红帽全球峰会第 4 章 使用 Quay Operator 部署 Quay
Operator 可从命令行或 OpenShift 控制台部署,但基本步骤相同。
4.1. 从命令行部署 Red Hat Quay
复制链接链接已复制到粘贴板!
-
创建一个命名空间,如
quay-enterprise。 - 如果要预先配置部署的各个方面,为 config 捆绑包创建 secret
在名为
quayregistry.yaml的文件中创建QuayRegistry自定义资源对于最小部署,使用所有默认值:
quayregistry.yaml:
apiVersion: quay.redhat.com/v1 kind: QuayRegistry metadata: name: example-registry namespace: quay-enterprise
apiVersion: quay.redhat.com/v1 kind: QuayRegistry metadata: name: example-registry namespace: quay-enterpriseCopy to Clipboard Copied! Toggle word wrap Toggle overflow 如果要具有一些组件非受管,请在
spec字段中添加此信息。例如,最小部署可能类似如下:quayregistry.yaml:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow 如果您已创建了配置捆绑包,如
init-config-bundle-secret,在quayregistry.yaml文件中引用它:quayregistry.yaml:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
在指定的命名空间中创建
QuayRegistry:oc create -f quayregistry.yaml
$ oc create -f quayregistry.yamlCopy to Clipboard Copied! Toggle word wrap Toggle overflow - 如需有关如何跟踪部署进度的信息,请参阅 监控和调试部署过程。
等待
status.registryEndpoint填充。oc get quayregistry -n quay-enterprise example-registry -o jsonpath="{.status.registryEndpoint}" -w$ oc get quayregistry -n quay-enterprise example-registry -o jsonpath="{.status.registryEndpoint}" -wCopy to Clipboard Copied! Toggle word wrap Toggle overflow
4.1.1. 使用命令行查看创建的组件
复制链接链接已复制到粘贴板!
使用 oc get pods 命令查看部署的组件:
4.1.2. Pod 横向自动扩展(HPA)
复制链接链接已复制到粘贴板!
默认部署显示了以下正在运行的 pod:
-
Quay 应用本身的两个 pod(
example-registry-quay-app-*') -
用于 Quay 日志记录的 Redis pod(
example-registry-quay-redis-*) -
Quay 用于元数据存储的 PostgreSQL 的一个数据库 pod(
example-registry-quay-database-*) -
用于 Quay 配置编辑器的一个 pod(
example-registry-quay-config-editor-*) -
两个 Quay 镜像 pod(
example-registry-quay-mirror-*) -
Clair 应用的两个 pod(
example-registry-clair-app-*) -
Clair 的 PostgreSQL pod(
example-registry-clair-postgres-*)
因为 HPA 默认配置为 受管,Quay 的 pod 数量将 Clair 和存储库镜像设置为 2。这有助于在通过 Operator 更新/配置 Quay 或重新调度事件期间出现停机的问题。
oc get hpa -n quay-enterprise
$ oc get hpa -n quay-enterprise
NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
example-registry-clair-app Deployment/example-registry-clair-app 16%/90%, 0%/90% 2 10 2 13d
example-registry-quay-app Deployment/example-registry-quay-app 31%/90%, 1%/90% 2 20 2 13d
example-registry-quay-mirror Deployment/example-registry-quay-mirror 27%/90%, 0%/90% 2 20 2 13d4.1.3. 使用 API 创建第一个用户
复制链接链接已复制到粘贴板!
当使用 API 创建第一个用户时,必须满足以下条件:
-
配置选项
FEATURE_USER_INITIALIZE必须设置为true - 数据库中没有用户
如需有关预配置部署的更多信息,请参阅 预配置 Quay 以实现自动化
4.1.3.1. 调用 API
复制链接链接已复制到粘贴板!
使用 status.registryEndpoint URL,调用 /api/v1/user/initialize API,传递用户名、密码和电子邮件地址。您还可以通过指定 "access_token": true 来请求 OAuth 令牌。
curl -X POST -k https://example-registry-quay-quay-enterprise.apps.docs.quayteam.org/api/v1/user/initialize --header 'Content-Type: application/json' --data '{ "username": "quayadmin", "password":"quaypass123", "email": "quayadmin@example.com", "access_token": true}'
$ curl -X POST -k https://example-registry-quay-quay-enterprise.apps.docs.quayteam.org/api/v1/user/initialize --header 'Content-Type: application/json' --data '{ "username": "quayadmin", "password":"quaypass123", "email": "quayadmin@example.com", "access_token": true}'{"access_token":"6B4QTRSTSD1HMIG915VPX7BMEZBVB9GPNY2FC2ED", "email":"quayadmin@example.com","encrypted_password":"1nZMLH57RIE5UGdL/yYpDOHLqiNCgimb6W9kfF8MjZ1xrfDpRyRs9NUnUuNuAitW","username":"quayadmin"}
{"access_token":"6B4QTRSTSD1HMIG915VPX7BMEZBVB9GPNY2FC2ED", "email":"quayadmin@example.com","encrypted_password":"1nZMLH57RIE5UGdL/yYpDOHLqiNCgimb6W9kfF8MjZ1xrfDpRyRs9NUnUuNuAitW","username":"quayadmin"}如果成功,该方法返回一个带有用户名、电子邮件和加密密码的对象。如果用户已存在于数据库中,则返回错误:
curl -X POST -k https://example-registry-quay-quay-enterprise.apps.docs.quayteam.org/api/v1/user/initialize --header 'Content-Type: application/json' --data '{ "username": "quayuser2", "password":"quaypass123", "email": "quayuser2@example.com"}'
$ curl -X POST -k https://example-registry-quay-quay-enterprise.apps.docs.quayteam.org/api/v1/user/initialize --header 'Content-Type: application/json' --data '{ "username": "quayuser2", "password":"quaypass123", "email": "quayuser2@example.com"}'{"message":"Cannot initialize user in a non-empty database"}
{"message":"Cannot initialize user in a non-empty database"}密码必须至少为 8 个字符,且不包含空格:
curl -X POST -k https://example-registry-quay-quay-enterprise.apps.docs.quayteam.org/api/v1/user/initialize --header 'Content-Type: application/json' --data '{ "username": "quayadmin", "password":"pass123", "email": "quayadmin@example.com"}'
$ curl -X POST -k https://example-registry-quay-quay-enterprise.apps.docs.quayteam.org/api/v1/user/initialize --header 'Content-Type: application/json' --data '{ "username": "quayadmin", "password":"pass123", "email": "quayadmin@example.com"}'{"message":"Failed to initialize user: Invalid password, password must be at least 8 characters and contain no whitespace."}
{"message":"Failed to initialize user: Invalid password, password must be at least 8 characters and contain no whitespace."}4.1.3.2. 使用 OAuth 令牌
复制链接链接已复制到粘贴板!
现在,您可以在指定返回的 OAuth 代码调用 Quay API 的剩余部分。例如,获取当前用户的列表:
curl -X GET -k -H "Authorization: Bearer 6B4QTRSTSD1HMIG915VPX7BMEZBVB9GPNY2FC2ED" https://example-registry-quay-quay-enterprise.apps.docs.quayteam.org/api/v1/superuser/users/
$ curl -X GET -k -H "Authorization: Bearer 6B4QTRSTSD1HMIG915VPX7BMEZBVB9GPNY2FC2ED" https://example-registry-quay-quay-enterprise.apps.docs.quayteam.org/api/v1/superuser/users/
在本例中,quayadmin 用户的详细信息返回,因为它是目前创建的唯一用户。
4.1.3.2.1. 创建机构
复制链接链接已复制到粘贴板!
要创建机构,使用 POST 调用 api/v1/organization/ 端点:
curl -X POST -k --header 'Content-Type: application/json' -H "Authorization: Bearer 6B4QTRSTSD1HMIG915VPX7BMEZBVB9GPNY2FC2ED" https://example-registry-quay-quay-enterprise.apps.docs.quayteam.org/api/v1/organization/ --data '{"name": "testorg", "email": "testorg@example.com"}'
$ curl -X POST -k --header 'Content-Type: application/json' -H "Authorization: Bearer 6B4QTRSTSD1HMIG915VPX7BMEZBVB9GPNY2FC2ED" https://example-registry-quay-quay-enterprise.apps.docs.quayteam.org/api/v1/organization/ --data '{"name": "testorg", "email": "testorg@example.com"}'"Created"
"Created"4.1.3.2.2. 获取机构详情
复制链接链接已复制到粘贴板!
检索您创建的机构详情:
curl -X GET -k --header 'Content-Type: application/json' -H "Authorization: Bearer 6B4QTRSTSD1HMIG915VPX7BMEZBVB9GPNY2FC2ED" https://min-registry-quay-quay-enterprise.apps.docs.quayteam.org/api/v1/organization/testorg
$ curl -X GET -k --header 'Content-Type: application/json' -H "Authorization: Bearer 6B4QTRSTSD1HMIG915VPX7BMEZBVB9GPNY2FC2ED" https://min-registry-quay-quay-enterprise.apps.docs.quayteam.org/api/v1/organization/testorg4.1.4. 监控和调试部署过程
复制链接链接已复制到粘贴板!
Red Hat Quay 3.6 提供了新的功能,可在部署阶段排除问题。QuayRegistry 对象中的状态可帮助您在部署过程中监控组件的健康状态,以帮助您调试可能出现的问题:
oc get quayregistry -n quay-enterprise -o yaml
$ oc get quayregistry -n quay-enterprise -o yaml部署后,QuayRegistry 对象会显示基本配置:
使用 oc get pods 命令查看部署组件的当前状态:
在部署进行过程中,QuayRegistry 对象会显示当前状态。在本实例中,数据库迁移就位,其他组件也等到此完成后才会等待。
当部署过程成功完成时,QuayRegistry 对象中的状态不会显示不健康的组件:
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}