概述
最近在準備使用 OCP4.3 給客戶做演示腐缤,因為客戶那里完全離線的不能上網(wǎng),得準備好所有的介質(zhì),安裝EFK需要使用 OperatorHub 進行安裝,所以不得不準備離線的 OperatorHub 相關(guān)資源邮破。安裝官方文檔關(guān)于離線安裝OCP4和 OperatorHub 都是基于集群內(nèi)有一臺能上網(wǎng)的機器做同步鏡像相關(guān)資源,但是通常給客戶那里需要準備好安裝介質(zhì)直接過去仆救,在安裝官方文檔搭建好的一個鏡像倉庫抒和,將同步好鏡像后,將鏡像倉庫的文件打包回來彤蔽,然后使用這份鏡像倉庫數(shù)據(jù)再搭建一個鏡像倉庫也是可以的摧莽,但是我安裝官方文檔在同步 OperatorHub 的鏡像時,我國外的VPS機器20G的硬盤不夠用顿痪,默認是直接同步31個紅帽認證的 Operator 镊辕,鏡像數(shù)量預(yù)計70個左右(還沒同步結(jié)束),所以放棄了蚁袭。而且同步過程中還遇到bug了丑蛤。查了紅帽內(nèi)部case的文檔,通過一個workaround的辦法只準備EFK相關(guān)的 Operator 資源和鏡像撕阎。我會先介紹按照官方文檔如何同步,再介紹workaround的辦法碌补。
注
ocp4在安裝部署的時候需要注意的地方太多了虏束,一不小心就有坑,按照下面的操作不出意外還是有問題厦章,我自己折騰了兩天镇匀,??。
1. 按照官方文檔步驟
前置要求
- A Linux workstation with unrestricted network access [1]
-
ocversion 4.3.5+ -
podmanversion 1.4.4+ - 安裝本地私有鏡像倉庫袜啃,可以參考離線安裝汗侵。
- 準備好紅帽鏡像倉庫的密鑰文件,就是從 cloud.redhat.com 下載群发,然后再補充上本地上私有鏡像倉庫的密碼晰韵,可以參考離線安裝。
Operatorhub離線說明:
默認在線的 Operatorhub 會有三個CatalogSource進行管理熟妓,就是對應(yīng)三種operator雪猪,紅帽的、經(jīng)過紅帽認證起愈、社區(qū)的只恨。
# oc get CatalogSource -A
NAMESPACE NAME DISPLAY TYPE PUBLISHER AGE
openshift-marketplace certified-operators Certified Operators grpc Red Hat 48d
openshift-marketplace community-operators Community Operators grpc Red Hat 48d
openshift-marketplace redhat-operators Red Hat Operators grpc Red Hat 48d
如果在離線環(huán)境下所以不能再由這個三個CatalogSource進行管理了译仗,所以得自己管理,這個需要我們自己創(chuàng)建CatalogSource官觅,這個其實是由一個容器進行管理的纵菌,所以后面我們需要build一個鏡像,這個鏡像里面包含了我們自己設(shè)定的operatorhub內(nèi)容休涤。
開始制作 CatalogSource 需要的鏡像
- 導(dǎo)出文件密碼路徑環(huán)境變量咱圆,將文件放到 /run/user/0/containers/auth.json 路徑下。
REG_CREDS=${XDG_RUNTIME_DIR}/containers/auth.json
echo $REG_CREDS
/run/user/0/containers/auth.json
- 制作operatorhub服務(wù)目錄鏡像
接下來會下載31個關(guān)于operator的內(nèi)容滑绒,然后把這些內(nèi)容制作成一個鏡像闷堡,再把這個鏡像推送到私有鏡像倉庫。
oc adm catalog build \
--appregistry-org redhat-operators \
--from=registry.redhat.io/openshift4/ose-operator-registry:v4.3 \
--to=registry.vps.apo.ocp4.com:5000/olm/redhat-operators:v1 -a ${REG_CREDS}
- 輸出的日志
INFO[0016] directory dir=/tmp/cache-899585118/manifests-466965919 file=1.0.8 load=package
INFO[0016] directory dir=/tmp/cache-899585118/manifests-466965919 file=1.0.9 load=package
INFO[0016] directory dir=/tmp/cache-899585118/manifests-466965919 file=1.1.0 load=package
INFO[0017] directory dir=/tmp/cache-899585118/manifests-466965919 file=sriov-network-operator load=package
INFO[0017] directory dir=/tmp/cache-899585118/manifests-466965919 file=sriov-network-operator-gj5itpqs load=package
INFO[0017] directory dir=/tmp/cache-899585118/manifests-466965919 file=4.2 load=package
INFO[0017] directory dir=/tmp/cache-899585118/manifests-466965919 file=4.2-s390x load=package
INFO[0017] directory dir=/tmp/cache-899585118/manifests-466965919 file=4.3 load=package
Uploading ... 10.17MB/s
Uploading 8.234MB ...
Uploading 1.62kB ...
Uploading 3.493MB ...
Uploading 76.26MB ...
Uploading 88.38MB ...
Pushed sha256:d7b0f06fb8713f9a605121c1ae24a10228cce7f9cdd0f274b52b07a6da373d2c to registry.vps.apo.ocp4.com:5000/olm/redhat-operators:v1
- 去看看/tmp/目錄下的cache文件疑故,可以看到有31個operator杠览,里面還包含了各種operator對應(yīng)的版本。
[root@registry cache-127978634]# tree -L 4
.
|-- manifests-235749985
`-- manifests-786574651
|-- 3scale-operator
| `-- 3scale-operator-dnameitq
| |-- 0.3.0
| |-- 0.4.0
| |-- 0.4.1
| |-- 0.4.2
| |-- 0.5.0
| |-- 0.5.1
| `-- 3scale-operator.package.yaml
|-- amq7-cert-manager
| |-- amq7-cert-manager.package.yaml
| |-- amq7-cert-manager.v1.0.0.clusterserviceversion.yaml
| |-- Certificate-v1alpha1.crd.yaml
| |-- Challenge-v1alpha1.crd.yaml
| |-- ClusterIssuer-v1alpha1.crd.yaml
| |-- Issuer-v1alpha1.crd.yaml
| `-- Order-v1alpha1.crd.yaml
|-- amq7-interconnect-operator
| |-- amq7-interconnect-operator.package.yaml
| |-- amq7-interconnect-operator.v1.2.0.clusterserviceversion.yaml
| `-- Interconnect-v1alpha1.crd.yaml
|-- amq-broker
| `-- amq-broker-aegyvgwz
| |-- 0.13.0
| |-- 0.9.1
| `-- amq-broker.package.yaml
|-- amq-online
| `-- amq-online-wvb3i9ln
| |-- 1.2.0
| |-- 1.2.1
| |-- 1.2.2
| |-- 1.3.0
| |-- 1.3.1
| |-- 1.3.2
| |-- 1.3.3
| |-- 1.4.0
| |-- 1.4.1
| `-- amq-online.package.yaml
|-- amq-streams
| `-- amq-streams-dksf1h32
| |-- 1.0.0
| |-- 1.1.0
| |-- 1.2.0
| |-- 1.3.0
| |-- 1.4.0
| `-- amq-streams.package.yaml
|-- apicast-operator
| `-- apicast-operator-mszzvzjc
| |-- 0.2.0
| |-- 0.2.1
| `-- apicast-operator.package.yaml
|-- businessautomation-operator
| `-- businessautomation-operator-m18j8d75
| |-- 1.1.0
| |-- 1.1.1
| |-- 1.2.0
| |-- 1.2.1
| |-- 1.3.0
| |-- 1.4
| `-- businessautomation.package.yaml
|-- cam-operator
| `-- cam-operator-op9exbpg
| |-- mig-operator.package.yaml
| |-- v1.0.0
| |-- v1.0.1
| |-- v1.1.0
| |-- v1.1.1
| `-- v1.1.2
|-- cluster-logging
| `-- cluster-logging-dgzblc27
| |-- 4.1
| |-- 4.2
| |-- 4.2-s390x
| |-- 4.3
| `-- cluster-logging.package.yaml
|-- codeready-workspaces
| `-- codeready-workspaces-ma1de6c1
| |-- codeready-workspaces.package.yaml
| |-- v1.2.0
| |-- v1.2.2
| |-- v2.0.0
| |-- v2.1.0
| `-- v2.1.1
|-- datagrid
| `-- datagrid-7m_28xfs
| |-- 8.0.0
| `-- infinispan.package.yaml
|-- dv-operator
| `-- dv-operator-qui0dd6q
| |-- 7.5.0
| |-- 7.6.0
| `-- dv-operator.package.yaml
|-- eap
| `-- eap-afgwbb0_
| |-- 1.0.0
| `-- eap.package.yaml
|-- elasticsearch-operator
| `-- elasticsearch-operator-xdx7yx4y
| |-- 4.1
| |-- 4.2
| |-- 4.2-s390x
| |-- 4.3
| `-- elasticsearch-operator.package.yaml
|-- fuse-apicurito
| `-- fuse-apicurito-frk35_1_
| |-- 7.4.0
| |-- 7.5.0
| |-- 7.6.0
| `-- apicurito.package.yaml
|-- fuse-online
| `-- fuse-online-2vbfnihp
| |-- 7.5.0
| |-- 7.6.0
| `-- fuse-online.package.yaml
|-- jaeger-product
| `-- jaeger-product-q73ixufo
| |-- 1.13
| |-- 1.17.1
| `-- jaeger.package.yaml
|-- kiali-ossm
| `-- kiali-ossm-wcjv6rx3
| |-- 1.0.10
| |-- 1.0.11
| |-- 1.0.12
| |-- 1.0.5
| |-- 1.0.6
| |-- 1.0.7
| |-- 1.0.8
| |-- 1.0.9
| |-- 1.12.6
| |-- 1.12.7
| `-- kiali-ossm.package.yaml
|-- kubevirt-hyperconverged
| `-- kubevirt-hyperconverged-wjkj2iw1
| |-- 2.1.0
| |-- 2.2.0
| `-- kubevirt-hyperconverged.package.yaml
|-- local-storage-operator
| `-- local-storage-operator-hrf0pvsf
| |-- 4.2
| |-- 4.2-s390x
| |-- 4.3
| `-- local-storage-operator.package.yaml
|-- metering-ocp
| `-- metering-ocp-s636th2c
| |-- 4.2
| |-- 4.3
| `-- metering.package.yaml
|-- nfd
| `-- nfd-lu5636dp
| |-- 4.2
| |-- 4.2-s390x
| |-- 4.3
| `-- nfd.package.yaml
|-- ocs-operator
| `-- ocs-operator-q4h002av
| |-- 4.2.0
| |-- 4.2.1
| |-- 4.2.2
| |-- 4.2.3
| |-- 4.3.0
| `-- ocs-operator.package.yaml
|-- openshiftansibleservicebroker
| `-- openshiftansibleservicebroker-0h2_x1_h
| |-- 4.1
| |-- 4.2
| |-- 4.2-s390x
| |-- 4.3
| `-- package.yaml
|-- openshifttemplateservicebroker
| `-- openshifttemplateservicebroker-r34l_3k4
| |-- 4.1
| |-- 4.2
| |-- 4.2-s390x
| |-- 4.3
| `-- openshifttemplateservicebroker.package.yaml
|-- ptp-operator
| `-- ptp-operator-rsn98jix
| |-- 4.3
| `-- ptp-operator.package.yaml
|-- redhat-operators-manifests
|-- serverless-operator
| `-- serverless-operator-cjzetbdv
| |-- 1.0.0
| |-- 1.1.0
| |-- 1.2.0
| |-- 1.3.0
| |-- 1.4.0
| |-- 1.4.1
| |-- 1.5.0
| |-- 1.6.0
| `-- serverless-operator.package.yaml
|-- servicemeshoperator
| `-- servicemeshoperator-x7t7oi4y
| |-- 1.0.0
| |-- 1.0.1
| |-- 1.0.10
| |-- 1.0.2
| |-- 1.0.3
| |-- 1.0.4
| |-- 1.0.5
| |-- 1.0.6
| |-- 1.0.7
| |-- 1.0.8
| |-- 1.0.9
| |-- 1.1.0
| `-- servicemesh.package.yaml
`-- sriov-network-operator
`-- sriov-network-operator-gj5itpqs
|-- 4.2
|-- 4.2-s390x
|-- 4.3
`-- sriov-network-operator.package.yaml
177 directories, 38 files
- 查看下elasticsearch-operator 內(nèi)容
# ll
total 4
drwxr-xr-x. 2 root root 102 Apr 29 09:53 4.1
drwxr-xr-x. 2 root root 102 Apr 29 09:53 4.2
drwxr-xr-x. 2 root root 102 Apr 29 09:53 4.2-s390x
drwxr-xr-x. 2 root root 102 Apr 29 09:53 4.3
-rw-r--r--. 1 root root 364 Apr 29 09:53 elasticsearch-operator.package.yaml
- 看下 elasticsearch-operator.package.yaml
# cat elasticsearch-operator.package.yaml
channels:
- currentCSV: elasticsearch-operator.4.1.41-202004130646
name: preview
- currentCSV: elasticsearch-operator.4.2.29-202004140532
name: '4.2'
- currentCSV: elasticsearch-operator.4.2.29-202004140532-s390x
name: 4.2-s390x
- currentCSV: elasticsearch-operator.4.3.13-202004131016
name: '4.3'
defaultChannel: '4.3'
packageName: elasticsearch-operator
- 查看4.3文件夾
# ll
total 20
-rw-r--r--. 1 root root 10866 Apr 29 09:53 elasticsearch-operator.v4.3.0.clusterserviceversion.yaml
-rw-r--r--. 1 root root 4688 Apr 29 09:53 elasticsearches.crd.yaml
- 其中elasticsearch-operator.v4.3.0.clusterserviceversion.yaml 里面定義了創(chuàng)建該operator需哪些鏡像纵势,可以看到鏡像最后都是sha256的值踱阿,這個必須在本地鏡像倉庫對應(yīng),但是如果自己手動拉取并且push到內(nèi)本地鏡像倉庫鏡像sha256變了钦铁,具體原因可以參考下大魏寫的一篇文章 https://mp.weixin.qq.com/s/lu7r8Op-4yaCiDjjoTiYSg
# cat elasticsearch-operator.v4.3.0.clusterserviceversion.yaml | grep registry.redhat.io
containerImage: registry.redhat.io/openshift4/ose-elasticsearch-operator@sha256:948667b2ca706d29b4a65ce0ea9ae54306b4da8bdf00f3fcf2577b1f92a502e6
"image": "registry.redhat.io/openshift4/ose-logging-elasticsearch5@sha256:d2047214be2e9c809440803ccf5972d99e72db3172f110e4be3d4b87550b9902",
image: registry.redhat.io/openshift4/ose-elasticsearch-operator@sha256:948667b2ca706d29b4a65ce0ea9ae54306b4da8bdf00f3fcf2577b1f92a502e6
image: registry.redhat.io/openshift4/ose-logging-elasticsearch5@sha256:d2047214be2e9c809440803ccf5972d99e72db3172f110e4be3d4b87550b9902
image: registry.redhat.io/openshift4/ose-oauth-proxy@sha256:32f2376fb9acf2e5730b6c8700c7f1cba03910c69b33e1775529068e4e7fa010
image: registry.redhat.io/openshift4/ose-elasticsearch-operator@sha256:948667b2ca706d29b4a65ce0ea9ae54306b4da8bdf00f3fcf2577b1f92a502e6
value: "registry.redhat.io/openshift4/ose-oauth-proxy@sha256:32f2376fb9acf2e5730b6c8700c7f1cba03910c69b33e1775529068e4e7fa010"
value: "registry.redhat.io/openshift4/ose-logging-elasticsearch5@sha256:d2047214be2e9c809440803ccf5972d99e72db3172f110e4be3d4b87550b9902"
同步operatorhub的鏡像到本地倉庫
- 關(guān)閉使用默認operatorhub源
oc patch OperatorHub cluster --type json \
-p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]'
- 開始同步外網(wǎng)鏡像至本地鏡像倉庫:
oc adm catalog mirror \
registry.vps.apo.ocp4.com:5000/olm/redhat-operators:v1 \
registry.vps.apo.ocp4.com:5000 \
-a ${REG_CREDS}
- 輸出日志软舌,以openshift-service-mesh/kiali-rhel7為例
I0429 14:19:51.280697 20778 mirror.go:231] wrote database to /tmp/880511389/bundles.db
registry.vps.apo.ocp4.com:5000/
openshift-service-mesh/kiali-rhel7
blobs:
registry.redhat.io/openshift-service-mesh/kiali-rhel7 sha256:4c98734f24339b059854b6f7ad77928ffb6b84756ecd4eeec4a15870b082d906 1.253KiB
registry.redhat.io/openshift-service-mesh/kiali-rhel7 sha256:57e5ee7e0cc620072ffe6a07c97967870054ebce42dc201d85e11df173eedd52 3.672KiB
registry.redhat.io/openshift-service-mesh/kiali-rhel7 sha256:c7d65577e087044ac3ba4702b460d6d545b40e841484dc794467a600f5625d03 27.64MiB
registry.redhat.io/openshift-service-mesh/kiali-rhel7 sha256:17942523bc4bb2db6eb9f7519db38bbb70e47356d3f0ae0f15b967c0628234c6 72.7MiB
manifests:
sha256:43db511cb65a69518ab69ec5ef69bfb09e6b47e55239d0e18758a30aab0a705c
sha256:50cfd66afdfef4920ae623f7ef091ecf78d5a2731b044829073e5e0929822392
sha256:50cfd66afdfef4920ae623f7ef091ecf78d5a2731b044829073e5e0929822392 -> 1.0.7
stats: shared=0 unique=4 size=100.3MiB ratio=1.00
phase 0:
registry.vps.apo.ocp4.com:5000 openshift-service-mesh/kiali-rhel7 blobs=4 mounts=0 manifests=3 shared=0
info: Planning completed in 2.13s
uploading: registry.vps.apo.ocp4.com:5000/openshift-service-mesh/kiali-rhel7 sha256:17942523bc4bb2db6eb9f7519db38bbb70e47356d3f0ae0f15b967c0628234c6 72.7MiB
uploading: registry.vps.apo.ocp4.com:5000/openshift-service-mesh/kiali-rhel7 sha256:c7d65577e087044ac3ba4702b460d6d545b40e841484dc794467a600f5625d03 27.64MiB
sha256:43db511cb65a69518ab69ec5ef69bfb09e6b47e55239d0e18758a30aab0a705c registry.vps.apo.ocp4.com:5000/openshift-service-mesh/kiali-rhel7
sha256:50cfd66afdfef4920ae623f7ef091ecf78d5a2731b044829073e5e0929822392 registry.vps.apo.ocp4.com:5000/openshift-service-mesh/kiali-rhel7:1.0.7
info: Mirroring completed in 2.35s (44.64MB/s)
- 結(jié)束后會生成redhat-operators-manifests目錄,因為我沒有同步成功牛曹,所以有些內(nèi)容是空的佛点,沒看到。不過有以下兩個文件:imageContentSourcePolicy.yaml黎比,mapping.txt超营。
oc apply -f ./redhat-operators-manifests
- 使用我們build的鏡像創(chuàng)建CatalogSource
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
name: my-operator-catalog
namespace: openshift-marketplace
spec:
sourceType: grpc
image: <registry_host_name>:<port>/olm/redhat-operators:v1
displayName: My Operator Catalog
publisher: grpc
oc create -f catalogsource.yaml
- 檢查
# oc get pods -n openshift-marketplace
NAME READY STATUS RESTARTS AGE
my-operator-catalog-6njx6 1/1 Running 0 28s
marketplace-operator-d9f549946-96sgr 1/1 Running 0 26h
# oc get catalogsource -n openshift-marketplace
NAME DISPLAY TYPE PUBLISHER AGE
my-operator-catalog My Operator Catalog grpc 5s
# oc get packagemanifest -n openshift-marketplace
NAME CATALOG AGE
etcd My Operator Catalog 34s
2. 按照紅帽內(nèi)部case的辦法解決,能夠制定具體的離線operator
- 不使用默認的operatorhub資源
oc patch OperatorHub cluster --type json -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]'
- 拉取對應(yīng)的operator資源
$ ./get-operator.sh redhat-operators elasticsearch-operator
- 解壓
$ mkdir manifests
$ for f in *.tar.gz; do tar -C manifests/ -xvf $f ; done && rm -rf *tar.gz
可選:進入elasticsearch-operator.v4.3.0.clusterserviceversion.yaml文件阅虫,把鏡像的sha256改成4.3的tag演闭,這個參數(shù)主要對應(yīng)sample-registries.conf文件中的mirror-by-digest-only是否做sha的檢查。否則容易報錯颓帝,拉取不到鏡像米碰,當然,前提是我們需要把這些鏡像從外網(wǎng)手動拉取再推送到本地倉庫购城。
- 創(chuàng)建Operator catalog鏡像并推送至本地鏡像倉庫
需要準備好 Dockerfile:https://github.com/ppetko/disconnected-install-service-mesh/blob/master/Dockerfile吕座,修改對應(yīng)的ocp版本
$ export REGISTRY=registry.ocp4.poc.com:5000
$ podman build --no-cache -f Dockerfile -t ${REGISTRY}/openshift-marketplace/mirrored-operator-catalog
$ podman push ${REGISTRY}/openshift-marketplace/mirrored-operator-catalog
- 或者通過腳本來build和push鏡像
$ ./build-operator-catalog.sh registry.ocp4.poc.com:5000
- 準備一個sample-registries.conf用于覆蓋默認的/etc/containers/registries.conf。
unqualified-search-registries = ["docker.io"]
[[registry]]
location = "quay.io/openshift-release-dev/ocp-release"
insecure = false
blocked = false
mirror-by-digest-only = true
prefix = ""
[[registry.mirror]]
location = "registry.ocp4.poc.com:5000/ocp4/openshift4"
insecure = false
[[registry]]
location = "quay.io/openshift-release-dev/ocp-v4.0-art-dev"
insecure = false
blocked = false
mirror-by-digest-only = true
prefix = ""
[[registry.mirror]]
location = "registry.ocp4.poc.com:5000/ocp4/openshift4"
insecure = false
[[registry]]
location = "registry.redhat.io/openshift4"
insecure = false
blocked = false
mirror-by-digest-only = false
prefix = ""
[[registry.mirror]]
location = "registry.ocp4.poc.com:5000/openshift4"
insecure = false
- 進行base64編碼
cat sample-registries.conf | base64
- 創(chuàng)建MachineConfig瘪板,用于覆蓋默認的/etc/containers/registries.conf
在這里需要把名稱從50改為99米诉,要不然因為離線安裝ocp的時候就會有個默認的99,這時候如果是55就不會生效了篷帅。
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
annotations:
labels:
machineconfiguration.openshift.io/role: master
name: 99-master-container-registry-conf
spec:
config:
ignition:
version: 2.2.0
storage:
files:
- contents:
source: data:text/plain;charset=utf-8;base64,dW5xdWFsaWZpZWQtc2VhcmNoLXJlZ2lzdHJpZXMgPSBbImRvY2tlci5pbyJdCgpbW3JlZ2lzdHJ5XV0KICBsb2NhdGlvbiA9ICJxdWF5LmlvL29wZW5zaGlmdC1yZWxlYXNlLWRldi9vY3AtcmVsZWFzZSIKICBpbnNlY3VyZSA9IGZhbHNlCiAgYmxvY2tlZCA9IGZhbHNlCiAgbWlycm9yLWJ5LWRpZ2VzdC1vbmx5ID0gdHJ1ZQogIHByZWZpeCA9ICIiCgogIFtbcmVnaXN0cnkubWlycm9yXV0KICAgIGxvY2F0aW9uID0gInJlZ2lzdHJ5Lm9jcDQucG9jLmNvbTo1MDAwL29jcDQvb3BlbnNoaWZ0NCIKICAgIGluc2VjdXJlID0gZmFsc2UKCltbcmVnaXN0cnldXQogIGxvY2F0aW9uID0gInF1YXkuaW8vb3BlbnNoaWZ0LXJlbGVhc2UtZGV2L29jcC12NC4wLWFydC1kZXYiCiAgaW5zZWN1cmUgPSBmYWxzZQogIGJsb2NrZWQgPSBmYWxzZQogIG1pcnJvci1ieS1kaWdlc3Qtb25seSA9IHRydWUKICBwcmVmaXggPSAiIgoKICBbW3JlZ2lzdHJ5Lm1pcnJvcl1dCiAgICBsb2NhdGlvbiA9ICJyZWdpc3RyeS5vY3A0LnBvYy5jb206NTAwMC9vY3A0L29wZW5zaGlmdDQiCiAgICBpbnNlY3VyZSA9IGZhbHNlCgpbW3JlZ2lzdHJ5XV0KICBsb2NhdGlvbiA9ICJyZWdpc3RyeS5yZWRoYXQuaW8vb3BlbnNoaWZ0NCIKICBpbnNlY3VyZSA9IGZhbHNlCiAgYmxvY2tlZCA9IGZhbHNlCiAgbWlycm9yLWJ5LWRpZ2VzdC1vbmx5ID0gZmFsc2UKICBwcmVmaXggPSAiIgoKICBbW3JlZ2lzdHJ5Lm1pcnJvcl1dCiAgICBsb2NhdGlvbiA9ICJyZWdpc3RyeS5vY3A0LnBvYy5jb206NTAwMC9vcGVuc2hpZnQ0IgogICAgaW5zZWN1cmUgPSBmYWxzZQo=
verification: {}
filesystem: root
mode: 420
path: /etc/containers/registries.conf
oc apply -f 99-worker-container-registry-conf.yaml
- 創(chuàng)建CatalogSource
$ cat internal-mirrored-operatorhub-catalog.yaml
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
name: internal-mirrored-operatorhub-catalog
namespace: openshift-marketplace
spec:
displayName: My Mirrored Operator Catalog
sourceType: grpc
image: ${REGISTRY}/openshift-marketplace/mirrored-operator-catalog
$ oc create -f internal-mirrored-operatorhub-catalog.yaml
- 檢查
$ oc get pods -n openshift-marketplace
$ oc get catalogsource -n openshift-marketplace
$ oc describe catalogsource internal-mirrored-operatorhub-catalog -n openshift-marketplace
- 腳本
- get-operator.sh
#!/bin/bash
DATE=$(date +%Y-%m-%d-%H:%M:%S)
function log(){
echo "$DATE INFO $@"
return 0
}
function panic(){
echo "$DATE ERROR $@"
exit 1
}
if [ "x$(which jq)" == "x" ]; then
panic "Missing jq"
fi
if [ $# -lt 2 ]; then
panic "Usage: $0 NAMESPACE PACKAGE"
fi
PKG_NAMESPACE=$1
PKG_NAME=$2
RELEASE=$(curl -s "https://quay.io/cnr/api/v1/packages?namespace=${PKG_NAMESPACE}" | jq '.[] | select(.name == "'$PKG_NAMESPACE'" + "/" + "'$PKG_NAME'") | .default' | tr -d '"')
DIGEST=$(curl -s "https://quay.io/cnr/api/v1/packages/$PKG_NAMESPACE/$PKG_NAME/$RELEASE" | jq '.[].content.digest'| tr -d '"')
if [ -z "${RELEASE}" ] || [ -z "${DIGEST}" ]; then
panic "populate release and/or digest"
fi
log "Downloading ${PKG_NAMESPACE}/${PKG_NAME} ${RELEASE} release using ${DIGEST}"
FILENAME="${PKG_NAMESPACE}-${PKG_NAME}-${RELEASE}.tar.gz"
curl -s -H "Authorization: ${QUAY_AUTH_TOKEN}" \
"https://quay.io/cnr/api/v1/packages/$PKG_NAMESPACE/$PKG_NAME/blobs/sha256/$DIGEST" -o "${FILENAME}"
log "Downloading file $FILENAME"
- build-operator-catalog.sh
#!/bin/bash
DATE=$(date +%Y-%m-%d-%H:%M:%S)
function log(){
echo "$DATE INFO $@"
return 0
}
function panic(){
echo "$DATE ERROR $@"
exit 1
}
if [ $# -lt 1 ]; then
panic "Usage: $0 Registry URL"
fi
REGISTRY=$1
if [ ! -d "./manifests" ]; then
panic "./manifests doesn't exist"
fi
podman build --no-cache -f Dockerfile \
-t ${REGISTRY}/openshift-marketplace/mirrored-operator-catalog
podman push ${REGISTRY}/openshift-marketplace/mirrored-operator-catalog
參考鏈接
https://docs.openshift.com/container-platform/4.3/operators/olm-restricted-networks.html
https://access.redhat.com/solutions/4838051
https://www.cnblogs.com/ericnie/p/11777384.html?from=timeline&isappinstalled=0
