이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 3. Configure OpenShift Container Platform
3.1. Overview
This guide introduces you to the basic concepts of OpenShift Container Platform, and helps you configure a basic application. This guide provides the configuration steps following the installation of a basic OpenShift Container Platform environment, and is not suitable for deploying or installing a production environment of OpenShift.
3.2. Change Log In Identity Provider
The default behavior of a freshly installed OpenShift Container Platform instance is to deny any user from logging in. To change the authentication method to HTPasswd:
- Open the /etc/origin/master/master-config.yaml file in edit mode.
-
Find the
identityProviderssection. -
Change
DenyAllPasswordIdentityProvidertoHTPasswdPasswordIdentityProviderprovider. Change the value of the name label to
htpasswd_authand add a new linefile: /etc/origin/master/htpasswdin the provider section.An example
identityProviderssection withHTPasswdPasswordIdentityProviderwould look like the following.oauthConfig: ... identityProviders: - challenge: true login: true name: htpasswd_auth provider provider: apiVersion: v1 kind: HTPasswdPasswordIdentityProvider file: /etc/origin/master/htpasswd- Save the file.
3.3. Create User Accounts
Now that you are using the HTPasswdPasswordIdentityProvider provider, you need to generate these user accounts.
You can use the httpd-tools package to obtain the htpasswd binary that can generate these accounts.
# yum -y install httpd-tools
Create a user account.
# touch /etc/origin/master/htpasswd
# htpasswd -b /etc/origin/master/htpasswd admin redhat
You have created a user,
admin, with the password,redhat.Restart OpenShift before going forward.
# master-restart api
# master-restart controllers
Give this user account
cluster-adminprivileges, which allows it to do everything.$ oc adm policy add-cluster-role-to-user cluster-admin admin
When running
oc admcommands, you should run them only from the first master listed in the Ansible host inventory file, by default /etc/ansible/hosts.You can use this username/password combination to log in via the web console or the command line. To test this, run the following command.
$ oc login -u admin
Before going forward, change to the default project.
$ oc project default
For more details, see roles and authentication.
3.4. Deploy the OpenShift Router
The OpenShift router is the entry point for external network traffic destined for OpenShift services. It supports HTTP, HTTPS, and any TLS-enabled traffic that uses SNI, which enables the router to send traffic to the correct service.
Without the router, OpenShift services and pods are unable to communicate with any resource outside of the OpenShift instance.
The installer creates a default router.
Delete the default router using the following command.
$ oc delete all -l router=router
Create a new default router.
$ oc adm router --replicas=1 --service-account=router
The OpenShift documentation contains detailed information on Router Overview.
3.5. Deploy an Internal Registry
Openshift provides an internal, integrated container image registry that can be deployed to locally manage images. OpenShift uses the docker-registry to store, retrieve, and build container images, as well as deploy and manage them throughout their lifecycle.
The installer creates a default registry.
