17.2.8. 部署策略来部署断开连接的目录源
将 Catalogsource 策略推送到受管集群,将默认位置从连接的位置更改为您断开连接的本地 registry。
- 在 Red Hat Advanced Cluster Management 控制台中,选择 Infrastructure > Clusters。
- 在集群列表中找到要接收策略的受管集群。
-
记录下受管集群
name
标签的值。标签格式为name=managed-cluster-name
。该值会在推送策略时使用。 - 在 Red Hat Advanced Cluster Management 控制台菜单中,选择 Governance > Create policy。
-
将
YAML
切换设置为 On 以查看策略的 YAML 版本。 -
删除
YAML
代码中的所有内容。 -
将以下
YAML
内容粘贴到窗口以创建自定义策略: 将以下
YAML
内容粘贴到窗口以创建自定义策略:apiVersion: policy.open-cluster-management.io/v1 kind: Policy metadata: name: policy-pod namespace: default annotations: policy.open-cluster-management.io/standards: policy.open-cluster-management.io/categories: policy.open-cluster-management.io/controls: spec: disabled: false policy-templates: - objectDefinition: apiVersion: policy.open-cluster-management.io/v1 kind: ConfigurationPolicy metadata: name: policy-pod-sample-nginx-pod spec: object-templates: - complianceType: musthave objectDefinition: apiVersion: v1 kind: Pod metadata: name: sample-nginx-pod namespace: default status: phase: Running remediationAction: inform severity: low remediationAction: enforce --- apiVersion: policy.open-cluster-management.io/v1 kind: PlacementBinding metadata: name: binding-policy-pod namespace: default placementRef: name: placement-policy-pod kind: PlacementRule apiGroup: apps.open-cluster-management.io subjects: - name: policy-pod kind: Policy apiGroup: policy.open-cluster-management.io --- apiVersion: apps.open-cluster-management.io/v1 kind: PlacementRule metadata: name: placement-policy-pod namespace: default spec: clusterConditions: - status: "True" type: ManagedClusterConditionAvailable clusterSelector: matchExpressions: [] # selects all clusters if not specified
在策略中添加以下内容:
apiVersion: config.openshift.io/vi kind: OperatorHub metadata: name: cluster spec: disableAllDefaultSources: true
添加以下内容:
apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: my-operator-catalog namespace: openshift-marketplace spec: sourceType: grpc image: <registry_host_name>:<port>/olm/redhat-operators:v1 displayName: My Operator Catalog publisher: grpc
将 spec.image 值替换为本地受限目录源镜像的路径。
-
在 Red Hat Advanced Cluster Management 控制台导航中,选择 Infrastructure > Clusters 以检查受管集群的状态。应用策略时,集群状态为
ready
。