Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 3. Configure OpenShift Container Platform
3.1. Overview
This guide introduces you to the basic concepts of OpenShift Container Platform, and helps you configure a basic application. This guide provides the configuration steps following the installation of a basic OpenShift Container Platform environment, and is not suitable for deploying or installing a production environment of OpenShift.
3.2. Change Log In Identity Provider
The default behavior of a freshly installed OpenShift Container Platform instance is to deny any user from logging in. To change the authentication method to HTPasswd:
- Open the /etc/origin/master/master-config.yaml file in edit mode.
-
Find the
identityProviderssection. -
Change
DenyAllPasswordIdentityProvidertoHTPasswdPasswordIdentityProviderprovider. Change the value of the name label to
htpasswd_authand add a new linefile: /etc/origin/master/htpasswdin the provider section.An example
identityProviderssection withHTPasswdPasswordIdentityProviderwould look like the following.Copy to Clipboard Copied! Toggle word wrap Toggle overflow oauthConfig: ... identityProviders: - challenge: true login: true name: htpasswd_auth provider provider: apiVersion: v1 kind: HTPasswdPasswordIdentityProvider file: /etc/origin/master/htpasswdoauthConfig: ... identityProviders: - challenge: true login: true name: htpasswd_auth provider provider: apiVersion: v1 kind: HTPasswdPasswordIdentityProvider file: /etc/origin/master/htpasswd- Save the file.
3.3. Create User Accounts
Now that you are using the HTPasswdPasswordIdentityProvider provider, you need to generate these user accounts.
You can use the httpd-tools package to obtain the htpasswd binary that can generate these accounts.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow yum -y install httpd-tools
# yum -y install httpd-toolsCreate a user account.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow touch /etc/origin/master/htpasswd
# touch /etc/origin/master/htpasswdCopy to Clipboard Copied! Toggle word wrap Toggle overflow htpasswd -b /etc/origin/master/htpasswd admin redhat
# htpasswd -b /etc/origin/master/htpasswd admin redhatYou have created a user,
admin, with the password,redhat.Restart OpenShift before going forward.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow master-restart api
# master-restart apiCopy to Clipboard Copied! Toggle word wrap Toggle overflow master-restart controllers
# master-restart controllersGive this user account
cluster-adminprivileges, which allows it to do everything.Copy to Clipboard Copied! Toggle word wrap Toggle overflow oc adm policy add-cluster-role-to-user cluster-admin admin
$ oc adm policy add-cluster-role-to-user cluster-admin adminWhen running
oc admcommands, you should run them only from the first master listed in the Ansible host inventory file, by default /etc/ansible/hosts.You can use this username/password combination to log in via the web console or the command line. To test this, run the following command.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow oc login -u admin
$ oc login -u admin
Before going forward, change to the default project.
oc project default
$ oc project defaultFor more details, see roles and authentication.
3.4. Deploy the OpenShift Router
The OpenShift router is the entry point for external network traffic destined for OpenShift services. It supports HTTP, HTTPS, and any TLS-enabled traffic that uses SNI, which enables the router to send traffic to the correct service.
Without the router, OpenShift services and pods are unable to communicate with any resource outside of the OpenShift instance.
The installer creates a default router.
Delete the default router using the following command.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow oc delete all -l router=router
$ oc delete all -l router=routerCreate a new default router.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow oc adm router --replicas=1 --service-account=router
$ oc adm router --replicas=1 --service-account=router
The OpenShift documentation contains detailed information on Router Overview.
3.5. Deploy an Internal Registry
Openshift provides an internal, integrated container image registry that can be deployed to locally manage images. OpenShift uses the docker-registry to store, retrieve, and build container images, as well as deploy and manage them throughout their lifecycle.
The installer creates a default registry.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}