CentOS 7
Sponsored Link

OpenShift Origin 3.6 : Deploy Docker Registry
2017/11/26
 
Deploy Docker Registry.
If you installed OpenShift Origin like here, a Registry Pod has already been deployed and running, but if you'd like to change settings of the Pod like storage, configute like follows.
It's possbile to use OpenStack Swift or Google Storage, Microsoft Azure for Storage of the Registry, but on this example, set Filesystem for it.
This example is based on the environment like follows.
-----------+-----------------------------------------------------------+------------
           |10.0.0.30                    |10.0.0.51                    |10.0.0.52
+----------+-----------+      +----------+-----------+      +----------+-----------+
|  [  dlp.srv.world ]  |      | [ node01.srv.world ] |      | [ node02.srv.world ] |
|     (Master Node)    |      |    (Compute Node)    |      |    (Compute Node)    |
|     (Compute Node)   |      |                      |      |                      |
+----------------------+      +----------------------+      +----------------------+

[1] Delete default Registry settings.
[origin@dlp ~]$
oc get pods

NAME                       READY     STATUS    RESTARTS   AGE
docker-registry-1-zrn3b    1/1       Running   1          15h
registry-console-1-8xndp   1/1       Running   1          15h
router-1-f2j5k             1/1       Running   1          15h

[origin@dlp ~]$
oc describe pod docker-registry-1-zrn3b | grep -A3 'Volumes:'

Volumes:
  registry-storage:
    Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
       1/1       Running   1          15h

[origin@dlp ~]$
oc delete all -l docker-registry=default

deploymentconfig "docker-registry" deleted
pod "docker-registry-1-b4g3z" deleted

[origin@dlp ~]$
oc delete all -l app=registry-console

imagestream "registry-console" deleted
deploymentconfig "registry-console" deleted
service "registry-console" deleted
pod "registry-console-1-2vzks" deleted

[origin@dlp ~]$
oc delete serviceaccount registry

serviceaccount "registry" deleted
[origin@dlp ~]$
oc delete service docker-registry

service "docker-registry" deleted
[origin@dlp ~]$
oc get pods

NAME             READY     STATUS    RESTARTS   AGE
router-1-f4mc9   1/1       Running   1          16h
[2] Create a directory for Container Images on Master Node and configure Registry.
# Create a directory for Images (any place you like)

[origin@dlp ~]$
sudo mkdir /var/lib/origin/registry

[origin@dlp ~]$
sudo chown origin. /var/lib/origin/registry
# set privilege to the [registry] account

[origin@dlp ~]$
oadm policy add-scc-to-user privileged system:serviceaccount:default:registry
# deploy Registry

[origin@dlp ~]$
sudo oadm registry \
--config=/etc/origin/master/admin.kubeconfig \
--service-account=registry \
--images='openshift/origin-docker-registry' \
--mount-host=/var/lib/origin/registry \
--selector="region=infra" \
--replicas=1

--> Creating registry registry ...
    serviceaccount "registry" created
    clusterrolebinding "registry-registry-role" created
    deploymentconfig "docker-registry" created
    service "docker-registry" created
--> Success

# few minutes later, deploy has finished and Pod becomes running state

[origin@dlp ~]$
oc get pods

NAME                      READY     STATUS    RESTARTS   AGE
docker-registry-1-5l5mc   1/1       Running   0          37s
router-1-8sh8d            1/1       Running   1          16m

[origin@dlp ~]$
oc describe pod docker-registry-1-5l5mc

Name:                   docker-registry-1-5l5mc
Namespace:              default
Security Policy:        privileged
Node:                   dlp.srv.world/10.0.0.30
Start Time:             Mon, 27 Nov 2017 19:18:26 +0900
Labels:                 deployment=docker-registry-1
                        deploymentconfig=docker-registry
                        docker-registry=default
Annotations:            kubernetes.io/created-by={"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicationController","namespace":"default","name":"docker-registry-1","uid":"636faee4-d332-11e7-9ce4-525...
                        openshift.io/deployment-config.latest-version=1
                        openshift.io/deployment-config.name=docker-registry
                        openshift.io/deployment.name=docker-registry-1
                        openshift.io/scc=privileged
Status:                 Running
IP:                     10.128.0.9
Controllers:            ReplicationController/docker-registry-1
Containers:
  registry:
    Container ID:       docker://80bd8404ccb6e2733fc1756b9b0ea13c763aa5b265a212716e4ed9f02f686e6c
    Image:              openshift/origin-docker-registry
    Image ID:           docker-pullable://docker.io/openshift/origin-docker-registry@sha256:4563b06d501b2b9afc48faaf66381c9c93d5d6f40978592d140c89a5768d8377
    Port:               5000/TCP
    State:              Running
      Started:          Mon, 27 Nov 2017 19:18:54 +0900
    Ready:              True
    Restart Count:      0
    Requests:
      cpu:      100m
      memory:   256Mi
    Liveness:   http-get http://:5000/healthz delay=10s timeout=5s period=10s #success=1 #failure=3
    Readiness:  http-get http://:5000/healthz delay=0s timeout=5s period=10s #success=1 #failure=3
    Environment:
      REGISTRY_HTTP_ADDR:                                       :5000
      REGISTRY_HTTP_NET:                                        tcp
      REGISTRY_HTTP_SECRET:                                     qSTSreW6U9oKPuEYWps5jcEKpffJPG+foqKDxbU69M0=
      REGISTRY_MIDDLEWARE_REPOSITORY_OPENSHIFT_ENFORCEQUOTA:    false
    Mounts:
      /registry from registry-storage (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from registry-token-bfpzs (ro)
Conditions:
  Type          Status
  Initialized   True
  Ready         True
  PodScheduled  True
Volumes:
  registry-storage:
    Type:       HostPath (bare host directory volume)
    Path:       /var/lib/origin/registry
  registry-token-bfpzs:
    Type:       Secret (a volume populated by a Secret)
    SecretName: registry-token-bfpzs
    Optional:   false
QoS Class:      Burstable
Node-Selectors: region=infra
.....
.....
[3] Make sure to deploy a test application to be able to use Registry normally.
[cent@dlp ~]$
oc login

Authentication required for https://dlp.srv.world:8443 (openshift)
Username: cent
Password:
Login successful.

You don't have any projects. You can try to create a new project, by running

    oc new-project <projectname>

[cent@dlp ~]$
oc new-project test-project

Now using project "test-project" on server "https://dlp.srv.world:8443".

You can add applications to this project with the 'new-app' command. For example, try:

    oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-ex.git

to build a new example application in Ruby.

[cent@dlp ~]$
oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-ex.git

--> Creating resources ...
    imagestream "ruby-22-centos7" created
    imagestream "ruby-ex" created
    buildconfig "ruby-ex" created
    deploymentconfig "ruby-ex" created
    service "ruby-ex" created
--> Success
    Build scheduled, use 'oc logs -f bc/ruby-ex' to track its progress.
    Run 'oc status' to view your app.

# few minutes later, deploy has finished and Pod is running

[cent@dlp ~]$
oc status

In project test-project on server https://dlp.srv.world:8443

svc/ruby-ex - 172.30.136.221:8080
  dc/ruby-ex deploys istag/ruby-ex:latest <-
    bc/ruby-ex source builds https://github.com/openshift/ruby-ex.git on istag/ruby-22-centos7:latest
    deployment #1 deployed 35 seconds ago - 1 pod

View details with 'oc describe <resource>/<name>' or list everything with 'oc get all'.

[cent@dlp ~]$
oc get pods

NAME              READY     STATUS      RESTARTS   AGE
ruby-ex-1-build   0/1       Completed   0          2m
ruby-ex-1-vvjck   1/1       Running     0          35s

[cent@dlp ~]$
oc describe service ruby-ex

Name:                   ruby-ex
Namespace:              test-project
Labels:                 app=ruby-ex
Annotations:            openshift.io/generated-by=OpenShiftNewApp
Selector:               app=ruby-ex,deploymentconfig=ruby-ex
Type:                   ClusterIP
IP:                     172.30.136.221
Port:                   8080-tcp        8080/TCP
Endpoints:              10.128.0.13:8080
Session Affinity:       None
Events:                 <none>

[cent@dlp ~]$
curl 172.30.136.221:8080


.....
.....

</head>
<body>

<section class='container'>
          <hgroup>
            <h1>Welcome to your Ruby application on OpenShift</h1>
          </hgroup>

.....
.....

</body>
</html>
[4] Enable Registry Console to use Web based UI.
# make sure routes

[origin@dlp ~]$
oc get routes

NAME             HOST/PORT                               PATH  SERVICES         PORT   TERMINATION   WILDCARD
docker-registry  docker-registry-default.apps.srv.world        docker-registry  <all>  passthrough   None
registry-console registry-console-default.apps.srv.world       registry-console <all>  passthrough   None

# if a route [registry-console] is none on current settings, create it like follows

[origin@dlp ~]$
oc create route passthrough --service registry-console --port registry-console -n default
# create Registry Console apprication

# for [OPENSHIFT_OAUTH_PROVIDER_URL], specify the URL which is set in

# [oauthConfig] section of [/etc/origin/master/master-config.yaml]

[origin@dlp ~]$
oc new-app -n default --template=registry-console \
-p OPENSHIFT_OAUTH_PROVIDER_URL="https://dlp.srv.world:8443" \
-p REGISTRY_HOST=$(oc get route docker-registry -n default --template='{{ .spec.host }}') \
-p COCKPIT_KUBE_URL=$(oc get route registry-console -n default --template='https://{{ .spec.host }}')

--> Deploying template "openshift/registry-console" to project default

     registry-console
     ---------
     Template for deploying registry web console. Requires cluster-admin.

     * With parameters:
        * IMAGE_NAME=cockpit/kubernetes
        * IMAGE_VERSION=latest
        * OPENSHIFT_OAUTH_PROVIDER_URL=https://dlp.srv.world:8443
        * COCKPIT_KUBE_URL=https://registry-console-default.apps.srv.world
        * OPENSHIFT_OAUTH_CLIENT_SECRET=userjmtYpn0hpAghbeC7e7462ckrT6KkWymRXnxjDGTiejiV4W...
        * OPENSHIFT_OAUTH_CLIENT_ID=cockpit-oauth-client
        * REGISTRY_HOST=docker-registry-default.apps.srv.world

--> Creating resources ...
    deploymentconfig "registry-console" created
    service "registry-console" created
    imagestream "registry-console" created
--> Success

[origin@dlp ~]$
oc get pods

NAME                       READY     STATUS    RESTARTS   AGE
docker-registry-1-5l5mc    1/1       Running   0          18m
registry-console-1-738dt   1/1       Running   0          1m
router-1-8sh8d             1/1       Running   1          34m

[origin@dlp ~]$
oc get routes

NAME             HOST/PORT                               PATH  SERVICES         PORT   TERMINATION   WILDCARD
docker-registry  docker-registry-default.apps.srv.world        docker-registry  <all>  passthrough   None
registry-console registry-console-default.apps.srv.world       registry-console <all>  passthrough   None
[5] Access to the URL which is assigned for Registry Console (on this example, it's [registry-console-default.apps.srv.world], it needs the client Host can run name resolution) [https://registry-console-default.apps.srv.world/], and login with any user (login form is redirected), then it's possbile to access to the registry Console.
 
Tweet