OpenShift 部署02:部署 mirror registry 同步镜像

/ OpenShift Install

文章大纲

部署 mirror registry 和同步镜像

OpenShift 部署期间每个节点都要从外网下载大量的镜像,为了加快部署和减轻网络负载,建议部署 mirror registry 来同步镜像到本地。

部署 mirror registry

从 https://console.redhat.com/openshift/downloads#tool-mirror-registry 下载最新版本的 mirror registry for Red Hat OpenShiftmirror-registry.tar.gz
解压 tar 文件:

[root@support ~]# tar xf mirror-registry.tar.gz

创建 quayRoot 目录和安装 podman

[root@support ~]# mkdir /var/quay
[root@support ~]# dnf install podman -y

安装 mirror registry for Red Hat OpenShift

[root@support ~]# ./mirror-registry install --quayHostname support.ocp.icu --quayRoot /var/quay

   __   __
  /  \ /  \     ______   _    _     __   __   __
 / /\ / /\ \   /  __  \ | |  | |   /  \  \ \ / /
/ /  / /  \ \  | |  | | | |  | |  / /\ \  \   /
\ \  \ \  / /  | |__| | | |__| | / ____ \  | |
 \ \/ \ \/ /   \_  ___/  \____/ /_/    \_\ |_|
  \__/ \__/      \ \__
                  \___\ by Red Hat
 Build, Store, and Distribute your Containers
...

INFO Quay installed successfully, config data is stored in /var/quay 
INFO Quay is available at https://support.ocp.icu:8443 with credentials (init, iZQA6E8whY3IT9UVWNLH27G1c0g4pS5k)

访问 https://support.ocp.icu:8443 使用 init 作为用户名和 iZQA6E8whY3IT9UVWNLH27G1c0g4pS5k 作为密码进行登录。
注册一个新账户,账户名:ocp4:

登录后,创建 openshift4 仓库,并选择 Public

使用 podman login 登录:

[root@support ~]# podman login -u ocp4 -p redhat@123 support.ocp.icu:8443 --tls-verify=false
Login Succeeded!

信任证书:

[root@support ~]# cp /var/quay/quay-rootCA/rootCA.pem /etc/pki/ca-trust/source/anchors/
[root@support ~]# update-ca-trust extract

同步镜像

前往 https://console.redhat.com/openshift/install/pull-secret 下载 pull-secret.txt 到本地。
添加 mirror registry 的凭据:

[root@support ~]# dnf install jq -y
[root@support ~]# cat pull-secret.txt | jq . > pull-secret-done.txt
[root@support ~]# echo -n 'ocp4:redhat@123' | base64 -w0
b2NwNDpyZWRoYXRAMTIz

[root@support ~]# vim pull-secret-2.txt
#添加关于 support.ocp.icu 的凭据
"auths": {
    "support.ocp.icu:8443": {
      "auth": "b2NwNDpyZWRoYXRAMTIz",
      "email": "ocp4@support.ocp.icu"
   },

使用链接:https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/4.14.6/openshift-client-linux-4.14.6.tar.gz 下载 OpenShift command-line interface(oc),并解压。

[root@support ~]# tar xf openshift-client-linux-4.14.6.tar.gz -C /usr/local/bin/

设置环境变量:

[root@support ~]# export OCP_RELEASE=4.14.6
[root@support ~]# export LOCAL_REGISTRY='support.ocp.icu:8443'
[root@support ~]# export LOCAL_REPOSITORY='ocp4/openshift4'
[root@support ~]# export PRODUCT_REPO='openshift-release-dev'
[root@support ~]# export LOCAL_SECRET_JSON='/root/pull-secret-done.txt'
[root@support ~]# export RELEASE_NAME="ocp-release"
[root@support ~]# export ARCHITECTURE=x86_64

检查mirror的镜像和配置清单:

[root@support ~]# oc adm release mirror -a ${LOCAL_SECRET_JSON} \
--from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-${ARCHITECTURE} \
--to=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY} \
--to-release-image=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE}-${ARCHITECTURE} --dry-run

...

info: Planning completed in 37.42s
info: Dry run complete

Success
Update image:  support.ocp.icu:8443/ocp4/openshift4:4.14.6-x86_64
Mirror prefix: support.ocp.icu:8443/ocp4/openshift4
Mirror prefix: support.ocp.icu:8443/ocp4/openshift4:4.14.6-x86_64

To use the new mirrored repository to install, add the following section to the install-config.yaml:

imageContentSources:
- mirrors:
  - support.ocp.icu:8443/ocp4/openshift4
  source: quay.io/openshift-release-dev/ocp-release
- mirrors:
  - support.ocp.icu:8443/ocp4/openshift4
  source: quay.io/openshift-release-dev/ocp-v4.0-art-dev


To use the new mirrored repository for upgrades, use the following to create an ImageContentSourcePolicy:

apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata:
  name: example
spec:
  repositoryDigestMirrors:
  - mirrors:
    - support.ocp.icu:8443/ocp4/openshift4
    source: quay.io/openshift-release-dev/ocp-release
  - mirrors:
    - support.ocp.icu:8443/ocp4/openshift4
    source: quay.io/openshift-release-dev/ocp-v4.0-art-dev

开始同步:

[root@support ~]# oc adm release mirror -a ${LOCAL_SECRET_JSON} \
--from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-${ARCHITECTURE} \
--to=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY} \
--to-release-image=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE}-${ARCHITECTURE} --skip-verification=false

同步的过程(同步过程中可能会受到网络影响导致失败,重复执行同步命令即可,现版本同步的数据大概在18G左右):

同步成功,记录以下信息,用于后续的 OpenShift 的安装:

Success
Update image:  support.ocp.icu:8443/ocp4/openshift4:4.13.5-x86_64
Mirror prefix: support.ocp.icu:8443/ocp4/openshift4
Mirror prefix: support.ocp.icu:8443/ocp4/openshift4:4.13.5-x86_64

To use the new mirrored repository to install, add the following section to the install-config.yaml:

imageContentSources:
- mirrors:
  - support.ocp.icu:8443/ocp4/openshift4
  source: quay.io/openshift-release-dev/ocp-release
- mirrors:
  - support.ocp.icu:8443/ocp4/openshift4
  source: quay.io/openshift-release-dev/ocp-v4.0-art-dev


To use the new mirrored repository for upgrades, use the following to create an ImageContentSourcePolicy:

apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata:
  name: example
spec:
  repositoryDigestMirrors:
  - mirrors:
    - support.ocp.icu:8443/ocp4/openshift4
    source: quay.io/openshift-release-dev/ocp-release
  - mirrors:
    - support.ocp.icu:8443/ocp4/openshift4
    source: quay.io/openshift-release-dev/ocp-v4.0-art-dev

相关文章

发表评论

您的邮箱地址不会被公开。 必填项已用 * 标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据

滚动至顶部