[编者的话] 本文摘自于云计算 / OpenShift 领域资深专家和布道者山金孝, 潘晓华, 刘世民撰写的《OpenShift 云原生架构: 原理与实践》一书, 将介绍 OpenShift 在架构设计上的哲学理念, 分析其与 Kubernetes 在主要功能上的区别, 探讨 OpenShift 在构建以应用为中心的 PaaS 平台上的设计之道, 同时还将介绍其核心组件, 核心概念及部署架构等内容.
OpenShift 是由 RedHat 公司推出的企业级容器云 PaaS 平台, 2015 年, RedHat 推出完全重构后基于 Docker 和 Kubernetes 的 OpenShift 3.0, 完善了强大的用户界面, 以及诸如源代码到镜像和构建管道等 OpenShift 独有组件, 极大简化了云原生应用的构建部署和 DevOps 理念文化的落地实践. 2019 年, RedHat 推出了 OpenShift v4, 集成了 CoreOS,Istio,Knative,Kubernetes Operator 等技术, 将 OpenShift 推向了全栈融合云和应用全生命周期自动化管理时代. 可见, 作为当今最为成熟和主流的容器云 PaaS 平台, OpenShift 的架构也一直在演进. 本文将基于 OpenShift 当前最为成熟稳定的 3.11 版本, 介绍其设计理念和总体架构, 并深入介绍和分析 OpenShift 网络, 存储, 权限控制, 服务目录等核心功能, 在部署实践 OpenShift 云原生 PaaS 平台前, 为读者建立起完备扎实的理论基础.
OpenShift 设计哲学
容器平台 (Container Platform) 是一种使用容器去构建, 部署和编排应用的应用平台. OpenShift 是一种新型容器云 PaaS 平台, 其使用两种主要工具在容器中运行应用, 即以 Docker 作为容器运行时 (Container runtime) 在 Linux 环境中创建容器, 以 Kubernetes 为容器编排引擎 (Container Orchestration Engine) 在平台中编排容器. OpenShift 在架构上具有以分层, 应用为中心和功能模块解耦等主要特点.
分层架构
OpenShift 采用分层架构, 利用 Docker,Kubernetes 及其他开源技术构建起一个 PaaS 云计算平台. 其中, Docker 用于基于 Linux 的轻量容器镜像的打包和创建, Kubernetes 提供了集群管理和在多台宿主机上的容器编排能力.
- [root@master1 ~]# oc new-App \
- openshift/wildfly:13.0~https://github.com/sammyliush/myapp-demo \
- --name mywebapp4
- --> Found image af69006 (4 months old) in image stream "openshift/wildfly"
- under tag "13.0" for "openshift/wildfly:13.0"
- * A source build using source code from https://github.com/
- sammyliush/myapp-demo will be created
- * The resulting image will be pushed to image stream tag
- "mywebapp4:latest"
- * Use 'start-build' to trigger a new build
- * This image will be deployed in deployment config "mywebapp4"
- * Port 8080/tcp will be load balanced by service "mywebapp4"
- * Other containers can access this service through the hostname
- "mywebapp4"
- --> Creating resources ...
- imagestream.image.openshift.io "mywebapp4" created
- buildconfig.build.openshift.io "mywebapp4" created
- deploymentconfig.apps.openshift.io "mywebapp4" created
- service "mywebapp4" created
- --> Success
- Build scheduled, use 'oc logs -f bc/mywebapp4' to track its progress.
- Application is not exposed. You can expose services to the outside
- world by executing one or more of the commands below:
- 'oc expose svc/mywebapp4'
- Run 'oc status' to view your App.
- [root@master1 ~]# oc get user
- NAME UID FULL NAME IDENTITIES
- admin 3fe420b5-df2c-11e9-80a7-fa163e71648a allow_all:admin
- cadmin 1028b3ab-e449-11e9-9b23-fa163e71648a allow_all:cadmin
- regadmin 9825b876-df41-11e9-80a7-fa163e71648a allow_all:regadmin
- [root@master1 ~]# oc new-project devproject --display-name='DEV \
- Project'--description='Project for development team'Now using project"devproject" on server \
- "https://openshift-internal.example.com:8443".
- [root@master1 ~]# oc get project
- NAME DISPLAY NAME STATUS
- devproject DEV Project Active
- ......
- openshift-Web-console Active
- testproject Test Project Active
- apiVersion: v1
- kind: Pod
- metadata:
- name: myapp-pod
- labels:
- App: myapp
- spec:
- containers:
- - name: myapp-container
- image: busybox
- command: ['sh', '-c', 'echo Hello Kubernetes! && sleep 3600']
- [root@master1 ~]# oc get pod
- NAME READY STATUS RESTARTS AGE
- hello-openshift-3-5lr24 1/1 Running 0 3h
- hello-openshift-3-cjfbm 1/1 Running 0 3h
- myapp-pod 1/1 Running 0 2m
- mywebapp-2-5wj2t 1/1 Running 0 1h
- mywebapp-2-sr84n 1/1 Running 0 56m
4b6588d15798 docker.io/openshift/origin-pod:v3.11.0 "/usr/bin/pod" About an hour ago Up About an hour k8s_POD_myapp-pod-with-init-containers_testproject_25435bc3-003f-11ea-9877-fa163e71648a_0
apiVersion: v1 kind: Pod metadata: name: myapp-pod labels: App: myapp spec: containers: - name: myapp-container image: busybox:1.28 command: ['sh', '-c', 'echo The app is running! && sleep 3600'] initContainers: - name: init-myservice image: busybox:1.28 command: ['sh', '-c', 'until nslookup myservice; do echo waiting for myservice; sleep 2; done;'] - name: init-mydb image: busybox:1.28 command: ['sh', '-c', 'until nslookup mydb; do echo waiting for mydb; sleep 2; done;']
[root@master1 ~]# oc get pod myapp-pod 0/1 Init:0/2 0 6m
[root@master1 ~]# oc get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) hello-openshift ClusterIP 172.30.10.229 <none> 8080/TCP,8888/TCP mywebapp ClusterIP 172.30.151.210 <none> 8080/TCP
[root@master1 ~]# oc describe svc/mywebapp Name: mywebapp Namespace: testproject Labels: App=mywebapp Annotations: openshift.io/generated-by=OpenShiftWebConsole Selector: deploymentconfig=mywebapp Type: ClusterIP IP: 172.30.151.210 Port: 8080-tcp 8080/TCP TargetPort: 8080/TCP Endpoints: 10.129.0.108:8080,10.130.0.142:8080
[root@master1 ~]# oc get ep NAME ENDPOINTS hello-openshift 10.129.0.132:8888,10.130.0.140:8888 + 1 more... mywebapp 10.129.0.133:8080,10.130.0.156:8080 mywebappv2 10.130.0.157:8080
[root@master1 ~]# oc get bc NAME TYPE FROM LATEST mywebapp Source Git@master 3
[root@master1 ~]# oc get build NAME TYPE FROM STATUS STARTED DURATION mywebapp-2 Source Git@d5837f1 Complete 34 minutes ago 7m50s mywebapp-3 Source Git@d5837f1 Complete 24 minutes ago 3m13s
spec: nodeSelector: null output: to: kind: ImageStreamTag name: mywebapp:latest
[root@master1 ~]# oc get is NAME DOCKER REPO TAGS myApp docker-registry.default.svc:5000/testproject/myApp99 latest
Name: python Namespace: imagestream ...... Tags: 2 34 tagged from CentOS/python-34-centos7 * CentOS/python-34-centos7@sha256:28178e2352d31f2407d8791a54d0 14 seconds ago 35 tagged from CentOS/python-35-centos7 * CentOS/python-35-centos7@sha256:2efb79ca3ac9c9145a63675fb0c09220ab3b8d4005d3\ 5e0644417ee552548b10 7 seconds ago
[root@master1 ~]# oc get istag NAME DOCKER REF hello-openshift:latest openshift/hello-openshift@sha256:aaeae2e mywebapp:latest 172.30.84.87:5000/testproject/mywebapp@sha256:d6cb2d64617100b7\ 6db176c88
[root@master1 ~]# oc get dc NAME REVISION DESIRED CURRENT TRIGGERED BY hello-openshift 1 2 2 config,image(hello-openshift:latest)
[root@master1 ~]# oc describe dc hello-openshift Name: hello-openshift Namespace: testproject Created: 7 days ago Labels: App=hello-openshift Latest Version: 1 Selector: App=hello-openshift,deploymentconfig=hello-openshift Replicas: 2 Triggers: Config, Image(hello-openshift@latest, auto=true) Strategy: Rolling Pod Template: Labels: App=hello-openshift deploymentconfig=hello-openshift Annotations: openshift.io/generated-by=OpenShiftWebConsole Containers: hello-openshift: Image: openshift/hello-openshift@sha256:aaea76ff47e2e Ports: 8080/TCP, 8888/TCP Deployment #1 (latest): Name: hello-openshift-1 Created: 7 days ago Status: Complete Replicas: 2 current / 2 desired Selector: App=hello-openshift,deployment=hello-openshift-1,deploymentconfig= hello-openshift Labels: App=hello-openshift,openshift.io/deployment-config.name=hello-openshift Pods Status: 2 Running / 0 Waiting / 0 Succeeded / 0 Failed Events: <none>
[root@master1 ~]# oc rollout latest dc/hello-openshift deploymentconfig.apps.openshift.io/hello-openshift rolled out
[root@master1 ~]# oc get rc NAME DESIRED CURRENT READY AGE hello-openshift-1 0 0 0 7d
[root@master1 ~]# oc describe rc/hello-openshift-3 Name: hello-openshift-3 Namespace: testproject Selector: App=hello-openshift,deployment=hello-openshift-3,deploymentconfig= \ hello-openshift Labels: App=hello-openshift openshift.io/deployment-config.name=hello-openshift Annotations: openshift.io/deployer-pod.completed-at=2019-10-02 18:45:53 +0800 CST ...... openshift.io/encoded-deployment-config={"kind":"DeploymentConfig", \ "apiVersion":"apps.openshift.io/v1","metadata":{"name":"hello-openshift","namespace":"testproject","selfLink":" /apis/apps.openshift.io... Replicas: 2 current / 2 desired Pods Status: 2 Running / 0 Waiting / 0 Succeeded / 0 Failed Pod Template: Labels: App=hello-openshift deployment=hello-openshift-3 deploymentconfig=hello-openshift Annotations: openshift.io/deployment-config.latest-version=3 openshift.io/deployment-config.name=hello-openshift openshift.io/deployment.name=hello-openshift-3 openshift.io/generated-by=OpenShiftWebConsole Containers: hello-openshift: Image: openshift/hello-openshift@sha256:aaea76ff622d2f8bcb32e538e7b3cd0ef6d 291953f3e7c9f556c1ba5baf47e2e Ports: 8080/TCP, 8888/TCP Host Ports: 0/TCP, 0/TCP Environment: <none> Mounts: <none> Volumes: <none> Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal SuccessfulCreate 39m replication-controller Created pod: hello-openshift-3-cjfbm Normal SuccessfulCreate 39m replication-controller Created pod: hello-openshift-3-5lr24
triggers: - type: "ImageChange" imageChangeParams: automatic: true from: kind: "ImageStreamTag" name: "mywebapp:latest" namespace: "myproject
[root@master1 ~]# oc get route NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD hello-openshift helloopenshift.svc.example.com \ hello-openshift 8080-tcp None mywebapp mywebapp-testproject.router.default.svc.cluster.local \ mywebapp 8080-tcp None
[root@master1 ~]# oc get template NAME DESCRIPTION PARAMETERS OBJECTS jenkins-ephemeral Jenkins service, without persistent storage.... 6 (1 generated) 6
来源: http://www.tuicool.com/articles/aiIFVzu