what you see, you can change it with the command:

$ virsh net-start default

If you get a nasty looking error at this stage, fear not. The error I got was:

error: Failed to start network default
error: internal error: Failed to initialize a valid firewall backend

Thankfully, this can be fixed by installing and enabling firewalld. Simply enter the command:

$ apt install firewalld

You can start up and check firewalld, as you did with libvirt, by combining some simple commands in one line:

$ systemctl enable firewalld; systemctl start firewalld; systemctl status firewalld

Check that it's running as expected – you should see active (running) . To keep libvirt happy, you'll restart its service with the command:

$ systemctl restart libvirtd

If it didn't automatically start up, you can now try to start up the default network as follows:

$ virsh net-start default

At this stage, you should see an error saying something like network is already active , which is good news. Otherwise, you've started the network for this session, which will suffice in the short term; however, do check that you've set Autostart properly, as mentioned above.

To double-check that the networking is functioning as expected, look once more at using the net-list command:

$ virsh net-list --all

Following your recent efforts, you should see something like Figure 2 if you're up and running.

Figure 2: Happiness is an active and autostarting default network.

If you don't have the same output, then rinse and repeat the previous steps or check the KVM documentation to see if you are having issues with your Linux distribution.

Shifting Sands

The next task is to download Minishift from the latest releases page [9]. In my case, I'll choose the minishift-1.33.0-linux-amd64.tgz tarball, which is compiled for Linux. You can download it with the command:

$ wget -O minishift-1.33.0-linux-amd64.tgz https://github.com/minishift/minishift/releases/download/v1.33.0/minishift-1.33.0-linux-amd64.tgz

At this point, you should make sure the checksum matches the file, but instead of using the MD5 tool as in the previous example, you should use the SHA256 tool:

$ wget https://github.com/minishift/minishift/releases/download/v1.33.0/minishift-1.33.0-linux-amd64.tgz.sha256

You can see the hash inside the downloaded file with the cat command:

$ cat minishift-1.33.0-linux-amd64.tgz.sha256
e47232e638d66d133d577739cd26b053d0453f5dcf3318dc237b6e792ccd218d

Now look at what sha256sum offers by running it against the tarball you downloaded:

$ sha256sum minishift-1.33.0-linux-amd64.tgz
e47232e638d66d133d577739cd26b053d0453f5dcf3318dc237b6e792ccd218dminishift-1.33.0-linux-amd64.tgz

Excellent. The file is much more likely to be in the state its author intended and have not been tampered with during the download. Next, uncompress the tarball and enter the resulting directory:

$ tar xvfz minishift-1.33.0-linux-amd64.tgz
$ cd minishift-1.33.0-linux-amd64

If you run the ls command, you can see a 27MB binary called minishift. You'll want to move that file into the /usr/local/bin directory:

$ mv minishift /usr/local/bin/

Now go back to your home directory (/root in my case) with the cd command. You can check that the minishift binary is available from within your user's path by entering the following command from your home directory:

$ minishift version
minishift v1.33.0+ba29431

The results look promising, so you should proceed.