OpenShift4配置本地NeuxsRegistry并通过PullSecret访问 | 您所在的位置:网站首页 › web login service什么意思 › OpenShift4配置本地NeuxsRegistry并通过PullSecret访问 |
《OpenShift 4.x HOL教程汇总》 说明:本文已经在OpenShift 4.6环境中验证 文章目录部署Neuxs Registry更新OpenShift的Pull Secret验证 部署Neuxs Registry 创建项目并去除项目资源限制。$ oc new-project nexus-demo$ oc delete limitrange nexus-demo-core-resource-limits -n nexus-demo 使用Helm部署Nexus$ helm repo add rhmlops https://rh-mlops-workshop.github.io/helm-charts/$ helm install nexus rhmlops/nexus -n nexus-demo \--set sonatype-nexus.nexus.resources.requests.cpu=2 \--set sonatype-nexus.nexus.resources.requests.memory=4Gi \--set sonatype-nexus.persistence.storageSize=10Gi 创建内容如下的nexus-demo.yaml文件---kind: ServiceapiVersion: v1metadata:name: nexus-dockernamespace: nexus-demospec:ports:- protocol: TCPport: 5000targetPort: 5000name: dockerselector:app: sonatype-nexustype: ClusterIP---apiVersion: route.openshift.io/v1kind: Routemetadata:name: nexus-dockernamespace: nexus-demospec:port:targetPort: 5000tls:insecureEdgeTerminationPolicy: Redirecttermination: edgeto:kind: Servicename: nexus-docker weight: 100wildcardPolicy: None 根据文件nexus-demo.yaml创建资源。$ oc create -f nexus-demo.yaml 执行命令获取Neuxs访问地址和Neuxs的Docker Registry访问地址$ NEXUS_HOSTNAME=`oc get route nexus -n nexus-demo -o jsonpath='{.spec.host}'`$ NEXUS_DOCKER_HOSTNAME=`oc get route nexus-docker -n nexus-demo -o jsonpath='{.spec.host}'` (可选)执行以下命令,关闭Neuxe的允许匿名访问。$ curl -u admin:admin123 -X PUT "https://${NEXUS_HOSTNAME}/service/rest/beta/security/anonymous" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"enabled\" : false, \"userId\" : \"anonymous\", \"realmName\" : \"NexusAuthorizingRealm\"}" 更新OpenShift的Pull Secret 获得OpenShift当前的pullsecret$ oc get secret/pull-secret -n openshift-config -o jsonpath='{.data.\.dockerconfigjson}' | base64 -d | jq > secret.json 根据Neuxs的用户名密码生成base64编码$ echo -n 'admin:admin123' | base64YWRtaW46YWRtaW4xMjM= 编辑secret.json文件,向其添加以下内容,注意需要用实际内容替换以下内容中的“$NEXUS_DOCKER_HOSTNAME”和"YWRtaW46YWRtaW4xMjM="。"$NEXUS_DOCKER_HOSTNAME": {"auth": "YWRtaW46YWRtaW4xMjM="}, 执行命令,更新OpenShift的PullSecret。$ oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjson=secret.json 更新完PullSecret后,节点需要重启以生效。执行命令可查看集群节点的状态,当“READYMACHINECOUNT”数量恢复后即完成。$ oc get mcpNAME CONFIG UPDATED UPDATING DEGRADED MACHINECOUNT READYMACHINECOUNT UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT AGEmaster rendered-master-90aebfbbc5ed0d3c500da47afcbddbd6 True False False 3 3 3 0 4d2hworker rendered-worker-2c5fa7480d3cf44cf02ea6357f9df08c True False False 2 2 2 0 4d2h$ oc get mcpNAME CONFIG UPDATED UPDATING DEGRADED MACHINECOUNT READYMACHINECOUNT UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT AGEmaster rendered-master-90aebfbbc5ed0d3c500da47afcbddbd6 False True False 3 0 0 0 4d2hworker rendered-worker-2c5fa7480d3cf44cf02ea6357f9df08c False True False 2 0 0 0 4d2h$ oc get mcpNAME CONFIG UPDATED UPDATING DEGRADED MACHINECOUNT READYMACHINECOUNT UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT AGEmaster rendered-master-42216de6f0c6919dae3b07593e9b7e27 True False False 3 3 3 0 4d2hworker rendered-worker-45768542f13f0b2cd71b09fa9461d063 True False False 2 2 2 0 4d2h 验证 登录Neuxs Registry。$ podman login $NEXUS_DOCKER_HOSTNAME -u admin -p admin123 执行命令,将镜像从quay.io复制到Nexus Registry。$ skopeo copy docker://quay.io/kwkoo/webnotifications docker://$NEXUS_DOCKER_HOSTNAME/kwkoo/webnotificationsGetting image source signaturesCopying blob 3e82b7ee18cb doneCopying blob 275f5abb4c08 doneCopying config 8f694aac55 doneWriting manifest to image destinationStoring signatures 创建项目,并根据Nexus Registry的镜像部署应用。oc new-project nexus-testoc new-app $NEXUS_DOCKER_HOSTNAME/kwkoo/webnotifications -n nexus-test 查看部署的应用。$ oc get deploy webnotificationsNAME READY UP-TO-DATE AVAILABLE AGEwebnotifications 1/1 1 1 49s$ oc get deploy webnotifications -o jsonpath='{.spec.template.spec.containers[0].image}'nexus-docker-nexus-demo.apps.cluster-pek-e7a3.pek-e7a3.example.opentlc.com/kwkoo/webnotifications@sha256:6c422e546d26079ca74eed692cd1d7f7573210ad63ac56bd30ed9497c4769152[xiaoyliu-redhat.com@bastion ~]$ oc get podNAME READY STATUS RESTARTS AGEwebnotifications-c477df6d5-86c4c 1/1 Running 0 97s 在Nexus控制台上查看前面导入的webnotifications镜像。![]() |
CopyRight 2018-2019 实验室设备网 版权所有 |