概述
请思考以下场景:
你们已经有了一套发布平台,用于生产环境或者开发,测试,预发布和生产都已经在使用了,然后你也想推广容器平台,但是容器平台的界面和现有的发布平台是割裂的,而且现有的数据也没法用到容器平台,要怎么做才能实现两个平台的整合呢?
解决思路:
由于没有大规模使用过容器来跑业务应用,你希望把容器平台作为测试环境,那么你可以这样做,把生成Dockerfile和Template的界面移到发布平台,然后发布平台调用openshift API来实现整合。
本文就来讲讲如何调用openshift API 。
获取access token
详细请参考上一篇文章:Openshift API Token生成方法
新建项目
请求:
curl -k -v -XPOST \
-H "Authorization: Bearer $token" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
https://example.test.com:8443/apis/project.openshift.io/v1/projectrequests \
-d "{\"kind\":\"ProjectRequest\",\"apiVersion\":\"project.openshift.io/v1\",\"metadata\":{\"name\":\"project_name\",\"creationTimestamp\":null}}"
返回:
code: 201 #创建成功
code: 200 #ok
code: 202 #Accepted
code: 401 # unauthorized
删除项目
请求:
curl -k -v -XDELETE \
-H "Authorization: Bearer $token" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
https://example.test.com:8443/apis/project.openshift.io/v1/projects/project_name
返回:
code: 200 # 删除成功
body:
{
"kind":"Status",
"apiVersion":"v1",
"metadata":{},
"status":"Success"
}
code: 401 # unauthorized
code: 404 # Not Found
获取所有项目列表和每个项目中的发布实例名称
请求:
curl -k -v -XGET \
-H "Authorization: Bearer $token" \
-H "Accept: application/json" \
https://example.test.com:8443/apis/apps.openshift.io/v1/deploymentconfigs
返回:
code: 200 #成功
body:
{
"kind": "DeploymentConfigList",
"apiVersion": "apps.openshift.io/v1",
"metadata": {
"selfLink": "/apis/apps.openshift.io/v1/deploymentconfigs",
"resourceVersion": "38784201" },
"items": [
{
"metadata": {
"name": "jenkins",
"namespace": "ci",
.......
},
{
"metadata": {
"name": "test",
"namespace": "test",
.......
},
........
]
........
}
code: 401 # unauthorized
推送镜像到OpenShift内部镜像库
假如你在外面已经生成好了镜像,然后想把镜像推送到OpenShift内部镜像库。
推送镜像(也可以调用docker的API来做,这里采用简单些的办法)
⚠️openshift镜像库是在集群内部,只能采用service IP/name和端口访问,所以推送镜像所在机器需要在集群内。
docker login -u $user -p $access_token docker-registry.default.svc:5000 && \
docker tag $image_name:$tag docker-registry.default.svc:5000/$project/$image_name:$tag && \
docker push docker-registry.default.svc:5000/$project/$image_name:$tag
发布镜像
以devops-team项目中的nginx-example实例为例说明
请求:
curl -X POST -kv \
"https://example.test.com:8443/apis/apps.openshift.io/v1/namespaces/devops-team/deploymentconfigs/nginx-example/instantiate?pretty=true" \
-H "accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $token" \
-d "{ \"apiVersion\": \"apps.openshift.io/v1\", \"force\": true, \"kind\": \"DeploymentConfig\", \"latest\": true, \"name\": \"nginx-example\"}"
返回:
code: 201 #触发发布成功
body:
{
"kind": "DeploymentConfig",
"apiVersion": "apps.openshift.io/v1",
"metadata": {
"name": "nginx-example",
"namespace": "devops-team",
..........
}
code: 200 # ok
code: 202 # accepted
code: 401 # unauthorized
查看发布状态
要获取上面的发布:nginx-example的发布状态,就需要先获取最近一次发布的名称:nginx-example-?
请求:
查看deploymentconfi: nginx-example的信息
curl -k -v -XGET \
-H "Authorization: Bearer $token" \
-H "Accept: application/json" \
https://example.test.com:8443/apis/apps.openshift.io/v1/namespaces/devops-team/deploymentconfigs/nginx-example
返回:
code: 200 # 成功
body:
{
"kind": "DeploymentConfig",
"apiVersion": "apps.openshift.io/v1",
"metadata": {},
"spec": {},
"status": {
"latestVersion": 3,
"observedGeneration": 4,
"replicas": 1,
........}
}
由此可以得出最近一次的发布名称是nginx-example-3
code: 401 # unauthorized
获取最近一次发布的pod的运行状态
请求:
curl -k -v -XGET \
-H "Accept: application/json" \
-H "Authorization: Bearer $token" \
https://example.test.com:8443/api/v1/namespaces/devops-team/pods?labelSelector=deployment=nginx-example-3,deploymentconfig=nginx-example,name=nginx-example
返回:
code: 200 # 成功
body:
{
"kind": "PodList",
"apiVersion": "v1",
"metadata": {},
"items": [{
"metadata": {},
"spec": {},
"status": {
"phase": "Running",
"conditions": [],
"hostIP": "10.131.32.3",
"podIP": "10.129.104.40",
"startTime": "2018-11-13T09:40:10Z",
"containerStatuses": [],
"qosClass": "Burstable"}
]}
}
由此可以得出pod运行状态为Running,pod已经在跑了,
如果状态是Failed,说明发布失败了,
如果是Waiting,说明在等待。
code: 401 # unauthorized
导入模版
实现web-console里面的import template功能需要分两步,第一步要把template文件转成对象为List的各个Resource对象,第二步是创建生成的各个Resource。
要实现第一个API要提交的参数非常多,包含了template中所有的参数,所以我们绕过第一步,直接生成各个Resource对象的json或yaml格式的内容,然后调用相关的API创建对象。
下面举例说如何创建各个对象。
创建Service对象
请求:
curl -k -v -XPOST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $token" \
https://example.test.com:8443/api/v1/namespaces/demo-au/services \
-d "{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{"description":"Exposes and load balances the application pods"},"labels":{"template":"demo-au"},"name":"demo-au","namespace":"demo-au"},"spec":{"ports":[{"name":"nginx","port":80,"targetPort":80}],"selector":{"name":"demo-au"}}}"
返回:
code: 201 #创建成功
code: 409 #对象已经存在
code: 401 # unauthorized
创建Route对象
请求:
curl -k -v -XPOST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $token" \
https://example.test.com:8443/oapi/v1/namespaces/demo-au/routes \
-d "{"apiVersion":"v1","kind":"Route","metadata":{.......}}"
返回:
code: 201 #创建成功
code: 409 #对象已经存在
code: 401 # unauthorized
创建imagestream对象
请求:
curl -k -v -XPOST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $token" \
https://example.test.com:8443/oapi/v1/namespaces/demo-au/imagestreams \
-d "{"apiVersion":"v1","kind":"ImageStream","metadata":{.......}}"
返回:
code: 201 #创建成功
code: 409 #对象已经存在
code: 401 # unauthorized
创建deploymentconfig对象
请求:
curl -k -v -XPOST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $token" \
https://example.test.com:8443/oapi/v1/namespaces/demo-au/deploymentconfigs \
-d "{"apiVersion":"v1","kind":"DeploymentConfig","metadata":{.......}}"
返回:
code: 201 #创建成功
code: 409 #对象已经存在
code: 401 # unauthorized
创建secret对象
请求:
curl -k -v -XPOST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $token" \
https://example.test.com:8443/api/v1/namespaces/demo-au/secrets \
-d "{"apiVersion":"v1","kind":"Secret","metadata":{.......}}"
返回:
code: 201 #创建成功
code: 409 #对象已经存在
code: 401 # unauthorized