CentOS 7
Sponsored Link

OpenShift Origin (OKD) 3.11 : Deploy Registry2018/11/20

 
Deploy Docker Registry.
If you installed OpenShift Origin like here, a Registry Pod has already been deployed and running, but if you'd like to change settings of the Pod like storage, configure like follows.
It's possible to use OpenStack Swift or Google Storage, Microsoft Azure for Storage of the Registry, but on this example, set Filesystem for it.
This example is based on the environment like follows.
-----------+-----------------------------+-----------------------------+------------
           |10.0.0.25                    |10.0.0.51                    |10.0.0.52
+----------+-----------+      +----------+-----------+      +----------+-----------+
|  [ ctrl.srv.world ]  |      | [ node01.srv.world ] |      | [ node02.srv.world ] |
|     (Master Node)    |      |    (Compute Node)    |      |    (Compute Node)    |
|     (Infra Node)     |      |                      |      |                      |
|     (Compute Node)   |      |                      |      |                      |
+----------------------+      +----------------------+      +----------------------+

[1] Delete default Registry settings.
[origin@ctrl ~]$
oc get pods

NAME                       READY     STATUS    RESTARTS   AGE
docker-registry-1-7fhl2    1/1       Running   0          18m
registry-console-1-r6pfv   1/1       Running   0          18m
router-1-pshv8             1/1       Running   0          18m

[origin@ctrl ~]$
oc describe pod docker-registry-1-7fhl2 | grep -A3 'Volumes:'

Volumes:
  registry-storage:
    Type:    EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:

# delete related settings

[origin@ctrl ~]$
oc delete all -l docker-registry=default

pod "docker-registry-1-h2cdr" deleted
replicationcontroller "docker-registry-1" deleted
service "docker-registry" deleted
deploymentconfig.apps.openshift.io "docker-registry" deleted

[origin@ctrl ~]$
oc delete all -l name=registry-console

pod "registry-console-1-2cg24" deleted
replicationcontroller "registry-console-1" deleted
service "registry-console" deleted
deploymentconfig.apps.openshift.io "registry-console" deleted

[origin@ctrl ~]$
oc delete serviceaccount registry

serviceaccount "registry" deleted
[origin@ctrl ~]$
oc delete oauthclients cockpit-oauth-client

oauthclient "cockpit-oauth-client" deleted
# delete if it exists

[origin@ctrl ~]$
oc delete clusterrolebindings registry-registry-role

clusterrolebinding.authorization.openshift.io "registry-registry-role" deleted
[origin@ctrl ~]$
oc get pods

NAME             READY     STATUS    RESTARTS   AGE
router-1-pshv8   1/1       Running   0          21m
[2] Configure Registry.
For example, create a directory for Container Images on [node01.srv.world] Node which is in [compute] role and set a Registry Pod which always runs on the Node.
[origin@ctrl ~]$
oc get nodes

NAME               STATUS    ROLES          AGE       VERSION
ctrl.srv.world     Ready     infra,master   3h        v1.11.0+d4cacc0
node01.srv.world   Ready     compute        2h        v1.11.0+d4cacc0
node02.srv.world   Ready     compute        2h        v1.11.0+d4cacc0

# Create a directory for Images (any place you like)

[origin@ctrl ~]$
ssh node01 "sudo mkdir /var/lib/origin/registry"

[origin@ctrl ~]$
ssh node01 "sudo chown origin. /var/lib/origin/registry"
# set privilege to the [registry] account

[origin@ctrl ~]$
oc adm policy add-scc-to-user privileged system:serviceaccount:default:registry

scc "privileged" added to: ["system:serviceaccount:default:registry"]
# deploy Registry

[origin@ctrl ~]$
sudo oc adm registry \
--config=/etc/origin/master/admin.kubeconfig \
--service-account=registry \
--mount-host=/var/lib/origin/registry \
--selector='kubernetes.io/hostname=node01.srv.world' \
--replicas=1

--> Creating registry registry ...
    serviceaccount "registry" created
    clusterrolebinding.authorization.openshift.io "registry-registry-role" created
    deploymentconfig.apps.openshift.io "docker-registry" created
    service "docker-registry" created
--> Success

# few minutes later, deploy has finished and Pod becomes running state

[origin@ctrl ~]$
oc get pods

NAME                      READY     STATUS    RESTARTS   AGE
docker-registry-1-tqtnv   1/1       Running   0          29s
router-1-pshv8            1/1       Running   0          22m

[origin@ctrl ~]$
oc describe pod docker-registry-1-tqtnv

Name:               docker-registry-1-tqtnv
Namespace:          default
Priority:           0
PriorityClassName:  <none>
Node:               node01.srv.world/10.0.0.51
Start Time:         Mon, 19 Nov 2018 15:41:22 +0900
Labels:             deployment=docker-registry-1
                    deploymentconfig=docker-registry
                    docker-registry=default
Annotations:        openshift.io/deployment-config.latest-version=1
                    openshift.io/deployment-config.name=docker-registry
                    openshift.io/deployment.name=docker-registry-1
                    openshift.io/scc=privileged
Status:             Running
IP:                 10.130.0.5
Controlled By:      ReplicationController/docker-registry-1
Containers:
  registry:
    Container ID:   docker://ca29fa97475885674a71eb1a58fe6d45866fdb07044bcf59fca3b01473adc968
    Image:          openshift/origin-docker-registry:v3.11.0
    Image ID:       docker-pullable://docker.io/openshift/origin-docker-registry@sha256:82b693c48dc3a12d78b1b30a73c4a48b656118f542350663f42ddd19193fc417
    Port:           5000/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Mon, 19 Nov 2018 15:41:30 +0900
    Ready:          True
    Restart Count:  0
    Requests:
      cpu:      100m
      memory:   256Mi
    Liveness:   http-get http://:5000/healthz delay=10s timeout=5s period=10s #success=1 #failure=3
    Readiness:  http-get http://:5000/healthz delay=0s timeout=5s period=10s #success=1 #failure=3
    Environment:
      REGISTRY_HTTP_ADDR:                                     :5000
      REGISTRY_HTTP_NET:                                      tcp
      REGISTRY_HTTP_SECRET:                                   +zTDrwQD6BTWW6qFMJZlb3aRWplxkwOofQJBhldVh7s=
      REGISTRY_MIDDLEWARE_REPOSITORY_OPENSHIFT_ENFORCEQUOTA:  false
    Mounts:
      /registry from registry-storage (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from registry-token-75xqr (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  registry-storage:
    Type:          HostPath (bare host directory volume)
    Path:          /var/lib/origin/registry
    HostPathType:
  registry-token-75xqr:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  registry-token-75xqr
    Optional:    false
QoS Class:       Burstable
Node-Selectors:  kubernetes.io/hostname=node01.srv.world
Tolerations:     node.kubernetes.io/memory-pressure:NoSchedule
.....
.....
[3] Make sure to deploy a test application to be able to use Registry normally.
[cent@ctrl ~]$
oc login

Authentication required for https://ctrl.srv.world:8443 (openshift)
Username: cent
Password:
Login successful.

You don't have any projects. You can try to create a new project, by running

    oc new-project <projectname>

[cent@ctrl ~]$
oc new-project test-project

Now using project "test-project" on server "https://ctrl.srv.world:8443".

You can add applications to this project with the 'new-app' command. For example, try:

    oc new-app centos/ruby-25-centos7~https://github.com/sclorg/ruby-ex.git

to build a new example application in Ruby.

[cent@ctrl ~]$
oc new-app centos/ruby-25-centos7~https://github.com/sclorg/ruby-ex.git

--> Found Docker image b1c2a30 (13 days old) from Docker Hub for "centos/ruby-25-centos7"

    Ruby 2.5
    --------
    Ruby 2.5 available as container is a base platform for building and running various Ruby 2.5 applications and frameworks. Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible.

    Tags: builder, ruby, ruby25, rh-ruby25

    * An image stream tag will be created as "ruby-25-centos7:latest" that will track the source image
    * A source build using source code from https://github.com/sclorg/ruby-ex.git will be created
      * The resulting image will be pushed to image stream tag "ruby-ex:latest"
      * Every time "ruby-25-centos7:latest" changes a new build will be triggered
    * This image will be deployed in deployment config "ruby-ex"
    * Port 8080/tcp will be load balanced by service "ruby-ex"
      * Other containers can access this service through the hostname "ruby-ex"

--> Creating resources ...
    imagestream.image.openshift.io "ruby-25-centos7" created
    imagestream.image.openshift.io "ruby-ex" created
    buildconfig.build.openshift.io "ruby-ex" created
    deploymentconfig.apps.openshift.io "ruby-ex" created
    service "ruby-ex" created
--> Success
    Build scheduled, use 'oc logs -f bc/ruby-ex' to track its progress.
    Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
     'oc expose svc/ruby-ex'
    Run 'oc status' to view your app.

# few minutes later, deploy has finished and Pod is running

[cent@ctrl ~]$
oc status

In project test-project on server https://ctrl.srv.world:8443

svc/ruby-ex - 172.30.190.225:8080
  dc/ruby-ex deploys istag/ruby-ex:latest <-
    bc/ruby-ex source builds https://github.com/sclorg/ruby-ex.git on istag/ruby-25-centos7:latest
    deployment #1 deployed 49 seconds ago - 1 pod


2 infos identified, use 'oc status --suggest' to see details.

[cent@ctrl ~]$
oc get pods

NAME              READY     STATUS      RESTARTS   AGE
ruby-ex-1-build   0/1       Completed   0          1m
ruby-ex-1-cwsbq   1/1       Running     0          1m

[cent@ctrl ~]$
oc describe service ruby-ex

Name:              ruby-ex
Namespace:         test-project
Labels:            app=ruby-ex
Annotations:       openshift.io/generated-by=OpenShiftNewApp
Selector:          app=ruby-ex,deploymentconfig=ruby-ex
Type:              ClusterIP
IP:                172.30.190.225
Port:              8080-tcp  8080/TCP
TargetPort:        8080/TCP
Endpoints:         10.130.0.6:8080
Session Affinity:  None
Events:            <none>

[cent@ctrl ~]$
curl 172.30.190.225:8080


.....
.....

</head>
<body>

<section class='container'>
          <hgroup>
            <h1>Welcome to your Ruby application on OpenShift</h1>
          </hgroup>

.....
.....

</body>
</html>
[4] Enable Registry Console to use Web based UI.
# make sure routes

[origin@ctrl ~]$
oc get routes

NAME               HOST/PORT                                 PATH      SERVICES           PORT      TERMINATION   WILDCARD
docker-registry    docker-registry-default.apps.srv.world              docker-registry    <all>     passthrough   None
registry-console   registry-console-default.apps.srv.world             registry-console   <all>     passthrough   None

# if a route [registry-console] is none on current settings, create it like follows

[origin@ctrl ~]$
oc create route passthrough --service registry-console --port registry-console -n default
# create Registry Console apprication

# for [OPENSHIFT_OAUTH_PROVIDER_URL], specify the URL which is set in

# [oauthConfig] section of [/etc/origin/master/master-config.yaml]

[origin@ctrl ~]$
oc new-app -n default --template=registry-console \
-p IMAGE_NAME="docker.io/cockpit/kubernetes:latest" \
-p OPENSHIFT_OAUTH_PROVIDER_URL="https://ctrl.srv.world:8443" \
-p REGISTRY_HOST=$(oc get route docker-registry -n default --template='{{ .spec.host }}') \
-p COCKPIT_KUBE_URL=$(oc get route registry-console -n default --template='https://{{ .spec.host }}')

--> Deploying template "openshift/registry-console" to project default

     registry-console
     ---------
     Template for deploying registry web console. Requires cluster-admin.

     * With parameters:
        * IMAGE_NAME=docker.io/cockpit/kubernetes:latest
        * OPENSHIFT_OAUTH_PROVIDER_URL=https://ctrl.srv.world:8443
        * COCKPIT_KUBE_URL=https://registry-console-default.apps.srv.world
        * OPENSHIFT_OAUTH_CLIENT_SECRET=userb54oTgh2x67xXbmBcEqWeTTTFl5n7h1YrYk2Wg2HCxpiTu5NBelNfusNvwdJHhR3 # generated
        * OPENSHIFT_OAUTH_CLIENT_ID=cockpit-oauth-client
        * REGISTRY_HOST=docker-registry-default.apps.srv.world

--> Creating resources ...
    deploymentconfig.apps.openshift.io "registry-console" created
    service "registry-console" created
    oauthclient.oauth.openshift.io "cockpit-oauth-client" created
--> Success
    Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
     'oc expose svc/registry-console'
    Run 'oc status' to view your app.

[origin@ctrl ~]$
oc get pods

NAME                       READY     STATUS    RESTARTS   AGE
docker-registry-1-ttw9l    1/1       Running   0          9m
registry-console-1-zjbqb   1/1       Running   0          1m
router-1-mjch7             1/1       Running   1          15h

[origin@ctrl ~]$
oc get routes

NAME               HOST/PORT                                 PATH      SERVICES           PORT      TERMINATION   WILDCARD
docker-registry    docker-registry-default.apps.srv.world              docker-registry    <all>     passthrough   None
registry-console   registry-console-default.apps.srv.world             registry-console   <all>     passthrough   None
[5] Access to the URL which is assigned for Registry Console (on this example, it's [registry-console-default.apps.srv.world], it needs the client Host can run name resolution) [https://registry-console-default.apps.srv.world/], and login with any user (login form is redirected), then it's possible to access to the registry Console.
Matched Content