红帽全球峰会7.6. 更新对等 pod secret
当对等 pod secret 为空并安装 Cloud Credential Operator (CCO)时,OpenShift 沙盒容器 Operator 会使用 CCO 检索 secret。如果卸载了 CCO,您必须手动为 Confidential Containers 创建对等 pod secret,否则对等 pod 将无法操作。
secret 存储用于创建 pod 虚拟机(VM)镜像和对等 pod 实例的凭证。
默认情况下,OpenShift 沙盒容器 Operator 根据用于创建集群的凭证创建 secret。但是,您可以手动创建使用不同的凭证的 secret。
先决条件
-
REDHAT_OFFLINE_TOKEN.您已生成此令牌,以通过 Red Hat API Tokens 下载 RHEL 镜像。 -
HKD_CRT.Host Key Document (HKD)证书在 IBM Z® 上启用安全执行。如需更多信息,请参阅 IBM 文档中的资源链接中的获取 主机密钥文档。
流程
根据以下示例创建
peer-pods-secret.yaml清单文件:Copy to Clipboard Copied! Toggle word wrap Toggle overflow 运行以下命令来创建 secret:
oc apply -f peer-pods-secret.yaml
$ oc apply -f peer-pods-secret.yamlCopy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}