From b2e1d0a6a9329247f7d2a20a4c8ef3eb794b538f Mon Sep 17 00:00:00 2001 From: Clayton Coleman Date: Fri, 15 Nov 2019 16:06:10 -0500 Subject: [PATCH] Initial commit --- LICENSE | 191 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ README.md | 140 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 331 insertions(+) create mode 100644 LICENSE create mode 100644 README.md diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..c4ea8b6 --- /dev/null +++ b/LICENSE @@ -0,0 +1,191 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + Copyright 2014 Red Hat, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 0000000..1a65c36 --- /dev/null +++ b/README.md @@ -0,0 +1,140 @@ +OKD: The Origin Community Distribution of Kubernetes +======================================================= + +[![Licensed under Apache License version 2.0](https://img.shields.io/github/license/openshift/origin.svg?maxAge=2592000)](https://www.apache.org/licenses/LICENSE-2.0) + +***OKD*** is the Origin community distribution of [Kubernetes](https://kubernetes.io) optimized for continuous application development and multi-tenant deployment. OKD adds developer and operations-centric tools on top of Kubernetes to enable rapid application development, easy deployment and scaling, and long-term lifecycle maintenance for small and large teams. ***OKD*** is also referred to as ***Origin*** in github and in the documentation. ***OKD*** makes launching Kubernetes on any cloud or bare metal a snap, simplifies running and updating clusters, and provides all of the tools to make your containerized-applications suceced. + +This repository covers OKD4 and newer. For older versions of OKD, see the [3.11 branch of openshift/origin](https://github.com/openshift/origin/tree/release-3.11). + + +Getting Started +--------------- + +IMPORTANT: OKD4 is in preview - a subset of platforms and functionality will be available until we reach beta. For now, the AWS cloud provider is the best choice. + +Visit the [releases](https://github.com/openshift/okd/releases) page and find the appropriate openshift-installer binary for your platform. Download and extract the binary into your PATH and then run the following from a new directory: + +``` +$ openshift-install create cluster +``` + +You'll be prompted to choose a platform to install to - AWS is a good place to start with the OKD4 preview. + +You will need to have cloud credentials set in your shell properly before installation. You must have permission to configure the appropriate cloud resources from that account (such as VPCs, instances, and DNS records). You must have already configured a public DNS zone on your chosen cloud before the install starts. + +You will also be prompted for a pull-secret that will be made available to all of of your machines - that secret may be left empty or populated with your private registry credentials. + +Once the install completes successfully (usually 30m on AWS) the console URL and an admin username and password will be printed. If your DNS records were correct, you should be able to log in to your new OKD4 cluster! + +To undo the installation and delete any cloud resources created by the installer, run + +``` +$ openshift-install destroy cluster +``` + +[Learn more about the installer](https://github.com/openshift/installer/blob/master/docs/user/overview.md) + +The OpenShift client tools for your cluster can be downloaded from the web console. + + +Features +-------- + +* A fully automated distribution of Kubernetes on all major clouds and bare metal, OpenStack, and other virtualization providers + * Easily build applications with integrated service discovery and persistent storage. + * Quickly and easily scale applications to handle periods of increased demand. + * Support for automatic high availability, load balancing, health checking, and failover. + * Access to the Operator Hub for extending Kubernetes with new, automated lifecycle capabilities +* Developer centric tooling and console for building containerized applications on Kubernetes + * Push source code to your Git repository and automatically deploy containerized applications. + * Web console and command-line client for building and monitoring applications. +* Centralized administration and management of an entire stack, team, or organization. + * Create reusable templates for components of your system, and iteratively deploy them over time. + * Roll out modifications to software stacks to your entire organization in a controlled fashion. + * Integration with your existing authentication mechanisms, including LDAP, Active Directory, and public OAuth providers such as GitHub. +* Multi-tenancy support, including team and user isolation of containers, builds, and network communication. + * Allow developers to run containers securely with fine-grained controls in production. + * Limit, track, and manage the developers and teams on the platform. +* Integrated container image registry, automatic edge load balancing, and full spectrum monitoring with Prometheus. + +Learn More +---------- + +* **[Public Documentation](https://docs.okd.io/latest/welcome/)** + +For questions or feedback, reach us on [Kuberenetes Slack on #openshift-dev](https://kubernetes.slack.com/) or post to our [mailing list](https://lists.openshift.redhat.com/openshiftmm/listinfo/dev). + + +### What can I run on OKD? + +OKD is designed to run any Kubernetes workload. It also assists in building and developing containerized applications through the developer console. + +For an easier experience running your source code, [Source-to-Image (S2I)](https://github.com/openshift/source-to-image) allows developers to simply provide an application source repository containing code to build and run. It works by combining an existing S2I-enabled container image with application source to produce a new runnable image for your application. + +You can see the [full list of Source-to-Image builder images](https://docs.okd.io/latest/using_images/s2i_images/overview.html) and it's straightforward to [create your own](https://blog.openshift.com/create-s2i-builder-image/). Some of our available images include: + + * [Ruby](https://github.com/sclorg/s2i-ruby-container) + * [Python](https://github.com/sclorg/s2i-python-container) + * [Node.js](https://github.com/sclorg/s2i-nodejs-container) + * [PHP](https://github.com/sclorg/s2i-php-container) + * [Perl](https://github.com/sclorg/s2i-perl-container) + * [WildFly](https://github.com/openshift-s2i/s2i-wildfly) + +Your application image can be easily extended with a database service with our [database images](https://docs.okd.io/latest/using_images/db_images/overview.html): + + * [MySQL](https://github.com/sclorg/mysql-container) + * [MongoDB](https://github.com/sclorg/mongodb-container) + * [PostgreSQL](https://github.com/sclorg/postgresql-container) + * [MariaDB](https://github.com/sclorg/mariadb-container) + +### What sorts of security controls does OpenShift provide for containers? + +OKD runs with the following security policy by default: + + * Containers run as a non-root unique user that is separate from other system users + * They cannot access host resources, run privileged, or become root + * They are given CPU and memory limits defined by the system administrator + * Any persistent storage they access will be under a unique SELinux label, which prevents others from seeing their content + * These settings are per project, so containers in different projects cannot see each other by default + * Regular users can run Docker, source, and custom builds + * By default, Docker builds can (and often do) run as root. You can control who can create Docker builds through the `builds/docker` and `builds/custom` policy resource. + * Regular users and project admins cannot change their security quotas. + +Many containers expect to run as root (and therefore edit all the contents of the filesystem). The [Image Author's guide](https://docs.okd.io/latest/creating_images/guidelines.html#openshift-specific-guidelines) gives recommendations on making your image more secure by default: + + * Don't run as root + * Make directories you want to write to group-writable and owned by group id 0 + * Set the net-bind capability on your executables if they need to bind to ports < 1024 + +If you are running your own cluster and want to run a container as root, you can grant that permission to the containers in your current project with the following command: + + # Gives the default service account in the current project access to run as UID 0 (root) + oc adm add-scc-to-user anyuid -z default + +See the [security documentation](https://docs.okd.io/latest/admin_guide/manage_scc.html) more on confining applications. + + +Contributing +------------ + +OKD is built from many different open source projects - Fedora CoreOS, the CentOS and UBI RPM ecosystems, cri-o, Kubernetes, and many different extensions to Kubernetes. The `openshift` organization on GitHub holds active development of components on top of Kubernetes and references projects built elsewhere. Generally, you'll want to find the component that interests you and review their README.md for the processes for contributing. + +Community process and questions can be raised in our [community repo](https://github.com/openshift/community) and issues [opened in this repository](https://github.com/openshift/okd/issues) (Bugzilla locations coming soon). + +Our unified continuous integration system tests pull requests to the ecosystem and core images, then builds and promotes them after merge. To see the latest development releases of OKD visit [our continuous release page](https://origin-release.svc.ci.openshift.org). These releases are built continuously and expire after a few days. Long lived versions are pinned and then listed on our [stable release page](https://github.com/openshift/okd/releases). + +All contributions are welcome - OKD uses the Apache 2 license and does not require any contributor agreement to submit patches. Please open issues for any bugs or problems you encounter, ask questions on the OpenShift IRC channel (#openshift-dev on freenode), or get involved in the [Kubernetes project](https://github.com/kubernetes/kubernetes) at the container runtime layer. + + +Security Response +----------------- +If you've found a security issue that you'd like to disclose confidentially +please contact Red Hat's Product Security team. Details at +https://access.redhat.com/security/team/contact + + +License +------- + +OKD is licensed under the [Apache License, Version 2.0](http://www.apache.org/licenses/). Some components may be licensed differently - consult individual repositories for moe.