OpenShift_054：离线安装 OCP 3.4 之安装与配置 Registry Console

环境：OCP 3.4

1. 下载 registry-console 镜像 (在 MAC 机器上操作)
docker pull registry.access.redhat.com/openshift3/registry-console
docker save -o registry-console.tar.gz registry.access.redhat.com/openshift3/registry-console
scp registry-console.tar.gz root@192.168.56.112:/opt/ose/images/

2. 加载 registry-console 镜像 (在 Registry 机器上操作)
cd /opt/ose/images
docker load -i registry-console.tar.gz
docker tag registry.access.redhat.com/openshift3/registry-console:latest registry.example.com:5000/openshift3/registry-console:latest
docker push registry.example.com:5000/openshift3/registry-console

3. 安装与配置 registry-console （在 Master 机器上操作）
创建一个 admin 用户，并且赋予权限
htpasswd -b /etc/origin/master/htpasswd admin admin
oadm policy add-cluster-role-to-user admin admin

查看 docker-registry service
oc project default
oc get svc
输出如下：
NAME              CLUSTER-IP       EXTERNAL-IP   PORT(S)                   AGE
docker-registry   172.30.98.122    <none>        5000/TCP                  22d
kubernetes        172.30.0.1       <none>        443/TCP,53/UDP,53/TCP     22d
ose-router        172.30.184.252   <none>        80/TCP,443/TCP,1936/TCP   22d

暴露已有的 docker-registry service，为 docker-registry service 创建一个 passthrough route
oc create route passthrough --service=docker-registry --hostname=docker-registry.apps.example.com -n default

查看 docker-registry route 定义
oc get route/docker-registry -o yaml
输出如下：
apiVersion: v1
kind: Route
metadata:
  creationTimestamp: 2017-02-12T08:49:55Z
  labels:
    docker-registry: default
  name: docker-registry
  namespace: default
  resourceVersion: "6918"
  selfLink: /oapi/v1/namespaces/default/routes/docker-registry
  uid: 3a2bc2f4-f100-11e6-82df-080027fc450b
spec:
  host: docker-registry.apps.example.com
  port:
    targetPort: 5000-tcp
  tls:
    termination: passthrough
  to:
    kind: Service
    name: docker-registry
    weight: 100
  wildcardPolicy: None
status:
  ingress:
  - conditions:
    - lastTransitionTime: 2017-02-12T08:49:55Z
      status: "True"
      type: Admitted
    host: docker-registry.apps.example.com
    routerName: ose-router
    wildcardPolicy: None

创建 registry-console route
oc create route passthrough --service registry-console --port registry-console -n default

部署 registry console 应用
oc new-app -n default --template=registry-console \
    -p IMAGE_PREFIX="registry.example.com:5000/openshift3/" \
    -p IMAGE_VERSION="latest" \
    -p OPENSHIFT_OAUTH_PROVIDER_URL="https://master.example.com:8443" \
    -p REGISTRY_HOST=$(oc get route docker-registry -n default --template='{{ .spec.host }}') \
    -p COCKPIT_KUBE_URL=$(oc get route registry-console -n default --template='https://{{ .spec.host }}')

4. 确认 registry console 创建并运行成功
oc get pod
输出如下：
NAME                       READY     STATUS    RESTARTS   AGE
docker-registry-1-krvma    1/1       Running   3          23d
ose-router-1-cc24j         1/1       Running   3          23d
registry-console-1-43ky0   1/1       Running   0          44s

oc get route
输出如下：
NAME               HOST/PORT                                   PATH      SERVICES           PORT               TERMINATION
docker-registry    docker-registry.apps.example.com                      docker-registry    5000-tcp           passthrough
registry-console   registry-console-default.apps.example.com             registry-console   registry-console   passthrough

https://registry-console-default.apps.example.com/registry

5. 如果有错，执行以下命令清除，然后重新执行上述步骤
oc delete dc registry-console
oc delete svc registry-console
oc delete is registry-console
oc delete oauthclients cockpit-oauth-client

参考文献：
1. 《OpenShift_Container_Platform-3.4-Installation_and_Configuration-en-US.pdf》 3.2.6.1 P87