OpenShift推送自定义镜像到本地仓库并创建项目和应用
创建push 权限
#oc create serviceaccount registry -n default
#oc adm policy add-scc-to-user privileged system:serviceaccount:default:registry
为admin帐号授权
#oc adm policy add-role-to-user system:registry admin
#oc adm policy add-role-to-user admin admin -n openshift
#oc adm policy add-role-to-user system:image-builder admin
#oc adm policy add-role-to-user system:image-puller system:anonymous -n openshift
登陆openshift 项目
#oc login -n openshift #使用admin用户登陆openshift
admin/admin
#oc whoami -t #查看admin用户的token
登陆Docker login 私有库(只有登陆成功才能上传)
#docker login -u admin -p qcrV9mq92fH16SpWKHdah3t_qRn0KCZNNlSi-YfDaRc 172.30.60.125:5000
先给镜像打tag
#docker tag nginx:1.11.4-alpine 172.30.60.125:5000/openshift/nginx:1.11.4-alpine
push 镜像到私有仓库
docker push 172.30.60.125:5000/openshift/nginx:1.11.4-alpine
至此会推送成功
使用刚刚推送的image创建app,虽然会报一堆错误,但是能够创建成功
#oc new-app --docker-image=“docker-registry.default.svc:5000/openshift/mybank-tomcat” --allow-missing-images
报错的原因应该是私有镜像仓库没有启用https,加参数–insecure-registry=true绕过证书检查就不会报错了
#oc new-app --docker-image=“docker-registry.default.svc:5000/openshift/mybank-tomcat” --allow-missing-images --insecure-registry=true
使用自主搭建的私有镜像仓库也是可以的
#docker login harbor.ctwifi.cn (输入用户名和密码登陆,所有node节点也要登陆一次)
#oc new-app --docker-image=“harbor.ctwifi.cn/openshift/nginx:1.12” --allow-missing-images --insecure-registry=true
新增registry(我使用本地仓库所以没有使用新增):
#oc delete dc docker-registry registry-console router
#oc delete svc docker-registry registry-console router
#oc delete serviceaccounts registry router
#mkdir -p /opt/openshift-registry
#chown 1001:root /opt/openshift-registry
#oc create serviceaccount registry -n default
#oc adm policy add-scc-to-user privileged system:serviceaccount:default:registry#service cluster role binding deployment config
#oc adm registry --service-account=registry --mount-host=/opt/openshift-registry
#oc logs dc/docker-registry