红帽全球峰会10.3. 安装 Zero Trust Workload Identity Manager
Red Hat OpenShift 的 Zero Trust Workload Identity Manager 只是一个技术预览功能。技术预览功能不受红帽产品服务等级协议(SLA)支持,且功能可能并不完整。红帽不推荐在生产环境中使用它们。这些技术预览功能可以使用户提早试用新的功能,并有机会在开发阶段提供反馈意见。
有关红帽技术预览功能支持范围的更多信息,请参阅技术预览功能支持范围。
默认情况下,OpenShift Container Platform 中不会安装 Zero Trust Workload Identity Manager。您可以使用 Web 控制台或 CLI 安装 Zero Trust Workload Identity Manager。
10.3.1. 安装 Zero Trust Workload Identity Manager
您可以使用 Web 控制台安装 Zero Trust Workload Identity Manager。
先决条件
-
您可以使用
cluster-admin权限访问集群。 - 访问 OpenShift Container Platform web 控制台。
流程
- 登陆到 OpenShift Container Platform Web 控制台。
-
进入 Operators
OperatorHub。 - 在过滤器框中输入 Zero Trust Workload Identity Manager。
- 选择 Zero Trust Workload Identity Manager
- 从 Version 下拉列表中选择 Zero Trust Workload Identity Manager 版本,然后点 Install。
在 Install Operator 页中:
- 如果需要,更新更新频道。频道默认为 tech-preview-v0.1,它会安装 Zero Trust Workload Identity Manager 的最新技术预览 v0.1 版本。
为 Operator 选择 Installed Namespace。默认 Operator 命名空间为
zero-trust-workload-identity-manager。如果
zero-trust-workload-identity-manager命名空间不存在,则会为您创建它。选择一个 更新批准策略。
- Automatic 策略允许 Operator Lifecycle Manager(OLM)在有新版本可用时自动更新 Operator。
- Manual 策略需要拥有适当凭证的用户批准 Operator 更新。
- 点 Install。
验证
导航到 Operators
Installed Operators。 -
验证 Zero Trust Workload Identity Manager 是否已列在
zero-trust-workload-identity-manager命名空间中 Status 为 Succeeded。 运行以下命令,验证 Zero Trust Workload Identity Manager 控制器管理器部署是否已就绪并可用:
oc get deployment -l name=zero-trust-workload-identity-manager -n zero-trust-workload-identity-manager
$ oc get deployment -l name=zero-trust-workload-identity-manager -n zero-trust-workload-identity-managerCopy to Clipboard Copied! Toggle word wrap Toggle overflow 输出示例
NAME READY UP-TO-DATE AVAILABLE AGE zero-trust-workload-identity-manager-controller-manager-6c4djb 1/1 1 1 43m
NAME READY UP-TO-DATE AVAILABLE AGE zero-trust-workload-identity-manager-controller-manager-6c4djb 1/1 1 1 43mCopy to Clipboard Copied! Toggle word wrap Toggle overflow
-
验证 Zero Trust Workload Identity Manager 是否已列在
10.3.1.2. 使用 CLI 安装 Zero Trust Workload 身份管理器
先决条件
-
您可以使用
cluster-admin权限访问集群。
流程
运行以下命令,创建一个名为
zero-trust-workload-identity-manager的新项目:oc new-project zero-trust-workload-identity-manager
$ oc new-project zero-trust-workload-identity-managerCopy to Clipboard Copied! Toggle word wrap Toggle overflow 创建一个
OperatorGroup对象:创建包含以下内容的 YAML 文件,如
operatorGroup.yaml:operatorGroup.yaml示例Copy to Clipboard Copied! Toggle word wrap Toggle overflow 运行以下命令来创建
OperatorGroup对象:oc create -f operatorGroup.yaml
$ oc create -f operatorGroup.yamlCopy to Clipboard Copied! Toggle word wrap Toggle overflow
创建
Subscription对象:创建一个 YAML 文件,如
subscription.yaml,用于定义Subscription对象:subscription.yaml示例Copy to Clipboard Copied! Toggle word wrap Toggle overflow 运行以下命令来创建
Subscription对象:oc create -f subscription.yaml
$ oc create -f subscription.yamlCopy to Clipboard Copied! Toggle word wrap Toggle overflow
验证
运行以下命令验证 OLM 订阅是否已创建:
oc get subscription -n zero-trust-workload-identity-manager
$ oc get subscription -n zero-trust-workload-identity-managerCopy to Clipboard Copied! Toggle word wrap Toggle overflow 输出示例
NAME PACKAGE SOURCE CHANNEL openshift-zero-trust-workload-identity-manager zero-trust-workload-identity-manager redhat-operators tech-preview-v0.1
NAME PACKAGE SOURCE CHANNEL openshift-zero-trust-workload-identity-manager zero-trust-workload-identity-manager redhat-operators tech-preview-v0.1Copy to Clipboard Copied! Toggle word wrap Toggle overflow 运行以下命令验证 Operator 是否已成功安装:
oc get csv -n zero-trust-workload-identity-manager
$ oc get csv -n zero-trust-workload-identity-managerCopy to Clipboard Copied! Toggle word wrap Toggle overflow 输出示例
NAME DISPLAY VERSION PHASE zero-trust-workload-identity-manager.v0.1.0 Zero Trust Workload Identity Manager 0.1.0 Succeeded
NAME DISPLAY VERSION PHASE zero-trust-workload-identity-manager.v0.1.0 Zero Trust Workload Identity Manager 0.1.0 SucceededCopy to Clipboard Copied! Toggle word wrap Toggle overflow 运行以下命令,验证 Zero Trust Workload Identity Manager 控制器管理器是否已就绪:
oc get deployment -l name=zero-trust-workload-identity-manager -n zero-trust-workload-identity-manager
$ oc get deployment -l name=zero-trust-workload-identity-manager -n zero-trust-workload-identity-managerCopy to Clipboard Copied! Toggle word wrap Toggle overflow 输出示例
NAME READY UP-TO-DATE AVAILABLE AGE zero-trust-workload-identity-manager-controller-manager 1/1 1 1 43m
NAME READY UP-TO-DATE AVAILABLE AGE zero-trust-workload-identity-manager-controller-manager 1/1 1 1 43mCopy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}