关于OpenShift(OKD)通过命令行的方式部署打包镜像 Demo-CFANZ编程社区

写在前面

会陆续的和小伙伴分享一些 OpenShift 的笔记
博文内容为安装完 OpenShift, 利用 OpenShift CICD 流程部署应用的一个Demo
理解不足小伙伴帮忙指正

傍晚时分，你坐在屋檐下，看着天慢慢地黑下去，心里寂寞而凄凉，感到自己的生命被剥夺了。当时我是个年轻人，但我害怕这样生活下去，衰老下去。在我看来，这是比死亡更可怕的事。--------王小波

OpenShift 的 Web 控制台的用户体验非常好，通过图形界面，用户可以高效快速地完成操作。除了 Web 控制台外，OpenShift 还提供了一系列命令行工具。

oc是OpenShift 中一个重要的命令行客户端。OpenShift Web 控制台能完成的事情，通过 oc 命令也能完成。在进行自动化及重复性的操作时，命令行工具比图形界面更加高效。

可以尝试执行 oc version 命令查看 OpenShift 的集群版本信息，测试 oc 命令是否正常工作。

┌──[root@192.168.26.16]-[~]
└─$oc version
oc v3.11.0+0cbc58b
kubernetes v1.11.0+d4cacc0
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://127.0.0.1:8443
kubernetes v1.11.0+d4cacc0

当前版本为 3.11 的版本

因为oc命令是带有权限管控的，所以在使用 oc 命令进行实际的操作前，需要先通过 oc 1ogin 命令登录

┌──[root@192.168.26.16]-[~]
└─$oc login -u developer
Logged into "https://127.0.0.1:8443" as "developer" using existing credentials.

You have access to the following projects and can switch between them with 'oc project <projectname>':

    hello-world
  * myproject

Using project "myproject".

配置oc命令补全

┌──[root@192.168.26.16]-[~]
└─$cat /etc/profile
# /etc/profile

# System wide environment and startup programs, for login setup
# Functions and aliases go in /etc/bashrc

# It's NOT a good idea to change this file unless you know what you
# are doing. It's much better to create a custom.sh shell script in
# /etc/profile.d/ to make custom changes to your environment, as this
# will prevent the need for merging in future updates.

source <(oc completion bash)
....
┌──[root@192.168.26.16]-[~]
└─$source /etc/profile

OKD 的项目是一个完整的 CICD 流水线的项目。相对于 K8s , okd 做了很多，整合了整个流水线，当然没有可比性，OKD 作为 Kubernetes 的社区发行版，针对持续应用程序开发和多租户部署进行很多优化。看两个Demo

第一个是类似 K8s 的一个应用部署,只有CD,但是涉及的资源对象都会自动完成创建，在不用插件的 K8s 中，这些都是需要人工处理
第二个是一个结合 自动化流程工具S2I(Source to lmage) 的一个 CICD 的 Demo

CD 持续部署

通过 oc new-project 命令创建一个新项目 he11o-world-oc

┌──[root@192.168.26.16]-[~]
└─$oc new-project hello-world-oc
Now using project "hello-world-oc" on server "https://127.0.0.1:8443".

You can add applications to this project with the 'new-app' command. For example, try:

    oc new-app centos/ruby-25-centos7~https://github.com/sclorg/ruby-ex.git

to build a new example application in Ruby.

OKD 中的的项目 Project 是基于 K8s 中的命名空间的，在创建一个项目的同时，会生成一个同名的命名空间。

┌──[root@vms16.liruilongs.github.io]-[~]
└─$oc get project
NAME             DISPLAY NAME   STATUS
hello-world-oc                  Active
myproject        My Project     Active
┌──[root@vms16.liruilongs.github.io]-[~]
└─$oc login -u system:admin
┌──[root@vms16.liruilongs.github.io]-[~]
└─$oc get ns | grep hello
hello-world-oc                  Active    4m

假设我们已经走过了 CI 的过程，现在拥有一个包含应用的打好的镜像 openshift/hello-openshift ,拉取镜像

┌──[root@192.168.26.16]-[~]
└─$docker pull openshift/hello-openshift
Using default tag: latest
latest: Pulling from openshift/hello-openshift
Digest: sha256:aaea76ff622d2f8bcb32e538e7b3cd0ef6d291953f3e7c9f556c1ba5baf47e2e
Status: Downloaded newer image for openshift/hello-openshift:latest
docker.io/openshift/hello-openshift:latest

在命令行可以通过 oc new-app 命令方便地部署 DockerHub 等 Docker 镜像仓库的镜像。

下面的命令中, oc new-app 后面紧跟的为镜像名字。如果涉及源码的话，需要指定 ~源码地址的方式，通过 --name podName 指定应用名称名字

┌──[root@192.168.26.16]-[~]
└─$oc new-app openshift/hello-openshift
--> Found Docker image 7af3297 (4 years old) from Docker Hub for "openshift/hello-openshift"

    * An image stream tag will be created as "hello-openshift:latest" that will track this image
    * This image will be deployed in deployment config "hello-openshift"
    * Ports 8080/tcp, 8888/tcp will be load balanced by service "hello-openshift"
      * Other containers can access this service through the hostname "hello-openshift"

--> Creating resources ...
    imagestream.image.openshift.io "hello-openshift" created
    deploymentconfig.apps.openshift.io "hello-openshift" created
    service "hello-openshift" created
--> Success
    Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
     'oc expose svc/hello-openshift'
    Run 'oc status' to view your app.
┌──[root@192.168.26.16]-[~]
└─$

可以看到，我们只提供了镜像，其他的 API 资源都是自动生成的。

从Docker Hub 找到镜像，用于 openshift/hello-openshift”
创建 Image Stream为 hello-openshift:latest 使之指向最新的镜像
创建 Deployment Config 为 hello-openshift，
创建 Replication Controller 为 hello-openshift-1
创建 Service ,且 8080/tcp, 8888/tcp 端口将被服务"hello-openshift"负载均衡
其他容器可以通过主机名"hello-openshift"访问此服务
希望外部访问可以通过 'oc expose svc/hello-openshift'
创建 route 为 hello.openshift 供外部访问。

生成的全部资源

┌──[root@vms16.liruilongs.github.io]-[~]
└─$oc get all
NAME                          READY     STATUS    RESTARTS   AGE
pod/hello-openshift-1-xx2q4   1/1       Running   3          183d

NAME                                      DESIRED   CURRENT   READY     AGE
replicationcontroller/hello-openshift-1   1         1         1         183d

NAME                      TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)             AGE
service/hello-openshift   ClusterIP   172.30.166.53   <none>        8080/TCP,8888/TCP   183d

NAME                                                 REVISION   DESIRED   CURRENT   TRIGGERED BY
deploymentconfig.apps.openshift.io/hello-openshift   1          1         1         config,image(hello-openshift:latest)

NAME                                             DOCKER REPO                                 TAGS      UPDATED
imagestream.image.openshift.io/hello-openshift   172.30.1.1:5000/myproject/hello-openshift   latest    6 months ago

NAME                                       HOST/PORT         PATH      SERVICES          PORT       TERMINATION   WILDCARD
route.route.openshift.io/hello-openshift   hello.openshift             hello-openshift   8080-tcp                 None
┌──[root@vms16.liruilongs.github.io]-[~]
└─$

S2I CICD 项目构建

作为一个面向应用的平台，OpenShift提供了 S2I(Source to Image) 的流程，使得企业内容器的构建变得标准化和自动化，从而提高了软件从开发到上线的效率。

在这里插入图片描述

一个典型的 S2I 流程包含了以下几个步骤。

用户输入源代码仓库的地址。
用户选择 S2I 构建的基础镜像(又称为 Builder 镜像)。Builder镜像中包含了操作系统、编程语言、框架等应用所需的软件及配置。OpenShift默认提供了多种编程语言的Builder镜像，如Java、PHP、Ruby、Python、Perl等。用户也可以根据自身需求定制自己的Builder镜像，并发布到服务目录中供用户选用。
用户或系统触发 S2I 构建。OpenShift 将实例化S2I构建执行器。
S2I 构建执行器将从用户指定的代码仓库下载源代码。
S2I 构建执行器实例化Builder镜像。代码将会被注入Builder镜像中。
Builder 镜像将根据预定义的逻辑执行 源代码的编译、构建并完成部署。
S2I 构建执行器将完成操作的 Builder 镜像并生成新的 Docker镜像。
S2I 构建执行器将新的镜像推送到 OpenShift 内部的镜像仓库。
S2I 构建执行器更新该次构建相关的 Image Stream 信息。

S2I构建完成后，根据用户定义的部署逻辑，OpenShit 将把镜像实例化部署到集群中。

创建一个新的项目

┌──[root@vms16.liruilongs.github.io]-[~]
└─$oc new-project  cicd-demo
Now using project "cicd-demo" on server "https://127.0.0.1:8443".

You can add applications to this project with the 'new-app' command. For example, try:

    oc new-app centos/ruby-25-centos7~https://github.com/sclorg/ruby-ex.git

to build a new example application in Ruby.

以给出的 Demo 为例，,通过 oc new-app 创建一个应用

oc new-app centos/ruby-25-centos7~https://github.com/sclorg/ruby-ex.git

这里指定

Builder 基础镜像为: centos/ruby-25-centos7
源码地址为: https://github.com/sclorg/ruby-ex.git

部署项目，可以看到相关资源对象会自动创建

┌──[root@vms16.liruilongs.github.io]-[~]
└─$oc new-app centos/ruby-25-centos7~https://github.com/sclorg/ruby-ex.git
--> Found Docker image e96bd99 (18 months old) from Docker Hub for "centos/ruby-25-centos7"

    Ruby 2.5
    --------
    Ruby 2.5 available as container is a base platform for building and running various Ruby 2.5 applications and frameworks. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible.

    Tags: builder, ruby, ruby25, rh-ruby25

    * An image stream tag will be created as "ruby-25-centos7:latest" that will track the source image
    * A source build using source code from https://github.com/sclorg/ruby-ex.git will be created
      * The resulting image will be pushed to image stream tag "ruby-ex:latest"
      * Every time "ruby-25-centos7:latest" changes a new build will be triggered
    * This image will be deployed in deployment config "ruby-ex"
    * Port 8080/tcp will be load balanced by service "ruby-ex"
      * Other containers can access this service through the hostname "ruby-ex"

--> Creating resources ...
    imagestream.image.openshift.io "ruby-25-centos7" created
    imagestream.image.openshift.io "ruby-ex" created
    buildconfig.build.openshift.io "ruby-ex" created
    deploymentconfig.apps.openshift.io "ruby-ex" created
    service "ruby-ex" created
--> Success
    Build scheduled, use 'oc logs -f bc/ruby-ex' to track its progress.
    Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
     'oc expose svc/ruby-ex'
    Run 'oc status' to view your app.

作为一个 SVC 外部访问我们需要通过 Router 发布出去。

┌──[root@vms16.liruilongs.github.io]-[~]
└─$oc expose svc/ruby-ex
route.route.openshift.io/ruby-ex exposed

创建 Route 成功

┌──[root@vms16.liruilongs.github.io]-[~]
└─$oc get route
NAME      HOST/PORT                            PATH      SERVICES   PORT       TERMINATION   WILDCARD
ruby-ex   ruby-ex-cicd-demo.127.0.0.1.nip.io             ruby-ex    8080-tcp                 None
┌──[root@vms16.liruilongs.github.io]-[~]
└─$
┌──[root@vms16.liruilongs.github.io]-[~]
└─$curl ruby-ex-cicd-demo.127.0.0.1.nip.io -s | head -3
<html>
  <head>
    <meta name="viewport" content="width=device-width, initial-scale=1">

查看全部的资源信息，我们可以看到这里并没有创建成功，可能是有些国外的网站被墙导致的，

┌──[root@vms16.liruilongs.github.io]-[~]
└─$oc get all -o wide
NAME                  READY     STATUS    RESTARTS   AGE       IP            NODE        NOMINATED NODE
pod/ruby-ex-1-build   0/1       Error     0          2h        172.17.0.10   localhost   <none>

NAME              TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE       SELECTOR
service/ruby-ex   ClusterIP   172.30.87.156   <none>        8080/TCP   2h        app=ruby-ex,deploymentconfig=ruby-ex

NAME                                         REVISION   DESIRED   CURRENT   TRIGGERED BY
deploymentconfig.apps.openshift.io/ruby-ex   0          1         0         config,image(ruby-ex:latest)

NAME                                     TYPE      FROM      LATEST
buildconfig.build.openshift.io/ruby-ex   Source    Git       1

NAME                                 TYPE      FROM          STATUS                    STARTED       DURATION
build.build.openshift.io/ruby-ex-1   Source    Git@01effef   Failed (AssembleFailed)   3 hours ago   7m58s

NAME                                             DOCKER REPO                                 TAGS      UPDATED
imagestream.image.openshift.io/ruby-25-centos7   172.30.1.1:5000/cicd-demo/ruby-25-centos7   latest    3 hours ago
imagestream.image.openshift.io/ruby-ex           172.30.1.1:5000/cicd-demo/ruby-ex

NAME                               HOST/PORT                            PATH      SERVICES   PORT       TERMINATION   WILDCARD
route.route.openshift.io/ruby-ex   ruby-ex-cicd-demo.127.0.0.1.nip.io             ruby-ex    8080-tcp                 None
┌──[root@vms16.liruilongs.github.io]-[~]
└─$

查看项目状态

┌──[root@vms16.liruilongs.github.io]-[~]
└─$oc status --suggest
In project cicd-demo on server https://127.0.0.1:8443

svc/ruby-ex - 172.30.87.156:8080
  dc/ruby-ex deploys istag/ruby-ex:latest <-
    bc/ruby-ex source builds https://github.com/sclorg/ruby-ex.git on istag/ruby-25-centos7:latest
      build #1 running for 2 minutes - 01effef: Merge pull request #35 from pvalena/bundler (Honza Horak <hhorak@redhat.com>)
    deployment #1 waiting on image or update

Info:
  * dc/ruby-ex has no readiness probe to verify pods are ready to accept traffic or ensure deployment is successful.
    try: oc set probe dc/ruby-ex --readiness ...
  * dc/ruby-ex has no liveness probe to verify pods are still running.
    try: oc set probe dc/ruby-ex --liveness ...

View details with 'oc describe <resource>/<name>' or list everything with 'oc get all'.
┌──[root@vms16.liruilongs.github.io]-[~]
└─$

博文参考

《开源容器云OpenShift:构建基于Kubernetes的企业应用云平台》

https://docs.okd.io/latest/welcome/index.html