当前位置: 首页 > article >正文

OCP使用CLI创建和构建应用

文章目录

  • 环境
  • 登录
  • 创建project
  • 赋予查看权限
  • 部署第一个image
    • 创建route
    • 检查pod
    • 扩展应用
  • 部署一个Python应用
  • 连接数据库
    • 创建secret
    • 加载数据并显示国家公园地图
  • 清理
  • 参考

环境

  • RHEL 9.3
  • Red Hat OpenShift Local 2.32

登录

通过 crc console --credentials 可以查看登录信息:

$ crc console --credentials
To login as a regular user, run 'oc login -u developer -p developer https://api.crc.testing:6443'.
To login as an admin, run 'oc login -u kubeadmin -p 9cdKu-ihELt-PYiiN-aazX2 https://api.crc.testing:6443'

登录:

$ oc login -u kubeadmin -p 9cdKu-ihELt-PYiiN-aazX2 https://api.crc.testing:6443
Login successful.

You have access to 66 projects, the list has been suppressed. You can list all projects with 'oc projects'

Using project "default".

注: https://api.crc.testing:6443 是可选的,缺省就是登录本机。

查看当前身份:

$ oc whoami
kubeadmin

登录时,可以加上 --web 选项,启动web console,通过web console登录:

$ oc login --web
Opening login URL in the default browser: https://oauth-openshift.apps-crc.testing/oauth/authorize?client_id=openshift-cli-client&code_challenge=FXeS7NXkkgk-c8T2IBC62OerE5idgtetRqackO6n15E&code_challenge_method=S256&redirect_uri=http%3A%2F%2F127.0.0.1%3A35445%2Fcallback&response_type=code

在这里插入图片描述

创建project

Project使得用户社区可以在隔离中组织和管理其内容。Project是OCP对Kubernetes namespace的扩展。Project具有额外的功能,使得用户能够自我provision(self-provisioning)。

用户需要从管理员处接收project的访问权限。集群管理员可以允许开发人员创建自己的project。多数情况下,用户会自动获得其自己的project的访问权限。

每个project都有自己的一系列对象、策略、约束和service帐户。

创建project user-getting-started

$ oc new-project user-getting-started --display-name="Getting Started with OpenShift"
Now using project "user-getting-started" on server "https://api.crc.testing:6443".

You can add applications to this project with the 'new-app' command. For example, try:

    oc new-app rails-postgresql-example

to build a new example application in Ruby. Or use kubectl to deploy a simple Kubernetes application:

    kubectl create deployment hello-node --image=registry.k8s.io/e2e-test-images/agnhost:2.43 -- /agnhost serve-hostname

创建project后,会自动切换到该project。

赋予查看权限

OCP会在每个project中自动创建一些特殊的service帐户。默认服务帐户会负责运行pod。OCP使用并将此service帐户注入到所启动的每个pod中。

本例为默认的 ServiceAccount 对象创建一个 RoleBinding 对象。Service帐户与 OCP API通信,以了解project中的 pod、service和资源。

将查看(view)角色添加到 user-get-started project中的默认service帐户:

$ oc adm policy add-role-to-user view -z default -n user-getting-started
clusterrole.rbac.authorization.k8s.io/view added: "default"

部署第一个image

在OCP中部署应用的最简单方法是运行已有的容器image。本例部署一个应用的前端组件,名为 national-parks-app 。该web应用显示一个交互式的地图,显示全球主要国家公园的位置。

$ oc new-app quay.io/openshiftroadshow/parksmap:latest --name=parksmap -l 'app=national-parks-app,component=parksmap,role=frontend,app.kubernetes.io/part-of=national-parks-app'
--> Found container image 0c2f55f (3 years old) from quay.io for "quay.io/openshiftroadshow/parksmap:latest"

    * An image stream tag will be created as "parksmap:latest" that will track this image

--> Creating resources with label app=national-parks-app,app.kubernetes.io/part-of=national-parks-app,component=parksmap,role=frontend ...
    imagestream.image.openshift.io "parksmap" created
    deployment.apps "parksmap" created
    service "parksmap" created
--> Success
    Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
     'oc expose service/parksmap' 
    Run 'oc status' to view your app.

创建route

外部客户端可以通过路由层访问OCP里运行的应用,该路由层后端的数据对象被称为route。默认的OCP路由器(HAProxy)使用传入请求的HTTP header来确定代理连接的位置。

也可以为route定义安全性,比如TLS。

查看service:

$ oc get service
NAME       TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)    AGE
parksmap   ClusterIP   10.217.4.38   <none>        8080/TCP   6m11s

注:我使用的是Red Hat OpenShift Local,所以没有 EXTERNAL-IP

创建route:

$ oc create route edge parksmap --service=parksmap
route.route.openshift.io/parksmap created

查看route:

$ oc get route
NAME       HOST/PORT                                        PATH   SERVICES   PORT       TERMINATION   WILDCARD
parksmap   parksmap-user-getting-started.apps-crc.testing          parksmap   8080-tcp   edge          None

检查pod

OCP使用Kubernetes的pod概念,它是部署在同一主机上的一个或多个容器,也是可被定义、部署和管理的最小计算单元。对于容器来说,pod大致相当于机器实例(物理的或虚拟的)。

可以查看集群中的pod,并确定这些pod以及整个集群的健康状态。

$ oc get pod
NAME                       READY   STATUS    RESTARTS   AGE
parksmap-69b46d5f7-glwd2   1/1     Running   0          14m

查看pod详细信息:

$ oc describe pod
Name:             parksmap-69b46d5f7-glwd2
Namespace:        user-getting-started
Priority:         0
Service Account:  default
Node:             crc-ksq4m-master-0/192.168.126.11
Start Time:       Fri, 09 Feb 2024 08:09:58 +0800
Labels:           app=national-parks-app
                  app.kubernetes.io/part-of=national-parks-app
                  component=parksmap
                  deployment=parksmap
                  pod-template-hash=69b46d5f7
                  role=frontend
Annotations:      k8s.v1.cni.cncf.io/network-status:
                    [{
                        "name": "openshift-sdn",
                        "interface": "eth0",
                        "ips": [
                            "10.217.0.65"
                        ],
                        "default": true,
                        "dns": {}
                    }]
                  openshift.io/generated-by: OpenShiftNewApp
                  openshift.io/scc: restricted-v2
                  seccomp.security.alpha.kubernetes.io/pod: runtime/default
Status:           Running
SeccompProfile:   RuntimeDefault
IP:               10.217.0.65
IPs:
  IP:           10.217.0.65
Controlled By:  ReplicaSet/parksmap-69b46d5f7
Containers:
  parksmap:
    Container ID:   cri-o://36d858cc571f219418f2d5fefcd4ebd606611c51a57f779c26fa6d3f86559f03
    Image:          quay.io/openshiftroadshow/parksmap@sha256:89d1e324846cb431df9039e1a7fd0ed2ba0c51aafbae73f2abd70a83d5fa173b
    Image ID:       quay.io/openshiftroadshow/parksmap@sha256:89d1e324846cb431df9039e1a7fd0ed2ba0c51aafbae73f2abd70a83d5fa173b
    Port:           8080/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Fri, 09 Feb 2024 08:10:34 +0800
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-92x92 (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  kube-api-access-92x92:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
    ConfigMapName:           openshift-service-ca.crt
    ConfigMapOptional:       <nil>
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason          Age   From               Message
  ----    ------          ----  ----               -------
  Normal  Scheduled       15m   default-scheduler  Successfully assigned user-getting-started/parksmap-69b46d5f7-glwd2 to crc-ksq4m-master-0
  Normal  AddedInterface  15m   multus             Add eth0 [10.217.0.65/23] from openshift-sdn
  Normal  Pulling         15m   kubelet            Pulling image "quay.io/openshiftroadshow/parksmap@sha256:89d1e324846cb431df9039e1a7fd0ed2ba0c51aafbae73f2abd70a83d5fa173b"
  Normal  Pulled          14m   kubelet            Successfully pulled image "quay.io/openshiftroadshow/parksmap@sha256:89d1e324846cb431df9039e1a7fd0ed2ba0c51aafbae73f2abd70a83d5fa173b" in 34.192111778s (34.19212265s including waiting)
  Normal  Created         14m   kubelet            Created container parksmap
  Normal  Started         14m   kubelet            Started container parksmap

注:也可以 oc describe pod xxx 查看某个pod的详细信息。本例中在当前project里只有一个pod,所以二者效果都一样。

扩展应用

在Kubernetes中, Deployment 对象定义了如何部署应用。多数情况下,用户会把pod、service、ReplicaSets、deployment资源一起使用。在大多数情况下,OCP会创建这些资源。

在部署 national-parks-app image时,会创建一个deployment资源。本例只部署了一个pod。

把应用从一个pod实例扩展到两个pod实例:

$ oc scale --current-replicas=1 --replicas=2 deployment/parksmap
deployment.apps/parksmap scaled

查看pod:

$ oc get pods
NAME                       READY   STATUS    RESTARTS   AGE
parksmap-69b46d5f7-btk54   1/1     Running   0          33s
parksmap-69b46d5f7-glwd2   1/1     Running   0          22m

把应用缩减回一个pod实例:

$ oc scale --current-replicas=2 --replicas=1 deployment/parksmap
deployment.apps/parksmap scaled

查看pod:

$ oc get pods
NAME                       READY   STATUS    RESTARTS   AGE
parksmap-69b46d5f7-glwd2   1/1     Running   0          24m

部署一个Python应用

本例为 parksmap 应用部署后端service。Python应用在MongoDB数据库执行2D地理空间( geo-spatial)查询,以定位和返回世界上所有国家公园的地图坐标。

部署的后端service是 nationalparks

创建Python应用:

$ oc new-app python~https://github.com/openshift-roadshow/nationalparks-py.git --name nationalparks -l 'app=national-parks-app,component=nationalparks,role=backend,app.kubernetes.io/part-of=national-parks-app,app.kubernetes.io/name=python' --allow-missing-images=true
warning: Cannot check if git requires authentication.
--> Found image 3c5d265 (5 weeks old) in image stream "openshift/python" under tag "3.9-ubi8" for "python"

    Python 3.9 
    ---------- 
    Python 3.9 available as container is a base platform for building and running various Python 3.9 applications and frameworks. Python is an easy to learn, powerful programming language. It has efficient high-level data structures and a simple but effective approach to object-oriented programming. Python's elegant syntax and dynamic typing, together with its interpreted nature, make it an ideal language for scripting and rapid application development in many areas on most platforms.

    Tags: builder, python, python39, python-39, rh-python39

    * A source build using source code from https://github.com/openshift-roadshow/nationalparks-py.git will be created
      * The resulting image will be pushed to image stream tag "nationalparks:latest"
      * Use 'oc start-build' to trigger a new build

--> Creating resources with label app=national-parks-app,app.kubernetes.io/name=python,app.kubernetes.io/part-of=national-parks-app,component=nationalparks,role=backend ...
    imagestream.image.openshift.io "nationalparks" created
    buildconfig.build.openshift.io "nationalparks" created
    deployment.apps "nationalparks" created
    service "nationalparks" created
--> Success
    Build scheduled, use 'oc logs -f buildconfig/nationalparks' to track its progress.
    Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
     'oc expose service/nationalparks' 
    Run 'oc status' to view your app.

创建route来暴露 nationalparks 应用:

$ oc create route edge nationalparks --service=nationalparks
route.route.openshift.io/nationalparks created

查看route:

$ oc get route
NAME            HOST/PORT                                             PATH   SERVICES        PORT       TERMINATION   WILDCARD
nationalparks   nationalparks-user-getting-started.apps-crc.testing          nationalparks   8080-tcp   edge          None
parksmap        parksmap-user-getting-started.apps-crc.testing               parksmap        8080-tcp   edge          None

连接数据库

接下来,部署并连接一个MongoDB数据库, national -parks-app 应用将会存储位置信息于该数据库。一旦把 national-parks-app 应用标记为地图可视化工具的后端, parksmap deployment会使用OCP发现机制来自动显示地图。

连接数据库:

$ oc new-app quay.io/centos7/mongodb-36-centos7 --name mongodb-nationalparks -e MONGODB_USER=mongodb -e MONGODB_PASSWORD=mongodb -e MONGODB_DATABASE=mongodb -e MONGODB_ADMIN_PASSWORD=mongodb -l 'app.kubernetes.io/part-of=national-parks-app,app.kubernetes.io/name=mongodb'
--> Found container image dc18f52 (2 years old) from quay.io for "quay.io/centos7/mongodb-36-centos7"

    MongoDB 3.6 
    ----------- 
    MongoDB (from humongous) is a free and open-source cross-platform document-oriented database program. Classified as a NoSQL database program, MongoDB uses JSON-like documents with schemas. This container image contains programs to run mongod server.

    Tags: database, mongodb, rh-mongodb36

    * An image stream tag will be created as "mongodb-nationalparks:latest" that will track this image

--> Creating resources with label app.kubernetes.io/name=mongodb,app.kubernetes.io/part-of=national-parks-app ...
    imagestream.image.openshift.io "mongodb-nationalparks" created
    deployment.apps "mongodb-nationalparks" created
    service "mongodb-nationalparks" created
--> Success
    Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
     'oc expose service/mongodb-nationalparks' 
    Run 'oc status' to view your app.

创建secret

Secret 对象提供了一种机制来保存敏感信息,如密码、OCP客户端配置文件、私有源仓库凭证等。Secret把敏感内容与pod解耦。可以通过volume插件把secret mount到容器中,系统也可以为pod而使用secret执行操作。本例添加secret nationalparks-mongodb-parameters ,并将它mount到 nationalparks 工作负载中。

创建secret:

$ oc create secret generic nationalparks-mongodb-parameters --from-literal=DATABASE_SERVICE_NAME=mongodb-nationalparks --from-literal=MONGODB_USER=mongodb --from-literal=MONGODB_PASSWORD=mongodb --from-literal=MONGODB_DATABASE=mongodb --from-literal=MONGODB_ADMIN_PASSWORD=mongodb
secret/nationalparks-mongodb-parameters created

更新环境变量,把mongodb secret 附加到 nationalpartks 工作负载:

$ oc set env --from=secret/nationalparks-mongodb-parameters deploy/nationalparks
deployment.apps/nationalparks updated

显示 nationalpartks deployment的状态:

$ oc rollout status deployment nationalparks
deployment "nationalparks" successfully rolled out

显示 mongodb-nationalparks deployment的状态:

$ oc rollout status deployment mongodb-nationalparks
deployment "mongodb-nationalparks" successfully rolled out

直接看当前project里所有deployment的更新状态:

$ oc rollout status deployment
deployment "mongodb-nationalparks" successfully rolled out
deployment "nationalparks" successfully rolled out
deployment "parksmap" successfully rolled out

加载数据并显示国家公园地图

目前已经部署了 parksmapNationalparks 应用,然后部署了 mongodb-nationalparks 数据库。但是,还没有把数据加载到数据库中。

加载国家公园数据:

$ oc exec $(oc get pods -l component=nationalparks | tail -n 1 | awk '{print $1;}') -- curl -s http://localhost:8080/ws/data/load
"Items inserted in database: 2893"

验证:

$ oc exec $(oc get pods -l component=nationalparks | tail -n 1 | awk '{print $1;}') -- curl -s http://localhost:8080/ws/data/all | jq .
[
  {
    "id": "Arikok National Park",
    "latitude": "12.489967",
    "longitude": "-69.9273915",
    "name": "Arikok National Park"
  },
  {
    "id": "Wakhan National Park",
    "latitude": "36.845432",
    "longitude": "72.28375",
    "name": "Wakhan National Park"
  },
......
......
  {
    "id": "Great Zimbabwe",
    "latitude": "-20.2674635",
    "longitude": "30.9337986",
    "name": "Great Zimbabwe"
  }
]

为route添加label:

$ oc label route nationalparks type=parksmap-backend
route.route.openshift.io/nationalparks labeled

查看route:

$ oc get routes
NAME            HOST/PORT                                             PATH   SERVICES        PORT       TERMINATION   WILDCARD
nationalparks   nationalparks-user-getting-started.apps-crc.testing          nationalparks   8080-tcp   edge          None
parksmap        parksmap-user-getting-started.apps-crc.testing               parksmap        8080-tcp   edge          None

打开浏览器,访问 https://parksmap-user-getting-started.apps-crc.testing ,如下:

在这里插入图片描述

清理

crc delete -f

参考

  • https://access.redhat.com/documentation/en-us/openshift_container_platform/4.14/html-single/getting_started/index#openshift-cli

http://www.kler.cn/a/232935.html

相关文章:

  • C++中string的新特性
  • Python →爬虫实践
  • 假期增设:福祉与负担并存,寻求生活经济平衡之道
  • JSON-RPC-CXX深度解析:C++中的远程调用利器
  • Pycharm PyQt5 环境搭建创建第一个Hello程序
  • 2411C++,C++26反射示例
  • vue3 之 商城项目—登陆
  • 政安晨:示例演绎TensorFlow的官方指南(三){快速使用数据可视化工具TensorBoard}
  • JSP编程
  • MySQL ——group by子句使用with rollup
  • npm 下载报错
  • 利用LLM大模型生成sql的深入应用探究
  • nvm安装node后,npm无效
  • “Hopf Oscillator-Based Gait Transition for A Quadruped Robot“代码复现
  • 春节:当代发展及创新传承
  • 揭开Markdown的秘籍:标题|文字样式|列表
  • c#cad 创建-圆(二)
  • 飞天使-k8s知识点13-kubernetes散装知识点2-statefulsetdaemonset
  • Red Panda Dev C++ Maker 使用说明
  • 攻防世界 CTF Web方向 引导模式-难度1 —— 1-10题 wp精讲
  • Git远程仓库的使用(Gitee)及相关指令
  • 【初中生讲机器学习】6. 分类算法中常用的模型评价指标有哪些?here!
  • 《游戏引擎架构》 -- 学习2
  • curl8.6.0 - CURLE_PEER_FAILED_VERIFICATION
  • Linux——进程间通信:管道
  • VUE学习——事件修饰符