OCP 4.10.23 설치(openshift) - 6. pv

•PV와 PVC의 yaml 작성 후 rw테스트

•configs.imageregistry.operator.openshift.io 에서 defaultRoute: true, managementState: Managed 수정

•각각의 cluster operator, route, svc, pod에서 Image-registry 생성 확인

•Integrated registry에 login

 

 

Test를 위해 nfs 서버 올리기

mkdir -p /data/pv-dir
/data/pv-dir 172.16.2.0/24(rw,sync,no_wdelay,no_root_squash,insecure)

systemctl enable nfs-server --now

exportfs -r
exportfs -v

[root@bastion ~]# cat /etc/exports
/data/pv-dir 172.16.2.0/24(rw,sync,no_wdelay,no_root_squash,insecure)

[root@bastion ~]# systemctl enable nfs-server --now
Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /usr/lib/systemd/system/nfs-server.service.
[root@bastion ~]# exportfs -r
[root@bastion ~]# exportfs -v
/data/pv-dir    172.16.2.0/24(sync,no_wdelay,hide,no_subtree_check,sec=sys,rw,insecure,no_root_squash,no_all_squash)

 

 

 

pv 및 pvc 생성

[root@bastion ~]# cat pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
  name: registry-pv
spec:
  capacity:
    storage: 10Gi
  accessModes:
  - ReadWriteMany
  nfs:
    path: /mnt/image-registry
    server: 172.16.2.141
  persistentVolumeReclaimPolicy: Retain
  claimRef:
    name: registry-claim
    namespace: openshift-image-registry

 

[root@bastion yaml]# cat pvc.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: registry-claim
  namespace: openshift-image-registry
spec:
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 10Gi


[root@bastion yaml]# oc create -f pvc.yaml
persistentvolumeclaim/registry-claim created
[root@bastion yaml]# oc create -f pv.yaml
persistentvolume/registry-pv created
[root@bastion yaml]# oc get pv
NAME          CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM                                     STORAGECLASS   REASON   AGE
registry-pv   10Gi       RWX            Retain           Available   openshift-image-registry/registry-claim                           10s
[root@bastion yaml]# oc get pvc
No resources found in default namespace.
[root@bastion yaml]# oc get pvc -A
NAMESPACE                  NAME             STATUS   VOLUME        CAPACITY   ACCESS MODES   STORAGECLASS   AGE
openshift-image-registry   registry-claim   Bound    registry-pv   10Gi       RWX                           27s

 

 

해당 옵션 필요

  defaultRoute: true
  managementState: Managed

oc edit configs.imageregistry.operator.openshift.io

apiVersion: imageregistry.operator.openshift.io/v1
kind: Config
metadata:
  creationTimestamp: "2022-07-27T11:49:53Z"
  finalizers:
  - imageregistry.operator.openshift.io/finalizer
  generation: 4
  name: cluster
  resourceVersion: "800876"
  uid: 7a4f4e52-f34a-4568-833e-f600b4dc566b
spec:
  defaultRoute: true
  httpSecret: ecaa91bcba0e61987ebe11294994dec909aa13b1c645dd954bab633147221576b23be708848aeda9efe89bfe698c86446e05fdfb894559c2fa9ade85d5574eaa
  logLevel: Normal
  managementState: Managed
  observedConfig: null
  operatorLogLevel: Normal
  proxy: {}
  replicas: 1
  requests:
    read:
      maxWaitInQueue: 0s
    write:
      maxWaitInQueue: 0s
  rolloutStrategy: RollingUpdate
  storage:
    managementState: Unmanaged
    pvc:
      claim: registry-claim
  unsupportedConfigOverrides: null
status:
  conditions:
  - lastTransitionTime: "2022-07-27T11:49:53Z"
    reason: AsExpected
    status: "False"
    type: ImageConfigControllerDegraded
  - lastTransitionTime: "2022-07-29T00:01:25Z"
    message: The registry is ready
    reason: Ready
    status: "False"
    type: Progressing
  - lastTransitionTime: "2022-07-29T00:01:24Z"
    message: The registry is ready
    reason: Ready
    status: "True"
    type: Available
  - lastTransitionTime: "2022-07-29T00:01:24Z"
    status: "False"
    type: Degraded
  - lastTransitionTime: "2022-07-28T23:53:12Z"
    status: "False"
    type: Removed

 

 

확인

 

 

 

 

Image가 pv에 저장되는지 확인

[registry]

 

 

cluster 와 podman login

[root@registry ~]# oc login -u admin -p 'new1234!' https://api.maru.ocp4.com:6443
The server uses a certificate signed by an unknown authority.
You can bypass the certificate check, but any data you send to the server could be intercepted by others.
Use insecure connections? (y/n): y

Login successful.

You have access to 65 projects, the list has been suppressed. You can list all projects with 'oc projects'

Using project "default".
Welcome! See 'oc help' to get started.
[root@registry ~]# podman login -u admin -p $(oc whoami -t) default-route-openshift-image-registry.apps.maru.ocp4.com --tls-verify=false
Login Succeeded!
[root@registry ~]# podman images
REPOSITORY                  TAG         IMAGE ID      CREATED      SIZE
docker.io/library/registry  2           d1fe2eaf6101  10 days ago  24.6 MB

 

Test용 image pull

[root@registry ~]# podman pull docker.io/busybox
Trying to pull docker.io/library/busybox:latest...
Getting image source signatures
Copying blob 19d511225f94 done
Copying config 62aedd01bd done
Writing manifest to image destination
Storing signatures
62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8

 

Image 확인

[root@registry ~]# podman images
REPOSITORY                  TAG         IMAGE ID      CREATED      SIZE
docker.io/library/registry  2           d1fe2eaf6101  10 days ago  24.6 MB
docker.io/library/busybox   latest      62aedd01bd85  7 weeks ago  1.47 MB
[root@registry ~]# podman tag docker.io/library/busybox:latest default-route-openshift-image-registry.apps.maru.ocp4.com/openshift/busybox:latest
[root@registry ~]# podman images
REPOSITORY                                                                   TAG         IMAGE ID      CREATED      SIZE
docker.io/library/registry                                                   2           d1fe2eaf6101  10 days ago  24.6 MB
docker.io/library/busybox                                                    latest      62aedd01bd85  7 weeks ago  1.47 MB
default-route-openshift-image-registry.apps.maru.ocp4.com/openshift/busybox  latest      62aedd01bd85  7 weeks ago  1.47 MB

 

push

[root@registry ~]# podman push default-route-openshift-image-registry.apps.maru.ocp4.com/openshift/busybox:latest --tls-verify=false
Getting image source signatures
Copying blob 7ad00cd55506 done
Copying config 62aedd01bd done
Writing manifest to image destination

 

 

[bastion]

 

pv 해당 위치로 가면 docker 디렉토리가 생성 된 것을 볼 수 있음

[root@bastion pv-dir]# ls -al
total 0
drwxrwxrwx 3 root       root 20 Jul 29 00:36 .
drwxr-xr-x 3 root       root 20 Jul 28 23:39 ..
drwxr-xr-x 3 1000320000 root 22 Jul 29 00:36 docker
[root@bastion pv-dir]# pwd
/data/pv-dir

 

Image 확인 및 pull

[root@bastion ~]# podman login -u admin -p $(oc whoami -t) default-route-openshift-image-registry.apps.maru.ocp4.com --tls-verify=false
Login Succeeded!
[root@bastion ~]# podman images
REPOSITORY                  TAG         IMAGE ID      CREATED      SIZE
docker.io/library/registry  2           d1fe2eaf6101  10 days ago  24.6 MB
[root@bastion ~]# podman pull default-route-openshift-image-registry.apps.maru.ocp4.com/openshift/busybox:latest --tls-verify=false
Trying to pull default-route-openshift-image-registry.apps.maru.ocp4.com/openshift/busybox:latest...
Getting image source signatures
Copying blob bee14b121b47 done
Copying config 62aedd01bd done
Writing manifest to image destination
Storing signatures
62aedd01bd8520c43d06b09f7a0f67ba9720bdc04631a8242c65ea995f3ecac8
[root@bastion ~]# podman images
REPOSITORY                                                                   TAG         IMAGE ID      CREATED      SIZE
docker.io/library/registry                                                   2           d1fe2eaf6101  10 days ago  24.6 MB
default-route-openshift-image-registry.apps.maru.ocp4.com/openshift/busybox  latest      62aedd01bd85  7 weeks ago  1.47 MB