《OpenShift 4.x HOL教程汇总》
说明:本文已经在OpenShift 4.6环境中验证
文章目录
部署Neuxs Registry
- 创建项目并去除项目资源限制。
$ oc new-project nexus-demo
$ oc delete limitrange nexus-demo-core-resource-limits -n nexus-demo
- 使用Helm部署Nexus
$ helm repo add rhmlops https://rh-mlops-workshop.github.io/helm-charts/
$ helm install nexus rhmlops/nexus -n nexus-demo \
--set sonatype-nexus.nexus.resources.requests.cpu=2 \
--set sonatype-nexus.nexus.resources.requests.memory=4Gi \
--set sonatype-nexus.persistence.storageSize=10Gi
- 创建内容如下的nexus-demo.yaml文件
---
kind: Service
apiVersion: v1
metadata:
name: nexus-docker
namespace: nexus-demo
spec:
ports:
- protocol: TCP
port: 5000
targetPort: 5000
name: docker
selector:
app: sonatype-nexus
type: ClusterIP
---
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: nexus-docker
namespace: nexus-demo
spec:
port:
targetPort: 5000
tls:
insecureEdgeTerminationPolicy: Redirect
termination: edge
to:
kind: Service
name: nexus-docker
weight: 100
wildcardPolicy: None
- 根据文件nexus-demo.yaml创建资源。
$ oc create -f nexus-demo.yaml
- 执行命令获取Neuxs访问地址和Neuxs的Docker Registry访问地址
$ NEXUS_HOSTNAME=`oc get route nexus -n nexus-demo -o jsonpath='{.spec.host}'`
$ NEXUS_DOCKER_HOSTNAME=`oc get route nexus-docker -n nexus-demo -o jsonpath='{.spec.host}'`
- (可选)执行以下命令,关闭Neuxe的允许匿名访问。
$ curl -u admin:admin123 -X PUT "https://${NEXUS_HOSTNAME}/service/rest/beta/security/anonymous" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"enabled\" : false, \"userId\" : \"anonymous\", \"realmName\" : \"NexusAuthorizingRealm\"}"
更新OpenShift的Pull Secret
- 获得OpenShift当前的pullsecret
$ oc get secret/pull-secret -n openshift-config -o jsonpath='{.data.\.dockerconfigjson}' | base64 -d | jq > secret.json
- 根据Neuxs的用户名密码生成base64编码
$ echo -n 'admin:admin123' | base64
YWRtaW46YWRtaW4xMjM=
- 编辑secret.json文件,向其添加以下内容,并用实际内容替换以下内容中的**$NEXUS_DOCKER_HOSTNAME**。
"$NEXUS_DOCKER_HOSTNAME": {
"auth": "YWRtaW46YWRtaW4xMjM="
},
- 执行命令,更新OpenShift的PullSecret。
$ oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjson=secret.json
- 更新完PullSecret后,节点需要重启以生效。执行命令可查看集群节点的状态,当“READYMACHINECOUNT”数量恢复后即完成。
$ oc get mcp
NAME CONFIG UPDATED UPDATING DEGRADED MACHINECOUNT READYMACHINECOUNT UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT AGE
master rendered-master-90aebfbbc5ed0d3c500da47afcbddbd6 True False False 3 3 3 0 4d2h
worker rendered-worker-2c5fa7480d3cf44cf02ea6357f9df08c True False False 2 2 2 0 4d2h
$ oc get mcp
NAME CONFIG UPDATED UPDATING DEGRADED MACHINECOUNT READYMACHINECOUNT UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT AGE
master rendered-master-90aebfbbc5ed0d3c500da47afcbddbd6 False True False 3 0 0 0 4d2h
worker rendered-worker-2c5fa7480d3cf44cf02ea6357f9df08c False True False 2 0 0 0 4d2h
$ oc get mcp
NAME CONFIG UPDATED UPDATING DEGRADED MACHINECOUNT READYMACHINECOUNT UPDATEDMACHINECOUNT DEGRADEDMACHINECOUNT AGE
master rendered-master-42216de6f0c6919dae3b07593e9b7e27 True False False 3 3 3 0 4d2h
worker rendered-worker-45768542f13f0b2cd71b09fa9461d063 True False False 2 2 2 0 4d2h
验证
- 登录Neuxs Registry。
$ podman login $NEXUS_DOCKER_HOSTNAME -u admin -p admin123
- 执行命令,将镜像从quay.io复制到Nexus Registry。
$ skopeo copy docker://quay.io/kwkoo/webnotifications docker://$NEXUS_DOCKER_HOSTNAME/kwkoo/webnotifications
Getting image source signatures
Copying blob 3e82b7ee18cb done
Copying blob 275f5abb4c08 done
Copying config 8f694aac55 done
Writing manifest to image destination
Storing signatures
- 创建项目,并根据Nexus Registry的镜像部署应用。
oc new-project nexus-test
oc new-app $NEXUS_DOCKER_HOSTNAME/kwkoo/webnotifications -n nexus-test
- 查看部署的应用。
$ oc get deploy webnotifications
NAME READY UP-TO-DATE AVAILABLE AGE
webnotifications 1/1 1 1 49s
$ oc get deploy webnotifications -o jsonpath='{.spec.template.spec.containers[0].image}'
nexus-docker-nexus-demo.apps.cluster-pek-e7a3.pek-e7a3.example.opentlc.com/kwkoo/webnotifications@sha256:6c422e546d26079ca74eed692cd1d7f7573210ad63ac56bd30ed9497c4769152[xiaoyliu-redhat.com@bastion ~]$ oc get pod
NAME READY STATUS RESTARTS AGE
webnotifications-c477df6d5-86c4c 1/1 Running 0 97s
- 在Nexus控制台上查看前面导入的webnotifications镜像。