Container Service

Access to on-campus resources Services hosted on-campus will need to allow access for Container Service applications. Firewall rules for on-campus systems that your application depends upon will need to be opened to compute nodes within the OpenShift cluster. The full subnet range will need to be specified, as nodes could have any IP in the range. In the production cluster https://containers.aws.web.umich.edu your application will have an IP from within these ranges:

Overview Review OpenShift documentation on NetworkPolicy. Review Kubernetes documentation on NetworkPolicy. Network Access to OpenShift Services OpenShift services act as virtual load balancers that route traffic to underlying pods.

Overview Developers may wish to access the fully-managed RDS shared databases that the MiDatabase team makes available to Container Service customers from outside of the production Container Service cluster. For data security and reliability reasons, the shared MariaDB RDS instance is only accessible from within the Container Service cluster, and via the phpMyAdmin instance listed below. The shared Postgres instance can be accessed via computers in an on-campus data center, such as a MiServer, and via laptops on the VPN.

Overview Review OpenShift Auto-scaling documentation. Review OpenShift documentation on how Requests and Limits are used during auto-scaling. Auto-Scaling Applications running within OpenShift can increase capacity based on user load.

Overview Occasionally you may need to copy files to a directory within one of your pods. This may be required if you are seeding a persistent volume with data that is not part of the build process. Or, you may need to copy files from the pod to your local computer to assist with debugging. The process below details how to execute this process via the cp and rsync commands.

Overview Review OpenShift documentation on publishing routes. OpenShift 4.x/ROSA: apps.aws.web.umich.edu Users of the production cluster, https://containers.aws.web.umich.edu, can self-publish routes that end in: apps.aws.web.umich.edu. No DNS changes are required for URLs within apps.aws.web.umich.edu.

Overview Review Openshift documentation on viewing metrics. Review documentation on using the PromQL language. Viewing Metrics For A Project The most robust way to view metrics is via the Developer perspective.

Options There are several ways to use certificates to secure HTTPS traffic and get it to your application. Select the method that works best for you. Method Advantages Disadvantages

Overview The Container Service retains logs for customer applications for 180 days. Logs can be viewed in the OpenShift UI, via Kibana, or via the CLI. OpenShift documentation for viewing logs in Kibana. OpenShift documentation for viewing logs via the CLI. Curren

Overview The Container Service uses Red Hat's OpenShift to host containerized applications. OpenShift is a multi-tenanted system, meaning that it is designed to be used by many users simulataneously. As such, certain permissions that are available when you run a containerized application locally are not available when running in OpenShift. One of those is the ability to run as the root user. Applications in OpenShift cannot run as the root user. Instead, applications run as an anonymous user.