红帽全球峰会第 7 章 使用 Operator 部署 Red Hat Quay
可以使用命令行界面或 OpenShift Container Platform 控制台部署 OpenShift Container Platform 上的 Red Hat Quay。这些步骤基本相同。
7.1. 从命令行部署 Red Hat Quay
使用以下步骤,使用命令行界面(CLI)从 部署 Red Hat Quay。
先决条件
- 已使用 CLI 登录 OpenShift Container Platform。
步骤
输入以下命令创建一个命名空间,如
quay-enterprise:$ oc new-project quay-enterprise
可选。如果要预先配置 Red Hat Quay 部署的任何方面,请为配置捆绑包创建一个
Secret:$ oc create secret generic quay-enterprise-config-bundle --from-file=config-bundle.tar.gz=/path/to/config-bundle.tar.gz
在名为
quayregistry.yaml的文件中创建QuayRegistry自定义资源对于最小部署,请使用所有默认值:
quayregistry.yaml:
apiVersion: quay.redhat.com/v1 kind: QuayRegistry metadata: name: example-registry namespace: quay-enterprise
可选。如果要有一些组件非受管状态,请在
spec字段中添加此信息。最小部署可能类似以下示例:带有非受管组件的 quayregistry.yaml 示例
apiVersion: quay.redhat.com/v1 kind: QuayRegistry metadata: name: example-registry namespace: quay-enterprise spec: components: - kind: clair managed: false - kind: horizontalpodautoscaler managed: false - kind: mirror managed: false - kind: monitoring managed: false可选。如果您已创建了配置捆绑包,如
init-config-bundle-secret,请在quayregistry.yaml文件中引用它:带有配置捆绑包的 quayregistry.yaml 示例
apiVersion: quay.redhat.com/v1 kind: QuayRegistry metadata: name: example-registry namespace: quay-enterprise spec: configBundleSecret: init-config-bundle-secret
可选。如果配置了代理,您可以使用覆盖为 Red Hat Quay、Clair 和 mirror 添加信息:
配置了代理的 quayregistry.yaml 示例
kind: QuayRegistry metadata: name: quay37 spec: configBundleSecret: config-bundle-secret components: - kind: objectstorage managed: false - kind: route managed: true - kind: mirror managed: true overrides: env: - name: DEBUGLOG value: "true" - name: HTTP_PROXY value: quayproxy.qe.devcluster.openshift.com:3128 - name: HTTPS_PROXY value: quayproxy.qe.devcluster.openshift.com:3128 - name: NO_PROXY value: svc.cluster.local,localhost,quay370.apps.quayperf370.perfscale.devcluster.openshift.com - kind: tls managed: false - kind: clair managed: true overrides: env: - name: HTTP_PROXY value: quayproxy.qe.devcluster.openshift.com:3128 - name: HTTPS_PROXY value: quayproxy.qe.devcluster.openshift.com:3128 - name: NO_PROXY value: svc.cluster.local,localhost,quay370.apps.quayperf370.perfscale.devcluster.openshift.com - kind: quay managed: true overrides: env: - name: DEBUGLOG value: "true" - name: NO_PROXY value: svc.cluster.local,localhost,quay370.apps.quayperf370.perfscale.devcluster.openshift.com - name: HTTP_PROXY value: quayproxy.qe.devcluster.openshift.com:3128 - name: HTTPS_PROXY value: quayproxy.qe.devcluster.openshift.com:3128
输入以下命令在指定命名空间中创建
QuayRegistry:$ oc create -n quay-enterprise -f quayregistry.yaml
输入以下命令查看
status.registryEndpoint何时填充:$ oc get quayregistry -n quay-enterprise example-registry -o jsonpath="{.status.registryEndpoint}" -w
其他资源
- 有关如何跟踪 Red Hat Quay 部署进度的更多信息,请参阅监控和调试部署过程。
7.1.1. 使用 API 创建第一个用户
使用以下步骤在 Red Hat Quay 组织中创建第一个用户。
先决条件
-
配置选项
FEATURE_USER_INITIALIZE必须设为true。 - 数据库中不存在任何用户。
此流程通过指定 "access_token": true 来请求 OAuth 令牌。
打开 Red Hat Quay 配置文件并更新以下配置字段:
FEATURE_USER_INITIALIZE: true SUPER_USERS: - quayadmin输入以下命令停止 Red Hat Quay 服务:
$ sudo podman stop quay
输入以下命令启动 Red Hat Quay 服务:
$ sudo podman run -d -p 80:8080 -p 443:8443 --name=quay -v $QUAY/config:/conf/stack:Z -v $QUAY/storage:/datastorage:Z {productrepo}/{quayimage}:{productminv}运行以下
CURL命令,以使用用户名、密码、电子邮件和访问令牌生成新用户:$ curl -X POST -k http://quay-server.example.com/api/v1/user/initialize --header 'Content-Type: application/json' --data '{ "username": "quayadmin", "password":"quaypass12345", "email": "quayadmin@example.com", "access_token": true}'如果成功,命令会返回带有用户名、电子邮件和加密密码的对象。例如:
{"access_token":"6B4QTRSTSD1HMIG915VPX7BMEZBVB9GPNY2FC2ED", "email":"quayadmin@example.com","encrypted_password":"1nZMLH57RIE5UGdL/yYpDOHLqiNCgimb6W9kfF8MjZ1xrfDpRyRs9NUnUuNuAitW","username":"quayadmin"} # gitleaks:allow如果用户存在于数据库中,则返回错误:
{"message":"Cannot initialize user in a non-empty database"}如果您的密码至少没有 8 个字符或包含空格,则返回错误:
{"message":"Failed to initialize user: Invalid password, password must be at least 8 characters and contain no whitespace."}输入以下命令登录到 Red Hat Quay 部署:
$ sudo podman login -u quayadmin -p quaypass12345 http://quay-server.example.com --tls-verify=false
输出示例
Login Succeeded!
7.1.2. 使用命令行查看创建的组件
使用以下步骤查看部署的 Red Hat Quay 组件。
先决条件
- 您已在 OpenShift Container Platform 上部署了 Red Hat Quay。
步骤
输入以下命令查看部署的组件:
$ oc get pods -n quay-enterprise
输出示例
NAME READY STATUS RESTARTS AGE example-registry-clair-app-5ffc9f77d6-jwr9s 1/1 Running 0 3m42s example-registry-clair-app-5ffc9f77d6-wgp7d 1/1 Running 0 3m41s example-registry-clair-postgres-54956d6d9c-rgs8l 1/1 Running 0 3m5s example-registry-quay-app-79c6b86c7b-8qnr2 1/1 Running 4 3m42s example-registry-quay-app-79c6b86c7b-xk85f 1/1 Running 4 3m41s example-registry-quay-app-upgrade-5kl5r 0/1 Completed 4 3m50s example-registry-quay-database-b466fc4d7-tfrnx 1/1 Running 2 3m42s example-registry-quay-mirror-6d9bd78756-6lj6p 1/1 Running 0 2m58s example-registry-quay-mirror-6d9bd78756-bv6gq 1/1 Running 0 2m58s example-registry-quay-postgres-init-dzbmx 0/1 Completed 0 3m43s example-registry-quay-redis-8bd67b647-skgqx 1/1 Running 0 3m42s
7.1.3. Pod 横向自动扩展
默认部署显示了以下正在运行的 pod:
-
两个用于 Red Hat Quay 应用程序本身的 pod (
example-registry-quay-app requirements') -
一个 Red Hat Quay 日志记录的 Redis pod (
example-registry-quay-redis ldapmodify) -
一个用于 PostgreSQL 的数据库 pod 用于元数据存储(
例如:-registry-quay-database fluentd) -
两个
Quay镜像 pod (example-registry-quay-mirror Case) -
Clair 应用程序的两个 pod (
example-registry-clair-app channel) -
一个用于 Clair 的 PostgreSQL pod (
example-registry-clair-postgres suit)
默认情况下,水平 PPod 自动扩展配置为 管理,并且 Quay 的 pod 数量,Clair 和存储库镜像的数量设置为 2。这有助于避免在通过 Red Hat Quay Operator 或重新调度事件更新或重新配置 Red Hat Quay 时造成停机。您可以输入以下命令查看有关 HPA 对象的信息:
$ oc get hpa -n quay-enterprise
输出示例
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE example-registry-clair-app Deployment/example-registry-clair-app 16%/90%, 0%/90% 2 10 2 13d example-registry-quay-app Deployment/example-registry-quay-app 31%/90%, 1%/90% 2 20 2 13d example-registry-quay-mirror Deployment/example-registry-quay-mirror 27%/90%, 0%/90% 2 20 2 13d
其他资源
有关预先配置 Red Hat Quay 部署的更多信息,请参阅为自动化配置 Red Hat Quay部分
7.1.4. 监控和调试部署过程
用户现在可以在部署阶段排除问题。QuayRegistry 对象中的状态可帮助您在部署期间监控组件的健康状况,可帮助您调试可能出现的任何问题。
步骤
输入以下命令检查部署的状态:
$ oc get quayregistry -n quay-enterprise -o yaml
输出示例
部署后,Quay
Registry对象将显示基本配置:apiVersion: v1 items: - apiVersion: quay.redhat.com/v1 kind: QuayRegistry metadata: creationTimestamp: "2021-09-14T10:51:22Z" generation: 3 name: example-registry namespace: quay-enterprise resourceVersion: "50147" selfLink: /apis/quay.redhat.com/v1/namespaces/quay-enterprise/quayregistries/example-registry uid: e3fc82ba-e716-4646-bb0f-63c26d05e00e spec: components: - kind: postgres managed: true - kind: clair managed: true - kind: redis managed: true - kind: horizontalpodautoscaler managed: true - kind: objectstorage managed: true - kind: route managed: true - kind: mirror managed: true - kind: monitoring managed: true - kind: tls managed: true - kind: clairpostgres managed: true configBundleSecret: example-registry-config-bundle-kt55s kind: List metadata: resourceVersion: "" selfLink: ""使用
oc get pods命令查看部署组件的当前状态:$ oc get pods -n quay-enterprise
输出示例
NAME READY STATUS RESTARTS AGE example-registry-clair-app-86554c6b49-ds7bl 0/1 ContainerCreating 0 2s example-registry-clair-app-86554c6b49-hxp5s 0/1 Running 1 17s example-registry-clair-postgres-68d8857899-lbc5n 0/1 ContainerCreating 0 17s example-registry-quay-app-upgrade-h2v7h 0/1 ContainerCreating 0 9s example-registry-quay-database-66f495c9bc-wqsjf 0/1 ContainerCreating 0 17s example-registry-quay-mirror-854c88457b-d845g 0/1 Init:0/1 0 2s example-registry-quay-mirror-854c88457b-fghxv 0/1 Init:0/1 0 17s example-registry-quay-postgres-init-bktdt 0/1 Terminating 0 17s example-registry-quay-redis-f9b9d44bf-4htpz 0/1 ContainerCreating 0 17s
在部署进行过程中,Quay
Registry对象将显示当前状态。在这个实例中,数据库迁移会发生,其他组件会在完成前等待:status: conditions: - lastTransitionTime: "2021-09-14T10:52:04Z" lastUpdateTime: "2021-09-14T10:52:04Z" message: all objects created/updated successfully reason: ComponentsCreationSuccess status: "False" type: RolloutBlocked - lastTransitionTime: "2021-09-14T10:52:05Z" lastUpdateTime: "2021-09-14T10:52:05Z" message: running database migrations reason: MigrationsInProgress status: "False" type: Available lastUpdated: 2021-09-14 10:52:05.371425635 +0000 UTC unhealthyComponents: clair: - lastTransitionTime: "2021-09-14T10:51:32Z" lastUpdateTime: "2021-09-14T10:51:32Z" message: 'Deployment example-registry-clair-postgres: Deployment does not have minimum availability.' reason: MinimumReplicasUnavailable status: "False" type: Available - lastTransitionTime: "2021-09-14T10:51:32Z" lastUpdateTime: "2021-09-14T10:51:32Z" message: 'Deployment example-registry-clair-app: Deployment does not have minimum availability.' reason: MinimumReplicasUnavailable status: "False" type: Available mirror: - lastTransitionTime: "2021-09-14T10:51:32Z" lastUpdateTime: "2021-09-14T10:51:32Z" message: 'Deployment example-registry-quay-mirror: Deployment does not have minimum availability.' reason: MinimumReplicasUnavailable status: "False" type: Available当部署过程成功完成时,QuayRegistry 对象中的状态不会显示不健康的组件:
status: conditions: - lastTransitionTime: "2021-09-14T10:52:36Z" lastUpdateTime: "2021-09-14T10:52:36Z" message: all registry component healthchecks passing reason: HealthChecksPassing status: "True" type: Available - lastTransitionTime: "2021-09-14T10:52:46Z" lastUpdateTime: "2021-09-14T10:52:46Z" message: all objects created/updated successfully reason: ComponentsCreationSuccess status: "False" type: RolloutBlocked currentVersion: {producty} lastUpdated: 2021-09-14 10:52:46.104181633 +0000 UTC registryEndpoint: https://example-registry-quay-quay-enterprise.apps.docs.quayteam.org unhealthyComponents: {}
