尝试在IBM容器(Kubernetes)上构建OpenWhisk
这是一个稍作中断后再次发布的帖子。
之前在Bluemix用户群讨论了OpenWhisk,我想接着讨论下去…但最近我们不得不与IBM Containers(Kubernetes)深入了解,所以我们决定在Kubernetes上配置OpenWhisk环境,一起享受乐趣。
我正在Mac OS v10.12.5上进行以下尝试。请注意,根据您的环境,步骤可能会有些许变化。
IBM容器(Kubernetes)是什么?
这是最近在IBM Bluemix平台上推出的新的CaaS(容器即服务)环境。详细信息可以参考以下内容。
-
- bluemix kubernetes clusterを試してみる
- IBM Bluemix Container Serviceで自前のdocker imageを稼働させるまで
这次我们将假设已经有一个Kubernetes集群环境,环境是免费的多租户的Lite Cluster足够使用。如果需要单租户的环境,我们会提前准备一个标准的Cluster。
准备与OpenWhisk部署相关的代码。
IBM已经在其Bluemix平台上公开了用于将Openwhisk部署到Kubernetes的步骤。
(1)利用Bluemix容器服务,将OpenWhisk部署在Kubernetes上
然而,实际上,以下存储库中的代码是引入代码。
(2) Github – 用于Kubernetes的OpenWhisk部署
在导入之前,最好两个都有,因此暂时使用 ” \$HOME/workspace “(\$HOME是终端的主目录)通过 git clone 命令拉取各自的代码。
$git clone https://github.com/IBM/OpenWhisk-on-Kubernetes.git
Cloning into 'OpenWhisk-on-Kubernetes'...
remote: Counting objects: 222, done.
remote: Total 222 (delta 0), reused 0 (delta 0), pack-reused 222
Receiving objects: 100% (222/222), 716.35 KiB | 134.00 KiB/s, done.
Resolving deltas: 100% (123/123), done.
$git clone https://github.com/apache/incubator-openwhisk-deploy-kube.git
Cloning into 'incubator-openwhisk-deploy-kube'...
remote: Counting objects: 212, done.
remote: Compressing objects: 100% (26/26), done.
remote: Total 212 (delta 2), reused 22 (delta 2), pack-reused 180
Receiving objects: 100% (212/212), 66.87 KiB | 54.00 KiB/s, done.
Resolving deltas: 100% (58/58), done.
因为之后可能成为后续前提条件,所以我会将OpenWhisk的源代码先下载到我的电脑上。这次我将跟上面提到的源代码一样,将其保存在“\$HOME/workspace”文件夹中。
$git clone --depth=1 https://github.com/apache/incubator-openwhisk.git openwhisk
:
建议将OpenWhisk的操作命令wsk命令放置在「\$HOME/workspace/openwhisk/bin」目录下,并添加到系统路径中。您可以从以下链接下载wsk命令:
https://openwhisk.ng.bluemix.net/cli/go/download/
访问集群
在假设已经创建了名为“mycluster”的集群的情况下,通过Bluemix命令登录后,下载集群的配置。
$bluemix cs cluster-config mycluster
Downloading cluster config for mycluster
OK
mycluster の構成は正常にダウンロードされました。 環境変数をエクスポートして Kubernetes の使用を開始してください。
export KUBECONFIG=/Users/hoge/.bluemix/plugins/container-service/clusters/mycluster/kube-config-dal10-mycluster.yml
如果成功下载了配置信息,然后将环境变量KUBECONFIG在终端上设置为与操作系统相匹配,并通过以下命令确认是否可以访问。如果能够确认服务器版本,则应该没有问题。
$kubectl version
Client Version: version.Info{Major:"1", Minor:"6", GitVersion:"v1.6.6", GitCommit:"7fa1c1756d8bc963f1a389f4a6937dc71f08ada2", GitTreeState:"clean", BuildDate:"2017-06-16T18:34:20Z", GoVersion:"go1.7.6", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"5+", GitVersion:"v1.5.6-4+abe34653415733", GitCommit:"abe346534157336e6bd5a70702756cff19d43a49", GitTreeState:"clean", BuildDate:"2017-05-18T16:52:50Z", GoVersion:"go1.7.4", Compiler:"gc", Platform:"linux/amd64"}
创建命名空间
在Kubernetes上创建一个命名空间(namespace)。命名空间是一个虚拟的集群,用于定义当需要分割Pod的作用范围时。命名空间默认为“openwhisk”。
# incubator-openwhisk-deploy-kubeに移動
$cd $HOME/incubator-openwhisk-deploy-kube
# 名前空間を作成するためのリソース・ファイルを確認
$cat configure/openwhisk_kube_namespace.yml
kind: Namespace
apiVersion: v1
metadata:
name: openwhisk
labels:
name: openwhisk
# 名前空間の作成
$kubectl apply -f configure/openwhisk_kube_namespace.yml
namespace "openwhisk" created
給予適當的許可權
为了在IBM容器的Kubernetes上配置OpenWhisk,您需要提供适当的权限。以下是权限定义的实施。
# OpenWhisk-on-Kubernetesに移動
$cd $HOME/OpenWhisk-on-Kubernetes
# パーミッションを与えるためのリソース・ファイルを確認
$cat permission.yaml
apiVersion: rbac.authorization.k8s.io/v1alpha1
kind: ClusterRoleBinding
metadata:
name: openwhisk:admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: default
namespace: openwhisk
# パーミッションの作成
$kubectl create -f permission.yaml
clusterrolebinding "openwhisk:admin" created
構成OpenWhisk。
只需要进行一些设置,就完成了,太简单了!! …虽然非常想这样说,但按照README给出的配置并不能创建用于执行操作的调用程序,所以无法继续进行。
2017/07/14 追記
在Issue上确认后,发现正试图进行规格变更。为了引入invoker,已经准备了相应的资源文件,并要求单独进行引入。仓库的更新似乎还未完成,一旦更新完成,将会更新以下的配置步骤说明。
在中文中重新表达如下:
所以,我们需要自己创建所需的映像。这也在README中有所提及,只需按照说明来进行构建,就不会迷失方向。前提是您必须拥有DockerHub帐户,如果没有,就去获取一个吧。
转到孵化器-OpenWhisk-Deploy-Kube并运行脚本”docker/build.sh”,但是由于Mac OS上的sed选项不同,它肯定会产生错误。
$cat docker/build.sh
#!/usr/bin/env bash
:
# build nginx
pushd $SCRIPTDIR/nginx
mkdir -p blackbox
pushd blackbox
# copy docker sdk to dockerSkeleton in scratch space
cp $OPENWHISK_DIR/sdk/docker/buildAndPush.sh .
cp $OPENWHISK_DIR/sdk/docker/Dockerfile .
cp $OPENWHISK_DIR/sdk/docker/example.c .
cp $OPENWHISK_DIR/sdk/docker/README.md .
# rename base image in Dockerfile (この下の行が問題)
sed -i "s|FROM dockerskeleton|FROM openwhisk/dockerskeleton|g" Dockerfile
:
作为回避策,您可以使用Homebrew将gnu-sed安装并将其作为sed的别名gsed注册,或者直接将脚本改写为gsed而不是sed可能更为快捷。
$brew install gnu-sed
Updating Homebrew...
==> Auto-updated Homebrew!
Updated 1 tap (caskroom/cask).
No changes to formulae.
==> Downloading https://homebrew.bintray.com/bottles/gnu-sed-4.4.sierra.bottle.tar.gz
:
? /usr/local/Cellar/gnu-sed/4.4: 12 files, 491KB
一旦我们采取了回避策,接下来将立即进行构建处理。执行命令“docker/build <(可选)openwhisk目录>”即可,其中第一个参数是DockerHub的帐户名,第二个参数是OpenWhisk源代码存储库的路径即可。尤其是第二个参数,如果将其设置为“$HOME/workspace/openwhisk”,则无需指定。
$./docker/build.sh ra1nmaker
+ '[' -z ra1nmaker ']'
+ OPENWHISK_DIR=
+ '[' -z '' ']'
+ cat
Second argument should be location of the OpenWhisk repo on the local
:
f5cfc06b640d: Layer already exists
9669d6b73383: Layer already exists
v1.6.2-dev: digest: sha256:0f98ed7d0be15dea93d47ef8e410f112dc464c4deb097d53ef94f061446ab9f0 size: 2620
+ popd
~/workspace/incubator-openwhisk-deploy-kube
如果没有特别的错误的话,就可以了。登录到DockerHub后,可以确认whisk_config这个名称的镜像已经创建成功了。这个镜像是用来构建OpenWhisk的配置的镜像。
当准备好后,打开用于配置OpenWhisk的资源文件,并将“image”项目替换为创建的图像。
$cat configure/configure_whisk.yml
---
apiVersion: batch/v1
kind: Job
metadata:
name: configure-openwhisk
namespace: openwhisk
labels:
name: configure-openwhisk
spec:
completions: 1
template:
metadata:
labels:
name: config
spec:
restartPolicy: Never
containers:
- name: configure-openwhisk
image: ra1nmaker/whisk_config:v1.5.6
imagePullPolicy: Always
command: [ "/incubator-openwhisk-deploy-kube/configure/configure.sh" ]
一旦編輯完成後,我們將實際導入 OpenWhisk。
# OpenWhiskの導入
$kubectl apply -f configure/configure_whisk.yml
job "configure-openwhisk" created
执行后,将在Kubernetes上创建Pod,并运行OpenWhisk的配置任务。如果想要核实作业的状态,建议通过以下方式尾随日志。
# 構成ジョブ用のポッド名を確認
$kubectl -n openwhisk get pods
NAME READY STATUS RESTARTS AGE
configure-openwhisk-s520q 0/1 ContainerCreating 0 30s
# ポッドがレディーな状態になったのを確認してから、ログをtail
$kubectl -n openwhisk logs -f configure-openwhisk-s520q
:
Wednesday 12 July 2017 02:16:30 +0000 (0:00:00.040) 0:03:22.966 ********
===============================================================================
invoker : wait until Invoker is up and running ------------------------- 82.59s
consul : wait until the Consul Server/Agent in this host is up and running -- 40.93s
controller : wait until the Controller in this host is up and running -- 12.35s
Gathering Facts --------------------------------------------------------- 8.03s
Gathering Facts --------------------------------------------------------- 7.74s
Gathering Facts --------------------------------------------------------- 7.73s
Gathering Facts --------------------------------------------------------- 7.69s
Gathering Facts --------------------------------------------------------- 7.68s
kafka : create the active-ack and health topic -------------------------- 5.72s
kafka : create the invoker topics --------------------------------------- 2.84s
consul : fill consul kv ------------------------------------------------- 2.46s
kafka : wait until the Zookeeper in this host is up and running --------- 1.26s
kafka : get kafka pods -------------------------------------------------- 1.16s
consul : create configmap ----------------------------------------------- 1.12s
consul : create consul deployment --------------------------------------- 1.10s
invoker : create invoker deployment ------------------------------------- 1.10s
kafka : get zookeeper pods ---------------------------------------------- 1.10s
kafka : create zookeeper deployment ------------------------------------- 1.09s
kafka : create kafka deployment ----------------------------------------- 1.09s
controller : create controller deployment ------------------------------- 1.09s
+ popd
/
当作业执行完毕后,Pod将停止运行。在停止后,您可以查看Pod列表,确认OpenWhisk组件的Pod正在运行!
$kubectl -n openwhisk get pods --show-all=true
NAME READY STATUS RESTARTS AGE
configure-openwhisk-s520q 0/1 Completed 0 7m
consul-57995027-gtkfr 2/2 Running 0 5m
controller-3250411552-jxnrd 1/1 Running 0 4m
couchdb-109298327-0h6c6 1/1 Running 0 6m
invoker-0 1/1 Running 0 4m
kafka-1060962555-62sx5 1/1 Running 0 4m
zookeeper-1304892743-w5vwj 1/1 Running 0 4m
配置端点
只要按照README上的步骤进行,就足够了,但以下是作为备忘录留下来的。
# nginxの構成ディレクトリーに移動する
$ cd $HOME/incubator-openwhisk-deploy-kube/kubernetes/nginx
# オレオレ証明書を作成する (本当はここでちゃんとした証明書を発行したいところ)
$./certs.sh localhost
+ '[' -z localhost ']'
+ mkdir -p certs
+ openssl req -x509 -newkey rsa:2048 -keyout certs/key.pem -out certs/cert.pem -nodes -subj /CN=localhost -days 365
Generating a 2048 bit RSA private key
................+++
....................................................+++
writing new private key to 'certs/key.pem'
# nginxの構成ファイルをコンフィグ・マップに登録
$ kubectl -n openwhisk create configmap nginx --from-file=nginx.conf
configmap "nginx" created
# 証明書をシークレットに登録
$ kubectl -n openwhisk create secret tls nginx --cert=certs/cert.pem --key=certs/key.pem
secret "nginx" created
# Nginxの構成のためのリソース・ファイルを編集する (イメージの部分を置き換える)
$cat nginx.yml
:
containers:
- name: nginx
imagePullPolicy: Always
image: ra1nmaker/whisk_nginx
:
# Nginxの構成
$kubectl apply -f nginx.yml
service "nginx" created
deployment "nginx" created
# 結果の確認
$kubectl -n openwhisk get pods --show-all=true
NAME READY STATUS RESTARTS AGE
configure-openwhisk-s520q 0/1 Completed 0 14m
consul-57995027-gtkfr 2/2 Running 0 12m
controller-3250411552-jxnrd 1/1 Running 0 11m
couchdb-109298327-0h6c6 1/1 Running 0 13m
invoker-0 1/1 Running 0 10m
kafka-1060962555-62sx5 1/1 Running 0 11m
nginx-599024668-lg718 1/1 Running 0 1m
zookeeper-1304892743-w5vwj 1/1 Running 0 11m
访问OpenWhisk
通过准备Nginx,定义了访问OpenWhisk的端点。我们使用名为NodePort的服务来从外部访问,所以需要通过命令确认要访问的IP地址和端口,并进行访问。
# ノードのIPアドレスを確認
$kubectl get nodes
NAME STATUS AGE VERSION
xx.xx.xx.xx Ready 17d v1.5.6-4+abe34653415733
# 確認したIPアドレスを環境変数WSK_IPADDRにセット
$export WSK_IPADDR=xx.xx.xx.xx
# NodePortで公開されているポート番号を環境変数WSK_PORTに埋め込む
$export WSK_PORT=$(kubectl -n openwhisk describe service nginx | grep https-api | grep NodePort| awk '{print $3}' | cut -d'/' -f1)
# プロパティーをセット
# 認証情報はREADME通り「789c46b1-71f6-4ed5-8c54-816aa4f8c502:abczO3xZCLrMN6v2BKK1dXYFpXlPkccOFqm12CdAsMgRU4VrNZ9lyGVCGuMDGIwP」を使用
$wsk property set --auth 789c46b1-71f6-4ed5-8c54-816aa4f8c502:abczO3xZCLrMN6v2BKK1dXYFpXlPkccOFqm12CdAsMgRU4VrNZ9lyGVCGuMDGIwP --apihost https://$WSK_IPADDR:$WSK_PORT
ok: whisk auth set. Run 'wsk property get --auth' to see the new value.
ok: whisk API host set to https://xx.xx.xx.xx:31800
以上就是命令行设置的完成,现在只需要导入必要的软件包即可。
使用wsk导入系统包
这也只是按照惯例普通地引入而已。
# カタログのソースコードをダウンロード
cd $HOME/workspace
git clone https://github.com/apache/incubator-openwhisk-catalog
# 導入スクリプトがあるディレクトリに移動
cd $workspace/incubator-openwhisk-catalog/packages
# パッケージの導入
# 認証情報はREADME通り「789c46b1-71f6-4ed5-8c54-816aa4f8c502:abczO3xZCLrMN6v2BKK1dXYFpXlPkccOFqm12CdAsMgRU4VrNZ9lyGVCGuMDGIwP」を使用
$ ./installCatalog.sh 789c46b1-71f6-4ed5-8c54-816aa4f8c502:abczO3xZCLrMN6v2BKK1dXYFpXlPkccOFqm12CdAsMgRU4VrNZ9lyGVCGuMDGIwP https://$WSK_IPADDR:$WSK_PORT
Installing OpenWhisk packages
Installing package installCombinators.sh with pid 32554
Installing package installGit.sh with pid 32555
Installing package installSlack.sh with pid 32556
Installing package installSystem.sh with pid 32557
Installing package installWatson.sh with pid 32558
Installing package installWeather.sh with pid 32559
Installing package installWebSocket.sh with pid 32560
Installing action combinator package.
Installing Git package.
Creating package combinators with pid 32603
Installing whisk.system entities.
Creating package github with pid 32604
Installing Watson package.
Installing Slack package.
Creating package utils with pid 32605
Creating package watson-translator with pid 32606
Creating package slack with pid 32607
Creating package samples with pid 32608
Installing WebSocket package.
Creating package watson-speechToText with pid 32609
Creating package websocket with pid 32610
Installing Weather package.
Creating package watson-textToSpeech with pid 32611
Creating package weather with pid 32612
ok: updated package github
ok: updated package watson-textToSpeech
ok: updated package watson-translator
ok: updated package websocket
ok: updated package watson-speechToText
ok: updated package weather
ok: updated package slack
ok: updated package utils
ok: updated package combinators
ok: updated package samples
32604 finished with status 0
32606 finished with status 0
32609 finished with status 0
32611 finished with status 0
32610 finished with status 0
32607 finished with status 0
32612 finished with status 0
32605 finished with status 0
Installing slack/post with pid 32613
Installing websocket/send with pid 32614
Installing github/webhook with pid 32615
32608 finished with status 0
32603 finished with status 0
Installing weather/forecast with pid 32616
Installing watson-speechToText/speechToText with pid 32617
Installing utils/echo with pid 32618
Installing combinators/eca with pid 32619
Installing utils/cat with pid 32620
Installing watson-translator/translator with pid 32621
Installing combinators/forwarder with pid 32622
Installing utils/smash with pid 32623
Installing watson-translator/languageId with pid 32624
Installing combinators/retry with pid 32625
Installing utils/split with pid 32626
Installing watson-textToSpeech/textToSpeech with pid 32627
Installing combinators/trycatch with pid 32628
Installing utils/sort with pid 32629
Installing utils/head with pid 32630
Installing utils/date with pid 32631
Installing utils/namespace with pid 32632
Installing utils/hosturl with pid 32633
Installing samples/helloWorld with pid 32634
Installing samples/greeting with pid 32635
Installing samples/wordCount with pid 32636
Installing samples/curl with pid 32637
ok: updated action utils/smash
ok: updated action combinators/eca
32619 finished with status 0
ok: updated action slack/post
32613 finished with status 0
Slack package ERRORS = 0
ok: updated action combinators/trycatch
ok: updated action utils/sort
ok: updated action samples/wordCount
ok: updated action utils/echo
32618 finished with status 0
ok: updated action samples/helloWorld
ok: updated action samples/greeting
ok: updated action utils/split
ok: updated action utils/namespace
ok: updated action combinators/retry
ok: updated action combinators/forwarder
ok: updated action samples/curl
ok: updated action github/webhook
ok: updated action weather/forecast
32622 finished with status 0
32625 finished with status 0
32628 finished with status 0
combinator package ERRORS = 0
32554 finished with status 0
32615 finished with status 0
Git package ERRORS = 0
32555 finished with status 0
32556 finished with status 0
32616 finished with status 0
Weather package ERRORS = 0
ok: updated action utils/hosturl
ok: updated action websocket/send
32614 finished with status 0
WebSocket package ERRORS = 0
ok: updated action watson-textToSpeech/textToSpeech
ok: updated action utils/head
ok: updated action watson-speechToText/speechToText
32617 finished with status 0
ok: updated action utils/cat
32620 finished with status 0
32623 finished with status 0
32626 finished with status 0
32629 finished with status 0
32630 finished with status 0
ok: updated action watson-translator/languageId
ok: updated action utils/date
32631 finished with status 0
32632 finished with status 0
32633 finished with status 0
32634 finished with status 0
32635 finished with status 0
32636 finished with status 0
32637 finished with status 0
whisk.system entities ERRORS = 0
32557 finished with status 0
ok: updated action watson-translator/translator
32621 finished with status 0
32624 finished with status 0
32627 finished with status 0
Watson package ERRORS = 0
32558 finished with status 0
32559 finished with status 0
32560 finished with status 0
open catalog ERRORS = 0
# 導入できたかの確認
$wsk -i package list
packages
/whisk.system/watson-translator shared
/whisk.system/weather shared
/whisk.system/utils shared
/whisk.system/watson-textToSpeech shared
/whisk.system/github shared
/whisk.system/slack shared
/whisk.system/combinators shared
/whisk.system/websocket shared
/whisk.system/watson-speechToText shared
/whisk.system/samples shared
以上就是设置完成了。
测试OpenWhisk
然后我会随意执行一些行动。
$wsk -i action invoke /whisk.system/utils/echo -p message hello --blocking --result
{
"message": "hello"
}
只要没有错误,就可以执行完毕了!
总结
我按照IBM Containers(Kubernetes)上的My OpenWhisk环境设置步骤进行了实验。目前,如果不自制镜像可能无法顺利进行,但我认为很快会有修正,所以您可以等待修正后再尝试引入。
在我个人看来,由于我OpenWhisk环境中没有API Gateway,我计划继续在这个Kubernetes集群中的OpenWhisk中进行额外的引入。
