代码之家 › 专栏 › 技术社区 › Christopher Gentle

Openshift源作业是否需要图像的硬编码内部注册表URL?

openshift-origin openshift

Christopher Gentle · 技术社区 · 7 年前

我想不出一种命名空间可移植的方法来将图像构建到imagestream中,然后用于在OpenShift项目命名空间中,无需在作业配置中硬编码内部注册表URL。

与部署配置不同,作业配置不会自动生成具有正确的内部注册表图像URL的pod配置。生成的作业从未运行,因为无法提取图像。

Failed to pull image "is-copy-adaptermappings": Error: image library/is-copy-adaptermappings:latest not found

工作示例生成deployconfig生成的pod

...
 containers:
    - name: i2b2-webclient
      image: >-
        172.30.1.1:5000/c2/is-i2b2-webclient@sha256:51460a7b65ddd8cc32e41e9a3ac069efb587220364edc9285d06438b22e2ea47
      ports:
        - containerPort: 8080
          protocol: TCP
...

失败示例生成的作业吊舱摘录

apiVersion: v1
kind: Pod
...
  containers:
    - name: copy-config-to-pv
      image: is-copy-adaptermappings
      resources: {}
      volumeMounts:
...

作业配置(json)

{
  "apiVersion": "batch/v1",
  "kind": "Job",
  "metadata": {
    "name": "configpod"
  },
  "spec": {
    "parallelism": 1,
    "completions": 1,
    "template": {
      "metadata": {
        "name": "copy-config-to-pv"
      },
      "spec": {
        "containers": [
          {
            "name": "copy-config-to-pv",
            "image": "is-copy-adaptermappings",
            "imagePullPolicy": "Always",
            "volumeMounts": [
              {
                "mountPath": "/dest",
                "name": "volume-config"
              }
            ]
          }
        ],
        "restartPolicy": "OnFailure",
        "volumes": [
          {
            "name": "volume-config",
            "persistentVolumeClaim": {
              "claimName": "pvc-configs"
            }
          }
        ]
      }
    }
  }
}

有没有一种很好的方法来引用或生成内置本地注册表映像的URL?

1 回复 | 直到 7 年前

Graham Dumpleton 7 年前

据我所知,它是这样的,因为您使用的实际上是Kubernetes作业对象。任何时候你在Kubernetes级别做事情,你都必须从图像注册表中引用一个图像。Kubernetes中不存在图像流的概念。这就是OpenShift对象(如构建和部署配置)更智能的地方,因为它们通过图像流对象工作,图像流对象充当索引或间接指针的形式。当使用OpenShift时,使用图像流作为中介使事情变得更容易。

尽管如此,我被告知OpenShift 3.6中可能有一些东西使这变得更容易。然而,目前显然没有关于其工作原理的文件。有一个人可能会告诉我有关细节的信息,他正在休假,直到月底,我想看看是否可以找到更多细节,并在知道后更新。

更新1

假设您使用的是OpenShift 3.6,并且 is-copy-adaptermappings

{
  "apiVersion": "batch/v1",
  "kind": "Job",
  "metadata": {
    "name": "configpod"
    "annotations": {
      "alpha.image.policy.openshift.io/resolve-names": "*"
    },
  },
  "spec": {
    "parallelism": 1,
    "completions": 1,
    "template": {
      "metadata": {
        "name": "copy-config-to-pv"
      },
      "spec": {
        "containers": [
          {
            "name": "copy-config-to-pv",
            "image": "is-copy-adaptermappings",
            "imagePullPolicy": "Always",
            "volumeMounts": [
              {
                "mountPath": "/dest",
                "name": "volume-config"
              }
            ]
          }
        ],
        "restartPolicy": "OnFailure",
        "volumes": [
          {
            "name": "volume-config",
            "persistentVolumeClaim": {
              "claimName": "pvc-configs"
            }
          }
        ]
      }
    }
  }
}

添加的是带有名称的注释 alpha.image.policy.openshift.io/resolve-names 在作业的元数据中。

的价值 image latest 标签已使用,或可以 name:tag

使用注释的方式具有alpha状态,因此注释的名称最终会更改。通常他们会尝试自动迁移包含alpha/beta标签的名称,但要注意,如果状态发生变化,它就会停止工作。

使用现在可能存在的注释的另一种方法是设置 is.spec.lookupPolicy local 查找。

$ oc explain is.spec.lookupPolicy
RESOURCE: lookupPolicy <Object>

DESCRIPTION:
     lookupPolicy controls how other resources reference images within this
     namespace.

    ImageLookupPolicy describes how an image stream can be used to override the image references used by pods, builds, and other resources in a namespace.

FIELDS:
   local    <boolean> -required-
     local will change the docker short image references (like "mysql" or
     "php:latest") on objects in this namespace to the image ID whenever they
     match this image stream, instead of reaching out to a remote registry. The
     name will be fully qualified to an image ID if found. The tag's
     referencePolicy is taken into account on the replaced value. Only works
     within the current namespace.