红帽全球峰会This documentation is for a release that is no longer maintained
See documentation for the latest supported version 3 or the latest supported version 4.2.4. Using odo in a restricted environment
2.4.1. About odo in a restricted environment
To run odo in a disconnected cluster or a cluster provisioned in a restricted environment, you must ensure that a cluster administrator has created a cluster with a mirrored registry.
To start working in a disconnected cluster, you must first push the odo init image to the registry of the cluster and then overwrite the odo init image path using the ODO_BOOTSTRAPPER_IMAGE environment variable.
After you push the odo init image, you must mirror a supported builder image from the registry, overwrite a mirror registry and then create your application. A builder image is necessary to configure a runtime environment for your application and also contains the build tool needed to build your application, for example npm for Node.js or Maven for Java. A mirror registry contains all the necessary dependencies for your application.
Additional resources
Depending on the configuration of your cluster and your operating system you can either push the odo init image to a mirror registry or directly to an internal registry.
2.4.2.1. Prerequisites
-
Install
ocon the client operating system. -
Install
odoon the client operating system. - Access to a restricted cluster with a configured internal registry or a mirror registry.
2.4.2.2. Pushing the odo init image to a mirror registry
Depending on your operating system, you can push the odo init image to a cluster with a mirror registry as follows:
Procedure
Use
base64to encode the root certification authority (CA) content of your mirror registry:echo <content_of_additional_ca> | base64 --decode > disconnect-ca.crt
$ echo <content_of_additional_ca> | base64 --decode > disconnect-ca.crtCopy to Clipboard Copied! Toggle word wrap Toggle overflow Copy the encoded root CA certificate to the appropriate location:
sudo cp ./disconnect-ca.crt /etc/pki/ca-trust/source/anchors/<mirror-registry>.crt
$ sudo cp ./disconnect-ca.crt /etc/pki/ca-trust/source/anchors/<mirror-registry>.crtCopy to Clipboard Copied! Toggle word wrap Toggle overflow Trust a CA in your client platform and log into the OpenShift Container Platform mirror registry:
sudo update-ca-trust enable && sudo systemctl daemon-reload && sudo systemctl restart / docker && docker login <mirror-registry>:5000 -u <username> -p <password>
$ sudo update-ca-trust enable && sudo systemctl daemon-reload && sudo systemctl restart / docker && docker login <mirror-registry>:5000 -u <username> -p <password>Copy to Clipboard Copied! Toggle word wrap Toggle overflow Mirror the
odoinit image:oc image mirror registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>
$ oc image mirror registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>Copy to Clipboard Copied! Toggle word wrap Toggle overflow Override the default
odoinit image path by setting theODO_BOOTSTRAPPER_IMAGEenvironment variable:export ODO_BOOTSTRAPPER_IMAGE=<mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>
$ export ODO_BOOTSTRAPPER_IMAGE=<mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Procedure
Use
base64to encode the root certification authority (CA) content of your mirror registry:echo <content_of_additional_ca> | base64 --decode > disconnect-ca.crt
$ echo <content_of_additional_ca> | base64 --decode > disconnect-ca.crtCopy to Clipboard Copied! Toggle word wrap Toggle overflow Copy the encoded root CA certificate to the appropriate location:
- Restart Docker using the Docker UI.
Run the following command:
docker login <mirror-registry>:5000 -u <username> -p <password>
$ docker login <mirror-registry>:5000 -u <username> -p <password>Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Mirror the
odoinit image:oc image mirror registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>
$ oc image mirror registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>Copy to Clipboard Copied! Toggle word wrap Toggle overflow Override the default
odoinit image path by setting theODO_BOOTSTRAPPER_IMAGEenvironment variable:export ODO_BOOTSTRAPPER_IMAGE=<mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>
$ export ODO_BOOTSTRAPPER_IMAGE=<mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Procedure
Use
base64to encode the root certification authority (CA) content of your mirror registry:PS C:\> echo <content_of_additional_ca> | base64 --decode > disconnect-ca.crt
PS C:\> echo <content_of_additional_ca> | base64 --decode > disconnect-ca.crtCopy to Clipboard Copied! Toggle word wrap Toggle overflow As an administrator, copy the encoded root CA certificate to the appropriate location by executing the following command:
PS C:\WINDOWS\system32> certutil -addstore -f "ROOT" disconnect-ca.crt
PS C:\WINDOWS\system32> certutil -addstore -f "ROOT" disconnect-ca.crtCopy to Clipboard Copied! Toggle word wrap Toggle overflow Trust a CA in your client platform and log into the OpenShift Container Platform mirror registry:
- Restart Docker using the Docker UI.
Run the following command:
PS C:\WINDOWS\system32> docker login <mirror-registry>:5000 -u <username> -p <password>
PS C:\WINDOWS\system32> docker login <mirror-registry>:5000 -u <username> -p <password>Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Mirror the
odoinit image:PS C:\> oc image mirror registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>
PS C:\> oc image mirror registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>Copy to Clipboard Copied! Toggle word wrap Toggle overflow Override the default
odoinit image path by setting theODO_BOOTSTRAPPER_IMAGEenvironment variable:PS C:\> $env:ODO_BOOTSTRAPPER_IMAGE="<mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>"
PS C:\> $env:ODO_BOOTSTRAPPER_IMAGE="<mirror-registry>:5000/openshiftdo/odo-init-image-rhel7:<tag>"Copy to Clipboard Copied! Toggle word wrap Toggle overflow
If your cluster allows images to be pushed to the internal registry directly, push the odo init image to the registry as follows:
2.4.2.3.1. Pushing the init image directly on Linux
Procedure
Enable the default route:
oc patch configs.imageregistry.operator.openshift.io cluster -p '{"spec":{"defaultRoute":true}}' --type='merge' -n openshift-image-registry$ oc patch configs.imageregistry.operator.openshift.io cluster -p '{"spec":{"defaultRoute":true}}' --type='merge' -n openshift-image-registryCopy to Clipboard Copied! Toggle word wrap Toggle overflow Get a wildcard route CA:
oc get secret router-certs-default -n openshift-ingress -o yaml
$ oc get secret router-certs-default -n openshift-ingress -o yamlCopy to Clipboard Copied! Toggle word wrap Toggle overflow Example output
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Use
base64to encode the root certification authority (CA) content of your mirror registry:echo <tls.crt> | base64 --decode > ca.crt
$ echo <tls.crt> | base64 --decode > ca.crtCopy to Clipboard Copied! Toggle word wrap Toggle overflow Trust a CA in your client platform:
sudo cp ca.crt /etc/pki/ca-trust/source/anchors/externalroute.crt && sudo update-ca-trust enable && sudo systemctl daemon-reload && sudo systemctl restart docker
$ sudo cp ca.crt /etc/pki/ca-trust/source/anchors/externalroute.crt && sudo update-ca-trust enable && sudo systemctl daemon-reload && sudo systemctl restart dockerCopy to Clipboard Copied! Toggle word wrap Toggle overflow Log into the internal registry:
oc get route -n openshift-image-registry docker login <registry_path> -u kubeadmin -p $(oc whoami -t)
$ oc get route -n openshift-image-registry NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD default-route <registry_path> image-registry <all> reencrypt None $ docker login <registry_path> -u kubeadmin -p $(oc whoami -t)Copy to Clipboard Copied! Toggle word wrap Toggle overflow Push the
odoinit image:docker pull registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> docker tag registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <registry_path>/openshiftdo/odo-init-image-rhel7:<tag> docker push <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>
$ docker pull registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> $ docker tag registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <registry_path>/openshiftdo/odo-init-image-rhel7:<tag> $ docker push <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>Copy to Clipboard Copied! Toggle word wrap Toggle overflow Override the default
odoinit image path by setting theODO_BOOTSTRAPPER_IMAGEenvironment variable:export ODO_BOOTSTRAPPER_IMAGE=<registry_path>/openshiftdo/odo-init-image-rhel7:1.0.1
$ export ODO_BOOTSTRAPPER_IMAGE=<registry_path>/openshiftdo/odo-init-image-rhel7:1.0.1Copy to Clipboard Copied! Toggle word wrap Toggle overflow
2.4.2.3.2. Pushing the init image directly on MacOS
Procedure
Enable the default route:
oc patch configs.imageregistry.operator.openshift.io cluster -p '{"spec":{"defaultRoute":true}}' --type='merge' -n openshift-image-registry$ oc patch configs.imageregistry.operator.openshift.io cluster -p '{"spec":{"defaultRoute":true}}' --type='merge' -n openshift-image-registryCopy to Clipboard Copied! Toggle word wrap Toggle overflow Get a wildcard route CA:
oc get secret router-certs-default -n openshift-ingress -o yaml
$ oc get secret router-certs-default -n openshift-ingress -o yamlCopy to Clipboard Copied! Toggle word wrap Toggle overflow Example output
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Use
base64to encode the root certification authority (CA) content of your mirror registry:echo <tls.crt> | base64 --decode > ca.crt
$ echo <tls.crt> | base64 --decode > ca.crtCopy to Clipboard Copied! Toggle word wrap Toggle overflow Trust a CA in your client platform:
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ca.crt
$ sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ca.crtCopy to Clipboard Copied! Toggle word wrap Toggle overflow Log into the internal registry:
oc get route -n openshift-image-registry docker login <registry_path> -u kubeadmin -p $(oc whoami -t)
$ oc get route -n openshift-image-registry NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD default-route <registry_path> image-registry <all> reencrypt None $ docker login <registry_path> -u kubeadmin -p $(oc whoami -t)Copy to Clipboard Copied! Toggle word wrap Toggle overflow Push the
odoinit image:docker pull registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> docker tag registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <registry_path>/openshiftdo/odo-init-image-rhel7:<tag> docker push <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>
$ docker pull registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> $ docker tag registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <registry_path>/openshiftdo/odo-init-image-rhel7:<tag> $ docker push <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>Copy to Clipboard Copied! Toggle word wrap Toggle overflow Override the default
odoinit image path by setting theODO_BOOTSTRAPPER_IMAGEenvironment variable:export ODO_BOOTSTRAPPER_IMAGE=<registry_path>/openshiftdo/odo-init-image-rhel7:1.0.1
$ export ODO_BOOTSTRAPPER_IMAGE=<registry_path>/openshiftdo/odo-init-image-rhel7:1.0.1Copy to Clipboard Copied! Toggle word wrap Toggle overflow
2.4.2.3.3. Pushing the init image directly on Windows
Procedure
Enable the default route:
PS C:\> oc patch configs.imageregistry.operator.openshift.io cluster -p '{"spec":{"defaultRoute":true}}' --type='merge' -n openshift-image-registryPS C:\> oc patch configs.imageregistry.operator.openshift.io cluster -p '{"spec":{"defaultRoute":true}}' --type='merge' -n openshift-image-registryCopy to Clipboard Copied! Toggle word wrap Toggle overflow Get a wildcard route CA:
PS C:\> oc get secret router-certs-default -n openshift-ingress -o yaml
PS C:\> oc get secret router-certs-default -n openshift-ingress -o yamlCopy to Clipboard Copied! Toggle word wrap Toggle overflow Example output
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Use
base64to encode the root certification authority (CA) content of your mirror registry:PS C:\> echo <tls.crt> | base64 --decode > ca.crt
PS C:\> echo <tls.crt> | base64 --decode > ca.crtCopy to Clipboard Copied! Toggle word wrap Toggle overflow As an administrator, trust a CA in your client platform by executing the following command:
PS C:\WINDOWS\system32> certutil -addstore -f "ROOT" ca.crt
PS C:\WINDOWS\system32> certutil -addstore -f "ROOT" ca.crtCopy to Clipboard Copied! Toggle word wrap Toggle overflow Log into the internal registry:
PS C:\> oc get route -n openshift-image-registry NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD default-route <registry_path> image-registry <all> reencrypt None PS C:\> docker login <registry_path> -u kubeadmin -p $(oc whoami -t)
PS C:\> oc get route -n openshift-image-registry NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD default-route <registry_path> image-registry <all> reencrypt None PS C:\> docker login <registry_path> -u kubeadmin -p $(oc whoami -t)Copy to Clipboard Copied! Toggle word wrap Toggle overflow Push the
odoinit image:PS C:\> docker pull registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> PS C:\> docker tag registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <registry_path>/openshiftdo/odo-init-image-rhel7:<tag> PS C:\> docker push <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>
PS C:\> docker pull registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> PS C:\> docker tag registry.access.redhat.com/openshiftdo/odo-init-image-rhel7:<tag> <registry_path>/openshiftdo/odo-init-image-rhel7:<tag> PS C:\> docker push <registry_path>/openshiftdo/odo-init-image-rhel7:<tag>Copy to Clipboard Copied! Toggle word wrap Toggle overflow Override the default
odoinit image path by setting theODO_BOOTSTRAPPER_IMAGEenvironment variable:PS C:\> $env:ODO_BOOTSTRAPPER_IMAGE="<registry_path>/openshiftdo/odo-init-image-rhel7:<tag>"
PS C:\> $env:ODO_BOOTSTRAPPER_IMAGE="<registry_path>/openshiftdo/odo-init-image-rhel7:<tag>"Copy to Clipboard Copied! Toggle word wrap Toggle overflow
After you push the init image to a cluster with a mirrored registry, you must mirror a supported builder image for your application with the oc tool, overwrite the mirror registry using the environment variable, and then create your component.
2.4.3.1. Prerequisites
-
Install
ocon the client operating system. -
Install
odoon the client operating system. - Access to an restricted cluster with a configured internal registry or a mirror registry.
-
Push the
odoinit image to your cluster registry.
2.4.3.2. Mirroring a supported builder image
To use npm packages for Node.js dependencies and Maven packages for Java dependencies and configure a runtime environment for your application, you must mirror a respective builder image from the mirror registry.
Procedure
Verify that the required images tag is not imported:
oc describe is nodejs -n openshift
$ oc describe is nodejs -n openshiftCopy to Clipboard Copied! Toggle word wrap Toggle overflow Example output
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Mirror the supported image tag to the private registry:
oc image mirror registry.access.redhat.com/rhscl/nodejs-10-rhel7:<tag> <private_registry>/rhscl/nodejs-10-rhel7:<tag>
$ oc image mirror registry.access.redhat.com/rhscl/nodejs-10-rhel7:<tag> <private_registry>/rhscl/nodejs-10-rhel7:<tag>Copy to Clipboard Copied! Toggle word wrap Toggle overflow Import the image:
oc tag <mirror-registry>:<port>/rhscl/nodejs-10-rhel7:<tag> nodejs-10-rhel7:latest --scheduled
$ oc tag <mirror-registry>:<port>/rhscl/nodejs-10-rhel7:<tag> nodejs-10-rhel7:latest --scheduledCopy to Clipboard Copied! Toggle word wrap Toggle overflow You must periodically re-import the image. The
--scheduledflag enables automatic re-import of the image.Verify that the images with the given tag have been imported:
oc describe is nodejs -n openshift
$ oc describe is nodejs -n openshiftCopy to Clipboard Copied! Toggle word wrap Toggle overflow Example output
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
2.4.3.3. Overwriting the mirror registry
To download npm packages for Node.js dependencies and Maven packages for Java dependencies from a private mirror registry, you must create and configure a mirror npm or Maven registry on the cluster. You can then overwrite the mirror registry on an existing component or when you create a new component.
Procedure
To overwrite the mirror registry on an existing component:
odo config set --env NPM_MIRROR=<npm_mirror_registry>
$ odo config set --env NPM_MIRROR=<npm_mirror_registry>Copy to Clipboard Copied! Toggle word wrap Toggle overflow To overwrite the mirror registry when creating a component:
odo component create nodejs --env NPM_MIRROR=<npm_mirror_registry>
$ odo component create nodejs --env NPM_MIRROR=<npm_mirror_registry>Copy to Clipboard Copied! Toggle word wrap Toggle overflow
2.4.3.4. Creating a Node.js application with odo
To create a Node.js component, download the Node.js application and push the source code to your cluster with odo.
Procedure
Change the current directory to the directory with your application:
cd <directory_name>
$ cd <directory_name>Copy to Clipboard Copied! Toggle word wrap Toggle overflow Add a component of the type Node.js to your application:
odo create nodejs
$ odo create nodejsCopy to Clipboard Copied! Toggle word wrap Toggle overflow 注意By default, the latest image is used. You can also explicitly specify an image version by using
odo create openshift/nodejs:8.Push the initial source code to the component:
odo push
$ odo pushCopy to Clipboard Copied! Toggle word wrap Toggle overflow Your component is now deployed to OpenShift Container Platform.
Create a URL and add an entry in the local configuration file as follows:
odo url create --port 8080
$ odo url create --port 8080Copy to Clipboard Copied! Toggle word wrap Toggle overflow Push the changes. This creates a URL on the cluster.
odo push
$ odo pushCopy to Clipboard Copied! Toggle word wrap Toggle overflow List the URLs to check the desired URL for the component.
odo url list
$ odo url listCopy to Clipboard Copied! Toggle word wrap Toggle overflow View your deployed application using the generated URL.
curl <url>
$ curl <url>Copy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}