Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 8. Creating a Podman site in a restricted environment
In a production environment which has no or limited internet access, you might need to mirror the required images to create a site.
This procedure outlines how to use Podman and tar files for managing container images. If a registry is available in the restricted environment, the same process can be followed. Ensure that the environment variables are set to reference the images in the registry after they have been populated.
If you want to use a Linux machine with a proxy to pull images, you can configure Podman to use a proxy:
systemctl --user edit podman
$ systemctl --user edit podmanAdd the following to the service definition:
[Service] Environment="HTTP_PROXY=<proxy-domain>:<proxy-port>" Environment="HTTPS_PROXY=<proxy-domain>:<proxy-port>"
[Service]
Environment="HTTP_PROXY=<proxy-domain>:<proxy-port>"
Environment="HTTPS_PROXY=<proxy-domain>:<proxy-port>"To ensure that podman uses the new configuration:
systemctl --user daemon-reload systemctl --user restart podman
$ systemctl --user daemon-reload
$ systemctl --user restart podmanPrerequisites
- A Linux machine with internet access to download the images.
- A Linux machine in a restricted environment where you want to create the site.
This can be one machine, where the machine is moved to the restricted environment.
Procedure
Log in to
registry.redhat.ioon the machine with internet access:podman login -u USERNAME -p PASSWORD registry.redhat.io
$ podman login -u USERNAME -p PASSWORD registry.redhat.ioCopy to Clipboard Copied! Toggle word wrap Toggle overflow Download the images required for a Podman site by creating a site:
skupper init
$ skupper initCopy to Clipboard Copied! Toggle word wrap Toggle overflow If you require a console, use the following command to ensure the extra images are downloaded
skupper init --enable-console --enable-flow-collector
$ skupper init --enable-console --enable-flow-collectorCopy to Clipboard Copied! Toggle word wrap Toggle overflow After creating the site, the following images are listed using
podman image ls -a:- registry.redhat.io/service-interconnect/skupper-router-rhel9
- registry.redhat.io/service-interconnect/skupper-controller-podman-rhel9
- registry.redhat.io/service-interconnect/skupper-flow-collector-rhel9 (console only)
- registry.redhat.io/openshift4/ose-prometheus (console only)
The tags are determined by the version of the
skupperCLI.Create tar files for each image, for example:
podman save -o skupper-controller.tar registry.redhat.io/service-interconnect/skupper-controller-podman-rhel9:<tag>
$ podman save -o skupper-controller.tar registry.redhat.io/service-interconnect/skupper-controller-podman-rhel9:<tag>Copy to Clipboard Copied! Toggle word wrap Toggle overflow where
<tag>is the tag shown from using thepodman image ls -acommand.- Copy the tar files to the machine in the restricted environment.
On the machine in the restricted environment, load the image from the tar files, for example:
podman load -i skupper-controller.tar
podman load -i skupper-controller.tarCopy to Clipboard Copied! Toggle word wrap Toggle overflow Change the image tags to remove reference to
registry.redhat.io:podman tag registry.redhat.io/service-interconnect/skupper-router-rhel9:<tag> service-interconnect/skupper-router-rhel9:<tag>
podman tag registry.redhat.io/service-interconnect/skupper-router-rhel9:<tag> service-interconnect/skupper-router-rhel9:<tag>Copy to Clipboard Copied! Toggle word wrap Toggle overflow This step is required to avoid the machine attempting to pull images from
registry.redhat.io.Configure the
skupperCLI to use the mirrored images by setting the following environment variables:export SKUPPER_CONTROLLER_PODMAN_IMAGE=service-interconnect/skupper-controller-podman-rhel9:<tag> export QDROUTERD_IMAGE=service-interconnect/skupper-router-rhel9:<tag>
$ export SKUPPER_CONTROLLER_PODMAN_IMAGE=service-interconnect/skupper-controller-podman-rhel9:<tag> $ export QDROUTERD_IMAGE=service-interconnect/skupper-router-rhel9:<tag>Copy to Clipboard Copied! Toggle word wrap Toggle overflow If you require a console, you also require the following environment variables:
export SKUPPER_FLOW_COLLECTOR_IMAGE=service-interconnect/skupper-flow-collector-rhel9:<tag> export PROMETHEUS_SERVER_IMAGE=openshift4/ose-prometheus:<tag>
$ export SKUPPER_FLOW_COLLECTOR_IMAGE=service-interconnect/skupper-flow-collector-rhel9:<tag> $ export PROMETHEUS_SERVER_IMAGE=openshift4/ose-prometheus:<tag>Copy to Clipboard Copied! Toggle word wrap Toggle overflow Create a site, for example:
skupper init
$ skupper initCopy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}