OpenShift推送自定義映象到本地倉庫並建立專案和應用
OpenShift推送自定義映象到本地倉庫並建立專案和應用
建立push 許可權
#oc create serviceaccount registry -n default
#oc adm policy add-scc-to-user privileged system:serviceaccount:default:registry
為admin帳號授權
#oc adm policy add-role-to-user system:registry admin
#oc adm policy add-role-to-user admin admin -n openshift
#oc adm policy add-role-to-user system:image-builder admin
#oc adm policy add-role-to-user system:image-puller system:anonymous -n openshift
登陸openshift 專案
#oc login -n openshift #使用admin使用者登陸openshift
admin/admin
#oc whoami -t #檢視admin使用者的token
登陸Docker login 私有庫(只有登陸成功才能上傳)
#docker login -u admin -p qcrV9mq92fH16SpWKHdah3t_qRn0KCZNNlSi-YfDaRc 172.30.60.125:5000
先給映象打tag
#docker tag nginx:1.11.4-alpine 172.30.60.125:5000/openshift/nginx:1.11.4-alpine
push 映象到私有倉庫
docker push 172.30.60.125:5000/openshift/nginx:1.11.4-alpine
至此會推送成功
使用剛剛推送的image建立app,雖然會報一堆錯誤,但是能夠建立成功
#oc new-app --docker-image=“docker-registry.default.svc:5000/openshift/mybank-tomcat” --allow-missing-images
報錯的原因應該是私有映象倉庫沒有啟用https,加引數–insecure-registry=true繞過證書檢查就不會報錯了
#oc new-app --docker-image=“docker-registry.default.svc:5000/openshift/mybank-tomcat” --allow-missing-images --insecure-registry=true
使用自主搭建的私有映象倉庫也是可以的
#docker login harbor.ctwifi.cn (輸入使用者名稱和密碼登陸,所有node節點也要登陸一次)
#oc new-app --docker-image=“harbor.ctwifi.cn/openshift/nginx:1.12” --allow-missing-images --insecure-registry=true
新增registry(我使用本地倉庫所以沒有使用新增):
#oc delete dc docker-registry registry-console router
#oc delete svc docker-registry registry-console router
#oc delete serviceaccounts registry router
#mkdir -p /opt/openshift-registry
#chown 1001:root /opt/openshift-registry
#oc create serviceaccount registry -n default
#oc adm policy add-scc-to-user privileged system:serviceaccount:default:registry#service cluster role binding deployment config
#oc adm registry --service-account=registry --mount-host=/opt/openshift-registry
#oc logs dc/docker-registry