当我们在openshift里面直接使用openshift自带image时,并不知道image是如何build出来的,很多时候希望能够查看其Dockerfile,以期能够按预期去做一些特殊设置。
首先可以通过docker inspect去查看该image的信息,基本所有Dockerfile定义的东西都能通过这种方式获得。以redis为例,先找到该pod所在节点:
MacBook-Pro:~ $ oc get pods |grep redis
redis-4-zvp6z 1/1 Running 0 4h
MacBook-Pro:~ $ oc describe pod redis-4-zvp6z
Name: redis-4-zvp6z
Namespace: dtp-sit
Priority: 0
PriorityClassName: <none>
Node: phynode2.****.****/10.150.1.12
Start Time: Thu, 23 May 2019 09:50:21 +0800
Labels: deployment=redis-4
deploymentconfig=redis
name=redis
Annotations: openshift.io/deployment-config.latest-version=4
openshift.io/deployment-config.name=redis
openshift.io/deployment.name=redis-4
openshift.io/scc=restricted
Status: Running
IP: 10.130.3.118
登录该Node节点,查看其image信息:
[root@phynode2 ~]# docker images -a |grep redis
******.default.svc:5000/openshift/redis <none> aea3ace85f80 18 months ago 222 MB
[root@phynode2 ~]# docker inspect aea3ace85f80
[
{
"Id": "sha256:aea3ace85f80063a70dbbe1ab6dfa49df168fc66d2acb355364b6d95f1725afa",
"RepoTags": [],
"RepoDigests": [
"docker-registry.default.svc:5000/openshift/redis@sha256:be2eed2e8de37ed33e21c96f9c457d5e8497e79089834af05d57e5810f692a41"
],
"Parent": "",
"Comment": "",
"Created": "2017-11-22T15:22:52.478988Z",
"Container": "",
"ContainerConfig": {
"Hostname": "9428cdea83ba",
"Domainname": "",
"User": "1001",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"6379/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"container=oci",
"REDIS_VERSION=3.2",
"HOME=/var/lib/redis",
"SUMMARY=Redis in-memory data structure store, used as database, cache and message broker",
"DESCRIPTION=Redis 3.2 available as docker container, is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log.",
"CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/redis",
"REDIS_PREFIX=/opt/rh/rh-redis32/root/usr",
"ENABLED_COLLECTIONS=rh-redis32",
"BASH_ENV=/usr/share/container-scripts/redis/scl_enable",
"ENV=/usr/share/container-scripts/redis/scl_enable",
"PROMPT_COMMAND=. /usr/share/container-scripts/redis/scl_enable"
],
"Cmd": [
"/bin/sh",
"-c",
"#(nop) ",
"USER [1001]"
],
"ArgsEscaped": true,
"Image": "sha256:0f0379063f4f0cd0fa13420e1853250bcf7b0d1db598e32f2b3c9d60832b9840",
"Volumes": {
"/var/lib/redis/data": {}
},
"WorkingDir": "",
"Entrypoint": [
"container-entrypoint"
],
"OnBuild": [],
"Labels": {
"architecture": "x86_64",
"authoritative-source-url": "registry.access.redhat.com",
"build-date": "2017-11-22T15:19:57.829508",
"com.redhat.build-host": "ip-10-29-120-69.ec2.internal",
"com.redhat.component": "rh-redis32-docker",
"description": "Redis 3.2 available as docker container, is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log.",
"distribution-scope": "public",
"io.k8s.description": "Redis 3.2 available as docker container, is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log.",
"io.k8s.display-name": "Redis 3.2",
"io.openshift.expose-services": "6379:redis",
"io.openshift.tags": "database,redis,redis32,rh-redis32",
"name": "rhscl/redis-32-rhel7",
"release": "5.15",
"summary": "Redis in-memory data structure store, used as database, cache and message broker",
"url": "https://access.redhat.com/containers/#/registry.access.redhat.com/rhscl/redis-32-rhel7/images/3.2-5.15",
"vcs-ref": "d13d85cc75c0481e773889b0f39d0faea92c554d",
"vcs-type": "git",
"vendor": "Red Hat, Inc.",
"version": "3.2"
}
},
"DockerVersion": "1.12.6",
"Author": "",
"Config": {
"Hostname": "9428cdea83ba",
"Domainname": "",
"User": "1001",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"ExposedPorts": {
"6379/tcp": {}
},
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"container=oci",
"REDIS_VERSION=3.2",
"HOME=/var/lib/redis",
"SUMMARY=Redis in-memory data structure store, used as database, cache and message broker",
"DESCRIPTION=Redis 3.2 available as docker container, is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log.",
"CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/redis",
"REDIS_PREFIX=/opt/rh/rh-redis32/root/usr",
"ENABLED_COLLECTIONS=rh-redis32",
"BASH_ENV=/usr/share/container-scripts/redis/scl_enable",
"ENV=/usr/share/container-scripts/redis/scl_enable",
"PROMPT_COMMAND=. /usr/share/container-scripts/redis/scl_enable"
],
"Cmd": [
"run-redis"
],
"ArgsEscaped": true,
"Image": "c55eab2cfa0def35e401137c646c3160f1a2088cf1b8c1011ce7303c454bf080",
"Volumes": {
"/var/lib/redis/data": {}
},
"WorkingDir": "",
"Entrypoint": [
"container-entrypoint"
],
"OnBuild": [],
"Labels": {
"architecture": "x86_64",
"authoritative-source-url": "registry.access.redhat.com",
"build-date": "2017-11-22T15:19:57.829508",
"com.redhat.build-host": "ip-10-29-120-69.ec2.internal",
"com.redhat.component": "rh-redis32-docker",
"description": "Redis 3.2 available as docker container, is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log.",
"distribution-scope": "public",
"io.k8s.description": "Redis 3.2 available as docker container, is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Redis works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log.",
"io.k8s.display-name": "Redis 3.2",
"io.openshift.expose-services": "6379:redis",
"io.openshift.tags": "database,redis,redis32,rh-redis32",
"name": "rhscl/redis-32-rhel7",
"release": "5.15",
"summary": "Redis in-memory data structure store, used as database, cache and message broker",
"url": "https://access.redhat.com/containers/#/registry.access.redhat.com/rhscl/redis-32-rhel7/images/3.2-5.15",
"vcs-ref": "d13d85cc75c0481e773889b0f39d0faea92c554d",
"vcs-type": "git",
"vendor": "Red Hat, Inc.",
"version": "3.2"
}
},
"Architecture": "amd64",
"Os": "linux",
"Size": 222458944,
"VirtualSize": 222458944,
"GraphDriver": {
"Name": "devicemapper",
"Data": {
"DeviceId": "116487",
"DeviceName": "docker-253:0-201599982-d9898dff9cfda7deb451c4da1f088da623155041d36edd1b5355241344938ba0",
"DeviceSize": "10737418240"
}
},
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:e1d829eddb62dc49f1c56dbf8acd0c71299b3996115399de853a9d66d81b822f",
"sha256:02404b4d7e5d89b1383ca346b4462b199128aa4b238c5a2b2c186004ac148ba8",
"sha256:04e9612b12a6e5e9541b1666148b34e4f393272f77d96fdec92273bf0b17446e"
]
}
}
]
信息量太大,截取部分关键信息:
"CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/redis",
"REDIS_PREFIX=/opt/rh/rh-redis32/root/usr",
"ENABLED_COLLECTIONS=rh-redis32",
"BASH_ENV=/usr/share/container-scripts/redis/scl_enable",
"ENV=/usr/share/container-scripts/redis/scl_enable",
"PROMPT_COMMAND=. /usr/share/container-scripts/redis/scl_enable"
],
**"Cmd": [
"run-redis"
],**
Image启动后执行的是“run-redis", 通过oc exec 到redis的pod里找到这个文件:
MacBook-Pro$ oc exec -it redis-4-zvp6z /bin/bash
bash-4.2$ cat /usr/bin/run-redis
#!/bin/bash
~
export_vars=$(cgroup-limits); export $export_vars
source ${CONTAINER_SCRIPTS_PATH}/common.sh
set -eu
~
[ -f ${CONTAINER_SCRIPTS_PATH}/validate-variables.sh ] && source ${CONTAINER_SCRIPTS_PATH}/validate-variables.sh
~
# Process the Redis configuration files
log_info 'Processing Redis configuration files ...'
**if [[ -v REDIS_PASSWORD ]]; then
envsubst < ${CONTAINER_SCRIPTS_PATH}/password.conf.template >> /etc/redis.conf**
else
log_info 'WARNING: setting REDIS_PASSWORD is recommended'
fi ~
# Source post-init source if exists
if [ -f ${CONTAINER_SCRIPTS_PATH}/post-init.sh ]; then
log_info 'Sourcing post-init.sh ...'
source ${CONTAINER_SCRIPTS_PATH}/post-init.sh
fi
~
# Restart the Redis server with public IP bindings
unset_env_vars
log_volume_info "${REDIS_DATADIR}"
log_info 'Running final exec -- Only Redis logs after this point'
exec ${REDIS_PREFIX}/bin/redis-server /etc/redis.conf --daemonize no "$@" 2>&1
通过上述文件,我们可以看到只要在这个文件里设置我们想设置的password就可以了
${CONTAINER_SCRIPTS_PATH}/password.conf.template
找到该文件:
bash-4.2$ cat password.conf.template
# password for the server
requirepass "${REDIS_PASSWORD}"
由此一目了然了,我们只需要在deploymentConfig里设置环境变量${REDIS_PASSWORD}即可。
为保证密码安全,我们将环境变量从secret中读取,首先创建一个叫redis-secret的secret,通过yaml文件或者通过console直接创建均可,下面是我创建的:
MacBook-Pro$ oc get secret/redis-secret -o yaml
apiVersion: v1
data:
password: **********EhnNQ==
kind: Secret
metadata:
creationTimestamp: 2019-05-23T07:01:19Z
name: redis-secret
namespace: sit
resourceVersion: "128134724"
selfLink: /api/v1/namespaces/dtp-sit/secrets/redis-secret
uid: 90ae2f34-7d28-11e9-8ff3-005056aae8a2
type: Opaque
接下来我们将这个secret配置到redis的deploymentConfig中去, 主要是在dc中增加下面这部分env的设置:
spec:
containers:
- env:
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: redis-secret
重新deploy,?,万事大吉!
部署总是显示失败,container正常启动,但总是几分钟后被killed,推断是rediness check捣的鬼,将dc中的redinessProbe部分直接干掉或者更改redis-cli增加上密码登录:
readinessProbe:
exec:
command:
- /bin/sh
- -i
- -c
- test "$(redis-cli -h 127.0.0.1 -a ${REDIS_PASSWORD} ping)" == "PONG"
扫一扫
4208
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
