OpenShift Origin 3.6 : Deploy Docker Registry2017/11/26 |
Deploy Docker Registry.
If you installed OpenShift Origin like here, a Registry Pod has already been deployed and running, but if you'd like to change settings of the Pod like storage, configute like follows.
It's possible to use OpenStack Swift or Google Storage, Microsoft Azure for Storage of the Registry,
but on this example, set Filesystem for it.
This example is based on the environment like follows.
-----------+-----------------------------------------------------------+------------ |10.0.0.30 |10.0.0.51 |10.0.0.52 +----------+-----------+ +----------+-----------+ +----------+-----------+ | [ dlp.srv.world ] | | [ node01.srv.world ] | | [ node02.srv.world ] | | (Master Node) | | (Compute Node) | | (Compute Node) | | (Compute Node) | | | | | +----------------------+ +----------------------+ +----------------------+ |
[1] | Delete default Registry settings. |
[origin@dlp ~]$ oc get pods NAME READY STATUS RESTARTS AGE docker-registry-1-zrn3b 1/1 Running 1 15h registry-console-1-8xndp 1/1 Running 1 15h router-1-f2j5k 1/1 Running 1 15h[origin@dlp ~]$ oc describe pod docker-registry-1-zrn3b | grep -A3 'Volumes:' Volumes: registry-storage: Type: EmptyDir (a temporary directory that shares a pod's lifetime) Medium: 1/1 Running 1 15h[origin@dlp ~]$ oc delete all -l docker-registry=default deploymentconfig "docker-registry" deleted pod "docker-registry-1-b4g3z" deleted[origin@dlp ~]$ oc delete all -l app=registry-console imagestream "registry-console" deleted deploymentconfig "registry-console" deleted service "registry-console" deleted pod "registry-console-1-2vzks" deleted[origin@dlp ~]$ oc delete serviceaccount registry serviceaccount "registry" deleted
[origin@dlp ~]$
[origin@dlp ~]$ oc delete service docker-registry service "docker-registry" deleted oc get pods NAME READY STATUS RESTARTS AGE router-1-f4mc9 1/1 Running 1 16h |
[2] | Create a directory for Container Images on Master Node and configure Registry. |
# Create a directory for Images (any place you like) [origin@dlp ~]$ [origin@dlp ~]$ # set privilege to the [registry] account [origin@dlp ~]$ oadm policy add-scc-to-user privileged system:serviceaccount:default:registry
# deploy Registry [origin@dlp ~]$ sudo oadm registry \ --config=/etc/origin/master/admin.kubeconfig \ --service-account=registry \ --images='openshift/origin-docker-registry' \ --mount-host=/var/lib/origin/registry \ --selector="region=infra" \ --replicas=1 --> Creating registry registry ... serviceaccount "registry" created clusterrolebinding "registry-registry-role" created deploymentconfig "docker-registry" created service "docker-registry" created --> Success # few minutes later, deploy has finished and Pod becomes running state [origin@dlp ~]$ oc get pods NAME READY STATUS RESTARTS AGE docker-registry-1-5l5mc 1/1 Running 0 37s router-1-8sh8d 1/1 Running 1 16m[origin@dlp ~]$ oc describe pod docker-registry-1-5l5mc Name: docker-registry-1-5l5mc Namespace: default Security Policy: privileged Node: dlp.srv.world/10.0.0.30 Start Time: Mon, 27 Nov 2017 19:18:26 +0900 Labels: deployment=docker-registry-1 deploymentconfig=docker-registry docker-registry=default Annotations: kubernetes.io/created-by={"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicationController","namespace":"default","name":"docker-registry-1","uid":"636faee4-d332-11e7-9ce4-525... openshift.io/deployment-config.latest-version=1 openshift.io/deployment-config.name=docker-registry openshift.io/deployment.name=docker-registry-1 openshift.io/scc=privileged Status: Running IP: 10.128.0.9 Controllers: ReplicationController/docker-registry-1 Containers: registry: Container ID: docker://80bd8404ccb6e2733fc1756b9b0ea13c763aa5b265a212716e4ed9f02f686e6c Image: openshift/origin-docker-registry Image ID: docker-pullable://docker.io/openshift/origin-docker-registry@sha256:4563b06d501b2b9afc48faaf66381c9c93d5d6f40978592d140c89a5768d8377 Port: 5000/TCP State: Running Started: Mon, 27 Nov 2017 19:18:54 +0900 Ready: True Restart Count: 0 Requests: cpu: 100m memory: 256Mi Liveness: http-get http://:5000/healthz delay=10s timeout=5s period=10s #success=1 #failure=3 Readiness: http-get http://:5000/healthz delay=0s timeout=5s period=10s #success=1 #failure=3 Environment: REGISTRY_HTTP_ADDR: :5000 REGISTRY_HTTP_NET: tcp REGISTRY_HTTP_SECRET: qSTSreW6U9oKPuEYWps5jcEKpffJPG+foqKDxbU69M0= REGISTRY_MIDDLEWARE_REPOSITORY_OPENSHIFT_ENFORCEQUOTA: false Mounts: /registry from registry-storage (rw) /var/run/secrets/kubernetes.io/serviceaccount from registry-token-bfpzs (ro) Conditions: Type Status Initialized True Ready True PodScheduled True Volumes: registry-storage: Type: HostPath (bare host directory volume) Path: /var/lib/origin/registry registry-token-bfpzs: Type: Secret (a volume populated by a Secret) SecretName: registry-token-bfpzs Optional: false QoS Class: Burstable Node-Selectors: region=infra ..... ..... |
[3] | Make sure to deploy a test application to be able to use Registry normally. |
[cent@dlp ~]$ oc login Authentication required for https://dlp.srv.world:8443 (openshift) Username: cent Password: Login successful. You don't have any projects. You can try to create a new project, by running oc new-project <projectname>[cent@dlp ~]$ oc new-project test-project Now using project "test-project" on server "https://dlp.srv.world:8443". You can add applications to this project with the 'new-app' command. For example, try: oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-ex.git to build a new example application in Ruby.[cent@dlp ~]$ oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-ex.git --> Creating resources ... imagestream "ruby-22-centos7" created imagestream "ruby-ex" created buildconfig "ruby-ex" created deploymentconfig "ruby-ex" created service "ruby-ex" created --> Success Build scheduled, use 'oc logs -f bc/ruby-ex' to track its progress. Run 'oc status' to view your app. # few minutes later, deploy has finished and Pod is running [cent@dlp ~]$ oc status In project test-project on server https://dlp.srv.world:8443 svc/ruby-ex - 172.30.136.221:8080 dc/ruby-ex deploys istag/ruby-ex:latest <- bc/ruby-ex source builds https://github.com/openshift/ruby-ex.git on istag/ruby-22-centos7:latest deployment #1 deployed 35 seconds ago - 1 pod View details with 'oc describe <resource>/<name>' or list everything with 'oc get all'.[cent@dlp ~]$ oc get pods NAME READY STATUS RESTARTS AGE ruby-ex-1-build 0/1 Completed 0 2m ruby-ex-1-vvjck 1/1 Running 0 35s[cent@dlp ~]$ oc describe service ruby-ex Name: ruby-ex Namespace: test-project Labels: app=ruby-ex Annotations: openshift.io/generated-by=OpenShiftNewApp Selector: app=ruby-ex,deploymentconfig=ruby-ex Type: ClusterIP IP: 172.30.136.221 Port: 8080-tcp 8080/TCP Endpoints: 10.128.0.13:8080 Session Affinity: None Events: <none>[cent@dlp ~]$ curl 172.30.136.221:8080 ..... ..... </head> <body> <section class='container'> <hgroup> <h1>Welcome to your Ruby application on OpenShift</h1> </hgroup> ..... ..... </body> </html> |
[4] | Enable Registry Console to use Web based UI. |
# make sure routes [origin@dlp ~]$ oc get routes NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD docker-registry docker-registry-default.apps.srv.world docker-registry <all> passthrough None registry-console registry-console-default.apps.srv.world registry-console <all> passthrough None # if a route [registry-console] is none on current settings, create it like follows [origin@dlp ~]$ oc create route passthrough --service registry-console --port registry-console -n default
# create Registry Console apprication # for [OPENSHIFT_OAUTH_PROVIDER_URL], specify the URL which is set in # [oauthConfig] section of [/etc/origin/master/master-config.yaml] [origin@dlp ~]$ oc new-app -n default --template=registry-console \ -p OPENSHIFT_OAUTH_PROVIDER_URL="https://dlp.srv.world:8443" \ -p REGISTRY_HOST=$(oc get route docker-registry -n default --template='{{ .spec.host }}') \ -p COCKPIT_KUBE_URL=$(oc get route registry-console -n default --template='https://{{ .spec.host }}') --> Deploying template "openshift/registry-console" to project default registry-console --------- Template for deploying registry web console. Requires cluster-admin. * With parameters: * IMAGE_NAME=cockpit/kubernetes * IMAGE_VERSION=latest * OPENSHIFT_OAUTH_PROVIDER_URL=https://dlp.srv.world:8443 * COCKPIT_KUBE_URL=https://registry-console-default.apps.srv.world * OPENSHIFT_OAUTH_CLIENT_SECRET=userjmtYpn0hpAghbeC7e7462ckrT6KkWymRXnxjDGTiejiV4W... * OPENSHIFT_OAUTH_CLIENT_ID=cockpit-oauth-client * REGISTRY_HOST=docker-registry-default.apps.srv.world --> Creating resources ... deploymentconfig "registry-console" created service "registry-console" created imagestream "registry-console" created --> Success[origin@dlp ~]$ oc get pods NAME READY STATUS RESTARTS AGE docker-registry-1-5l5mc 1/1 Running 0 18m registry-console-1-738dt 1/1 Running 0 1m router-1-8sh8d 1/1 Running 1 34m[origin@dlp ~]$ oc get routes NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD docker-registry docker-registry-default.apps.srv.world docker-registry <all> passthrough None registry-console registry-console-default.apps.srv.world registry-console <all> passthrough None |
[5] | Access to the URL which is assigned for Registry Console (on this example, it's [registry-console-default.apps.srv.world], it needs the client Host can run name resolution) [https://registry-console-default.apps.srv.world/], and login with any user (login form is redirected), then it's possible to access to the registry Console. |
Sponsored Link |
|