OpenShift4配置本地NeuxsRegistry并通过PullSecret访问

《OpenShift 4.x HOL教程汇总》 说明&＃xff1a;本文已经在OpenShift 4.6环境中验证

$ oc new-project nexus-demo$ oc delete limitrange nexus-demo-core-resource-limits -n nexus-demo

$ helm repo add rhmlops https://rh-mlops-workshop.github.io/helm-charts/$ helm install nexus rhmlops/nexus -n nexus-demo \--set sonatype-nexus.nexus.resources.requests.cpu&＃61;2 \--set sonatype-nexus.nexus.resources.requests.memory&＃61;4Gi \--set sonatype-nexus.persistence.storageSize&＃61;10Gi

---kind: ServiceapiVersion: v1metadata:name: nexus-dockernamespace: nexus-demospec:ports:- protocol: TCPport: 5000targetPort: 5000name: dockerselector:app: sonatype-nexustype: ClusterIP---apiVersion: route.openshift.io/v1kind: Routemetadata:name: nexus-dockernamespace: nexus-demospec:port:targetPort: 5000tls:insecureEdgeTerminationPolicy: Redirecttermination: edgeto:kind: Servicename: nexus-docker weight: 100wildcardPolicy: None

$ oc create -f nexus-demo.yaml

$ NEXUS_HOSTNAME&＃61;&＃96;oc get route nexus -n nexus-demo -o jsonpath&＃61;&＃39;{.spec.host}&＃39;&＃96;$ NEXUS_DOCKER_HOSTNAME&＃61;&＃96;oc get route nexus-docker -n nexus-demo -o jsonpath&＃61;&＃39;{.spec.host}&＃39;&＃96;

$ curl -u admin:admin123 -X PUT "https://${NEXUS_HOSTNAME}/service/rest/beta/security/anonymous" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"enabled\" : false, \"userId\" : \"anonymous\", \"realmName\" : \"NexusAuthorizingRealm\"}"

$ oc get secret/pull-secret -n openshift-config -o jsonpath&＃61;&＃39;{.data.\.dockerconfigjson}&＃39; | base64 -d | jq > secret.json

$ echo -n &＃39;admin:admin123&＃39; | base64YWRtaW46YWRtaW4xMjM&＃61;

"$NEXUS_DOCKER_HOSTNAME": {"auth": "YWRtaW46YWRtaW4xMjM&＃61;"},

$ oc set data secret/pull-secret -n openshift-config --from-file&＃61;.dockerconfigjson&＃61;secret.json

$ oc get mcpNAME CONFIG UPDATED UPDATING DEGRADED MACHINECOUNT READYMACHINECOUNT UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT AGEmaster rendered-master-90aebfbbc5ed0d3c500da47afcbddbd6 True False False 3 3 3 0 4d2hworker rendered-worker-2c5fa7480d3cf44cf02ea6357f9df08c True False False 2 2 2 0 4d2h$ oc get mcpNAME CONFIG UPDATED UPDATING DEGRADED MACHINECOUNT READYMACHINECOUNT UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT AGEmaster rendered-master-90aebfbbc5ed0d3c500da47afcbddbd6 False True False 3 0 0 0 4d2hworker rendered-worker-2c5fa7480d3cf44cf02ea6357f9df08c False True False 2 0 0 0 4d2h$ oc get mcpNAME CONFIG UPDATED UPDATING DEGRADED MACHINECOUNT READYMACHINECOUNT UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT AGEmaster rendered-master-42216de6f0c6919dae3b07593e9b7e27 True False False 3 3 3 0 4d2hworker rendered-worker-45768542f13f0b2cd71b09fa9461d063 True False False 2 2 2 0 4d2h

$ podman login $NEXUS_DOCKER_HOSTNAME -u admin -p admin123

$ skopeo copy docker://quay.io/kwkoo/webnotifications docker://$NEXUS_DOCKER_HOSTNAME/kwkoo/webnotificationsGetting image source signaturesCopying blob 3e82b7ee18cb doneCopying blob 275f5abb4c08 doneCopying config 8f694aac55 doneWriting manifest to image destinationStoring signatures

oc new-project nexus-testoc new-app $NEXUS_DOCKER_HOSTNAME/kwkoo/webnotifications -n nexus-test

$ oc get deploy webnotificationsNAME READY UP-TO-DATE AVAILABLE AGEwebnotifications 1/1 1 1 49s$ oc get deploy webnotifications -o jsonpath&＃61;&＃39;{.spec.template.spec.containers[0].image}&＃39;nexus-docker-nexus-demo.apps.cluster-pek-e7a3.pek-e7a3.example.opentlc.com/kwkoo/webnotifications&＃64;sha256:6c422e546d26079ca74eed692cd1d7f7573210ad63ac56bd30ed9497c4769152[xiaoyliu-redhat.com&＃64;bastion ~]$ oc get podNAME READY STATUS RESTARTS AGEwebnotifications-c477df6d5-86c4c 1/1 Running 0 97s