概述
最近在准备使用 OCP4.3 给客户做演示,因为客户那里完全离线的不能上网,得准备好所有的介质,安装EFK需要使用 OperatorHub 进行安装,所以不得不准备离线的 OperatorHub 相关资源。安装官方文档关于离线安装OCP4和 OperatorHub 都是基于集群内有一台能上网的机器做同步镜像相关资源,但是通常给客户那里需要准备好安装介质直接过去,在安装官方文档搭建好的一个镜像仓库,将同步好镜像后,将镜像仓库的文件打包回来,然后使用这份镜像仓库数据再搭建一个镜像仓库也是可以的,但是我安装官方文档在同步 OperatorHub 的镜像时,我国外的VPS机器20G的硬盘不够用,默认是直接同步31个红帽认证的 Operator ,镜像数量预计70个左右(还没同步结束),所以放弃了。而且同步过程中还遇到bug了。查了红帽内部case的文档,通过一个workaround的办法只准备EFK相关的 Operator 资源和镜像。我会先介绍按照官方文档如何同步,再介绍workaround的办法。
注
ocp4在安装部署的时候需要注意的地方太多了,一不小心就有坑,按照下面的操作不出意外还是有问题,我自己折腾了两天,😢。
1. 按照官方文档步骤
前置要求
- A Linux workstation with unrestricted network access [1]
-
ocversion 4.3.5+ -
podmanversion 1.4.4+ - 安装本地私有镜像仓库,可以参考离线安装。
- 准备好红帽镜像仓库的密钥文件,就是从 cloud.redhat.com 下载,然后再补充上本地上私有镜像仓库的密码,可以参考离线安装。
Operatorhub离线说明:
默认在线的 Operatorhub 会有三个CatalogSource进行管理,就是对应三种operator,红帽的、经过红帽认证、社区的。
# oc get CatalogSource -A
NAMESPACE NAME DISPLAY TYPE PUBLISHER AGE
openshift-marketplace certified-operators Certified Operators grpc Red Hat 48d
openshift-marketplace community-operators Community Operators grpc Red Hat 48d
openshift-marketplace redhat-operators Red Hat Operators grpc Red Hat 48d
如果在离线环境下所以不能再由这个三个CatalogSource进行管理了,所以得自己管理,这个需要我们自己创建CatalogSource,这个其实是由一个容器进行管理的,所以后面我们需要build一个镜像,这个镜像里面包含了我们自己设定的operatorhub内容。
开始制作 CatalogSource 需要的镜像
- 导出文件密码路径环境变量,将文件放到 /run/user/0/containers/auth.json 路径下。
REG_CREDS=${XDG_RUNTIME_DIR}/containers/auth.json
echo $REG_CREDS
/run/user/0/containers/auth.json
- 制作operatorhub服务目录镜像
接下来会下载31个关于operator的内容,然后把这些内容制作成一个镜像,再把这个镜像推送到私有镜像仓库。
oc adm catalog build \
--appregistry-org redhat-operators \
--from=registry.redhat.io/openshift4/ose-operator-registry:v4.3 \
--to=registry.vps.apo.ocp4.com:5000/olm/redhat-operators:v1 -a ${REG_CREDS}
- 输出的日志
INFO[0016] directory dir=/tmp/cache-899585118/manifests-466965919 file=1.0.8 load=package
INFO[0016] directory dir=/tmp/cache-899585118/manifests-466965919 file=1.0.9 load=package
INFO[0016] directory dir=/tmp/cache-899585118/manifests-466965919 file=1.1.0 load=package
INFO[0017] directory dir=/tmp/cache-899585118/manifests-466965919 file=sriov-network-operator load=package
INFO[0017] directory dir=/tmp/cache-899585118/manifests-466965919 file=sriov-network-operator-gj5itpqs load=package
INFO[0017] directory dir=/tmp/cache-899585118/manifests-466965919 file=4.2 load=package
INFO[0017] directory dir=/tmp/cache-899585118/manifests-466965919 file=4.2-s390x load=package
INFO[0017] directory dir=/tmp/cache-899585118/manifests-466965919 file=4.3 load=package
Uploading ... 10.17MB/s
Uploading 8.234MB ...
Uploading 1.62kB ...
Uploading 3.493MB ...
Uploading 76.26MB ...
Uploading 88.38MB ...
Pushed sha256:d7b0f06fb8713f9a605121c1ae24a10228cce7f9cdd0f274b52b07a6da373d2c to registry.vps.apo.ocp4.com:5000/olm/redhat-operators:v1
- 去看看/tmp/目录下的cache文件,可以看到有31个operator,里面还包含了各种operator对应的版本。
[root@registry cache-127978634]# tree -L 4
.
|-- manifests-235749985
`-- manifests-786574651
|-- 3scale-operator
| `-- 3scale-operator-dnameitq
| |-- 0.3.0
| |-- 0.4.0
| |-- 0.4.1
| |-- 0.4.2
| |-- 0.5.0
| |-- 0.5.1
| `-- 3scale-operator.package.yaml
|-- amq7-cert-manager
| |-- amq7-cert-manager.package.yaml
| |-- amq7-cert-manager.v1.0.0.clusterserviceversion.yaml
| |-- Certificate-v1alpha1.crd.yaml
| |-- Challenge-v1alpha1.crd.yaml
| |-- ClusterIssuer-v1alpha1.crd.yaml
| |-- Issuer-v1alpha1.crd.yaml
| `-- Order-v1alpha1.crd.yaml
|-- amq7-interconnect-operator
| |-- amq7-interconnect-operator.package.yaml
| |-- amq7-interconnect-operator.v1.2.0.clusterserviceversion.yaml
| `-- Interconnect-v1alpha1.crd.yaml
|-- amq-broker
| `-- amq-broker-aegyvgwz
| |-- 0.13.0
| |-- 0.9.1
| `-- amq-broker.package.yaml
|-- amq-online
| `-- amq-online-wvb3i9ln
| |-- 1.2.0
| |-- 1.2.1
| |-- 1.2.2
| |-- 1.3.0
| |-- 1.3.1
| |-- 1.3.2
| |-- 1.3.3
| |-- 1.4.0
| |-- 1.4.1
| `-- amq-online.package.yaml
|-- amq-streams
| `-- amq-streams-dksf1h32
| |-- 1.0.0
| |-- 1.1.0
| |-- 1.2.0
| |-- 1.3.0
| |-- 1.4.0
| `-- amq-streams.package.yaml
|-- apicast-operator
| `-- apicast-operator-mszzvzjc
| |-- 0.2.0
| |-- 0.2.1
| `-- apicast-operator.package.yaml
|-- businessautomation-operator
| `-- businessautomation-operator-m18j8d75
| |-- 1.1.0
| |-- 1.1.1
| |-- 1.2.0
| |-- 1.2.1
| |-- 1.3.0
| |-- 1.4
| `-- businessautomation.package.yaml
|-- cam-operator
| `-- cam-operator-op9exbpg
| |-- mig-operator.package.yaml
| |-- v1.0.0
| |-- v1.0.1
| |-- v1.1.0
| |-- v1.1.1
| `-- v1.1.2
|-- cluster-logging
| `-- cluster-logging-dgzblc27
| |-- 4.1
| |-- 4.2
| |-- 4.2-s390x
| |-- 4.3
| `-- cluster-logging.package.yaml
|-- codeready-workspaces
| `-- codeready-workspaces-ma1de6c1
| |-- codeready-workspaces.package.yaml
| |-- v1.2.0
| |-- v1.2.2
| |-- v2.0.0
| |-- v2.1.0
| `-- v2.1.1
|-- datagrid
| `-- datagrid-7m_28xfs
| |-- 8.0.0
| `-- infinispan.package.yaml
|-- dv-operator
| `-- dv-operator-qui0dd6q
| |-- 7.5.0
| |-- 7.6.0
| `-- dv-operator.package.yaml
|-- eap
| `-- eap-afgwbb0_
| |-- 1.0.0
| `-- eap.package.yaml
|-- elasticsearch-operator
| `-- elasticsearch-operator-xdx7yx4y
| |-- 4.1
| |-- 4.2
| |-- 4.2-s390x
| |-- 4.3
| `-- elasticsearch-operator.package.yaml
|-- fuse-apicurito
| `-- fuse-apicurito-frk35_1_
| |-- 7.4.0
| |-- 7.5.0
| |-- 7.6.0
| `-- apicurito.package.yaml
|-- fuse-online
| `-- fuse-online-2vbfnihp
| |-- 7.5.0
| |-- 7.6.0
| `-- fuse-online.package.yaml
|-- jaeger-product
| `-- jaeger-product-q73ixufo
| |-- 1.13
| |-- 1.17.1
| `-- jaeger.package.yaml
|-- kiali-ossm
| `-- kiali-ossm-wcjv6rx3
| |-- 1.0.10
| |-- 1.0.11
| |-- 1.0.12
| |-- 1.0.5
| |-- 1.0.6
| |-- 1.0.7
| |-- 1.0.8
| |-- 1.0.9
| |-- 1.12.6
| |-- 1.12.7
| `-- kiali-ossm.package.yaml
|-- kubevirt-hyperconverged
| `-- kubevirt-hyperconverged-wjkj2iw1
| |-- 2.1.0
| |-- 2.2.0
| `-- kubevirt-hyperconverged.package.yaml
|-- local-storage-operator
| `-- local-storage-operator-hrf0pvsf
| |-- 4.2
| |-- 4.2-s390x
| |-- 4.3
| `-- local-storage-operator.package.yaml
|-- metering-ocp
| `-- metering-ocp-s636th2c
| |-- 4.2
| |-- 4.3
| `-- metering.package.yaml
|-- nfd
| `-- nfd-lu5636dp
| |-- 4.2
| |-- 4.2-s390x
| |-- 4.3
| `-- nfd.package.yaml
|-- ocs-operator
| `-- ocs-operator-q4h002av
| |-- 4.2.0
| |-- 4.2.1
| |-- 4.2.2
| |-- 4.2.3
| |-- 4.3.0
| `-- ocs-operator.package.yaml
|-- openshiftansibleservicebroker
| `-- openshiftansibleservicebroker-0h2_x1_h
| |-- 4.1
| |-- 4.2
| |-- 4.2-s390x
| |-- 4.3
| `-- package.yaml
|-- openshifttemplateservicebroker
| `-- openshifttemplateservicebroker-r34l_3k4
| |-- 4.1
| |-- 4.2
| |-- 4.2-s390x
| |-- 4.3
| `-- openshifttemplateservicebroker.package.yaml
|-- ptp-operator
| `-- ptp-operator-rsn98jix
| |-- 4.3
| `-- ptp-operator.package.yaml
|-- redhat-operators-manifests
|-- serverless-operator
| `-- serverless-operator-cjzetbdv
| |-- 1.0.0
| |-- 1.1.0
| |-- 1.2.0
| |-- 1.3.0
| |-- 1.4.0
| |-- 1.4.1
| |-- 1.5.0
| |-- 1.6.0
| `-- serverless-operator.package.yaml
|-- servicemeshoperator
| `-- servicemeshoperator-x7t7oi4y
| |-- 1.0.0
| |-- 1.0.1
| |-- 1.0.10
| |-- 1.0.2
| |-- 1.0.3
| |-- 1.0.4
| |-- 1.0.5
| |-- 1.0.6
| |-- 1.0.7
| |-- 1.0.8
| |-- 1.0.9
| |-- 1.1.0
| `-- servicemesh.package.yaml
`-- sriov-network-operator
`-- sriov-network-operator-gj5itpqs
|-- 4.2
|-- 4.2-s390x
|-- 4.3
`-- sriov-network-operator.package.yaml
177 directories, 38 files
- 查看下elasticsearch-operator 内容
# ll
total 4
drwxr-xr-x. 2 root root 102 Apr 29 09:53 4.1
drwxr-xr-x. 2 root root 102 Apr 29 09:53 4.2
drwxr-xr-x. 2 root root 102 Apr 29 09:53 4.2-s390x
drwxr-xr-x. 2 root root 102 Apr 29 09:53 4.3
-rw-r--r--. 1 root root 364 Apr 29 09:53 elasticsearch-operator.package.yaml
- 看下 elasticsearch-operator.package.yaml
# cat elasticsearch-operator.package.yaml
channels:
- currentCSV: elasticsearch-operator.4.1.41-202004130646
name: preview
- currentCSV: elasticsearch-operator.4.2.29-202004140532
name: '4.2'
- currentCSV: elasticsearch-operator.4.2.29-202004140532-s390x
name: 4.2-s390x
- currentCSV: elasticsearch-operator.4.3.13-202004131016
name: '4.3'
defaultChannel: '4.3'
packageName: elasticsearch-operator
- 查看4.3文件夹
# ll
total 20
-rw-r--r--. 1 root root 10866 Apr 29 09:53 elasticsearch-operator.v4.3.0.clusterserviceversion.yaml
-rw-r--r--. 1 root root 4688 Apr 29 09:53 elasticsearches.crd.yaml
- 其中elasticsearch-operator.v4.3.0.clusterserviceversion.yaml 里面定义了创建该operator需哪些镜像,可以看到镜像最后都是sha256的值,这个必须在本地镜像仓库对应,但是如果自己手动拉取并且push到内本地镜像仓库镜像sha256变了,具体原因可以参考下大魏写的一篇文章 https://mp.weixin.qq.com/s/lu7r8Op-4yaCiDjjoTiYSg
# cat elasticsearch-operator.v4.3.0.clusterserviceversion.yaml | grep registry.redhat.io
containerImage: registry.redhat.io/openshift4/ose-elasticsearch-operator@sha256:948667b2ca706d29b4a65ce0ea9ae54306b4da8bdf00f3fcf2577b1f92a502e6
"image": "registry.redhat.io/openshift4/ose-logging-elasticsearch5@sha256:d2047214be2e9c809440803ccf5972d99e72db3172f110e4be3d4b87550b9902",
image: registry.redhat.io/openshift4/ose-elasticsearch-operator@sha256:948667b2ca706d29b4a65ce0ea9ae54306b4da8bdf00f3fcf2577b1f92a502e6
image: registry.redhat.io/openshift4/ose-logging-elasticsearch5@sha256:d2047214be2e9c809440803ccf5972d99e72db3172f110e4be3d4b87550b9902
image: registry.redhat.io/openshift4/ose-oauth-proxy@sha256:32f2376fb9acf2e5730b6c8700c7f1cba03910c69b33e1775529068e4e7fa010
image: registry.redhat.io/openshift4/ose-elasticsearch-operator@sha256:948667b2ca706d29b4a65ce0ea9ae54306b4da8bdf00f3fcf2577b1f92a502e6
value: "registry.redhat.io/openshift4/ose-oauth-proxy@sha256:32f2376fb9acf2e5730b6c8700c7f1cba03910c69b33e1775529068e4e7fa010"
value: "registry.redhat.io/openshift4/ose-logging-elasticsearch5@sha256:d2047214be2e9c809440803ccf5972d99e72db3172f110e4be3d4b87550b9902"
同步operatorhub的镜像到本地仓库
- 关闭使用默认operatorhub源
oc patch OperatorHub cluster --type json \
-p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]'
- 开始同步外网镜像至本地镜像仓库:
oc adm catalog mirror \
registry.vps.apo.ocp4.com:5000/olm/redhat-operators:v1 \
registry.vps.apo.ocp4.com:5000 \
-a ${REG_CREDS}
- 输出日志,以openshift-service-mesh/kiali-rhel7为例
I0429 14:19:51.280697 20778 mirror.go:231] wrote database to /tmp/880511389/bundles.db
registry.vps.apo.ocp4.com:5000/
openshift-service-mesh/kiali-rhel7
blobs:
registry.redhat.io/openshift-service-mesh/kiali-rhel7 sha256:4c98734f24339b059854b6f7ad77928ffb6b84756ecd4eeec4a15870b082d906 1.253KiB
registry.redhat.io/openshift-service-mesh/kiali-rhel7 sha256:57e5ee7e0cc620072ffe6a07c97967870054ebce42dc201d85e11df173eedd52 3.672KiB
registry.redhat.io/openshift-service-mesh/kiali-rhel7 sha256:c7d65577e087044ac3ba4702b460d6d545b40e841484dc794467a600f5625d03 27.64MiB
registry.redhat.io/openshift-service-mesh/kiali-rhel7 sha256:17942523bc4bb2db6eb9f7519db38bbb70e47356d3f0ae0f15b967c0628234c6 72.7MiB
manifests:
sha256:43db511cb65a69518ab69ec5ef69bfb09e6b47e55239d0e18758a30aab0a705c
sha256:50cfd66afdfef4920ae623f7ef091ecf78d5a2731b044829073e5e0929822392
sha256:50cfd66afdfef4920ae623f7ef091ecf78d5a2731b044829073e5e0929822392 -> 1.0.7
stats: shared=0 unique=4 size=100.3MiB ratio=1.00
phase 0:
registry.vps.apo.ocp4.com:5000 openshift-service-mesh/kiali-rhel7 blobs=4 mounts=0 manifests=3 shared=0
info: Planning completed in 2.13s
uploading: registry.vps.apo.ocp4.com:5000/openshift-service-mesh/kiali-rhel7 sha256:17942523bc4bb2db6eb9f7519db38bbb70e47356d3f0ae0f15b967c0628234c6 72.7MiB
uploading: registry.vps.apo.ocp4.com:5000/openshift-service-mesh/kiali-rhel7 sha256:c7d65577e087044ac3ba4702b460d6d545b40e841484dc794467a600f5625d03 27.64MiB
sha256:43db511cb65a69518ab69ec5ef69bfb09e6b47e55239d0e18758a30aab0a705c registry.vps.apo.ocp4.com:5000/openshift-service-mesh/kiali-rhel7
sha256:50cfd66afdfef4920ae623f7ef091ecf78d5a2731b044829073e5e0929822392 registry.vps.apo.ocp4.com:5000/openshift-service-mesh/kiali-rhel7:1.0.7
info: Mirroring completed in 2.35s (44.64MB/s)
- 结束后会生成redhat-operators-manifests目录,因为我没有同步成功,所以有些内容是空的,没看到。不过有以下两个文件:imageContentSourcePolicy.yaml,mapping.txt。
oc apply -f ./redhat-operators-manifests
- 使用我们build的镜像创建CatalogSource
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
name: my-operator-catalog
namespace: openshift-marketplace
spec:
sourceType: grpc
image: <registry_host_name>:<port>/olm/redhat-operators:v1
displayName: My Operator Catalog
publisher: grpc
oc create -f catalogsource.yaml
- 检查
# oc get pods -n openshift-marketplace
NAME READY STATUS RESTARTS AGE
my-operator-catalog-6njx6 1/1 Running 0 28s
marketplace-operator-d9f549946-96sgr 1/1 Running 0 26h
# oc get catalogsource -n openshift-marketplace
NAME DISPLAY TYPE PUBLISHER AGE
my-operator-catalog My Operator Catalog grpc 5s
# oc get packagemanifest -n openshift-marketplace
NAME CATALOG AGE
etcd My Operator Catalog 34s
2. 按照红帽内部case的办法解决,能够制定具体的离线operator
- 不使用默认的operatorhub资源
oc patch OperatorHub cluster --type json -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]'
- 拉取对应的operator资源
$ ./get-operator.sh redhat-operators elasticsearch-operator
- 解压
$ mkdir manifests
$ for f in *.tar.gz; do tar -C manifests/ -xvf $f ; done && rm -rf *tar.gz
可选:进入elasticsearch-operator.v4.3.0.clusterserviceversion.yaml文件,把镜像的sha256改成4.3的tag,这个参数主要对应sample-registries.conf文件中的mirror-by-digest-only是否做sha的检查。否则容易报错,拉取不到镜像,当然,前提是我们需要把这些镜像从外网手动拉取再推送到本地仓库。
- 创建Operator catalog镜像并推送至本地镜像仓库
需要准备好 Dockerfile:https://github.com/ppetko/disconnected-install-service-mesh/blob/master/Dockerfile,修改对应的ocp版本
$ export REGISTRY=registry.ocp4.poc.com:5000
$ podman build --no-cache -f Dockerfile -t ${REGISTRY}/openshift-marketplace/mirrored-operator-catalog
$ podman push ${REGISTRY}/openshift-marketplace/mirrored-operator-catalog
- 或者通过脚本来build和push镜像
$ ./build-operator-catalog.sh registry.ocp4.poc.com:5000
- 准备一个sample-registries.conf用于覆盖默认的/etc/containers/registries.conf。
unqualified-search-registries = ["docker.io"]
[[registry]]
location = "quay.io/openshift-release-dev/ocp-release"
insecure = false
blocked = false
mirror-by-digest-only = true
prefix = ""
[[registry.mirror]]
location = "registry.ocp4.poc.com:5000/ocp4/openshift4"
insecure = false
[[registry]]
location = "quay.io/openshift-release-dev/ocp-v4.0-art-dev"
insecure = false
blocked = false
mirror-by-digest-only = true
prefix = ""
[[registry.mirror]]
location = "registry.ocp4.poc.com:5000/ocp4/openshift4"
insecure = false
[[registry]]
location = "registry.redhat.io/openshift4"
insecure = false
blocked = false
mirror-by-digest-only = false
prefix = ""
[[registry.mirror]]
location = "registry.ocp4.poc.com:5000/openshift4"
insecure = false
- 进行base64编码
cat sample-registries.conf | base64
- 创建MachineConfig,用于覆盖默认的/etc/containers/registries.conf
在这里需要把名称从50改为99,要不然因为离线安装ocp的时候就会有个默认的99,这时候如果是55就不会生效了。
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
annotations:
labels:
machineconfiguration.openshift.io/role: master
name: 99-master-container-registry-conf
spec:
config:
ignition:
version: 2.2.0
storage:
files:
- contents:
source: data:text/plain;charset=utf-8;base64,dW5xdWFsaWZpZWQtc2VhcmNoLXJlZ2lzdHJpZXMgPSBbImRvY2tlci5pbyJdCgpbW3JlZ2lzdHJ5XV0KICBsb2NhdGlvbiA9ICJxdWF5LmlvL29wZW5zaGlmdC1yZWxlYXNlLWRldi9vY3AtcmVsZWFzZSIKICBpbnNlY3VyZSA9IGZhbHNlCiAgYmxvY2tlZCA9IGZhbHNlCiAgbWlycm9yLWJ5LWRpZ2VzdC1vbmx5ID0gdHJ1ZQogIHByZWZpeCA9ICIiCgogIFtbcmVnaXN0cnkubWlycm9yXV0KICAgIGxvY2F0aW9uID0gInJlZ2lzdHJ5Lm9jcDQucG9jLmNvbTo1MDAwL29jcDQvb3BlbnNoaWZ0NCIKICAgIGluc2VjdXJlID0gZmFsc2UKCltbcmVnaXN0cnldXQogIGxvY2F0aW9uID0gInF1YXkuaW8vb3BlbnNoaWZ0LXJlbGVhc2UtZGV2L29jcC12NC4wLWFydC1kZXYiCiAgaW5zZWN1cmUgPSBmYWxzZQogIGJsb2NrZWQgPSBmYWxzZQogIG1pcnJvci1ieS1kaWdlc3Qtb25seSA9IHRydWUKICBwcmVmaXggPSAiIgoKICBbW3JlZ2lzdHJ5Lm1pcnJvcl1dCiAgICBsb2NhdGlvbiA9ICJyZWdpc3RyeS5vY3A0LnBvYy5jb206NTAwMC9vY3A0L29wZW5zaGlmdDQiCiAgICBpbnNlY3VyZSA9IGZhbHNlCgpbW3JlZ2lzdHJ5XV0KICBsb2NhdGlvbiA9ICJyZWdpc3RyeS5yZWRoYXQuaW8vb3BlbnNoaWZ0NCIKICBpbnNlY3VyZSA9IGZhbHNlCiAgYmxvY2tlZCA9IGZhbHNlCiAgbWlycm9yLWJ5LWRpZ2VzdC1vbmx5ID0gZmFsc2UKICBwcmVmaXggPSAiIgoKICBbW3JlZ2lzdHJ5Lm1pcnJvcl1dCiAgICBsb2NhdGlvbiA9ICJyZWdpc3RyeS5vY3A0LnBvYy5jb206NTAwMC9vcGVuc2hpZnQ0IgogICAgaW5zZWN1cmUgPSBmYWxzZQo=
verification: {}
filesystem: root
mode: 420
path: /etc/containers/registries.conf
oc apply -f 99-worker-container-registry-conf.yaml
- 创建CatalogSource
$ cat internal-mirrored-operatorhub-catalog.yaml
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
name: internal-mirrored-operatorhub-catalog
namespace: openshift-marketplace
spec:
displayName: My Mirrored Operator Catalog
sourceType: grpc
image: ${REGISTRY}/openshift-marketplace/mirrored-operator-catalog
$ oc create -f internal-mirrored-operatorhub-catalog.yaml
- 检查
$ oc get pods -n openshift-marketplace
$ oc get catalogsource -n openshift-marketplace
$ oc describe catalogsource internal-mirrored-operatorhub-catalog -n openshift-marketplace
- 脚本
- get-operator.sh
#!/bin/bash
DATE=$(date +%Y-%m-%d-%H:%M:%S)
function log(){
echo "$DATE INFO $@"
return 0
}
function panic(){
echo "$DATE ERROR $@"
exit 1
}
if [ "x$(which jq)" == "x" ]; then
panic "Missing jq"
fi
if [ $# -lt 2 ]; then
panic "Usage: $0 NAMESPACE PACKAGE"
fi
PKG_NAMESPACE=$1
PKG_NAME=$2
RELEASE=$(curl -s "https://quay.io/cnr/api/v1/packages?namespace=${PKG_NAMESPACE}" | jq '.[] | select(.name == "'$PKG_NAMESPACE'" + "/" + "'$PKG_NAME'") | .default' | tr -d '"')
DIGEST=$(curl -s "https://quay.io/cnr/api/v1/packages/$PKG_NAMESPACE/$PKG_NAME/$RELEASE" | jq '.[].content.digest'| tr -d '"')
if [ -z "${RELEASE}" ] || [ -z "${DIGEST}" ]; then
panic "populate release and/or digest"
fi
log "Downloading ${PKG_NAMESPACE}/${PKG_NAME} ${RELEASE} release using ${DIGEST}"
FILENAME="${PKG_NAMESPACE}-${PKG_NAME}-${RELEASE}.tar.gz"
curl -s -H "Authorization: ${QUAY_AUTH_TOKEN}" \
"https://quay.io/cnr/api/v1/packages/$PKG_NAMESPACE/$PKG_NAME/blobs/sha256/$DIGEST" -o "${FILENAME}"
log "Downloading file $FILENAME"
- build-operator-catalog.sh
#!/bin/bash
DATE=$(date +%Y-%m-%d-%H:%M:%S)
function log(){
echo "$DATE INFO $@"
return 0
}
function panic(){
echo "$DATE ERROR $@"
exit 1
}
if [ $# -lt 1 ]; then
panic "Usage: $0 Registry URL"
fi
REGISTRY=$1
if [ ! -d "./manifests" ]; then
panic "./manifests doesn't exist"
fi
podman build --no-cache -f Dockerfile \
-t ${REGISTRY}/openshift-marketplace/mirrored-operator-catalog
podman push ${REGISTRY}/openshift-marketplace/mirrored-operator-catalog
参考链接
https://docs.openshift.com/container-platform/4.3/operators/olm-restricted-networks.html
https://access.redhat.com/solutions/4838051
https://www.cnblogs.com/ericnie/p/11777384.html?from=timeline&isappinstalled=0
