登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
2 Star 0 Fork 0

Follw.Me / origin

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
分支 5
标签 68
贡献代码
同步代码
创建 Pull Request
了解更多
对比差异 通过 Pull Request 同步
同步更新到分支
通过 Pull Request 同步
将会在向当前分支创建一个 Pull
Request,合入后将完成同步
取消
提示: 由于 Git 不支持空文件夾,创建文件夹后会生成空的 .keep 文件
.github
.tito
Godeps
api
assets
cmd
contrib
docs
examples
hack
images
pkg
test
third_party/github.com/docker/libcompose/project
tools
vendor
.gitattributes
.gitignore
.travis.yml
CONTRIBUTING.adoc
HACKING.md
LICENSE
Makefile
README.md
UPGRADE.md
Vagrantfile
doc.go
origin.spec
Loading...
README
Apache-2.0

OpenShift Application Platform

Go Report Card GoDoc Travis Jenkins Join the chat at freenode:openshift-dev Licensed under Apache License version 2.0

OpenShift Origin is a distribution of Kubernetes optimized for continuous application development and multi-tenant deployment. OpenShift adds developer and operations-centric tools on top of Kubernetes to enable rapid application development, easy deployment and scaling, and long-term lifecycle maintenance for small and large teams.

Watch the full asciicast

Features:

  • Easily build applications with integrated service discovery and persistent storage.
  • Quickly and easily scale applications to handle periods of increased demand.
    • Support for automatic high availability, load balancing, health checking, and failover.
  • Push source code to your Git repository and automatically deploy containerized applications.
  • Web console and command-line client for building and monitoring applications.
  • Centralized administration and management of an entire stack, team, or organization.
    • Create reusable templates for components of your system, and iteratively deploy them over time.
    • Roll out modifications to software stacks to your entire organization in a controlled fashion.
    • Integration with your existing authentication mechanisms, including LDAP, Active Directory, and public OAuth providers such as GitHub.
  • Multi-tenancy support, including team and user isolation of containers, builds, and network communication.
    • Allow developers to run containers securely with fine-grained controls in production.
    • Limit, track, and manage the developers and teams on the platform.
  • Integrated Docker registry, automatic edge load balancing, cluster logging, and integrated metrics.

Learn More:

For questions or feedback, reach us on IRC on #openshift-dev on Freenode or post to our mailing list.

Getting Started

Installation

If you have downloaded the client tools from the releases page, place the included binaries in your PATH.

  • On any system with a Docker engine installed, you can run oc cluster up to get started immediately. Try it out now!
  • For a full cluster installation using Ansible, follow the Advanced Installation guide
  • To build and run from source, see CONTRIBUTING.adoc

Concepts

OpenShift builds a developer-centric workflow around Docker containers and Kubernetes runtime concepts. An Image Stream lets you easily tag, import, and publish Docker images from the integrated registry. A Build Config allows you to launch Docker builds, build directly from source code, or trigger Jenkins Pipeline jobs whenever an image stream tag is updated. A Deployment Config allows you to redeploy whenever a new image becomes available. Routes make it trivial to expose your Kubernetes services via a public DNS name. As an administrator, you can enable your developers to request new Projects which come with predefined roles, quotas, and security controls to fairly divide access.

For more on the underlying concepts of OpenShift, please see the documentation site.

OpenShift API

The OpenShift API is located on each server at https://<host>:8443/oapi/v1. These APIs are described via Swagger v1.2 at https://<host>:8443/swaggerapi/oapi/v1. For more, see the API documentation.

Kubernetes

OpenShift embeds Kubernetes and extends it with security and other integrated concepts. An OpenShift Origin release corresponds to the Kubernetes distribution - for example, OpenShift 1.4 includes Kubernetes 1.4.

If you're looking for more information about using Kubernetes or the lower level concepts that Origin depends on, see the following:

What can I run on OpenShift?

OpenShift is designed to run any existing Docker images. Additionally, you can define builds that will produce new Docker images using a Dockerfile.

For an easier experience running your source code, Source-to-Image (S2I) allows developers to simply provide an application source repository containing code to build and run. It works by combining an existing S2I-enabled Docker image with application source to produce a new runnable image for your application.

You can see the full list of Source-to-Image builder images and it's straightforward to create your own. Some of our available images include:

Your application image can be easily extended with a database service with our database images:

What sorts of security controls does OpenShift provide for containers?

OpenShift runs with the following security policy by default:

  • Containers run as a non-root unique user that is separate from other system users
    • They cannot access host resources, run privileged, or become root
    • They are given CPU and memory limits defined by the system administrator
    • Any persistent storage they access will be under a unique SELinux label, which prevents others from seeing their content
    • These settings are per project, so containers in different projects cannot see each other by default
  • Regular users can run Docker, source, and custom builds
    • By default, Docker builds can (and often do) run as root. You can control who can create Docker builds through the builds/docker and builds/custom policy resource.
  • Regular users and project admins cannot change their security quotas.

Many Docker containers expect to run as root (and therefore edit all the contents of the filesystem). The Image Author's guide gives recommendations on making your image more secure by default:

* Don't run as root
* Make directories you want to write to group-writable and owned by group id 0
* Set the net-bind capability on your executables if they need to bind to ports &lt;1024

If you are running your own cluster and want to run a container as root, you can grant that permission to the containers in your current project with the following command:

# Gives the default service account in the current project access to run as UID 0 (root)
oc adm add-scc-to-user anyuid -z default

See the security documentation more on confining applications.

Support for Kubernetes Alpha Features

Some features from upstream Kubernetes are not yet enabled in OpenShift, for reasons including supportability, security, or limitations in the upstream feature.

Kubernetes Definitions:

  • Alpha
    • The feature is available, but no guarantees are made about backwards compatibility or whether data is preserved when feature moves to Beta.
    • The feature may have significant bugs and is suitable for testing and prototyping.
    • The feature may be replaced or significantly redesigned in the future.
    • No migration to Beta is generally provided other than documentation of the change.
  • Beta
    • The feature is available and generally agreed to solve the desired solution, but may need stabilization or additional feedback.
    • The feature is potentially suitable for limited production use under constrained circumstances.
    • The feature is unlikely to be replaced or removed, although it is still possible for feature changes that require migration.

OpenShift uses these terms in the same fashion as Kubernetes, and adds four more:

  • Not Yet Secure
    • Features which are not yet enabled because they have significant security or stability risks to the cluster
    • Generally this applies to features which may allow escalation or denial-of-service behavior on the platform
    • In some cases this is applied to new features which have not had time for full security review
  • Potentially Insecure
    • Features that require additional work to be properly secured in a multi-user environment
    • These features are only enabled for cluster admins by default and we do not recommend enabling them for untrusted users
    • We generally try to identify and fix these within 1 release of their availability
  • Tech Preview
    • Features that are considered unsupported for various reasons are known as 'tech preview' in our documentation
    • Kubernetes Alpha and Beta features are considered tech preview, although occasionally some features will be graduated early
    • Any tech preview feature is not supported in OpenShift Container Platform except through exemption
  • Disabled Pending Migration
    • These are features that are new in Kubernetes but which originated in OpenShift, and thus need migrations for existing users
    • We generally try to minimize the impact of features introduced upstream to Kubernetes on OpenShift users by providing seamless migration for existing clusters.
    • Generally these are addressed within 1 Kubernetes release

The list of features that qualify under these labels is described below, along with additional context for why.

Feature Kubernetes OpenShift Justification
Third Party Resources Alpha (1.4, 1.5) Not Yet Secure Third party resources are still under active development upstream.
Known issues include failure to clean up resources in etcd, which may result in a denial of service attack against the cluster.
We are considering enabling them for development environments only.
Garbage Collection Alpha (1.3)
Beta (1.4, 1.5)		 Tech Preview (1.4, 1.5) Garbage collection will automatically delete related resources on the server, and thus given the potential for data loss we are waiting for GC to graduate to beta and have a full release cycle of testing before enabling it in Origin.
Stateful Sets Alpha (1.3, 1.4)
Beta (1.5)		 Tech Preview (1.3, 1.4, 1.5) Stateful Sets are still being actively developed and no backwards compatibility is guaranteed until 1.5 is released. Starting in 1.5, Stateful Sets will be enabled by default and some backwards compatibility will be guaranteed.
Init Containers Alpha (1.3, 1.4)
Beta(1.5)		 Tech Preview (1.3, 1.4, 1.5) Init containers are properly secured, but will not be officially supported until 1.6.
Federated Clusters Alpha (1.3)
Beta (1.4, 1.5)		 Tech Preview (1.3, 1.4, 1.5) A Kubernetes federation server may be used against Origin clusters with the appropriate credentials today.
Known issues include tenant support in federation and the ability to have consistent access control between federation and normal clusters.
No Origin specific binary is being distributed for federation at this time.
Deployment Beta (1.3, 1.4, 1.5) Tech Preview (1.3, 1.4, 1.5) OpenShift launched with DeploymentConfigs, a more fully featured Deployment object. DeploymentConfigs are more appropriate for developer flows where you want to push code and have it automatically be deployed, and also provide more advanced hooks and custom deployments. Use Kubernetes Deployments when you are managing change outside of OpenShift.
Replica Sets Beta (1.3, 1.4, 1.5) Tech Preview (1.3, 1.4, 1.5) Replica Sets perform the same function as Replication Controllers, but have a more powerful label syntax. Both ReplicationControllers and ReplicaSets can be used.
Ingress Beta (1.2, 1.3, 1.4, 1.5) Tech Preview (1.3, 1.4, 1.5) OpenShift launched with Routes, a more full featured Ingress object. In 1.5, Ingress rules can be read by the router (disabled by default), but because Ingress objects reference secrets you must grant the routers a very level of access to your cluster to run with them. Future changes will likely reduce the security impact of enabling Ingress.
PodSecurityPolicy Beta (1.3, 1.4, 1.5) Tech Preview (1.3, 1.4, 1.5) OpenShift launched with SecurityContextConstraints, and then upstreamed them as PodSecurityPolicy. We plan to enable upstream PodSecurityPolicy so as to automatically migrate existing SecurityContextConstraints. PodSecurityPolicy has not yet completed a full security review, which will be part of the criteria for tech preview.
SecurityContextConstraints are a superset of PodSecurityPolicy features.
PodAntiAffinitySelectors Beta (1.3, 1.4, 1.5) Not Yet Secure (1.3)
Tech Preview (1.4, 1.5)		 End users are not allowed to set PodAntiAffinitySelectors that are not the node name due to the possibility of attacking the scheduler via denial of service.
NetworkPolicy Beta (1.3, 1.4, 1.5) Tech Preview (1.3, 1.4, 1.5) Starting with 1.5, OpenShift SDN will expose an experimental mode that uses network policy to restrict access to pods. Future releases will expand this support.

Please contact us if this list omits a feature supported in Kubernetes which does not run in Origin.

Contributing

You can develop locally on your host or with a virtual machine, or if you want to just try out Origin download the latest Linux server, or Windows and Mac OS X client pre-built binaries.

First, get up and running with the Contributing Guide.

All contributions are welcome - Origin uses the Apache 2 license and does not require any contributor agreement to submit patches. Please open issues for any bugs or problems you encounter, ask questions on the OpenShift IRC channel (#openshift-dev on freenode), or get involved in the Kubernetes project at the container runtime layer.

See HACKING.md for more details on developing on Origin including how different tests are setup.

If you want to run the test suite, make sure you have your environment set up, and from the origin directory run:

# run the verifiers, unit tests, and command tests
$ make check

# run a command-line integration test suite
$ hack/test-cmd.sh

# run the integration server test suite
$ hack/test-integration.sh

# run the end-to-end test suite
$ hack/test-end-to-end.sh

# run all of the tests above
$ make test

You'll need etcd installed and on your path for the integration and end-to-end tests to run, and Docker must be installed to run the end-to-end tests. To install etcd you should be able to run:

$ hack/install-etcd.sh

Some of the components of Origin run as Docker images, including the builders and deployment tools in images/builder/docker/* and images/deploy/*. To build them locally run

$ hack/build-images.sh

To hack on the web console, check out the assets/README.md file for instructions on testing the console and building your changes.

Security Response

If you've found a security issue that you'd like to disclose confidentially please contact Red Hat's Product Security team. Details at https://access.redhat.com/security/team/contact

License

OpenShift is licensed under the Apache License, Version 2.0.

Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS Copyright 2014 Red Hat, Inc. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Starred
0
Star
0
Fork
0

简介

OpenShift Origin 展开 收起
暂无标签
/Follwme/origin
Apache-2.0
使用 Apache-2.0 开源许可协议
取消

发行版

暂无发行版

贡献者

全部

近期动态

加载更多
不能加载更多了
1
https://gitee.com/Follwme/origin.git
git@gitee.com:Follwme/origin.git
Follwme
origin
origin
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部