标签:账户 gem image OLE linu monit latest following uber
本测试记录从openshift 3.6环境中导出项目,然后在将项目环境恢复到Openshift 3.11中所需要的步骤
从而指导导入导出的升级过程。
过程略
过程略
htpasswd /etc/origin/master/htpasswd eric
htpasswd /etc/origin/master/htpasswd alice
oc label node node2.example.com application=eric-tomcat
[root@master ~]# oc get node node2.example.com --show-labels NAME STATUS AGE VERSION LABELS node2.example.com Ready 1d v1.6.1+5115d708d7 application=eric-tomcat,beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=node2.example.com,region=infra,zone=default
docker load -i tomcat.tar docker tag docker.io/tomcat:8-slim registry.example.com/tomcat:8-slim docker push registry.example.com/tomcat:8-slim
用eric用户登录
oc new-project ericproject1 oc import-image tomcat:8-slim --from=registry.example.com/tomcat:8-slim --insecure --confirm oc new-app tomcat:8-slim --name=ericapp1 oc expose service ericapp1 oc scale dc/ericapp1 --replicas=3
oc new-app tomcat:8-slim --name=ericapp2
oc expose service ericapp2
用eric用户登录
oc new-project ericproject2 oc import-image tomcat:8-slim --from=registry.example.com/tomcat:8-slim --insecure --confirm oc new-app tomcat:8-slim --name=eric-tomcat oc expose service eric-tomcat
oc new-project alice-project oc import-image tomcat:8-slim --from=registry.example.com/tomcat:8-slim --insecure --confirm oc new-app tomcat:8-slim --name=alice-tomcat oc expose service alice-tomcat oc scale dc/alice-tomcat --replicas=10
以下在OpenShift 3.6的集群环境下操作。
先下载jq和安装(在执行导出的集群的节点和执行导入的集群节点上都需要安装)
https://stedolan.github.io/jq/
执行导出
./project_export.sh ericproject1 ./project_export.sh ericproject2 ./project_export.sh alice-project
导出完成后发现当前目录下有这三个目录
导出后进入项目查看内容
将三个目录全部拷贝到执行导入的节点,OpenShift 3.11的版本
docker load -i tomcat.tar docker tag docker.io/tomcat:8-slim registry.example.com/tomcat:8-slim docker push registry.example.com/tomcat:8-slim
./project_import.sh ericproject1 ./project_import.sh ericproject2 ./project_import.sh alice-project
[root@master ~]# oc get users NAME UID FULL NAME IDENTITIES admin 3d7951e7-422a-11e9-90df-080027dc991a htpasswd_auth:admin
可见导入过程并不会对用户进行任何操作,但实际环境中openshift集群都是连接LDAP或其他外部用户,所以这关系不大。
[root@master ~]# oc projects You have access to the following projects and can switch between them with ‘oc project <projectname>‘: * alice-project default ericproject1 ericproject2 kube-public kube-system management-infra openshift openshift-console openshift-infra openshift-logging openshift-metrics-server openshift-monitoring openshift-node openshift-sdn openshift-web-console Using project "alice-project" on server "https://master.example.com:8443".
通过admin能看到所有的导入项目,进入项目后因为image stream的问题,发现有些DeploymentConfig一直在deploy阶段,但并无实例运行
运行下面的命令让实例重新装载
oc delete pod alice-tomcat-1-deploy oc rollout latest alice-tomcat
然后就可以看到实例全部装载成功
可见并没有将我们的label导入到新环境中
[root@master ~]# oc get nodes --show-labels NAME STATUS ROLES AGE VERSION LABELS master.example.com Ready master 2d v1.11.0+d4cacc0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=master.example.com,node-role.kubernetes.io/master=true node1.example.com Ready infra 2d v1.11.0+d4cacc0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=node1.example.com,node-role.kubernetes.io/infra=true node2.example.com Ready compute 2d v1.11.0+d4cacc0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=node2.example.com,node-role.kubernetes.io/compute=true
[root@master ~]# oc get rolebinding NAME ROLE USERS GROUPS SERVICE ACCOUNTS SUBJECTS admin /admin alice system:deployers /system:deployer deployer system:image-builders /system:image-builder builder system:image-pullers /system:image-puller system:serviceaccounts:alice-project [root@master ~]# oc project ericproject1 Now using project "ericproject1" on server "https://master.example.com:8443". [root@master ~]# oc get rolebinding NAME ROLE USERS GROUPS SERVICE ACCOUNTS SUBJECTS admin /admin eric system:deployers /system:deployer deployer system:image-builders /system:image-builder builder system:image-pullers /system:image-puller system:serviceaccounts:ericproject1 [root@master ~]# oc project ericproject2 Now using project "ericproject2" on server "https://master.example.com:8443". [root@master ~]# oc get rolebinding NAME ROLE USERS GROUPS SERVICE ACCOUNTS SUBJECTS admin /admin eric system:deployers /system:deployer deployer system:image-builders /system:image-builder builder system:image-pullers /system:image-puller system:serviceaccounts:ericproject2 [root@master ~]#
可见所有的项目权限都保存下来。
因为原有的集群下节点数目和新的集群很可能不一样,因此单纯的备份etcd和恢复etcd的办法上有很大风险。
这种模式下,采用项目导入导出的方式不失为一种较为安全的方式。
需要注意的地方包括:
标签:账户 gem image OLE linu monit latest following uber
原文地址:https://www.cnblogs.com/ericnie/p/10500572.html
