OpenShift Hybrid cloud platform içindir.
OKD Nedir
Aslında herkes Kubernetes'e kendi ismini veriyor. Açıklaması şöyle
Kubernetes is called Elastic Kubernetes Service (EKS) by Amazon, Azure Kubernetes Service (AKS) by Microsoft, and Google Kubernetes Engine (GKE) by Google.
Red Hat te OpenShift ismini vermiş. OKD ise OpenShift'in açık kaynak olanına verilen isim. Açıklaması şöyle.
OKD is the community distribution of Kubernetes that powers Red Hat OpenShift. To make it simple to understand, OKD is the open source version of OpenShift.
OKD Neyin Kısaltması
Açıklaması şöyle. Origin Key Distribution demek
OpenShift OKD (Origin Key Distribution) is the community distribution of Kubernetes that powers Red Hat OpenShift. Also referred to as Origin, it supports multiple programming languages, including Go, Node.js, Ruby, Python, PHP, Perl, and Java.OKD is a sibling Kubernetes distribution to Red Hat OpenShift. Enterprise-level support is offered with OpenShift only, not OKD.
OpenShift vs Kubernetes
Şeklen şöyle
Açıklaması şöyle
OpenShift bakes in strong security best practices and policies on the platform, layering in controls to secure data, networking, build pipelines, container registry, API endpoints, and gateways. It provides security features for multi-tenant networking and fine-grained network control. All traffic to the control plane is encrypted. Application traffic is encrypted with OpenShift Service Mesh.By default, OpenShift prevents containers from running as root. In addition, it enables granular deployment policies that allow operations, security, and compliance teams to enforce quotas, isolation, and access protections. It also provides embedded Role-based access controls (RBAC).OpenShift provides strong encryption controls to protect sensitive data, including platform secrets and application configuration data. OpenShift optionally uses FIPS 140–2 Level 1 compliant encryption modules to meet security standards for U.S. federal departments.Because OpenShift has much more strict security policies than native Kubernetes out of the box, this can be harder to administer as the policies need to be learned, and a higher level of privilege is needed to administer them. This might prove restrictive initially, but ultimately provides a much more holistic and better level of security to your platform.
7. Image Registry Management - Internal Registry
OpenShift ile bir tane dahili registry geliyor. Açıklaması şöyle
Openshift uses an integrated container registry called ImageStreams to make image management easy, something which is not natively handled in Kubernetes.Kubernetes does not have an integrated image registry. A 3rd party one must be used, such as Azure Container Registry (ACR) or Amazon Elastic Container Registry (ECR).
Örnek
Benim kullandığım OpenShift Google Cloud üzerinde kuruluydu ve Google Cloud ile gelen gcr registry kullanılıyordu. Buraya image yüklemek için 2 yöntem var.
1. Yerel makinedeki docker'ı kullanarak image yüklenebilir.
2. GCloud üzerindeki docker'ı kullanarak image yüklenebilir. Ben ikinci yöntemi tercih ettim, çünkü kendi bilgisayarıma gcloud'a tanıtmak istemedim
1. Image'lar yerel podman'e çekilir.
podman pull planetscale/vitess-operator:v2.6.0podman pull vitess/lite:v12.0.3-mysql80 podman pull prom/mysqld-exporter:v0.11.0 podman pull quay.io/etcd:v3.3.13
Sonra tar'ları dışarı alırız.
podman save 84175eb1e097 > vitess-operator.tar podman save 272b8c7012d6 > vitesslite.tar podman save 1e3509b14de0 > etcd.tar podman save e80442e91b90 > mysqldexporter.tar
Karşı makineye kopyalarız
sudo scp vitess-operator.tar root@172.18.16.8:/home/foo/vitess-operator.tar
Docker ile şöyle. Neden tag gerektiğinin açıklaması burada
docker load -i vitess-operator.tar docker tag planetscale/vitess-operator:v2.6.0 gcr.io/product-spanner/oce/planetscale/vitess-operator:v2.6.0
GCR registry'e giriş yapmak gerekir. Şöyle yaparız
docker login -u oauth2accesstoken -p "$(gcloud auth print-access-token)" https://gcr.io/product-spanner/oce
Daha sonra bunları iteriz. Şöyle yaparız
docker push gcr.io/product-spanner/oce/planetscale/vitess-operator:v2.6.0
GCR registrdeki image'ları kontrol etmek için şöyle yaparız
gcloud container images list --repository=gcr.io/product-spanner/oce | grep planet
Veya şöyle yaparız
https://console.cloud.google.com/gcr/images/product-spanner/global/oce
Hiç yorum yok:
Yorum Gönder