关于OpenShift(OKD)通过命令行的方式部署打包镜像 Demo

时间:2021-07-01 00:35:13

写在前面

  • 会陆续的和小伙伴分享一些 OpenShift 的笔记
  • 博文内容为安装完 OpenShift, 利用 OpenShift CICD 流程部署应用的一个Demo
  • 理解不足小伙伴帮忙指正

傍晚时分,你坐在屋檐下,看着天慢慢地黑下去,心里寂寞而凄凉,感到自己的生命被剥夺了。当时我是个年轻人,但我害怕这样生活下去,衰老下去。在我看来,这是比死亡更可怕的事。--------王小波

OpenShift 的 Web 控制台的用户体验非常好,通过图形界面,用户可以高效快速地完成操作。除了 Web 控制台外,OpenShift 还提供了一系列命令行工具。

ocOpenShift 中一个重要的命令行客户端。OpenShift Web 控制台能完成的事情,通过 oc 命令也能完成。在进行自动化及重复性的操作时,命令行工具比图形界面更加高效。

可以尝试执行 oc version 命令查看 OpenShift 的集群版本信息,测试 oc 命令是否正常工作。

┌──[root@192.168.26.16]-[~]
└─$oc version
oc v3.11.0+0cbc58b
kubernetes v1.11.0+d4cacc0
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://127.0.0.1:8443
kubernetes v1.11.0+d4cacc0

当前版本为 3.11 的版本

因为oc命令是带有权限管控的,所以在使用 oc 命令进行实际的操作前,需要先通过 oc 1ogin 命令登录

┌──[root@192.168.26.16]-[~]
└─$oc login -u developer
Logged into "https://127.0.0.1:8443" as "developer" using existing credentials.

You have access to the following projects and can switch between them with 'oc project <projectname>':

    hello-world
  * myproject

Using project "myproject".

配置oc命令补全

┌──[root@192.168.26.16]-[~]
└─$cat /etc/profile
# /etc/profile

# System wide environment and startup programs, for login setup
# Functions and aliases go in /etc/bashrc

# It's NOT a good idea to change this file unless you know what you
# are doing. It's much better to create a custom.sh shell script in
# /etc/profile.d/ to make custom changes to your environment, as this
# will prevent the need for merging in future updates.

source <(oc completion bash)
....
┌──[root@192.168.26.16]-[~]
└─$source /etc/profile

OKD 的项目是一个完整的 CICD 流水线的项目。相对于 K8s , okd 做了很多,整合了整个流水线, 当然没有可比性,OKD 作为 Kubernetes 的社区发行版,针对持续应用程序开发和多租户部署进行很多优化。看两个Demo

  • 第一个是类似 K8s 的一个应用部署,只有CD,但是涉及的资源对象都会自动完成创建,在不用插件的 K8s 中,这些都是需要人工处理
  • 第二个是一个结合 自动化流程工具S2I(Source to lmage) 的一个 CICD 的 Demo

CD 持续部署

通过 oc new-project 命令创建一个新项目 he11o-world-oc

┌──[root@192.168.26.16]-[~]
└─$oc new-project hello-world-oc
Now using project "hello-world-oc" on server "https://127.0.0.1:8443".

You can add applications to this project with the 'new-app' command. For example, try:

    oc new-app centos/ruby-25-centos7~https://github.com/sclorg/ruby-ex.git

to build a new example application in Ruby.

OKD 中的的项目 Project 是基于 K8s 中的 命名空间的,在创建一个 项目的同时,会生成一个同名的命名空间。

┌──[root@vms16.liruilongs.github.io]-[~]
└─$oc get project
NAME             DISPLAY NAME   STATUS
hello-world-oc                  Active
myproject        My Project     Active
┌──[root@vms16.liruilongs.github.io]-[~]
└─$oc login -u system:admin
┌──[root@vms16.liruilongs.github.io]-[~]
└─$oc get ns | grep hello
hello-world-oc                  Active    4m

假设我们已经走过了 CI 的过程,现在拥有一个包含应用的打好的镜像 openshift/hello-openshift ,拉取镜像

┌──[root@192.168.26.16]-[~]
└─$docker pull openshift/hello-openshift
Using default tag: latest
latest: Pulling from openshift/hello-openshift
Digest: sha256:aaea76ff622d2f8bcb32e538e7b3cd0ef6d291953f3e7c9f556c1ba5baf47e2e
Status: Downloaded newer image for openshift/hello-openshift:latest
docker.io/openshift/hello-openshift:latest

在命令行可以通过 oc new-app 命令方便地部署 DockerHub 等 Docker 镜像仓库的镜像。

下面的命令中, oc new-app 后面紧跟的 为镜像名字。如果涉及源码的话,需要指定 ~源码地址的方式, 通过 --name podName 指定 应用名称 名字

┌──[root@192.168.26.16]-[~]
└─$oc new-app openshift/hello-openshift
--> Found Docker image 7af3297 (4 years old) from Docker Hub for "openshift/hello-openshift"

    * An image stream tag will be created as "hello-openshift:latest" that will track this image
    * This image will be deployed in deployment config "hello-openshift"
    * Ports 8080/tcp, 8888/tcp will be load balanced by service "hello-openshift"
      * Other containers can access this service through the hostname "hello-openshift"

--> Creating resources ...
    imagestream.image.openshift.io "hello-openshift" created
    deploymentconfig.apps.openshift.io "hello-openshift" created
    service "hello-openshift" created
--> Success
    Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
     'oc expose svc/hello-openshift'
    Run 'oc status' to view your app.
┌──[root@192.168.26.16]-[~]
└─$

可以看到,我们只提供了镜像,其他的 API 资源都是自动生成的。

  • 从Docker Hub 找到镜像,用于 openshift/hello-openshift”
  • 创建 Image Stream为 hello-openshift:latest 使之指向最新的镜像
  • 创建 Deployment Config 为 hello-openshift,
  • 创建 Replication Controller 为 hello-openshift-1
  • 创建 Service ,且 8080/tcp, 8888/tcp 端口将被服务"hello-openshift"负载均衡
  • 其他容器可以通过主机名"hello-openshift"访问此服务
  • 希望外部访问可以通过 'oc expose svc/hello-openshift'
  • 创建 routehello.openshift 供外部访问。

生成的全部资源

┌──[root@vms16.liruilongs.github.io]-[~]
└─$oc get all
NAME                          READY     STATUS    RESTARTS   AGE
pod/hello-openshift-1-xx2q4   1/1       Running   3          183d

NAME                                      DESIRED   CURRENT   READY     AGE
replicationcontroller/hello-openshift-1   1         1         1         183d

NAME                      TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)             AGE
service/hello-openshift   ClusterIP   172.30.166.53   <none>        8080/TCP,8888/TCP   183d

NAME                                                 REVISION   DESIRED   CURRENT   TRIGGERED BY
deploymentconfig.apps.openshift.io/hello-openshift   1          1         1         config,image(hello-openshift:latest)

NAME                                             DOCKER REPO                                 TAGS      UPDATED
imagestream.image.openshift.io/hello-openshift   172.30.1.1:5000/myproject/hello-openshift   latest    6 months ago

NAME                                       HOST/PORT         PATH      SERVICES          PORT       TERMINATION   WILDCARD
route.route.openshift.io/hello-openshift   hello.openshift             hello-openshift   8080-tcp                 None
┌──[root@vms16.liruilongs.github.io]-[~]
└─$

S2I CICD 项目构建

作为一个面向应用的平台,OpenShift提供了 S2I(Source to Image) 的流程,使得企业内容器的构建变得标准化和自动化,从而提高了软件从开发到上线的效率。

关于OpenShift(OKD)通过命令行的方式部署打包镜像 Demo

一个典型的 S2I 流程包含了以下几个步骤。

  1. 用户输入源代码仓库的地址。
  2. 用户选择 S2I 构建的基础镜像(又称为 Builder 镜像)。Builder镜像中包含了操作系统、编程语言、框架等应用所需的软件及配置。OpenShift默认提供了多种编程语言的Builder镜像,如Java、PHP、Ruby、Python、Perl等。用户也可以根据自身需求定制自己的Builder镜像,并发布到服务目录*用户选用。
  3. 用户或系统触发 S2I 构建。OpenShift 将实例化S2I构建执行器。
  4. S2I 构建执行器将从用户指定的代码仓库下载源代码。
  5. S2I 构建执行器实例化Builder镜像。代码将会被注入Builder镜像中。
  6. Builder 镜像将根据预定义的逻辑执行 源代码的编译、构建并完成部署
  7. S2I 构建执行器将完成操作的 Builder 镜像并生成新的 Docker镜像
  8. S2I 构建执行器将新的镜像推送到 OpenShift 内部的 镜像仓库。
  9. S2I 构建执行器更新该次构建相关的 Image Stream 信息。

S2I构建完成后,根据用户定义的部署逻辑,OpenShit 将把镜像实例化部署到集群中。

创建一个新的项目

┌──[root@vms16.liruilongs.github.io]-[~]
└─$oc new-project  cicd-demo
Now using project "cicd-demo" on server "https://127.0.0.1:8443".

You can add applications to this project with the 'new-app' command. For example, try:

    oc new-app centos/ruby-25-centos7~https://github.com/sclorg/ruby-ex.git

to build a new example application in Ruby.

以给出的 Demo 为例,,通过 oc new-app 创建一个应用

oc new-app centos/ruby-25-centos7~https://github.com/sclorg/ruby-ex.git

这里指定

  • Builder 基础镜像为: centos/ruby-25-centos7
  • 源码地址为: https://github.com/sclorg/ruby-ex.git

部署项目,可以看到相关资源对象会自动创建

┌──[root@vms16.liruilongs.github.io]-[~]
└─$oc new-app centos/ruby-25-centos7~https://github.com/sclorg/ruby-ex.git
--> Found Docker image e96bd99 (18 months old) from Docker Hub for "centos/ruby-25-centos7"

    Ruby 2.5
    --------
    Ruby 2.5 available as container is a base platform for building and running various Ruby 2.5 applications and frameworks. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible.

    Tags: builder, ruby, ruby25, rh-ruby25

    * An image stream tag will be created as "ruby-25-centos7:latest" that will track the source image
    * A source build using source code from https://github.com/sclorg/ruby-ex.git will be created
      * The resulting image will be pushed to image stream tag "ruby-ex:latest"
      * Every time "ruby-25-centos7:latest" changes a new build will be triggered
    * This image will be deployed in deployment config "ruby-ex"
    * Port 8080/tcp will be load balanced by service "ruby-ex"
      * Other containers can access this service through the hostname "ruby-ex"

--> Creating resources ...
    imagestream.image.openshift.io "ruby-25-centos7" created
    imagestream.image.openshift.io "ruby-ex" created
    buildconfig.build.openshift.io "ruby-ex" created
    deploymentconfig.apps.openshift.io "ruby-ex" created
    service "ruby-ex" created
--> Success
    Build scheduled, use 'oc logs -f bc/ruby-ex' to track its progress.
    Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
     'oc expose svc/ruby-ex'
    Run 'oc status' to view your app.

作为一个 SVC 外部访问我们需要通过 Router 发布出去。

┌──[root@vms16.liruilongs.github.io]-[~]
└─$oc expose svc/ruby-ex
route.route.openshift.io/ruby-ex exposed

创建 Route 成功

┌──[root@vms16.liruilongs.github.io]-[~]
└─$oc get route
NAME      HOST/PORT                            PATH      SERVICES   PORT       TERMINATION   WILDCARD
ruby-ex   ruby-ex-cicd-demo.127.0.0.1.nip.io             ruby-ex    8080-tcp                 None
┌──[root@vms16.liruilongs.github.io]-[~]
└─$
┌──[root@vms16.liruilongs.github.io]-[~]
└─$curl ruby-ex-cicd-demo.127.0.0.1.nip.io -s | head -3
<html>
  <head>
    <meta name="viewport" content="width=device-width, initial-scale=1">

查看全部的资源信息,我们可以看到这里并没有创建成功, 可能是有些国外的网站被墙导致的,

┌──[root@vms16.liruilongs.github.io]-[~]
└─$oc get all -o wide
NAME                  READY     STATUS    RESTARTS   AGE       IP            NODE        NOMINATED NODE
pod/ruby-ex-1-build   0/1       Error     0          2h        172.17.0.10   localhost   <none>

NAME              TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE       SELECTOR
service/ruby-ex   ClusterIP   172.30.87.156   <none>        8080/TCP   2h        app=ruby-ex,deploymentconfig=ruby-ex

NAME                                         REVISION   DESIRED   CURRENT   TRIGGERED BY
deploymentconfig.apps.openshift.io/ruby-ex   0          1         0         config,image(ruby-ex:latest)

NAME                                     TYPE      FROM      LATEST
buildconfig.build.openshift.io/ruby-ex   Source    Git       1

NAME                                 TYPE      FROM          STATUS                    STARTED       DURATION
build.build.openshift.io/ruby-ex-1   Source    Git@01effef   Failed (AssembleFailed)   3 hours ago   7m58s

NAME                                             DOCKER REPO                                 TAGS      UPDATED
imagestream.image.openshift.io/ruby-25-centos7   172.30.1.1:5000/cicd-demo/ruby-25-centos7   latest    3 hours ago
imagestream.image.openshift.io/ruby-ex           172.30.1.1:5000/cicd-demo/ruby-ex

NAME                               HOST/PORT                            PATH      SERVICES   PORT       TERMINATION   WILDCARD
route.route.openshift.io/ruby-ex   ruby-ex-cicd-demo.127.0.0.1.nip.io             ruby-ex    8080-tcp                 None
┌──[root@vms16.liruilongs.github.io]-[~]
└─$

查看项目状态

┌──[root@vms16.liruilongs.github.io]-[~]
└─$oc status --suggest
In project cicd-demo on server https://127.0.0.1:8443

svc/ruby-ex - 172.30.87.156:8080
  dc/ruby-ex deploys istag/ruby-ex:latest <-
    bc/ruby-ex source builds https://github.com/sclorg/ruby-ex.git on istag/ruby-25-centos7:latest
      build #1 running for 2 minutes - 01effef: Merge pull request #35 from pvalena/bundler (Honza Horak <hhorak@redhat.com>)
    deployment #1 waiting on image or update

Info:
  * dc/ruby-ex has no readiness probe to verify pods are ready to accept traffic or ensure deployment is successful.
    try: oc set probe dc/ruby-ex --readiness ...
  * dc/ruby-ex has no liveness probe to verify pods are still running.
    try: oc set probe dc/ruby-ex --liveness ...

View details with 'oc describe <resource>/<name>' or list everything with 'oc get all'.
┌──[root@vms16.liruilongs.github.io]-[~]
└─$

博文参考

《开源容器云OpenShift:构建基于Kubernetes的企业应用云平台》

https://docs.okd.io/latest/welcome/index.html

标签:

相关文章