|
OpenShift Origin 3.7 : Deploy Docker Registry
2018/02/07 |
|
Deploy Docker Registry.
If you installed OpenShift Origin like here, a Registry Pod has already been deployed and running, but if you'd like to change settings of the Pod like storage, configute like follows.
It's possbile to use OpenStack Swift or Google Storage, Microsoft Azure for Storage of the Registry, but on this example, set Filesystem for it.
This example is based on the environment like follows.
-----------+-----------------------------------------------------------+------------
|10.0.0.30 |10.0.0.51 |10.0.0.52
+----------+-----------+ +----------+-----------+ +----------+-----------+
| [ dlp.srv.world ] | | [ node01.srv.world ] | | [ node02.srv.world ] |
| (Master Node) | | (Compute Node) | | (Compute Node) |
| (Compute Node) | | | | |
+----------------------+ +----------------------+ +----------------------+
|
| [1] | Delete default Registry settings. |
|
[origin@dlp ~]$ oc get pods NAME READY STATUS RESTARTS AGE docker-registry-1-qjkzk 1/1 Running 1 1h registry-console-1-jx2zv 1/1 Running 1 1h router-1-btps5 1/1 Running 1 1h[origin@dlp ~]$ oc describe pod docker-registry-1-qjkzk | grep -A3 'Volumes:'
Volumes:
registry-storage:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
[origin@dlp ~]$ oc delete all -l docker-registry=default deploymentconfig "docker-registry" deleted pod "docker-registry-1-qjkzk" deleted[origin@dlp ~]$ oc delete all -l app=registry-console imagestream "registry-console" deleted deploymentconfig "registry-console" deleted pod "registry-console-1-jx2zv" deleted service "registry-console" deleted[origin@dlp ~]$ oc delete serviceaccount registry serviceaccount "registry" deleted
[origin@dlp ~]$
oc delete service docker-registry service "docker-registry" deleted
[origin@dlp ~]$
[origin@dlp ~]$ oc delete oauthclients cockpit-oauth-client oauthclient "cockpit-oauth-client" deleted oc get pods NAME READY STATUS RESTARTS AGE router-1-btps5 1/1 Running 1 1h |
| [2] | Create a directory for Container Images on Master Node and configure Registry. |
|
# Create a directory for Images (any place you like) [origin@dlp ~]$ [origin@dlp ~]$ # set privilege to the [registry] account [origin@dlp ~]$ oadm policy add-scc-to-user privileged system:serviceaccount:default:registry scc "privileged" added to: ["system:serviceaccount:default:registry"] # deploy Registry [origin@dlp ~]$ sudo oadm registry \ --config=/etc/origin/master/admin.kubeconfig \ --service-account=registry \ --images='openshift/origin-docker-registry' \ --mount-host=/var/lib/origin/registry \ --selector="region=infra" \ --replicas=1
--> Creating registry registry ...
serviceaccount "registry" created
clusterrolebinding "registry-registry-role" created
deploymentconfig "docker-registry" created
service "docker-registry" created
--> Success
# few minutes later, deploy has finished and Pod becomes running state [origin@dlp ~]$ oc get pods NAME READY STATUS RESTARTS AGE docker-registry-1-95lsw 1/1 Running 0 55s router-1-btps5 1/1 Running 1 17h[origin@dlp ~]$ oc describe pod docker-registry-1-95lsw
Name: docker-registry-1-95lsw
Namespace: default
Node: dlp.srv.world/10.0.0.30
Start Time: Fri, 08 Feb 2018 19:30:28 +0900
Labels: deployment=docker-registry-1
deploymentconfig=docker-registry
docker-registry=default
Annotations: kubernetes.io/created-by={"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicationController","namespace":"default","name":"docker-registry-1","uid":"6b94e04e-0d30-11e8-8fa8-525...
openshift.io/deployment-config.latest-version=1
openshift.io/deployment-config.name=docker-registry
openshift.io/deployment.name=docker-registry-1
openshift.io/scc=privileged
Status: Running
IP: 10.129.0.15
Created By: ReplicationController/docker-registry-1
Controlled By: ReplicationController/docker-registry-1
Containers:
registry:
Container ID: docker://ccb51a2e6186c83c178f0d2d08ccc519cc5caf31196d314f7243295936b21313
Image: openshift/origin-docker-registry
Image ID: docker-pullable://docker.io/openshift/origin-docker-registry@sha256:1d9da3c66a8d496e9ab0ff34967f62d577e2cab38a6ac6071cdd8e8ccb61389b
Port: 5000/TCP
State: Running
Started: Fri, 08 Feb 2018 19:30:59 +0900
Ready: True
Restart Count: 0
Requests:
cpu: 100m
memory: 256Mi
Liveness: http-get http://:5000/healthz delay=10s timeout=5s period=10s #success=1 #failure=3
Readiness: http-get http://:5000/healthz delay=0s timeout=5s period=10s #success=1 #failure=3
Environment:
REGISTRY_HTTP_ADDR: :5000
REGISTRY_HTTP_NET: tcp
REGISTRY_HTTP_SECRET: pzGkgYI9NwU/rxs/JlESoRT0uHrpG4k9jH3N6Lw4dJc=
REGISTRY_MIDDLEWARE_REPOSITORY_OPENSHIFT_ENFORCEQUOTA: false
Mounts:
/registry from registry-storage (rw)
/var/run/secrets/kubernetes.io/serviceaccount from registry-token-48jr9 (ro)
Conditions:
Type Status
Initialized True
Ready True
PodScheduled True
Volumes:
registry-storage:
Type: HostPath (bare host directory volume)
Path: /var/lib/origin/registry
registry-token-48jr9:
Type: Secret (a volume populated by a Secret)
SecretName: registry-token-48jr9
Optional: false
QoS Class: Burstable
Node-Selectors: region=infra
.....
.....
|
| [3] | Make sure to deploy a test application to be able to use Registry normally. |
|
[cent@dlp ~]$ oc login
Authentication required for https://dlp.srv.world:8443 (openshift)
Username: cent
Password:
Login successful.
You don't have any projects. You can try to create a new project, by running
oc new-project <projectname>
[cent@dlp ~]$ oc new-project test-project
Now using project "test-project" on server "https://dlp.srv.world:8443".
You can add applications to this project with the 'new-app' command. For example, try:
oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-ex.git
to build a new example application in Ruby.
[cent@dlp ~]$ oc new-app centos/ruby-22-centos7~https://github.com/openshift/ruby-ex.git
--> Creating resources ...
imagestream "ruby-22-centos7" created
imagestream "ruby-ex" created
buildconfig "ruby-ex" created
deploymentconfig "ruby-ex" created
service "ruby-ex" created
--> Success
Build scheduled, use 'oc logs -f bc/ruby-ex' to track its progress.
Run 'oc status' to view your app.
# few minutes later, deploy has finished and Pod is running [cent@dlp ~]$ oc status
In project test-project on server https://dlp.srv.world:8443
svc/ruby-ex - 172.30.76.211:8080
dc/ruby-ex deploys istag/ruby-ex:latest <-
bc/ruby-ex source builds https://github.com/openshift/ruby-ex.git on istag/ruby-22-centos7:latest
deployment #1 deployed 19 seconds ago - 1 pod
View details with 'oc describe <resource>/<name>' or list everything with 'oc get all'.
[cent@dlp ~]$ oc get pods NAME READY STATUS RESTARTS AGE ruby-ex-1-build 0/1 Completed 0 3m ruby-ex-2-pgd2m 1/1 Running 0 57s[cent@dlp ~]$ oc describe service ruby-ex Name: ruby-ex Namespace: test-project Labels: app=ruby-ex Annotations: openshift.io/generated-by=OpenShiftNewApp Selector: app=ruby-ex,deploymentconfig=ruby-ex Type: ClusterIP IP: 172.30.76.211 Port: 8080-tcp 8080/TCP Endpoints: 10.129.0.17:8080 Session Affinity: None Events: <none>[cent@dlp ~]$ curl 172.30.76.211:8080
.....
.....
</head>
<body>
<section class='container'>
<hgroup>
<h1>Welcome to your Ruby application on OpenShift</h1>
</hgroup>
.....
.....
</body>
</html>
|
| [4] | Enable Registry Console to use Web based UI. |
|
# make sure routes [origin@dlp ~]$ oc get routes NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD docker-registry docker-registry-default.apps.srv.world docker-registry <all> passthrough None registry-console registry-console-default.apps.srv.world registry-console <all> passthrough None # if a route [registry-console] is none on current settings, create it like follows [origin@dlp ~]$ oc create route passthrough --service registry-console --port registry-console -n default
# create Registry Console apprication # for [OPENSHIFT_OAUTH_PROVIDER_URL], specify the URL which is set in # [oauthConfig] section of [/etc/origin/master/master-config.yaml] [origin@dlp ~]$ oc new-app -n default --template=registry-console \ -p OPENSHIFT_OAUTH_PROVIDER_URL="https://dlp.srv.world:8443" \ -p REGISTRY_HOST=$(oc get route docker-registry -n default --template='{{ .spec.host }}') \ -p COCKPIT_KUBE_URL=$(oc get route registry-console -n default --template='https://{{ .spec.host }}')
--> Deploying template "openshift/registry-console" to project default
registry-console
---------
Template for deploying registry web console. Requires cluster-admin.
* With parameters:
* IMAGE_PREFIX=cockpit/
* IMAGE_BASENAME=kubernetes
* IMAGE_VERSION=latest
* OPENSHIFT_OAUTH_PROVIDER_URL=https://dlp.srv.world:8443
* COCKPIT_KUBE_URL=https://registry-console-default.apps.srv.world
* OPENSHIFT_OAUTH_CLIENT_SECRET=user5WjmnJvHPAhJL8f2WopDOkcfy24R3IkHTpOn2YFiyyQcx2H8eDfr1EuuH1afHbxG # generated
* OPENSHIFT_OAUTH_CLIENT_ID=cockpit-oauth-client
* REGISTRY_HOST=docker-registry-default.apps.srv.world
--> Creating resources ...
deploymentconfig "registry-console" created
service "registry-console" created
imagestream "registry-console" created
oauthclient "cockpit-oauth-client" created
--> Success
Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
'oc expose svc/registry-console'
Run 'oc status' to view your app.
[origin@dlp ~]$ oc get pods NAME READY STATUS RESTARTS AGE docker-registry-1-95lsw 1/1 Running 0 9m registry-console-1-xtz52 1/1 Running 0 1m router-1-btps5 1/1 Running 1 17h[origin@dlp ~]$ oc get routes NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD docker-registry docker-registry-default.apps.srv.world docker-registry <all> passthrough None registry-console registry-console-default.apps.srv.world registry-console <all> passthrough None |
| [5] | Access to the URL which is assigned for Registry Console (on this example, it's [registry-console-default.apps.srv.world], it needs the client Host can run name resolution) [https://registry-console-default.apps.srv.world/], and login with any user (login form is redirected), then it's possbile to access to the registry Console. |
|
|