NSX ALB Harbor OpenShift 4.8 UPI安装配置实验笔记系列目录
1 部署avi-demo Deployment
1.1 新建命令行
1.2 yaml方式新建
2 新建avi-demo service
2.1 新建命令行
2.2 yaml方式新建
3 为avi-demo service新建route
3.1 新建命令行
3.2 yaml方式新建
4 配置信息检查
4.1 查看SVC和Route信息
4.2 查看SVC和Route yaml
4.3 OCP console查看页面上的配置
5 Ingress应用发布测试
1 部署avi-demo Deployment
1.1 新建命令行
oc new-project avi-demo kubectl -n avi-demo create deploy avi-demo --image=map.corp.tanzu/dyadin/avi-demo --replicas=3使用oc new-app命令会调用openshift image straam,而image steam需要长期存储挂载,这样LAB使用中未配置kubectl命令直接新建deployment,oc new-app命令记录如下:
oc new-app map.corp.tanzu/dyadin/avi-demo:latest --name=avi-demo1.2 yaml方式新建
1). 因avi-demo image启动脚本需要root而身份执行OCP默认禁止环境POD以root身份运行,需要先运行OCP下列命令首先在环境中执行,并向操作容器的服务账户添加权限,否则下图中会有类似的Permission denied”报错:
oc adm policy add-scc-to-user anyuid -z default2). 新项目
oc new-project avi-demo3). 生成avi-demo.yaml
cat << EOF > avi-demo.yaml --- apiVersion: apps/v1 kind: Deployment metadata: name: avi-demo namespace: avi-demo labels: app: avi-demo spec: replicas: 3 selector: matchLabels: app: avi-demo template: metadata: labels: app: avi-demo spec: containers: - name: avi-demo image: map.corp.tanzu/dyadin/avi-demo:latest EOF4). 应用yaml
oc apply -f avi-demo.yaml5). 查看avi-demo pod运行情况:
oc -n avi-demo get pods -o wide2 新建avi-demo service
2.1 新建命令行
oc project avi-demo oc expose deployment avi-demo --port=80 --target-port=80 --name=avi-demo-svc2.2 yaml方式新建
1). 编辑yaml
cat << EOF > avi-demo-svc.yaml --- apiVersion: v1 kind: Service metadata: name: avi-demo-svc namespace: avi-demo spec: selector: app: avi-demo ports: - protocol: TCP port: 80 targetPort: 80 EOF2). 应用yaml
oc apply -f avi-demo-svc.yaml3). 查看service创建结果
oc -n avi-demo get svc3 为avi-demo service新建route
3.1 新建命令行
oc project avi-demo oc expose svc avi-demo-svc --name=avi-demo-route3.2 yaml方式新建
1). 编辑yaml
cat << EOF > avi-demo-route.yaml --- apiVersion: route.openshift.io/v1 kind: Route etadata:
name: avi-demo-route
namespace: avi-demo
spec:
path: /
to:
kind: Service
name: avi-demo-svc
port:
targetPort: 80
EOF2). 应用yaml
oc apply -f avi-demo-route.yaml3). 查看route创建结果
oc get route4). 访问测试
因前面已配置了apps这个子域的委派,这里在没有配置AVI前,需要通过在本机hosts文件中添加记录才可以访问:
4 配置信息检查
4.1 查看SVC和Route信息
oc -n avi-demo get svc -o wide
4.2 查看SVC和Route yaml
oc -n avi-demo get svc -o yamloc -n avi-demo get route -o yaml
4.3 OCP console页面查看配置
5 Ingress应用发布测试
ingress Yaml中不能像官方文档那样在path后跟“/”,否则会无法自动生成对应的Route。
Bug链接:1878685 – Ingress resource with "Passthrough" annotation does not get applied when using the newer "networking.k8s.io/v1" API
1). Annotations为edge模式
cat << EOF > avi-demo-ingress-edge.yaml
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: avi-demo-ingress-edge
annotations:
route.openshift.io/termination: edge
spec:
ingressClassName: openshift-default
rules:
- host: avi-demo-ingress-edge.apps.ocp.corp.tanzu
http:
paths:
- backend:
service:
name: avi-demo-svc
port:
number: 80
pathType: ImplementationSpecific
EOF2). Annotations为Passthrough模式
cat << EOF > avi-demo-ingress.yaml
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: avi-demo-ingress
annotations:
route.openshift.io/termination: passthrough
spec:
ingressClassName: openshift-default
rules:
- host: avi-demo-ingress-edge.apps.ocp.corp.tanzu
http:
paths:
- backend:
service:
name: avi-demo-svc
port:
number: 80
pathType: ImplementationSpecific
EOF