OpenShift安装配置-OpenShift容器平台安装配置_升级迁移详细过程

1. OpenShift概述与环境规划

OpenShift是Red Hat推出的企业级Kubernetes容器平台，提供了完整的容器编排、DevOps工具链和应用生命周期管理功能。OpenShift基于Kubernetes构建，增加了企业级特性，如安全增强、多租户支持、集成的CI/CD等。更多学习教程www.fgedu.net.cn

1.1 OpenShift版本说明

OpenShift目前主要版本为4.x系列，本教程以OpenShift 4.14为例进行详细讲解。OpenShift 4.x版本相比之前版本在安装、管理和功能方面都有显著提升，采用了基于 operators 的管理模式。

# 查看OpenShift版本
$ oc version
Client Version: 4.14.0
Server Version: 4.14.0
Kubernetes Version: v1.27.0

# 查看系统版本
$ cat /etc/os-release
NAME=”Red Hat Enterprise Linux CoreOS”
VERSION=”414.92.202404011200-0″
ID=”rhcos”
PRETTY_NAME=”Red Hat Enterprise Linux CoreOS 414.92.202404011200-0 (Ootpa)”

# 查看内核版本
$ uname -r
5.14.0-284.30.1.el9_2.x86_64

1.2 环境规划

本次安装环境规划如下：

OpenShift集群：
master01.fgedu.net.cn (192.168.1.51) – 控制平面节点
master02.fgedu.net.cn (192.168.1.52) – 控制平面节点
master03.fgedu.net.cn (192.168.1.53) – 控制平面节点
worker01.fgedu.net.cn (192.168.1.61) – 工作节点
worker02.fgedu.net.cn (192.168.1.62) – 工作节点

OpenShift版本：4.14
操作系统：Red Hat Enterprise Linux CoreOS (RHCOS)
安装方式：使用OpenShift Installer
网络模式：OVN-Kubernetes
存储：NFS/OpenShift Container Storage

2. 硬件环境要求

OpenShift作为企业级容器平台，对硬件资源要求相对较高，需要考虑集群规模和工作负载需求。学习交流加群风哥微信: itpux-com

2.1 物理主机环境要求

# 控制平面节点要求
– CPU：至少8核
– 内存：至少32GB
– 磁盘：系统盘120GB SSD + 数据盘200GB SSD

# 工作节点要求
– CPU：至少16核
– 内存：至少64GB
– 磁盘：系统盘120GB SSD + 数据盘500GB SSD

# 检查控制平面节点资源
# free -h
total used free shared buff/cache available
Mem: 32G 4.2G 26G 256M 1.8G 27G
Swap: 8G 0B 8G

# 检查工作节点资源
# free -h
total used free shared buff/cache available
Mem: 64G 8.4G 54G 512M 3.6G 55G

# 检查磁盘空间
# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 120G 20G 100G 17% /
/dev/sdb1 200G 50G 150G 25% /var/lib/containers

生产环境建议：控制平面节点至少3个，工作节点根据工作负载需求规划。建议使用SSD存储以提高I/O性能。网络带宽建议10Gbps以上，以支持集群间通信。

2.2 vSphere虚拟主机环境要求

虚拟机配置：
– 控制平面节点：
– vCPU：8核
– 内存：32GB
– 磁盘：系统盘120GB SSD + 数据盘200GB SSD
– 网络：VMXNET3网卡，10Gbps网络

– 工作节点：
– vCPU：16核
– 内存：64GB
– 磁盘：系统盘120GB SSD + 数据盘500GB SSD
– 网络：VMXNET3网卡，10Gbps网络

资源池配置：
– CPU预留：控制平面4GHz，工作节点8GHz
– 内存预留：控制平面16GB，工作节点32GB
– 内存限制：控制平面32GB，工作节点64GB
– CPU份额：正常
– 内存份额：正常

2.3 云平台主机环境要求

云主机规格（阿里云/腾讯云/华为云）：
– 控制平面节点：
– 实例规格：ecs.g6.4xlarge或同等规格
– vCPU：16核
– 内存：64GB
– 系统盘：SSD云盘 120GB
– 数据盘：SSD云盘 200GB
– 网络带宽：10Gbps以上

– 工作节点：
– 实例规格：ecs.g6.8xlarge或同等规格
– vCPU：32核
– 内存：128GB
– 系统盘：SSD云盘 120GB
– 数据盘：SSD云盘 500GB
– 网络带宽：10Gbps以上

存储配置：
– OSS对象存储：用于存储镜像和备份
– NAS文件存储：用于共享数据
– 云盘快照：定期备份集群数据

3. 操作系统环境准备

在安装OpenShift之前，需要对操作系统进行必要的配置和优化。

3.1 操作系统版本检查

# 检查操作系统版本
# cat /etc/os-release
NAME=”Red Hat Enterprise Linux CoreOS”
VERSION=”414.92.202404011200-0″
ID=”rhcos”
PRETTY_NAME=”Red Hat Enterprise Linux CoreOS 414.92.202404011200-0 (Ootpa)”

# 检查内核版本
# uname -r
5.14.0-284.30.1.el9_2.x86_64

# 检查SELinux状态
# getenforce
Enforcing

# 检查防火墙状态
# systemctl status firewalld
● firewalld.service – firewalld – dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running)

3.2 内核参数优化

# 编辑sysctl.conf文件
# vi /etc/sysctl.conf

# 添加以下内核参数
fs.file-max = 6815744
kernel.sem = 250 32000 100 128
kernel.shmmni = 4096
kernel.shmall = 4294967296
kernel.shmmax = 68719476736
net.ipv4.ip_local_port_range = 9000 65500
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 1048576
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_max_syn_backlog = 8192
net.core.somaxconn = 1024
vm.swappiness = 10
vm.dirty_ratio = 15
vm.dirty_background_ratio = 5

# 容器相关内核参数
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1

# 使内核参数生效
# sysctl -p

# 验证参数设置
# sysctl -a | grep fs.file-max
fs.file-max = 6815744

3.3 用户资源限制配置

# 配置用户资源限制
# vi /etc/security/limits.conf

# 添加以下内容
* soft nproc 65535
* hard nproc 65535
* soft nofile 65535
* hard nofile 65535
* soft stack 10240
* hard stack 32768

# 验证配置
# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 63499
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 65535
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 65535
virtual memory (kbytes, -v) unlimited

3.4 依赖服务安装

# 安装必要的依赖包
# yum install -y curl wget git jq openssl

4. OpenShift安装配置

完成环境准备后，开始安装OpenShift。

4.1 下载OpenShift Installer

# 下载OpenShift Installer
# cd /tmp
# wget https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.14.0/openshift-install-linux-4.14.0.tar.gz

# 解压Installer
# tar -xzf openshift-install-linux-4.14.0.tar.gz

# 复制到/usr/local/bin
# cp openshift-install /usr/local/bin/

# 验证安装
# openshift-install version
openshift-install 4.14.0
built from commit xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
release image quay.io/openshift-release-dev/ocp-release:4.14.0-x86_64

# 下载oc命令行工具
# wget https://mirror.openshift.com/pub/openshift-v4/clients/ocp/4.14.0/openshift-client-linux-4.14.0.tar.gz

# 解压oc命令
# tar -xzf openshift-client-linux-4.14.0.tar.gz

# 复制到/usr/local/bin
# cp oc kubectl /usr/local/bin/

# 验证oc命令
# oc version
Client Version: 4.14.0

4.2 配置安装参数

# 创建安装目录
# mkdir -p /data/openshift-install
# cd /data/openshift-install

# 创建安装配置文件
# vi install-config.yaml

apiVersion: v1
baseDomain: fgedu.net.cn
metadata:
name: openshift-cluster
controlPlane:
name: master
replicas: 3
platform:
none:
hyperthreading: Enabled
resources:
requests:
cpu: “4”
memory: “16Gi”
compute:
– name: worker
replicas: 2
platform:
none:
hyperthreading: Enabled
resources:
requests:
cpu: “8”
memory: “32Gi”
networking:
networkType: OVNKubernetes
clusterNetwork:
– cidr: 10.128.0.0/14
hostPrefix: 23
serviceNetwork:
– 172.30.0.0/16
machineNetwork:
– cidr: 192.168.1.0/24
platform:
none:
pullSecret: ‘{
“auths”: {
“cloud.openshift.com”: {
“auth”: “xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”
},
“quay.io”: {
“auth”: “xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”
},
“registry.connect.redhat.com”: {
“auth”: “xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”
},
“registry.redhat.io”: {
“auth”: “xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”
}
}
}’
sshKey: “ssh-rsa xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx”

# 验证配置文件
# cat install-config.yaml

4.3 生成安装清单

# 生成安装清单
# openshift-install create manifests

# 查看生成的文件
# ls -la
-rw-r–r– 1 root root 2048 Apr 5 10:00 install-config.yaml
-rw-r–r– 1 root root 1024 Apr 5 10:00 manifests/
-rw-r–r– 1 root root 1024 Apr 5 10:00 openshift/

# 禁用内置的CSR批准器
# sed -i ‘s/mastersSchedulable: true/mastersSchedulable: false/’ manifests/cluster-scheduler-02-config.yml

# 验证修改
# cat manifests/cluster-scheduler-02-config.yml | grep mastersSchedulable
mastersSchedulable: false

4.4 创建引导ISO

# 创建引导ISO
# openshift-install create ignition-configs

# 查看生成的文件
# ls -la
-rw-r–r– 1 root root 2048 Apr 5 10:00 install-config.yaml
-rw-r–r– 1 root root 1024 Apr 5 10:00 manifests/
-rw-r–r– 1 root root 1024 Apr 5 10:00 openshift/
-rw-r–r– 1 root root 1024 Apr 5 10:00 bootstrap.ign
-rw-r–r– 1 root root 1024 Apr 5 10:00 master.ign
-rw-r–r– 1 root root 1024 Apr 5 10:00 worker.ign

# 生成引导ISO
# coreos-installer iso ignition embed -i bootstrap.ign /path/to/rhcos-live.x86_64.iso

4.5 安装OpenShift集群

# 启动引导节点
# 使用生成的ISO启动bootstrap节点

# 启动控制平面节点
# 使用master.ign配置启动master节点

# 启动工作节点
# 使用worker.ign配置启动worker节点

# 监控安装进度
# openshift-install wait-for bootstrap-complete

# 输出案例如下：
INFO Waiting up to 20m0s for the Kubernetes API at https://api.openshift-cluster.fgedu.net.cn:6443…
INFO API v1.27.0 up
INFO Waiting up to 30m0s for bootstrapping to complete…
INFO Bootstrapping complete

# 完成安装
# openshift-install wait-for install-complete

# 输出案例如下：
INFO Waiting up to 30m0s for the cluster to complete installation…
INFO Cluster is ready

4.6 验证安装

# 验证集群状态
# oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.14.0 True False 10m Cluster version is 4.14.0

# 验证节点状态
# oc get nodes
NAME STATUS ROLES AGE VERSION
master01.fgedu.net.cn Ready control-plane,master 1h v1.27.0
master02.fgedu.net.cn Ready control-plane,master 1h v1.27.0
master03.fgedu.net.cn Ready control-plane,master 1h v1.27.0
worker01.fgedu.net.cn Ready worker 1h v1.27.0
worker02.fgedu.net.cn Ready worker 1h v1.27.0

# 验证集群服务
# oc get pods -n openshift-kube-apiserver
NAME READY STATUS RESTARTS AGE
kube-apiserver-master01 2/2 Running 0 1h
kube-apiserver-master02 2/2 Running 0 1h
kube-apiserver-master03 2/2 Running 0 1h

5. OpenShift配置优化

为了提高OpenShift的性能和稳定性，需要进行一些配置优化。

5.1 集群配置优化

# 编辑集群配置
# oc edit clusterversion version

spec:
channel: stable-4.14
desiredUpdate:
version: 4.14.0
overrides:
– group: machineconfiguration.openshift.io
kind: MachineConfigPool
name: master
patch: |-
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfigPool
metadata:
name: master
spec:
machineConfigSelector:
matchLabels:
machineconfiguration.openshift.io/role: master
nodeSelector:
matchLabels:
node-role.kubernetes.io/master: “”
paused: false

# 应用配置
# oc apply -f cluster-config.yaml

5.2 节点配置优化

# 创建节点配置
# vi node-config.yaml

apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
name: 99-worker-kernel-args
labels:
machineconfiguration.openshift.io/role: worker
spec:
kernelArguments:
– ntp=time.google.com
– hugepages=1G
– default_hugepagesz=1G

# 应用配置
# oc apply -f node-config.yaml

# 验证配置
# oc get machineconfig | grep worker
NAME GENERATEDBYCONTROLLER IGNITIONVERSION AGE
99-worker-kernel-args False 3.2.0 10m

5.3 网络配置优化

# 编辑网络配置
# oc edit network.operator.openshift.io cluster

spec:
defaultNetwork:
ovnKubernetesConfig:
mtu: 1450
genevePort: 6081
gatewayConfig:
routingViaHost: true

# 验证网络配置
# oc get network.operator.openshift.io cluster -o yaml

5.4 存储配置优化

# 编辑存储配置
# oc edit storage.operator.openshift.io cluster

spec:
managementState: Managed
operatorLogLevel: Normal
observedConfig:
storageclass.kubernetes.io/is-default-class: “true”

# 验证存储配置
# oc get storage.operator.openshift.io cluster -o yaml

6. OpenShift集群管理

本节介绍OpenShift集群的基本管理操作。

6.1 集群状态管理

# 查看集群版本
# oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.14.0 True False 10m Cluster version is 4.14.0

# 查看集群操作
# oc get clusteroperator
NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE
authentication 4.14.0 True False False 1h
cloud-credential 4.14.0 True False False 1h
cluster-autoscaler 4.14.0 True False False 1h
config-operator 4.14.0 True False False 1h
console 4.14.0 True False False 1h
csi-snapshot-controller 4.14.0 True False False 1h
dns 4.14.0 True False False 1h
events 4.14.0 True False False 1h
image-registry 4.14.0 True False False 1h
ingress 4.14.0 True False False 1h
insights 4.14.0 True False False 1h
kube-apiserver 4.14.0 True False False 1h
kube-controller-manager 4.14.0 True False False 1h
kube-scheduler 4.14.0 True False False 1h
machine-api 4.14.0 True False False 1h
machine-config 4.14.0 True False False 1h
marketplace 4.14.0 True False False 1h
monitoring 4.14.0 True False False 1h
network 4.14.0 True False False 1h
node-tuning 4.14.0 True False False 1h
openshift-apiserver 4.14.0 True False False 1h
openshift-controller-manager 4.14.0 True False False 1h
openshift-samples 4.14.0 True False False 1h
operator-lifecycle-manager 4.14.0 True False False 1h
operator-lifecycle-manager-catalog 4.14.0 True False False 1h
operator-lifecycle-manager-packageserver 4.14.0 True False False 1h
service-ca 4.14.0 True False False 1h
service-catalog-apiserver 4.14.0 True False False 1h
service-catalog-controller-manager 4.14.0 True False False 1h
storage 4.14.0 True False False 1h

6.2 节点管理

# 查看节点状态
# oc get nodes
NAME STATUS ROLES AGE VERSION
master01.fgedu.net.cn Ready control-plane,master 1h v1.27.0
master02.fgedu.net.cn Ready control-plane,master 1h v1.27.0
master03.fgedu.net.cn Ready control-plane,master 1h v1.27.0
worker01.fgedu.net.cn Ready worker 1h v1.27.0
worker02.fgedu.net.cn Ready worker 1h v1.27.0

# 查看节点详细信息
# oc describe node master01.fgedu.net.cn

# 标记节点为不可调度
# oc cordon worker01.fgedu.net.cn

# 驱逐节点上的Pod
# oc drain worker01.fgedu.net.cn –ignore-daemonsets

# 标记节点为可调度
# oc uncordon worker01.fgedu.net.cn

6.3 项目管理

# 创建项目
# oc new-project fgedu-project

# 查看项目
# oc get projects

# 切换项目
# oc project fgedu-project

# 删除项目
# oc delete project fgedu-project

6.4 应用部署

# 部署应用
# oc new-app –name=nginx docker.io/library/nginx:latest

# 查看部署
# oc get deployments

# 查看Pod
# oc get pods

# 暴露服务
# oc expose deployment nginx –port=80 –type=LoadBalancer

# 查看服务
# oc get services

7. OpenShift网络配置

OpenShift使用OVN-Kubernetes作为默认网络插件，提供了完整的网络功能。

7.1 网络配置

# 查看网络配置
# oc get network.config.openshift.io cluster -o yaml

# 编辑网络配置
# oc edit network.config.openshift.io cluster

# 查看网络插件
# oc get network.operator.openshift.io cluster -o yaml

# 查看网络状态
# oc get networkpolicy -A

7.2 网络策略

# 创建网络策略
# vi network-policy.yaml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-nginx
namespace: fgedu-project
spec:
podSelector:
matchLabels:
app: nginx
ingress:
– from:
– podSelector:
matchLabels:
app: frontend
ports:
– protocol: TCP
port: 80

# 应用网络策略
# oc apply -f network-policy.yaml

# 查看网络策略
# oc get networkpolicy -n fgedu-project

7.3 网络故障排查

# 检查网络接口
# oc debug node/master01.fgedu.net.cn — chroot /host ip addr

# 检查网络路由
# oc debug node/master01.fgedu.net.cn — chroot /host ip route

# 测试网络连接
# oc exec -it nginx-1234567890-abcde — ping -c 4 www.baidu.com

# 检查网络插件状态
# oc get pods -n openshift-network-operator

8. OpenShift存储配置

OpenShift支持多种存储解决方案，包括NFS、iSCSI、Ceph等。

8.1 存储类配置

# 查看存储类
# oc get storageclass

# 创建存储类
# vi storageclass.yaml

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: nfs-storage
provisioner: kubernetes.io/nfs
parameters:
server: 192.168.1.100
path: /data/nfs
readOnly: “false”
reclaimPolicy: Retain
allowVolumeExpansion: true
volumeBindingMode: Immediate

# 应用存储类
# oc apply -f storageclass.yaml

# 设置默认存储类
# oc patch storageclass nfs-storage -p ‘{“metadata”: {“annotations”: {“storageclass.kubernetes.io/is-default-class”: “true”}}}’

8.2 持久卷配置

# 创建持久卷
# vi persistentvolume.yaml

apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-pv
labels:
type: nfs
spec:
capacity:
storage: 10Gi
accessModes:
– ReadWriteMany
nfs:
server: 192.168.1.100
path: /data/nfs

# 应用持久卷
# oc apply -f persistentvolume.yaml

# 查看持久卷
# oc get persistentvolume

# 创建持久卷声明
# vi persistentvolumeclaim.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-pvc
namespace: fgedu-project
spec:
accessModes:
– ReadWriteMany
resources:
requests:
storage: 5Gi
storageClassName: nfs-storage

# 应用持久卷声明
# oc apply -f persistentvolumeclaim.yaml

# 查看持久卷声明
# oc get persistentvolumeclaim -n fgedu-project

8.3 存储故障排查

# 检查存储类状态
# oc describe storageclass nfs-storage

# 检查持久卷状态
# oc describe persistentvolume nfs-pv

# 检查持久卷声明状态
# oc describe persistentvolumeclaim nfs-pvc -n fgedu-project

# 检查存储插件状态
# oc get pods -n openshift-storage

9. OpenShift性能优化

在生产环境中，需要对OpenShift进行性能优化以提高集群运行效率。from:www.itpux.com

9.1 资源配置优化

# 编辑集群资源配置
# vi cluster-resources.yaml

apiVersion: config.openshift.io/v1
kind: ClusterVersion
metadata:
name: version
spec:
channel: stable-4.14
desiredUpdate:
version: 4.14.0
overrides:
– group: machineconfiguration.openshift.io
kind: KubeletConfig
name: worker-kubelet-config
patch: |-
apiVersion: machineconfiguration.openshift.io/v1
kind: KubeletConfig
metadata:
name: worker-kubelet-config
spec:
machineConfigPoolSelector:
matchLabels:
pools.operator.machineconfiguration.openshift.io/worker: “”
kubeletConfig:
cpuManagerPolicy: static
cpuCfsQuota: true
cpuCfsQuotaPeriod: 100ms
memoryManagerPolicy: Static
topologyManagerPolicy: best-effort

# 应用配置
# oc apply -f cluster-resources.yaml

# 验证配置
# oc get kubeletconfig worker-kubelet-config -o yaml

9.2 调度优化

# 编辑调度器配置
# vi scheduler-config.yaml

apiVersion: config.openshift.io/v1
kind: Scheduler
metadata:
name: cluster
spec:
mastersSchedulable: false
policy:
name: “”
defaultNodeSelector: “”

# 应用配置
# oc apply -f scheduler-config.yaml

# 验证配置
# oc get scheduler cluster -o yaml

9.3 监控优化

# 编辑监控配置
# vi monitoring-config.yaml

apiVersion: monitoring.coreos.com/v1
kind: Alertmanager
metadata:
name: main
namespace: openshift-monitoring
spec:
replicas: 3
resources:
requests:
cpu: 1
memory: 1Gi
limits:
cpu: 2
memory: 2Gi

# 应用配置
# oc apply -f monitoring-config.yaml

# 验证配置
# oc get alertmanager main -n openshift-monitoring -o yaml

9.4 日志优化

# 编辑日志配置
# vi logging-config.yaml

apiVersion: logging.openshift.io/v1
kind: ClusterLogging
metadata:
name: instance
namespace: openshift-logging
spec:
managementState: Managed
logStore:
type: elasticsearch
elasticsearch:
nodeCount: 3
storage:
storageClassName: nfs-storage
size: 100Gi
resources:
requests:
cpu: 2
memory: 8Gi
limits:
cpu: 4
memory: 16Gi

# 应用配置
# oc apply -f logging-config.yaml

# 验证配置
# oc get clusterlogging instance -n openshift-logging -o yaml

生产环境建议：根据集群规模和工作负载需求调整资源配置。使用高性能存储，合理配置网络，定期清理未使用的资源以提高性能。

10. OpenShift升级迁移

本节介绍OpenShift的版本升级和数据迁移方法。

10.1 OpenShift版本升级

# 查看当前版本
# oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.14.0 True False 10m Cluster version is 4.14.0

# 查看可用版本
# oc adm upgrade

# 升级到指定版本
# oc adm upgrade –to=4.14.1

# 监控升级进度
# oc get clusterversion -w

# 输出案例如下：
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.14.0 True True 1m Working towards 4.14.1: 10% complete
version 4.14.0 True True 5m Working towards 4.14.1: 50% complete
version 4.14.1 True False 10m Cluster version is 4.14.1

# 验证升级
# oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.14.1 True False 10m Cluster version is 4.14.1

10.2 OpenShift配置迁移

# 导出集群配置
# oc export all –all-namespaces > cluster-config.yaml

# 导出项目配置
# oc export all -n fgedu-project > project-config.yaml

# 在新集群上导入配置
# oc apply -f cluster-config.yaml

# 导入项目配置
# oc apply -f project-config.yaml

# 验证配置
# oc get projects

11. OpenShift备份恢复

本节介绍OpenShift的备份和恢复方法。

11.1 OpenShift备份

# 备份etcd数据
# oc -n openshift-etcd get pods
NAME READY STATUS RESTARTS AGE
etcd-master01 2/2 Running 0 1h
etcd-master02 2/2 Running 0 1h
etcd-master03 2/2 Running 0 1h

# 执行etcd备份
# oc -n openshift-etcd rsh etcd-master01
sh-4.4# etcdctl snapshot save /tmp/etcd-snapshot.db

# 复制备份文件
# oc -n openshift-etcd cp etcd-master01:/tmp/etcd-snapshot.db /backup/etcd-snapshot-$(date +%Y%m%d).db

# 备份集群配置
# oc get all –all-namespaces -o yaml > /backup/cluster-config-$(date +%Y%m%d).yaml

11.2 OpenShift恢复

# 停止etcd服务
# oc -n openshift-etcd scale statefulset etcd –replicas=0

# 恢复etcd数据
# oc -n openshift-etcd rsh etcd-master01
sh-4.4# etcdctl snapshot restore /tmp/etcd-snapshot.db –data-dir=/var/lib/etcd

# 启动etcd服务
# oc -n openshift-etcd scale statefulset etcd –replicas=3

# 恢复集群配置
# oc apply -f /backup/cluster-config-20240405.yaml

# 验证恢复
# oc get clusterversion

11.3 OpenShift监控脚本

# 创建OpenShift监控脚本
# vi /data/openshift/scripts/openshift_monitor.sh

#!/bin/bash
LOG_FILE=”/var/log/openshift_monitor.log”
ALERT_EMAIL=”admin@fgedu.net.cn”

check_cluster_status() {
echo “$(date): Checking cluster status…” >> $LOG_FILE
status=$(oc get clusterversion -o jsonpath='{.items[0].status.conditions[?(@.type==”Available”)].status}’)
if [ “$status” = “True” ]; then
echo “$(date): Cluster status: OK” >> $LOG_FILE
else
echo “$(date): Cluster status: FAILED” >> $LOG_FILE
echo “OpenShift cluster status failed” | mail -s “OpenShift Alert” $ALERT_EMAIL
fi
}

check_node_status() {
echo “$(date): Checking node status…” >> $LOG_FILE
nodes=$(oc get nodes | grep -v STATUS | wc -l)
ready_nodes=$(oc get nodes | grep Ready | wc -l)
echo “$(date): Total nodes: $nodes, Ready nodes: $ready_nodes” >> $LOG_FILE
if [ “$nodes” -ne “$ready_nodes” ]; then
echo “$(date): Not all nodes are ready” >> $LOG_FILE
echo “Not all nodes are ready: $ready_nodes/$nodes” | mail -s “OpenShift Alert” $ALERT_EMAIL
fi
}

check_pod_status() {
echo “$(date): Checking pod status…” >> $LOG_FILE
pods=$(oc get pods –all-namespaces | grep -v STATUS | wc -l)
running_pods=$(oc get pods –all-namespaces | grep Running | wc -l)
echo “$(date): Total pods: $pods, Running pods: $running_pods” >> $LOG_FILE
if [ “$pods” -ne “$running_pods” ]; then
echo “$(date): Not all pods are running” >> $LOG_FILE
echo “Not all pods are running: $running_pods/$pods” | mail -s “OpenShift Alert” $ALERT_EMAIL
fi
}

main() {
check_cluster_status
check_node_status
check_pod_status
}

main

# 添加执行权限
# chmod +x /data/openshift/scripts/openshift_monitor.sh

# 添加定时任务
# crontab -e
*/15 * * * * /data/openshift/scripts/openshift_monitor.sh

生产环境建议：定期备份OpenShift集群数据，建议每天执行一次etcd备份。监控脚本建议每15分钟执行一次，及时发现并处理问题。恢复操作前务必停止相关服务，避免数据不一致。

通过以上步骤，OpenShift安装配置、性能优化、升级迁移、备份恢复等内容已全部完成。OpenShift作为企业级容器平台，能够高效地管理和运行容器，是企业级应用部署的理想选择。

本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html