-
安裝 Docker 套件
apt install docker.io -y
systemctl enable --now docker
docker version
-
設定 Docker daemon 的 insecure registry parameter
編輯 /etc/docker/daemon.json 檔案,並加入以下內容:
{
"insecure-registries": [
"172.30.0.0/16"
]
}
如果 /etc/docker/daemon.json 檔案不存在,請直接建立新檔即可!
cat <<EOF | tee /etc/docker/daemon.json
{
"insecure-registries": [
"172.30.0.0/16"
]
}
EOF
-
檢查 docker network 是否有個 bridge 網路
docker network inspect -f "{{range .IPAM.Config }}{{ .Subnet }}{{end}}" bridge
你應該會得到一個子網路:172.17.0.0/16
注意:OKD 只能跑在 bridge 類型的 Docker 網路下!
-
設定防火牆規則
如果使用 Ubuntu 內建的 ufw 的話,命令如下:
# 為了讓主機可以從遠端連入
ufw allow 22/tcp
# OKD 相關服務
ufw allow 53/tcp
ufw allow 8443/tcp
ufw allow 8053/tcp
ufw allow from 172.17.0.0/16
# 當 OKD 中的服務要對外上線,必須開啟 80, 443 對外連線!
ufw allow 80/tcp
ufw allow 443/tcp
# 重新載入設定與啟用 ufw 防火牆設定
ufw reload
ufw enable
-
重新啟動 Docker 服務
systemctl daemon-reload
systemctl restart docker
-
下載與安裝 oc 與 kubectl 命令列工具
wget https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz
tar zxvf openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz --strip-components=1 -C /usr/local/bin openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit/oc 2> /dev/null
tar zxvf openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz --strip-components=1 -C /usr/local/bin openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit/kubectl 2> /dev/null
檢查 oc 版本
$ oc version
oc v3.11.0+0cbc58b
kubernetes v1.11.0+d4cacc0
features: Basic-Auth GSSAPI Kerberos SPNEGO
檢查 kubectl 版本
$ kubectl version --client --short
Client Version: v1.11.0+d4cacc0
設定 kubectl 與 k 自動完成
echo 'alias k=kubectl' | sudo tee /etc/profile.d/alias.sh >/dev/null
kubectl completion bash | sudo tee /etc/bash_completion.d/kubectl >/dev/null
kubectl completion bash | sed 's/kubectl/k/g' | sudo tee /etc/bash_completion.d/k >/dev/null
. /etc/bash_completion && . /etc/profile && . ~/.profile
-
建立並啟動 OKD 叢集
你必須修改 Ubuntu 18.04 的預設 /etc/resolv.conf 指向的路徑,才能讓 OKD 建立的 Pod 擁有正確的 DNS 解析!
ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
查詢目前 VM 的 IP 地址
ip a
建立 OKD 叢集,並自訂 hostname 為目前 VM 的 IP 地址
oc cluster up --public-hostname=192.168.1.14
預設會在當前目錄建立 openshift.local.clusterup 資料夾,保存叢集所有設定。如果享用自訂的資料夾來保存設定,可以改用以下命令:
oc cluster up --base-dir="./okd_configs" --public-hostname=192.168.1.14
因為過程會產生 SSL 憑證,所有的憑證都會放在 origin 容器中,你可以用以下命令複製回本機:
docker cp origin:/var/lib/origin/openshift.local.config .
為了要能讓 kubectl 或 curl 正確的連接 api-server 或 Web Console,你必須先設定好以下兩個環境變數,才能確保連線正常:
export CURL_CA_BUNDLE=`pwd`/openshift.local.config/master/ca.crt
curl https://192.168.1.14:8443/
預設 OKD 3.11 採用 nip.io 作為預設的服務域名,這是一個非常簡單又實用的服務,讓你不用再修改 hosts 檔案,就可以提供內部網站專用的合法域名!
-
登入為管理者 (administrator)
oc login -u system:admin
登入為管理者後就可以立即使用 kubectl 管理 Kubernetes 叢集,也可以用 k9s 管理!
kubectl cluster-info
kubectl get nodes -o wide
kubectl get pod --all-namespaces
可以用以下命令查詢 OKD 叢集整合的 Registry 服務
oc adm registry
管理叢集要使用 oc adm 命令 (Administrator CLI Operations)
-
登入為一般使用者 (developer)
oc login -u developer
查詢目前登入身份
oc whoami
請注意:預設 OKD 3.11 安裝好之後,只有 myproject 這個專案的操作權限!
將 Red Hat OpenJDK 8 加入到 myproject 的 Catalog 中!
oc apply -f https://raw.githubusercontent.com/minishift/minishift/master/addons/xpaas/v3.10/xpaas-streams/openjdk18-image-stream.json -n openshift
加入到 Catalog 只是代表安裝應用程式的 Image 到 OKD 裡面而已,若要部署應用程式,還需要另外設定。你可以透過 oc 命令來部署,也可以透過 OKD 的 Web Console 來部署應用程式!
-
連接 OKD 的 Web Console 管理介面
OKD 的 Web Console 幾乎把 Kubernetes 常用的設定都做成了 UI 介面,如果原本就對 Kubernetes 熟悉的人來說,一下子就可以上手,而且會愛不釋手,終於不用再寫 YAML 了! 😅
https://192.168.1.14:8443/console/
帳號:developer / 密碼:developer (其實密碼輸入任何字元都可以登入)
注意:為了要能讓瀏覽器可以信任 OKD 自行簽發的憑證,你必須將 ./openshift.local.clusterup/node/ca.crt 檔案複製到用戶端電腦,並且加入到「受信任的根憑證授權單位」(Trusted Root CA) 之中!
注意:連到 https://192.168.1.14:8443/ 會連不上,因為他會自動重新導向到 https://127.0.0.1:8443/,你一定要輸入 https://192.168.1.14:8443/console/ 才可以正確連上!
-
取得 OKD 系統管理者的 KUBECONFIG 內容
由於 OKD 的底層完全由 Kubernetes 打造而成,因此你只要取得 KUBECONFIG 的內容,其實就可以直接透過 k9s 或 Lens 進行管理!
系統管理員的 KUBECONFIG 設定檔位於以下路徑:
openshift.local.clusterup/openshift-apiserver/admin.kubeconfig
這裡的 openshift.local.clusterup 是你在執行 oc cluster up 的時候自動產生的路徑。
如果你想用這個檔案當成 kubectl 預設的設定檔,可以嘗試先調整 KUBECONFIG 環境變數再執行命令:
KUBECONFIG=./openshift.local.clusterup/openshift-apiserver/admin.kubeconfig kubectl get no -o wide
或是
export KUBECONFIG=`pwd`/openshift.local.clusterup/openshift-apiserver/admin.kubeconfig
kubectl get no -o wide
或是透過從 origin 容器複製過來的 openshift.local.config 資料夾也有相同的檔案:
export KUBECONFIG=`pwd`/openshift.local.config/master/admin.kubeconfig
kubectl get no -o wide
如果你有遇到 OKD 啟動後沒辦法登入 system:admin 的狀況,可以嘗試先將 ./openshift.local.clusterup/openshift-apiserver/admin.kubeconfig 複製到 ~/.kube/config,並重新用 oc cluster up 啟動 OKD 看看!(相關討論)
-
若要將 developer 的執行權限調整為 system:admin
你要先進入 origin 容器中,然後在裡面設定 OKD 的 RBAC。以下是將 developer 加入為 cluster-admin 角色的命令:
docker exec -it origin /bin/bash
oc --config=/var/lib/origin/openshift.local.config/master/admin.kubeconfig adm policy --as system:admin add-cluster-role-to-user cluster-admin developer
-
建立一個名為 dev 的全新專案 (等同於 k8s 的 namespace 命名空間)
oc new-project dev --display-name="Project1 - Dev" --description="My Dev Project"
以下是切換不同專案的範例:
root@okd3:~/build# oc whoami
developer
root@okd3:~/build# oc new-project dev --display-name="Project1 - Dev" --description="My Dev Project"
Now using project "dev" on server "https://192.168.1.14:8443".
You can add applications to this project with the 'new-app' command. For example, try:
oc new-app centos/ruby-25-centos7~https://github.com/sclorg/ruby-ex.git
to build a new example application in Ruby.
root@okd3:~/build# oc projects
You have access to the following projects and can switch between them with 'oc project <projectname>':
* dev - Project1 - Dev
myproject - My Project
Using project "dev" on server "https://192.168.1.14:8443".
root@okd3:~/build# oc project default
error: You are not a member of project "default".
Your projects are:
* Project1 - Dev (dev)
* My Project (myproject)
*
root@okd3:~/build# oc project myproject
Now using project "myproject" on server "https://192.168.1.14:8443".
root@okd3:~/build# oc project dev
Now using project "dev" on server "https://192.168.1.14:8443".
-
部署應用程式
oc new-app centos/ruby-25-centos7~https://github.com/sclorg/ruby-ex.git
root@okd3:~/build# oc new-project dev --display-name="Project1 - Dev" --description="My Dev Project"
Already on project "dev" on server "https://192.168.1.14:8443".
You can add applications to this project with the 'new-app' command. For example, try:
oc new-app centos/ruby-25-centos7~https://github.com/sclorg/ruby-ex.git
to build a new example application in Ruby.
root@okd3:~/build# oc new-app centos/ruby-25-centos7~https://github.com/sclorg/ruby-ex.git
--> Found Docker image 50d5402 (7 weeks old) from Docker Hub for "centos/ruby-25-centos7"
Ruby 2.5
--------
Ruby 2.5 available as container is a base platform for building and running various Ruby 2.5 applications and frameworks. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible.
Tags: builder, ruby, ruby25, rh-ruby25
* An image stream tag will be created as "ruby-25-centos7:latest" that will track the source image
* A source build using source code from https://github.com/sclorg/ruby-ex.git will be created
* The resulting image will be pushed to image stream tag "ruby-ex:latest"
* Every time "ruby-25-centos7:latest" changes a new build will be triggered
* This image will be deployed in deployment config "ruby-ex"
* Port 8080/tcp will be load balanced by service "ruby-ex"
* Other containers can access this service through the hostname "ruby-ex"
--> Creating resources ...
imagestream.image.openshift.io "ruby-25-centos7" created
imagestream.image.openshift.io "ruby-ex" created
buildconfig.build.openshift.io "ruby-ex" created
deploymentconfig.apps.openshift.io "ruby-ex" created
service "ruby-ex" created
--> Success
Build scheduled, use 'oc logs -f bc/ruby-ex' to track its progress.
Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
'oc expose svc/ruby-ex'
Run 'oc status' to view your app.
部署應用程式之後,可以用以下命令查詢目前專案中應用程式的部署狀況
oc status
root@okd3:~/build# oc status
In project Project1 - Dev (dev) on server https://192.168.1.14:8443
svc/ruby-ex - 172.30.26.5:8080
dc/ruby-ex deploys istag/ruby-ex:latest <-
bc/ruby-ex source builds https://github.com/sclorg/ruby-ex.git on istag/ruby-25-centos7:latest
deployment #1 deployed 11 seconds ago - 1 pod
2 infos identified, use 'oc status --suggest' to see details.
也可以用以下命令取得目前專案有哪些「最佳實務」的建議
oc status --suggest
root@okd3:~/build# oc status --suggest
In project Project1 - Dev (dev) on server https://192.168.1.14:8443
svc/ruby-ex - 172.30.26.5:8080
dc/ruby-ex deploys istag/ruby-ex:latest <-
bc/ruby-ex source builds https://github.com/sclorg/ruby-ex.git on istag/ruby-25-centos7:latest
deployment #1 deployed 40 seconds ago - 1 pod
Info:
* dc/ruby-ex has no readiness probe to verify pods are ready to accept traffic or ensure deployment is successful.
try: oc set probe dc/ruby-ex --readiness ...
* dc/ruby-ex has no liveness probe to verify pods are still running.
try: oc set probe dc/ruby-ex --liveness ...
View details with 'oc describe <resource>/<name>' or list everything with 'oc get all'.
-
顯示 Pod 相關資訊
oc get pods
root@okd3:~/build# oc get pods
NAME READY STATUS RESTARTS AGE
ruby-ex-1-build 0/1 Completed 0 8m
ruby-ex-1-mwtjs 1/1 Running 0 7m
-
取得 Service 相關資訊
oc get svc
root@okd3:~/build# oc get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ruby-ex ClusterIP 172.30.203.126 <none> 8080/TCP 5m
root@okd3:~/build# oc describe svc ruby-ex
Name: ruby-ex
Namespace: dev
Labels: app=ruby-ex
Annotations: openshift.io/generated-by=OpenShiftNewApp
Selector: app=ruby-ex,deploymentconfig=ruby-ex
Type: ClusterIP
IP: 172.30.203.126
Port: 8080-tcp 8080/TCP
TargetPort: 8080/TCP
Endpoints: 172.17.0.14:8080
Session Affinity: None
Events: <none>
-
測試網站連線(使用叢集 IP 地址連接)
curl http://172.30.203.126:8080
這裡的 172.30.203.126 是上個步驟的 ClusterIP 位址!
-
設定應用程式允許外部存取
這個動作會將服務直接對外連線(透過 *.nip.io 進行連線)
oc expose service/ruby-ex
設定好之後,你就可以直接用 http://ruby-ex-dev.192.168.1.14.nip.io/ 網址進行連線!
其中 ruby-ex 是應用程式名稱、dev 是專案名稱、192.168.1.14 主機 IP 地址、nip.io 是 nip.io 網站提供的免費網址!
-
刪除應用程式
oc delete all -l app=ruby-ex
-
刪除專案
oc delete project dev