Sunday, February 2, 2025

OpenShift - Helm - Part 5

February 02, 2025 0

 

Helm

Helm uses a packaging format called charts.  A chart is a collection of files that describe a related set of Kubernetes resources. A simple chart is deploying a simple application or collection of complex application.
Kubernetes Persistent Volumes:
Kubernetes Persistent Volumes (PVs) provide a robust framework for managing durable storage in containerized environments.
Persistent Volumes is crucial for effectively managing stateful applications in Kubernetes, ensuring that data persists as needed and storage resources are utilized efficiently.
A Persistent Volume (PV) is a storage resource in a Kubernetes cluster that exists independently of any individual Pod, allowing data to persist beyond the lifecycle of Pods.
Persistent Volume Claims (PVCs): A Persistent Volume Claim (PVC) is a request by a user for storage, specifying size, access modes, and other parameters. Kubernetes then binds the PVC to an appropriate PV that meets the requested.
PVs support different access modes, such as:
1.ReadWriteOnce (RWO): Mounted as read-write by a  single node.
2.ReadOnlyMany (ROX): Mounted as read-only by multiple nodes.
3. ReadWriteMany (RWX): Mounted as read-write by multiple nodes.
Storage Classes: Storage Classes in Kubernetes define different classes of storage, allowing for dynamic provisioning of PVs with varying performance and availability characteristics. This enables administrators to offer multiple storage options to end users.
Dynamic vs. Static Provisioning: PVs can be statically provisioned by administrators or dynamically provisioned based on Storage Classes when a PVC is created, providing flexibility in how storage is allocated.
Lifecycle Management: The lifecycle of a PV is independent of any Pod that uses the PV. This means that data stored in a PV can outlive the Pods that access it, ensuring data persistence across Pod restarts and rescheduling.
Reclaim Policy: PVs have a reclaim policy that determines what happens to the underlying storage resource after the PVC is released. 
    1.Retain: Keeps the data intact for manual reclamation.
    2.Recycle: Performs a basic scrub 
    3.Delete: Deletes the storage resource, such as an AWS EBS volume. These policies help manage the lifecycle of storage resources effectively.
Binding Process: When a PVC is created, Kubernetes matches it to a suitable PV based on the requested storage size and access modes. Once bound, the PV is exclusively associated with that PVC, ensuring consistent and reliable storage for the requesting Pod.

Tags # Openshift Continue Reading
By at No comments:
Tags

Friday, January 31, 2025

how to install the DeepSeek R1 module in your local machine

January 31, 2025 0




Deepseek has been created by Chinese AI company called Deepseek. This Deepseek model is compare with top of OpenAI models such as Maths, Coding, General knowedge and languages. 
The Deepseek-r1 is getting popular because it is open sourced and allowing anyone to download and run it locally.

Deepseek-r1 Module:
It is built-in chain of thought reasoning enhances its efficiency and cheaper compare to other OpenAI models. 
PS: It may getting delay the response if our system has very limited CPU and memory.

GIT HUB URL : https://github.com/deepseek-ai/DeepSeek-R1

We will run a DeepSeek-r1 module through Ollama.
Ollama:
Ollama is an open source tool which will helps us to run a NLP [Natural Language Processing] through locally.
Step1) Downloading the Ollagwa tool for your suitable operating system and installed it.



Step2) Navigate to DeepSeek-r1 module from the ollama site.



Hardware requirements for each r1 module:


Step 3) Open a terminal or powershell and validate the Ollama status
#ollama list

Step 4) I have downloaded the 1.5b module for my testing.

Step5) Installed the DeepSeek-r1 module through ollama  tool
#ollama run deepseek-r1

You can start using or asking your queries or coding after complete the installation.




Tags # AI # DeepSeek Continue Reading
By at No comments:
Tags ,

Tuesday, January 28, 2025

OpenShift - Services - Part 4

January 28, 2025 0

 

Services:

Service is a method for exposing a network application that is running as one or more Pods in your cluster.
The Service API is an abstraction to help you expose groups of Pods over a network. Each Service object defines a logical set of endpoints (usually these endpoints are Pods) along with a policy about how to make those pods accessible.
service.yaml
apiVersion: v1
kind: Service
metadata:
  name: test
spec:
  selector:
    app:scale
  ports:
    - protocol: TCP
  port: 80
  targetport: 8080



Tags # Openshift Continue Reading
By at No comments:
Tags

Thursday, January 23, 2025

OpenShift - Scaling and Autoscaling - Part 4

January 23, 2025 0

 

Scaling and Autoscaling:

Horizontal scaling adds more machines into the system while vertical scaling add more resources to existing system.




#oc scale dc/name --replica=<number>
Monitoring the pod:
#oc adm top pods
#oc get events
Autoscaling:
It will increase the CPU and memory depends upon the requirement by automatically.
#oc autoscale dc/<name> --min=3 --max=6 --cpu-limit=60

List the information about the project:
#oc describe project projectname

Patching the Pod:
#oc patch dc/<name> -p '{"spec":{"template":{"spec":{"containers":{"image":"quay.io/existimage/newimage"}}}}}'

Secret and configMap:
Secrets is a encrypted data (Sensitive information)
configMap is a plain text (hostname, ceritificate)

Secret types:
1) Generic 
2) TLS (SSL)
3)docker-cfg

secret is using a base64 format encreption method.

Decode the secret file
#base64 --decode secretfile

List the secret
#oc get secret
#oc set env dc/mytest --from=secret/mytest-secret

Login into Pod:
#oc exec -it podname -- bash

#oc get pod -o yaml | grep -i scc
#oc get pod podname -o yaml | oc adm scc-subject-review -f -
#oc adm policy add-scc-to-user username
#oc adm policy remove-scc-to-uesr username

Templete is not found Error:
#oc login -u kubeadmin -p $(cat /usr/local/etc/kube-admin-password) https://api.example.com:6443
#oc edit projects.config.openshift.io 
Removed projectRequestTemplete & name parameter and place a empty {} 

Tags # Openshift Continue Reading
By at No comments:
Tags

Tuesday, January 21, 2025

OpenShift - Quota - Part 3

January 21, 2025 0

 

Quota:

Quota is a set a limit from project level

#oc create quota --help | more

Resource Quota:

#oc create resourcequota --help | more

We can set a limit for the resource through resourcequota.

* CPU

* Memory

* Number of Deployments

* number of services

* number of service accounts

* config Map

* Service accounts

* number of Pods

It will allow the restriction of users and avoid over provision.

Example:

#oc create quota my-quota --hard=cpu=1,memory=1G,pods=2,services=3,replicationcontroller=1,secrets=5,persistentvolumeclaims=10 -n testquota

List resource under core group:

#oc api-resources --api-group="" --namespaced=true

Resource group:

#oc create resourcequota test --hard=count/pods=1

Utilization of resources in OCP cluster:

#oc adm top nodes

Create an APP for testing purpose:

#oc new-app --name myapp --image=registry.example.com:8443/helloworld-nginx

Set a resources for the app

#oc set resources deployment myapp --limits=cpu=200m,memory=300M --requests=cpu=100m,memory=200M

#oc set resources dc/myapp --limits=memory=60Mi --requests=memory=20Mi

Monitoring the process of resources:

#watch oc get all

List the events with timestamp:

#oc get events --sort-by=.metadata.creationTimestamp

Delete a pod:

#oc delete pod -l deploymentconfig=myapp1

Scale out the pods:

#oc scale dc/myapp1 --replicas=5

Create a quota:

#oc create quota my-quota --hard=limits.cpu=2,limits.memory=200Mi,requests.cpu=1,requests.memory=100Mi,pods=3,services=10


Tags # Openshift Continue Reading
By at No comments:
Tags

Friday, January 17, 2025

OpenShift - Authentication and Authorization - Part 2

January 17, 2025 0

 


Authentication and authorization:

Authentication will check whether user has access or not from the system

Authorization : It will user has a right role or access for application side.

Openshift has a two roles 1) cluster role 2) Project role

#oc get clusterrolebinding

#oc get rolebinding

1) Create users

2) Integrate users with OCP

3) How to assign roles as per requirement of user

4) How to create groups

5) How to add users to the groups

Create a user through htpasswd

#htpasswd -c -B -b filename username password

-B option is encrypied the password

-b - single line command

#oc get secret -n openshift-config

Secret has 3 types such as Docker-registry, generic and tls.

#oc create secret generic mysecret --from-file=test -n openshift-config

Create users

#htpasswd -B -b myusers test1 passwd

Integrate users with OCP environment

#oc create secret generic mysecret --from-file=htpasswd=myusers -n openshift-config

#oc get secret mysecret -n openshift-config -o yaml

#oc get oauth cluster -o yaml > oauth.yaml

#oc replace -f oauth.yaml

Testing the login with OCP environment

#oc login -u test -p passwd

#oc new-project testing1

#oc describe project testing1

Edit the yaml file through vim with GUI

#vi .vimrc

autocmd FileType yaml setlocal ts=2 cuc curl

cuc - cursal problem

curl - cursal line

aicuc - Auto indentation 

We can able to get a roles details under clusterrolebinding:

#oc get clusterrolebinding | grep -i cluster-admin

#oc describe clusterrolebinding cluster-admin

Delete a role under clusterrolebinding:

#oc delete clusterrolebinding cluster-admin


Do view the policy

#oc adm policy

Default role of cluster and project policy:

Cluster - Cluster-admin and self-provisioner

Project - admin, edit and view

Adding a user into role

#oc adm policy add-cluster-role-to-user cluster-admin username

Remove a role from user

#oc adm policy remove-cluster-role-from-group self-provisioner user

#oc adm policy remove-cluster-role-from-group self-provisioner system:authenticated:oauth


Tags # Openshift Continue Reading
By at No comments:
Tags

5 ways to Check a remote port status in Linux

January 17, 2025 0

 




System admin will use to check the remote port status for any application / system port issue.

We can check the port status with 5 ways.

Use nc command

#nc -zv IPaddress Portnumber

Use nmap command 

#nmap IPaddress -p portnumber

Use telnet command 

#telnet IPaddress portnumber

Use python module:

#python telnet IPaddress portnumber

Use curl command

curl -v telnet IPaddress:portnumber



Tags # Linux Continue Reading
By at No comments:
Tags