红帽全球峰会第 7 章 使用 Operator 部署 Red Hat Quay
可以使用命令行界面或 OpenShift Container Platform 控制台部署 OpenShift Container Platform 上的 Red Hat Quay。这些步骤基本相同。
7.1. 从命令行部署 Red Hat Quay
使用以下步骤,使用命令行界面(CLI)从 部署 Red Hat Quay。
先决条件
- 已使用 CLI 登录 OpenShift Container Platform。
步骤
输入以下命令创建一个命名空间,如
quay-enterprise:oc new-project quay-enterprise
$ oc new-project quay-enterpriseCopy to Clipboard Copied! Toggle word wrap Toggle overflow 可选。如果要预先配置 Red Hat Quay 部署的任何方面,请为配置捆绑包创建一个
Secret:oc create secret generic quay-enterprise-config-bundle --from-file=config-bundle.tar.gz=/path/to/config-bundle.tar.gz
$ oc create secret generic quay-enterprise-config-bundle --from-file=config-bundle.tar.gz=/path/to/config-bundle.tar.gzCopy to Clipboard Copied! Toggle word wrap Toggle overflow 在名为
quayregistry.yaml的文件中创建QuayRegistry自定义资源对于最小部署,请使用所有默认值:
quayregistry.yaml:
apiVersion: quay.redhat.com/v1 kind: QuayRegistry metadata: name: example-registry namespace: quay-enterprise
apiVersion: quay.redhat.com/v1 kind: QuayRegistry metadata: name: example-registry namespace: quay-enterpriseCopy to Clipboard Copied! Toggle word wrap Toggle overflow 可选。如果要有一些组件非受管状态,请在
spec字段中添加此信息。最小部署可能类似以下示例:带有非受管组件的 quayregistry.yaml 示例
Copy to Clipboard Copied! Toggle word wrap Toggle overflow 可选。如果您已创建了配置捆绑包,如
init-config-bundle-secret,请在quayregistry.yaml文件中引用它:带有配置捆绑包的 quayregistry.yaml 示例
Copy to Clipboard Copied! Toggle word wrap Toggle overflow 可选。如果配置了代理,您可以使用覆盖为 Red Hat Quay、Clair 和 mirror 添加信息:
配置了代理的 quayregistry.yaml 示例
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
输入以下命令在指定命名空间中创建
QuayRegistry:oc create -n quay-enterprise -f quayregistry.yaml
$ oc create -n quay-enterprise -f quayregistry.yamlCopy to Clipboard Copied! Toggle word wrap Toggle overflow 输入以下命令查看
status.registryEndpoint何时填充:oc get quayregistry -n quay-enterprise example-registry -o jsonpath="{.status.registryEndpoint}" -w$ oc get quayregistry -n quay-enterprise example-registry -o jsonpath="{.status.registryEndpoint}" -wCopy to Clipboard Copied! Toggle word wrap Toggle overflow
其他资源
- 有关如何跟踪 Red Hat Quay 部署进度的更多信息,请参阅监控和调试部署过程。
7.1.1. 使用 API 创建第一个用户
使用以下步骤在 Red Hat Quay 组织中创建第一个用户。
先决条件
-
配置选项
FEATURE_USER_INITIALIZE必须设为True。 - 数据库中不存在任何用户。
此流程通过指定 "access_token": true 来请求 OAuth 令牌。
打开 Red Hat Quay 配置文件并更新以下配置字段:
FEATURE_USER_INITIALIZE: true SUPER_USERS: - quayadminFEATURE_USER_INITIALIZE: true SUPER_USERS: - quayadminCopy to Clipboard Copied! Toggle word wrap Toggle overflow 输入以下命令停止 Red Hat Quay 服务:
sudo podman stop quay
$ sudo podman stop quayCopy to Clipboard Copied! Toggle word wrap Toggle overflow 输入以下命令启动 Red Hat Quay 服务:
sudo podman run -d -p 80:8080 -p 443:8443 --name=quay -v $QUAY/config:/conf/stack:Z -v $QUAY/storage:/datastorage:Z {productrepo}/{quayimage}:{productminv}$ sudo podman run -d -p 80:8080 -p 443:8443 --name=quay -v $QUAY/config:/conf/stack:Z -v $QUAY/storage:/datastorage:Z {productrepo}/{quayimage}:{productminv}Copy to Clipboard Copied! Toggle word wrap Toggle overflow 运行以下
CURL命令,以使用用户名、密码、电子邮件和访问令牌生成新用户:curl -X POST -k http://quay-server.example.com/api/v1/user/initialize --header 'Content-Type: application/json' --data '{ "username": "quayadmin", "password":"quaypass12345", "email": "quayadmin@example.com", "access_token": true}'$ curl -X POST -k http://quay-server.example.com/api/v1/user/initialize --header 'Content-Type: application/json' --data '{ "username": "quayadmin", "password":"quaypass12345", "email": "quayadmin@example.com", "access_token": true}'Copy to Clipboard Copied! Toggle word wrap Toggle overflow 如果成功,命令会返回带有用户名、电子邮件和加密密码的对象。例如:
{"access_token":"6B4QTRSTSD1HMIG915VPX7BMEZBVB9GPNY2FC2ED", "email":"quayadmin@example.com","encrypted_password":"1nZMLH57RIE5UGdL/yYpDOHLqiNCgimb6W9kfF8MjZ1xrfDpRyRs9NUnUuNuAitW","username":"quayadmin"} # gitleaks:allow{"access_token":"6B4QTRSTSD1HMIG915VPX7BMEZBVB9GPNY2FC2ED", "email":"quayadmin@example.com","encrypted_password":"1nZMLH57RIE5UGdL/yYpDOHLqiNCgimb6W9kfF8MjZ1xrfDpRyRs9NUnUuNuAitW","username":"quayadmin"} # gitleaks:allowCopy to Clipboard Copied! Toggle word wrap Toggle overflow 如果用户存在于数据库中,则返回错误:
{"message":"Cannot initialize user in a non-empty database"}{"message":"Cannot initialize user in a non-empty database"}Copy to Clipboard Copied! Toggle word wrap Toggle overflow 如果您的密码至少没有 8 个字符或包含空格,则返回错误:
{"message":"Failed to initialize user: Invalid password, password must be at least 8 characters and contain no whitespace."}{"message":"Failed to initialize user: Invalid password, password must be at least 8 characters and contain no whitespace."}Copy to Clipboard Copied! Toggle word wrap Toggle overflow 输入以下命令登录到 Red Hat Quay 部署:
sudo podman login -u quayadmin -p quaypass12345 http://quay-server.example.com --tls-verify=false
$ sudo podman login -u quayadmin -p quaypass12345 http://quay-server.example.com --tls-verify=falseCopy to Clipboard Copied! Toggle word wrap Toggle overflow 输出示例
Login Succeeded!
Login Succeeded!Copy to Clipboard Copied! Toggle word wrap Toggle overflow
7.1.2. 使用命令行查看创建的组件
使用以下步骤查看部署的 Red Hat Quay 组件。
先决条件
- 您已在 OpenShift Container Platform 上部署了 Red Hat Quay。
步骤
输入以下命令查看部署的组件:
oc get pods -n quay-enterprise
$ oc get pods -n quay-enterpriseCopy to Clipboard Copied! Toggle word wrap Toggle overflow 输出示例
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
7.1.3. Pod 横向自动扩展
默认部署显示了以下正在运行的 pod:
-
两个用于 Red Hat Quay 应用程序本身的 pod (
example-registry-quay-app requirements') -
一个 Red Hat Quay 日志记录的 Redis pod (
example-registry-quay-redis ldapmodify) -
一个用于 PostgreSQL 的数据库 pod 用于元数据存储(
例如:-registry-quay-database fluentd) -
两个
Quay镜像 pod (example-registry-quay-mirror Case) -
Clair 应用程序的两个 pod (
example-registry-clair-app channel) -
一个用于 Clair 的 PostgreSQL pod (
example-registry-clair-postgres suit)
默认情况下,水平 PPod 自动扩展配置为 管理,并且 Quay 的 pod 数量,Clair 和存储库镜像的数量设置为 2。这有助于避免在通过 Red Hat Quay Operator 或重新调度事件更新或重新配置 Red Hat Quay 时造成停机。您可以输入以下命令查看有关 HPA 对象的信息:
oc get hpa -n quay-enterprise
$ oc get hpa -n quay-enterprise输出示例
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE example-registry-clair-app Deployment/example-registry-clair-app 16%/90%, 0%/90% 2 10 2 13d example-registry-quay-app Deployment/example-registry-quay-app 31%/90%, 1%/90% 2 20 2 13d example-registry-quay-mirror Deployment/example-registry-quay-mirror 27%/90%, 0%/90% 2 20 2 13d
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
example-registry-clair-app Deployment/example-registry-clair-app 16%/90%, 0%/90% 2 10 2 13d
example-registry-quay-app Deployment/example-registry-quay-app 31%/90%, 1%/90% 2 20 2 13d
example-registry-quay-mirror Deployment/example-registry-quay-mirror 27%/90%, 0%/90% 2 20 2 13d
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}