Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

第 6 章 部署 Red Hat Quay Operator

Red Hat Quay Operator 可以从命令行或 OpenShift Container Platform 控制台部署,但步骤基本相同。

6.1. 从命令行部署 Red Hat Quay
复制链接

使用以下步骤使用命令行界面(CLI)从 部署 Red Hat Quay。

先决条件

  • 已使用 CLI 登录 OpenShift Container Platform。

步骤

  1. 输入以下命令创建一个命名空间,如 quay-enterprise

    $ oc new-project quay-enterprise
    Copy to Clipboard Toggle word wrap

  2. 可选。如果要预配置 Red Hat Quay 部署的任何方面,请为配置捆绑包创建一个 Secret

    $ oc create secret generic quay-enterprise-config-bundle --from-file=config-bundle.tar.gz=/path/to/config-bundle.tar.gz
    Copy to Clipboard Toggle word wrap

  3. 在名为 quayregistry.yaml的文件中创建 QuayRegistry 自定义资源

    1. 对于最小部署,使用所有默认值:

      quayregistry.yaml:

      apiVersion: quay.redhat.com/v1
kind: QuayRegistry
metadata:
  name: example-registry
  namespace: quay-enterprise
      Copy to Clipboard Toggle word wrap

    2. 可选。如果要有一些组件非受管组件,请在 spec 字段中添加此信息。最小部署可能类似以下示例:

      带有非受管组件的 quayregistry.yaml 示例

      apiVersion: quay.redhat.com/v1
kind: QuayRegistry
metadata:
  name: example-registry
  namespace: quay-enterprise
spec:
  components:
    - kind: clair
      managed: false
    - kind: horizontalpodautoscaler
      managed: false
    - kind: mirror
      managed: false
    - kind: monitoring
      managed: false
      Copy to Clipboard Toggle word wrap

    3. 可选。如果您创建了配置捆绑包,如 init-config-bundle-secret,请在 quayregistry.yaml 文件中引用它:

      带有配置捆绑包的 quayregistry.yaml 示例

      apiVersion: quay.redhat.com/v1
kind: QuayRegistry
metadata:
  name: example-registry
  namespace: quay-enterprise
spec:
  configBundleSecret: init-config-bundle-secret
      Copy to Clipboard Toggle word wrap

    4. 可选。如果您配置了代理,您可以使用 Red Hat Quay、Clair 和 mirror 覆盖添加信息:

      配置了代理的 quayregistry.yaml 示例

        kind: QuayRegistry
  metadata:
    name: quay37
  spec:
    configBundleSecret: config-bundle-secret
    components:
      - kind: objectstorage
        managed: false
      - kind: route
        managed: true
      - kind: mirror
        managed: true
        overrides:
          env:
            - name: DEBUGLOG
              value: "true"
            - name: HTTP_PROXY
              value: quayproxy.qe.devcluster.openshift.com:3128
            - name: HTTPS_PROXY
              value: quayproxy.qe.devcluster.openshift.com:3128
            - name: NO_PROXY
              value: svc.cluster.local,localhost,quay370.apps.quayperf370.perfscale.devcluster.openshift.com
      - kind: tls
        managed: false
      - kind: clair
        managed: true
        overrides:
          env:
            - name: HTTP_PROXY
              value: quayproxy.qe.devcluster.openshift.com:3128
            - name: HTTPS_PROXY
              value: quayproxy.qe.devcluster.openshift.com:3128
            - name: NO_PROXY
              value: svc.cluster.local,localhost,quay370.apps.quayperf370.perfscale.devcluster.openshift.com
      - kind: quay
        managed: true
        overrides:
          env:
            - name: DEBUGLOG
              value: "true"
            - name: NO_PROXY
              value: svc.cluster.local,localhost,quay370.apps.quayperf370.perfscale.devcluster.openshift.com
            - name: HTTP_PROXY
              value: quayproxy.qe.devcluster.openshift.com:3128
            - name: HTTPS_PROXY
              value: quayproxy.qe.devcluster.openshift.com:3128
      Copy to Clipboard Toggle word wrap

  4. 在指定命名空间中创建 QuayRegistry

    $ oc create -n quay-enterprise -f quayregistry.yaml
    Copy to Clipboard Toggle word wrap

  5. 输入以下命令来查看何时填充 status.registryEndpoint

    $ oc get quayregistry -n quay-enterprise example-registry -o jsonpath="{.status.registryEndpoint}" -w
    Copy to Clipboard Toggle word wrap

其他资源

6.1.1. 使用命令行查看创建的组件
复制链接

使用以下步骤查看部署的 Red Hat Quay 组件。

先决条件

  • 您已在 {ocp.} 上部署了 Red Hat Quay Operator

步骤

  1. 输入以下命令查看部署的组件: 

    $ oc get pods -n quay-enterprise
    Copy to Clipboard Toggle word wrap

    输出示例

    NAME                                                   READY   STATUS      RESTARTS   AGE
example-registry-clair-app-5ffc9f77d6-jwr9s            1/1     Running     0          3m42s
example-registry-clair-app-5ffc9f77d6-wgp7d            1/1     Running     0          3m41s
example-registry-clair-postgres-54956d6d9c-rgs8l       1/1     Running     0          3m5s
example-registry-quay-app-79c6b86c7b-8qnr2             1/1     Running     4          3m42s
example-registry-quay-app-79c6b86c7b-xk85f             1/1     Running     4          3m41s
example-registry-quay-app-upgrade-5kl5r                0/1     Completed   4          3m50s
example-registry-quay-config-editor-597b47c995-svqrl   1/1     Running     0          3m42s
example-registry-quay-database-b466fc4d7-tfrnx         1/1     Running     2          3m42s
example-registry-quay-mirror-6d9bd78756-6lj6p          1/1     Running     0          2m58s
example-registry-quay-mirror-6d9bd78756-bv6gq          1/1     Running     0          2m58s
example-registry-quay-postgres-init-dzbmx              0/1     Completed   0          3m43s
example-registry-quay-redis-8bd67b647-skgqx            1/1     Running     0          3m42s
    Copy to Clipboard Toggle word wrap

6.1.2. Pod 横向自动扩展
复制链接

默认部署显示以下正在运行的 pod:

  • 两个用于 Red Hat Quay 应用程序本身的 pod (example-registry-quay-app可以')
  • 一个 Red Hat Quay 日志记录的 Redis pod (example-registry-quay-redis可以)
  • 一个数据库 pod for PostgreSQL,供 Red Hat Quay 用于元数据存储(example-registry-quay-database114)
  • 一个 pod for Red Hat Quay config editor (example-registry-quay-config-editorjpeg)
  • 两个 Quay 镜像 pod (example-registry-quay-mirror114)
  • Clair 应用程序的两个 pod (example-registry-clair-appö)
  • 一个用于 Clair 的 PostgreSQL pod (example-registry-clair-postgres047)

水平 PPod 自动扩展默认配置为 受管,Quay 的 pod 数量,Clair 和存储库镜像设置为 2。这有助于在通过 Red Hat Quay Operator 更新或重新调度事件期间更新或重新配置 Red Hat Quay 时停机。您可以输入以下命令来查看 HPA 对象的信息: 

$ oc get hpa -n quay-enterprise
Copy to Clipboard Toggle word wrap

输出示例

NAME                           REFERENCE                                 TARGETS           MINPODS   MAXPODS   REPLICAS   AGE
example-registry-clair-app     Deployment/example-registry-clair-app     16%/90%, 0%/90%   2         10        2          13d
example-registry-quay-app      Deployment/example-registry-quay-app      31%/90%, 1%/90%   2         20        2          13d
example-registry-quay-mirror   Deployment/example-registry-quay-mirror   27%/90%, 0%/90%   2         20        2          13d
Copy to Clipboard Toggle word wrap

6.1.2.1. 使用 API 创建第一个用户
复制链接

使用以下步骤在 Red Hat Quay 组织中创建第一个用户。

先决条件

  • 配置选项 FEATURE_USER_INITIALIZE 必须设为 true
  • 数据库中还没有存在用户。
步骤

此流程通过指定 "access_token": true 来请求 OAuth 令牌。

  1. 以 root 用户身份,输入以下命令安装 python39

    $ sudo yum install python39
    Copy to Clipboard Toggle word wrap

  2. 升级 Python 3.9 的 pip 软件包管理器: 

    $ python3.9 -m pip install --upgrade pip
    Copy to Clipboard Toggle word wrap

  3. 使用 pip 软件包管理器安装 bcrypt 软件包: 

    $ pip install bcrypt
    Copy to Clipboard Toggle word wrap

  4. 输入以下命令,使用 Python 3.9 中的 bcrypt 软件包生成安全散列密码: 

    $ python3.9 -c 'import bcrypt; print(bcrypt.hashpw(b"subquay12345", bcrypt.gensalt(12)).decode("utf-8"))'
    Copy to Clipboard Toggle word wrap

  5. 打开 Red Hat Quay 配置文件并更新以下配置字段: 

    FEATURE_USER_INITIALIZE: true
SUPER_USERS:
     -  quayadmin
    Copy to Clipboard Toggle word wrap

  6. 输入以下命令停止 Red Hat Quay 服务: 

    $ sudo podman stop quay
    Copy to Clipboard Toggle word wrap

  7. 输入以下命令启动 Red Hat Quay 服务: 

    $ sudo podman run -d -p 80:8080 -p 443:8443 --name=quay -v $QUAY/config:/conf/stack:Z  -v $QUAY/storage:/datastorage:Z {productrepo}/{quayimage}:{productminv}
    Copy to Clipboard Toggle word wrap

  8. 运行以下 CURL 命令,以使用用户名、密码、电子邮件和访问令牌生成新用户: 

    $ curl -X POST -k  http://quay-server.example.com/api/v1/user/initialize --header 'Content-Type: application/json' --data '{ "username": "quayadmin", "password":"quaypass12345", "email": "quayadmin@example.com", "access_token": true}'
    Copy to Clipboard Toggle word wrap

    如果成功,命令会返回带有用户名、电子邮件和加密的密码的对象。例如: 

    {"access_token":"6B4QTRSTSD1HMIG915VPX7BMEZBVB9GPNY2FC2ED", "email":"quayadmin@example.com","encrypted_password":"1nZMLH57RIE5UGdL/yYpDOHLqiNCgimb6W9kfF8MjZ1xrfDpRyRs9NUnUuNuAitW","username":"quayadmin"} # gitleaks:allow
    Copy to Clipboard Toggle word wrap

    如果用户已在数据库中存在,则返回错误: 

    {"message":"Cannot initialize user in a non-empty database"}
    Copy to Clipboard Toggle word wrap

    如果您的密码不至少为 8 个字符或包含空格,则会返回错误: 

    {"message":"Failed to initialize user: Invalid password, password must be at least 8 characters and contain no whitespace."}
    Copy to Clipboard Toggle word wrap

  9. 输入以下命令登录到您的 Red Hat Quay 部署: 

    $ sudo podman login -u quayadmin -p quaypass12345 http://quay-server.example.com --tls-verify=false
    Copy to Clipboard Toggle word wrap

    输出示例

    Login Succeeded!
    Copy to Clipboard Toggle word wrap

6.1.3. 监控和调试部署过程
复制链接

用户现在可以在部署阶段排除问题。QuayRegistry 对象中的状态可帮助您在部署期间监控组件的健康状况,以帮助您调试可能会出现任何问题。

步骤

  1. 输入以下命令检查部署的状态: 

    $ oc get quayregistry -n quay-enterprise -o yaml
    Copy to Clipboard Toggle word wrap

    输出示例

    部署后,Quay Registry 对象将显示基本配置: 

    apiVersion: v1
items:
- apiVersion: quay.redhat.com/v1
  kind: QuayRegistry
  metadata:
    creationTimestamp: "2021-09-14T10:51:22Z"
    generation: 3
    name: example-registry
    namespace: quay-enterprise
    resourceVersion: "50147"
    selfLink: /apis/quay.redhat.com/v1/namespaces/quay-enterprise/quayregistries/example-registry
    uid: e3fc82ba-e716-4646-bb0f-63c26d05e00e
  spec:
    components:
    - kind: postgres
      managed: true
    - kind: clair
      managed: true
    - kind: redis
      managed: true
    - kind: horizontalpodautoscaler
      managed: true
    - kind: objectstorage
      managed: true
    - kind: route
      managed: true
    - kind: mirror
      managed: true
    - kind: monitoring
      managed: true
    - kind: tls
      managed: true
    configBundleSecret: example-registry-config-bundle-kt55s
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""
    Copy to Clipboard Toggle word wrap

  2. 使用 oc get pods 命令查看部署组件的当前状态: 

    $ oc get pods -n quay-enterprise
    Copy to Clipboard Toggle word wrap

    输出示例

    NAME                                                   READY   STATUS              RESTARTS   AGE
example-registry-clair-app-86554c6b49-ds7bl            0/1     ContainerCreating   0          2s
example-registry-clair-app-86554c6b49-hxp5s            0/1     Running             1          17s
example-registry-clair-postgres-68d8857899-lbc5n       0/1     ContainerCreating   0          17s
example-registry-quay-app-upgrade-h2v7h                0/1     ContainerCreating   0          9s
example-registry-quay-config-editor-5f646cbcb7-lbnc2   0/1     ContainerCreating   0          17s
example-registry-quay-database-66f495c9bc-wqsjf        0/1     ContainerCreating   0          17s
example-registry-quay-mirror-854c88457b-d845g          0/1     Init:0/1            0          2s
example-registry-quay-mirror-854c88457b-fghxv          0/1     Init:0/1            0          17s
example-registry-quay-postgres-init-bktdt              0/1     Terminating         0          17s
example-registry-quay-redis-f9b9d44bf-4htpz            0/1     ContainerCreating   0          17s
    Copy to Clipboard Toggle word wrap

  3. 在部署进行时,Quay Registry 对象将显示当前状态。在这个实例中,数据库迁移会被发生,其他组件会等到完成为止: 

      status:
    conditions:
    - lastTransitionTime: "2021-09-14T10:52:04Z"
      lastUpdateTime: "2021-09-14T10:52:04Z"
      message: all objects created/updated successfully
      reason: ComponentsCreationSuccess
      status: "False"
      type: RolloutBlocked
    - lastTransitionTime: "2021-09-14T10:52:05Z"
      lastUpdateTime: "2021-09-14T10:52:05Z"
      message: running database migrations
      reason: MigrationsInProgress
      status: "False"
      type: Available
    configEditorCredentialsSecret: example-registry-quay-config-editor-credentials-btbkcg8dc9
    configEditorEndpoint: https://example-registry-quay-config-editor-quay-enterprise.apps.docs.quayteam.org
    lastUpdated: 2021-09-14 10:52:05.371425635 +0000 UTC
    unhealthyComponents:
      clair:
      - lastTransitionTime: "2021-09-14T10:51:32Z"
        lastUpdateTime: "2021-09-14T10:51:32Z"
        message: 'Deployment example-registry-clair-postgres: Deployment does not have minimum availability.'
        reason: MinimumReplicasUnavailable
        status: "False"
        type: Available
      - lastTransitionTime: "2021-09-14T10:51:32Z"
        lastUpdateTime: "2021-09-14T10:51:32Z"
        message: 'Deployment example-registry-clair-app: Deployment does not have minimum availability.'
        reason: MinimumReplicasUnavailable
        status: "False"
        type: Available
      mirror:
      - lastTransitionTime: "2021-09-14T10:51:32Z"
        lastUpdateTime: "2021-09-14T10:51:32Z"
        message: 'Deployment example-registry-quay-mirror: Deployment does not have minimum availability.'
        reason: MinimumReplicasUnavailable
        status: "False"
        type: Available
    Copy to Clipboard Toggle word wrap

  4. 当部署过程成功完成时,QuayRegistry 对象中的状态不会显示不健康的组件: 

      status:
    conditions:
    - lastTransitionTime: "2021-09-14T10:52:36Z"
      lastUpdateTime: "2021-09-14T10:52:36Z"
      message: all registry component healthchecks passing
      reason: HealthChecksPassing
      status: "True"
      type: Available
    - lastTransitionTime: "2021-09-14T10:52:46Z"
      lastUpdateTime: "2021-09-14T10:52:46Z"
      message: all objects created/updated successfully
      reason: ComponentsCreationSuccess
      status: "False"
      type: RolloutBlocked
    configEditorCredentialsSecret: example-registry-quay-config-editor-credentials-hg7gg7h57m
    configEditorEndpoint: https://example-registry-quay-config-editor-quay-enterprise.apps.docs.quayteam.org
    currentVersion: {producty}
    lastUpdated: 2021-09-14 10:52:46.104181633 +0000 UTC
    registryEndpoint: https://example-registry-quay-quay-enterprise.apps.docs.quayteam.org
    unhealthyComponents: {}
    Copy to Clipboard Toggle word wrap
返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat