阿里云上实战openshift7-应用部署

【注】企业docker register域名,以下以registry.honsen.com为例 

1.开发环境master节点支持以https方式访问企业registryserver 

1)将证书放入开发环境master节点

  将registry server上生成的证书domain.crt拷贝至开发环境master节点的/root/certs下

 mkdir /etc/docker/certs.d/registry.honsen.com:5000

  cp /root/certs/domain.crt  /etc/docker/certs.d/registry.honsen.com:5000/ca.crt

2)将domain.crt内容添加至/etc/pki/tls/certs/ca-bundle.crt末尾 

  ca t/root/certs/domain.crt >> /etc/pki/tls/certs/ca-bundle.crt

4)测试以https方式访问registryserver

 curl https://registry.honsen.com:5000/v2

  结果是: 

 Moved Permanently.


2.从开发环境导出应用的镜像

1)查看并登录到开发环境的内部s2i镜像仓库

  管理员用户登录开发环境的OpenShift Web Console, 切换至default project

  左边菜单点击Applications、选Routes, 点击打开registry-console

  管理员用户登录registry-console

  左边菜单点击概览,查看登录命令

  拷贝登录到注册表的命令行,远程登录开发环境master节点,执行登录到注册表的命令行

2)从开发环境的内部s2i镜像仓库pull应用镜像

 registry-console上选择dev项目, 查看应用镜像的pull命令,例如:

         docker pull docker-registry-default.router.default.svc.cluster.local/honsen-dev-4/pcweb:latest

         docker pull docker-registry-default.router.default.svc.cluster.local/honsen-dev-4/honsen-apiserver:latest

         docker pull docker-registry-default.router.default.svc.cluster.local/honsen-dev-4/notice-push:latest

         docker pull docker-registry-default.router.default.svc.cluster.local/honsen-dev-4/honsen-admin-collect:latest

         docker pull docker-registry-default.router.default.svc.cluster.local/honsen-dev-4/wechat:latest         

         docker pull docker-registry-default.router.default.svc.cluster.local/honsen/honsen-gateway:latest

  远程登录开发环境master节点,执行上面的docker pull命令   


3.将应用镜像push到企业docker registry

 docker tag docker-registry-default.router.default.svc.cluster.local/honsen-dev-4/pcweb:latest  registry.honsen.com:5000/pcweb:1.0

 docker push registry.honsen.com:5000/pcweb:1.0

 docker tag docker-registry-default.router.default.svc.cluster.local/honsen-dev-4/honsen-apiserver:latest  registry.honsen.com:5000/honsen-apiserver:1.0

 docker push registry.honsen.com:5000/honsen-apiserver:1.0

 docker tag docker-registry-default.router.default.svc.cluster.local/honsen-dev-4/notice-push:latest  registry.honsen.com:5000/notice-push:1.0

 docker push registry.honsen.com:5000/notice-push:1.0 

 docker tag docker-registry-default.router.default.svc.cluster.local/honsen-dev-4/honsen-admin-collect:latest registry.honsen.com:5000/honsen-admin-collect:1.0

 docker push registry.honsen.com:5000/honsen-admin-collect:1.0

 docker tag docker-registry-default.router.default.svc.cluster.local/honsen-dev-4/wechat:latest  registry.honsen.com:5000/wechat:1.0

 docker push registry.honsen.com:5000/wechat:1.0 

 docker tag docker-registry-default.router.default.svc.cluster.local/honsen/honsen-gateway:latest  registry.honsen.com:5000/honsen-gateway:1.0

 docker push registry.honsen.com:5000/honsen-gateway:1.0


【注】openshift project name,以下以honsen为例   

4.导入应用镜像,生成honsen project的OpenShift Image Stream

  远程登录生产环境master节点,执行:

  oc import-image registry.honsen.com:5000/pcweb:1.0 -n honsen --confirm

  oc import-image registry.honsen.com:5000/honsen-apiserver:1.0 -n honsen --confirm

  oc import-image registry.honsen.com:5000/notice-push:1.0 -n honsen --confirm

  oc import-image registry.honsen.com:5000/honsen-admin-collect:1.0 -n honsen--confirm

  oc import-image registry.honsen.com:5000/wechat:1.0 -n honsen --confirm

  oc import-image registry.honsen.com:5000/honsen-gateway:1.0 -n honsen --confirm


5.授权以root身份运行容器的权限

  【注】基于nginx的容器需要用root来运行

  ocadm policy add-scc-to-user anyuid -z default -n honsen

  oc describe scc anyuid


6.部署应用


7.配置route

推荐阅读更多精彩内容