OpenShift 4 - 在离线环境中用 oc-mirror 获取 OpenShift 和 Opeartor 的相关镜像
《OpenShift 4.x HOL教程汇总》
文章目录
- 什么是 oc-mirror
- 获取 oc-mirror
- 获取镜像信息
- 下载离线 Image
- 准备 pull-secret
- 创建 ImageSet 配置定义下载离线的镜像
- 将离线镜像直接复制到内部 Registry
- 将离线镜像间接复制到内部 Registry
- 参考
说明:
- 本文需要本地有一个容器 Registry 环境,可以先完成《Quay(0) - 安装一个单实例 Quay 环境》或《容器入门(1) - 安装和使用Docker Registry》以便获得一个容器 Registry 环境。
- 本文使用的是以上第一个文档创建的本地 Quay 环境。
什么是 oc-mirror
oc-mirror 是一个工具,用来为互联网断开的 openshift 环境的提供镜像管理。oc-mirror 使用容器镜像聚合文件 imageset 定义下载哪些Image。通过 oc-mirror 命令可以下载或更新 OpenShift 发行版、Kubernetes Opeartor 和 Helm Chart 镜像。
获取 oc-mirror
$ curl -O https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/oc-mirror.tar.gz
$ tar -xvf oc-mirror.tar.gz
$ chmod +x ./oc-mirror
$ sudo mv ./oc-mirror /usr/local/bin/.
获取镜像信息
查看所有版本为 4.10 的 OpenShift 镜像发行渠道(Channel)。
$ oc-mirror list releases --channels --version=4.10
Listing channels for version 4.10.stable-4.10
candidate-4.11
candidate-4.10
eus-4.10
fast-4.10
查看发型渠道为 stable-4.10 的所有可用发行版本。
$ oc-mirror list releases --channel=stable-4.10
Listing stable channels. Use --channel=<channel-name> to filter.
Use oc-mirror list release --channels to discover other channels.Channel: stable-4.10
4.10.3
4.10.4
4.10.5
4.10.6
查看 OpenShift 版本为 4.10 的所有 Operator 目录。
$ oc-mirror list operators --catalogs --version=4.10
Available OpenShift OperatorHub catalogs:
OpenShift 4.10:
registry.redhat.io/redhat/redhat-operator-index:v4.10
registry.redhat.io/redhat/certified-operator-index:v4.10
registry.redhat.io/redhat/community-operator-index:v4.10
查看 registry.redhat.io/redhat/redhat-operator-index:v4.10 目录中的所有 Operator。
$ oc-mirror list operators --catalog=registry.redhat.io/redhat/redhat-operator-index:v4.10
WARN[0278] DEPRECATION NOTICE:
Sqlite-based catalogs and their related subcommands are deprecated. Support for
them will be removed in a future release. Please migrate your catalog workflows
to the new file-based catalog format.
NAME DISPLAY NAME DEFAULT CHANNEL
3scale-operator Red Hat Integration - 3scale threescale-2.11
advanced-cluster-management Advanced Cluster Management for Kubernetes release-2.4
amq-online Red Hat Integration - AMQ Online stable
amq-streams Red Hat Integration - AMQ Streams stable
amq7-interconnect-operator Red Hat Integration - AMQ Interconnect 1.10.x
ansible-automation-platform-operator Ansible Automation Platform stable-2.1
ansible-cloud-addons-operator Ansible Cloud Addons stable-cluster-scoped
apicast-operator Red Hat Integration - 3scale APIcast gateway threescale-2.11
aws-efs-csi-driver-operator AWS EFS CSI Driver Operator stable
businessautomation-operator Business Automation stable
cincinnati-operator OpenShift Update Service v1
cluster-kube-descheduler-operator Kube Descheduler Operator stable
cluster-logging Red Hat OpenShift Logging stable
clusterresourceoverride ClusterResourceOverride Operator stable
codeready-workspaces Red Hat CodeReady Workspaces latest
codeready-workspaces2 Red Hat CodeReady Workspaces - Technical Preview tech-preview-latest-all-namespaces
compliance-operator Compliance Operator release-0.1
container-security-operator Quay Container Security stable-3.6
costmanagement-metrics-operator Cost Management Metrics Operator stable
cryostat-operator Cryostat stable-2.0
datagrid Data Grid 8.3.x
devworkspace-operator DevWorkspace Operator fast
dpu-network-operator DPU Network Operator stable
eap JBoss EAP stable
elasticsearch-operator OpenShift Elasticsearch Operator stable
external-dns-operator ExternalDNS Operator alpha
file-integrity-operator File Integrity Operator release-0.1
fuse-apicurito Red Hat Integration - API Designer fuse-apicurito-7.10.x
fuse-console Red Hat Integration - Fuse Console 7.10.x
fuse-online Red Hat Integration - Fuse Online 7.10.x
gatekeeper-operator-product Gatekeeper Operator stable
idp-mgmt-operator-product identity configuration management for Kubernetes alpha
integration-operator Red Hat Integration 1.x
jaeger-product Red Hat OpenShift distributed tracing platform stable
jws-operator JBoss Web Server Operator alpha
kiali-ossm Kiali Operator stable
klusterlet-product Klusterlet release-2.4
kubernetes-nmstate-operator Kubernetes NMState Operator stable
kubevirt-hyperconverged OpenShift Virtualization stable
local-storage-operator Local Storage stable
mcg-operator NooBaa Operator stable-4.9
metallb-operator MetalLB Operator stable
mtc-operator Migration Toolkit for Containers Operator release-v1.7
mtv-operator Migration Toolkit for Virtualization Operator release-v2.3.0
nfd Node Feature Discovery Operator stable
node-healthcheck-operator Node Health Check Operator candidate
node-maintenance-operator Node Maintenance Operator stable
numaresources-operator numaresources-operator 4.10
ocs-operator OpenShift Container Storage stable-4.9
odf-multicluster-orchestrator ODF Multicluster Orchestrator stable-4.9
odf-operator OpenShift Data Foundation stable-4.9
odr-cluster-operator Openshift DR Cluster Operator stable-4.9
odr-hub-operator Openshift DR Hub Operator stable-4.9
openshift-cert-manager-operator cert-manager Operator for Red Hat OpenShift tech-preview
openshift-gitops-operator Red Hat OpenShift GitOps stable
openshift-pipelines-operator-rh Red Hat OpenShift Pipelines stable
openshift-special-resource-operator Special Resource Operator stable
opentelemetry-product Red Hat OpenShift distributed tracing data collection stable
performance-addon-operator Performance Addon Operator 4.10
poison-pill-manager Poison Pill Operator stable
ptp-operator PTP Operator stable
quay-bridge-operator Quay Bridge Operator stable-3.6
quay-operator Red Hat Quay stable-3.6
red-hat-camel-k Red Hat Integration - Camel K 1.6.x
redhat-oadp-operator OADP Operator stable-1.0
rh-service-binding-operator Service Binding Operator stable
rhacs-operator Advanced Cluster Security for Kubernetes latest
rhpam-kogito-operator RHPAM Kogito Operator 7.x
rhsso-operator Red Hat Single Sign-On Operator stable
sandboxed-containers-operator OpenShift sandboxed containers Operator stable-1.2
serverless-operator Red Hat OpenShift Serverless stable
service-registry-operator Red Hat Integration - Service Registry Operator 2.0.x
servicemeshoperator Red Hat OpenShift Service Mesh stable
skupper-operator Skupper alpha
sriov-network-operator SR-IOV Network Operator stable
submariner Submariner alpha-0.11
vertical-pod-autoscaler VerticalPodAutoscaler stable
web-terminal Web Terminal fast
windows-machine-config-operator Windows Machine Config Operator stable
查看 registry.redhat.io/redhat/redhat-operator-index:v4.10 目录中的名为 odf-operator 的 package。
$ oc-mirror list operators --catalog registry.redhat.io/redhat/redhat-operator-index:v4.10 --package=odf-operatorPACKAGE CHANNEL HEAD
odf-operator stable-4.9 odf-operator.v4.9.5
下载离线 Image
准备 pull-secret
由于所有 OpenShift 离线镜像都来自 RedHat 官方,因此需要先获得从 RedHat 官网下载镜像的 Token。另外还需要准备本地离线 Image Registry 的访问 Token。
- 访问网页 https://console.redhat.com/openshift/install/pull-secret,下载 pull-secret.txt 文件。
- 准备访问本地 Image Registry 的认证信息。
$ MIRROR_REGISTRY=${QUAY_HOSTNAME}:8443
$ MIRROR_REGISTRY_USERNAME=XXXX
$ MIRROR_REGISTRY_PASWORD=YYYY
$ MIRROR_REGISTRY_AUTH=$(echo -n ${MIRROR_REGISTRY_USERNAME}:${MIRROR_REGISTRY_PASWORD} | base64)
$ echo ${MIRROR_REGISTRY_AUTH}
aW5pdDpyM2RoNHQxIQ==
$ echo \"${MIRROR_REGISTRY}\":\{\"auth\":\"${MIRROR_REGISTRY_AUTH}\",\"email\":\"you@example.com\"},
"quay.local:8443":{"auth":"aW5pdDpyM2RoNHQxIQ==","email":"you@example.com"},
- 将上一步的输出结果加入到 pull-secret.txt 文件的 “auths”:{ 的后面。
{"auths":{"quay.local:8443":{"auth":"aW5pdDpyM2RoNHQxIQ==","email":"you@example.com"},"cloud.openshift.com":。。。。
- 将 Token 信息格式化后保存到指定目录。
$ mkdir ~/.docker
$ cat ./pull-secret.txt | jq . > ~/.docker/config.json
$ cat ~/.docker/config.json
{"auths": {"quay.local:8443": {"auth": "aW5pdDpyM2RoNHQxIQ==","email": "your@example.com"},"cloud.openshift.com": {"auth": "xxxxx","email": "your@email.com"},"quay.io": {"auth": "xxxxx","email": "your@email.com"},
。。。
创建 ImageSet 配置定义下载离线的镜像
创建 ImageSet 配置文件,它定义了从 stable-4.10 渠道下载版本为 4.10.6 的所有 OpenShift 镜像。
$ cat > imageset-config-ocp.yaml << EOF
apiVersion: mirror.openshift.io/v1alpha1
kind: ImageSetConfiguration
storageConfig:local:path: metadata
mirror:ocp:channels:- name: stable-4.10versions:- "4.10.6"
EOF
将离线镜像直接复制到内部 Registry
执行以下命令可以将 ImageSet 配置文件中的镜像复制到内部 Quay 中。
$ oc-mirror --config=imageset-config-ocp.yaml docker://${MIRROR_REGISTRY}:8443 --dest-skip-tls
整个过程会针对 openshift/release 和 operator-framework/opm 这两部分所包含的 Image 分别进行以下操作过程:
- 创建本地临时目录
INFO Checking push permissions for quay.local:8443
workspace: ./mirrortmp3694974780
INFO Found: oc-mirror-workspace/src/publish
INFO Found: oc-mirror-workspace/src/v2
INFO Found: oc-mirror-workspace/src/charts
- 下载 openshift/release 对应的镜像(注意提示有 164 个镜像)到本地。
INFO Downloading requested release 4.10.6
info: Mirroring 164 images to file://openshift/release ...
<dir>openshift/releaseblobs:quay.io/openshift-release-dev/ocp-v4.0-art-dev sha256:39382676eb30fabb7a0616b064e142f6ef58d45216a9124e9358d14b12dedd65 1.428KiBquay.io/openshift-release-dev/ocp-v4.0-art-dev sha256:130cbce0a84105310b3350bac14ab4f94bf920e4015f280d4f5151feffa67e83 1.491KiB。。。blobs:quay.io/openshift-release-dev/ocp-release sha256:39382676eb30fabb7a0616b064e142f6ef58d45216a9124e9358d14b12dedd65 1.428KiBquay.io/openshift-release-dev/ocp-release sha256:3a80fedd81d63cd4cc627e37a54f09c47b1cd1d4e4960d58f53ee9bb5775bda3 1.729KiB。。。manifests:sha256:00f1cd21a4bdd41106474f6fb56c1b6ca586301edc452afd7f4503fbaef10f7e -> 4.10.6-x86_64-telemetersha256:01c2ae74ca80d055a3b4e92a59d754b89be049fe6849b75b3b4c60d8b0c43a24 -> 4.10.6-x86_64-deployer。。。stats: shared=5 unique=331 size=11.76GiB ratio=0.99phase 0:openshift/release blobs=336 mounts=0 manifests=164 shared=5info: Planning completed in 34s
uploading: file://openshift/release sha256:f7b283b14e0d90a79c496a7e35a95deb52c33ab589736d0f3bfc99bdb1bcd709 9.581MiB
uploading: file://openshift/release sha256:1031394b5be427babfec49ec81981e25f86dd120556332968b461a64247a0f4e 30.76MiB
。。。
sha256:d321168bb9dd3d41ac5707ef0f948f5cda9e9c3593431a820fac2195da722a2d file://openshift/release:4.10.6-x86_64-ibm-vpc-block-csi-driver-operator
sha256:f8a8cb59910e2b12a57c8bd2cd991443a02000adab920248449680faf70df997 file://openshift/release:4.10.6-x86_64-machine-config-operator
info: Mirroring completed in 16m45.47s (12.56MB/s)Success
Update image: openshift/release:4.10.6-x86_64To upload local images to a registry, run:oc image mirror --from-dir=oc-mirror-workspace/src 'file://openshift/release:4.10.6-x86_64*' REGISTRY/REPOSITORY
- 下载 operator-framework/opm 对应的镜像到本地(显示内容略)。
- 对下载的两类 Image 打包成 tar 文件,然后再将镜像传到目标 Image Registry 中。
INFO Creating archive /root/mirrortmp2818597809/mirror_seq1_000000.tar
INFO Publishing image set from archive "./mirrortmp2818597809" to registry "quay.local:8443"
INFO No existing metadata found. Setting up new workspace
info: Mirroring 164 images to quay.local:8443/openshift/release ...
quay.local:8443/openshift/releaseblobs:file://openshift/release sha256:39382676eb30fabb7a0616b064e142f6ef58d45216a9124e9358d14b12dedd65 1.428KiBfile://openshift/release sha256:130cbce0a84105310b3350bac14ab4f94bf920e4015f280d4f5151feffa67e83 1.491Ki。。。manifests:sha256:00f1cd21a4bdd41106474f6fb56c1b6ca586301edc452afd7f4503fbaef10f7e -> 4.10.6-x86_64-telemetersha256:01c2ae74ca80d055a3b4e92a59d754b89be049fe6849b75b3b4c60d8b0c43a24 -> 4.10.6-x86_64-deployer。。。stats: shared=0 unique=336 size=11.76GiB ratio=1.00phase 0:quay.local:8443 openshift/release blobs=336 mounts=0 manifests=164 shared=0info: Planning completed in 15.1s
uploading: quay.local:8443/openshift/release sha256:873d8a227fc5206e4058f636e5b971bd44a7d3cede249391c34ca2798b1ff7d1 30.83MiB
uploading: quay.local:8443/openshift/release sha256:55e2f4ff76b14c8d3901a5dbf040bbd0851e91bd7fe0929aa15b6c8d39802737 18.54MiB
。。。
sha256:88b394e633e09dc23aa1f1a61ededd8e52478edf34b51a7dbbb21d9abde2511a quay.local:8443/openshift/release:4.10.6-x86_64
sha256:3714e0dc44bd42fd268fd7b01f0df4dce5a726d7315b3cdc52231d8b308f2bfc quay.local:8443/openshift/release:4.10.6-x86_64-prometheus-alertmanager
。。。
info: Mirroring completed in 16m45.47s (12.56MB/s)Success
Update image: quay.local:8443/openshift/release:4.10.6-x86_64
Mirror prefix: quay.local:8443/openshift/release
quay.local:8443/operator-framework/opmblobs:file://operator-framework/opm sha256:f0fd5be261dfd2e36d01069a387a3e5125f5fd5adfec90f3cb190d1d5f1d1ad9 156Bfile://operator-framework/opm sha256:2e48a47edb47715fb8a4e7b3730f2fc4debf5c04cf620d1aff12db4495ed8ac1 159Binfo: Mirroring completed in 13.44s (5.273MB/s)
INFO Wrote ICSP manifests to oc-mirror-workspace/results-1649856736
INFO CatalogSource and ICSP install not implemented
- 最后删除本地的临时数据。
cleaning up workspace
- 完成后可以在本地 Quay 中查看镜像,其中 openshift/release 中包含了 164 个 Image。
将离线镜像间接复制到内部 Registry
间接镜像复制更适合完全隔离的环境。它将前一节的一个“下载+推送”过程分为 2 个独立步骤,即使用以下 2 次 oc-mirror 命令先将镜像下载到本地,然后在推送到本地 Image Registry。
- 执行命令,先下载镜像到 MIRROR_IMAGE_PATH 指定的本地文件目录中,并打包成 tar 文件。
$ MIRROR_IMAGE_PATH=/root/mirror-images
$ oc-mirror --config imageset-config-ocp.yaml file://${MIRROR_IMAGE_PATH}
- 查看下载的离线镜像文件。
$ ls ${MIRROR_IMAGE_PATH}
mirror_seq1_000000.tar
- 再将本地镜像文件推送到内部的 Image Registry 中。
$ oc-mirror --from ${MIRROR_IMAGE_PATH}/mirror_seq1_000000.tar docker://${MIRROR_REGISTRY}:8443 --dest-skip-tls
$ cat > imageset-config-operator-odf.yaml << EOF
apiVersion: mirror.openshift.io/v1alpha1
kind: ImageSetConfiguration
storageConfig:local:path: metadata
mirror:operators:- catalog: registry.redhat.io/redhat/redhat-operator-index:v4.10headsonly: falsepackages:- name: odf-operatorstartingVersion: '4.9.4'
EOF
参考
- https://access.redhat.com/documentation/en-us/openshift_container_platform/4.10/html-single/installing/index#installing-mirroring-disconnected
- https://cloud.redhat.com/blog/how-oc-mirror-will-help-you-reduce-container-management-complexity
- https://shonpaz.medium.com/dealing-with-air-gapped-environments-just-got-much-easier-bab6b76e44f2
- https://github.com/openshift/oc-mirror/tree/main/docs/examples
- https://github.com/openshift/oc-mirror/blob/main/docs/imageset-config-ref.yaml
- https://access.redhat.com/documentation/zh-cn/openshift_container_platform/4.10/html-single/installing#oc-mirror-imageset-config-params_installing-mirroring-disconnected
OpenShift 4 - 在离线环境中用 oc-mirror 获取 OpenShift 和 Opeartor 的相关镜像相关推荐
- linuxpython安装hive_Linux离线环境安装Pyhive包及通用方式
一.Linux离线安装GCC编译环境 安装之前要查看离线环境的Linux版本,因为下载文档需要Linux的版本对应 1 uname -a显示全部信息 显示版本号,该机版本为centos 6.6,属于6 ...
- python离线包安装_python 通过pip freeze、dowload打离线包及自动安装的过程详解(适用于保密的离线环境...
python的pip是其包管理工具,相当方便好用.本文只介绍pip 如何通过其freeze命令打离线包,及其离线包的安装脚本.这个知识点,特别适用于不适合连通互联网,设备需要物理隔绝,保密要求严格的客 ...
- openshift4离线部署_干货!OpenShift离线环境OperatorHub和ImageStream配置实战技巧
OpenShift4.5.x离线环境OperatorHub和ImageStream配置实战技巧 1 . 前言 在离线环境使用UPI(UserProvisioned Infrastructure)方式安 ...
- OpenShift 4 - CRC(Codeready Container)个人单机版 OpenShift 环境
<OpenShift 4.x HOL教程汇总> 说明:本文已经在支持OpenShift 4.9的Codeready Container环境中验证 文章目录 关于CRC - Coderead ...
- Ambari在离线环境中安装Hadoop集群
2019独角兽企业重金招聘Python工程师标准>>> http://www.hackbase.com/article-973-1.html (WJW)Ambari在离线环境中安装H ...
- 在离线环境中使用.NET Core
0x00 写在开始 很早开始就对.NET Core比较关注,一改微软之前给人的印象,变得轻量.开源.跨平台.最近打算试着在工作中使用.但工作是在与互联网完全隔离的网络中进行的,因此就开始了在离线环境中 ...
- docker 离线安装 mysql_Oracle数据库之docker 离线环境安装oracle
本文主要向大家介绍了Oracle数据库之docker 离线环境安装oracle,通过具体的内容向大家展现,希望对大家学习Oracle数据库有所帮助. 因测试需要,需在内网的测试环境搭建一套docker ...
- python如何离线安装第三方库_离线环境安装python第三方库
python 离线环境安装python第三方库 author: yafeishi tags: AntDB,python python对于运维工作确实方便了很多,但很多比较实用的库都是第三方提供,在os ...
- 在离线环境中安装Visual Stuido 2017
在离线环境中安装Visual Stuido 2017 0x00 写在前面的废话 因为工作上大多数都是在离线环境中进行的,进出离线环境很麻烦,所以之前很长一段时间都在使用VS2010.后来尝试换了VS2 ...
最新文章
- 如何在Windows中安装Python?
- Java学习_day002:变量
- 电路设计中三极管和MOS管做开关用时的区别
- 上传照片表单提交包括文本框下拉条等,如何取文本框的值
- 语言可以直接访问位元元址_OOP语言中FBC问题对应用框架的影响
- 诡异的 BOM 字符 \ufeff
- bfs (宽度搜素)
- 阅读 图解HTTP ,读书笔记
- 2021年数学建模国赛C题问题一详细思路和代码
- 基于Python的指数基金量化投资 - 指数投资技巧(一)定期定额
- 强化物联网连接 Silicon Labs收购Micrium
- Autojs-QQ每日定时给女票/男票/闺蜜/基友发送一句话
- 人工智能新目标——看懂视频
- android如何怎么禁止多点触控
- 18、弱电工程综合布线系统常用的线材及设备图文资料
- HMM(Hidden Markov Model)
- Python中@符号是什么意思?
- 【人脸识别】基于dlib库实现人脸特征值提取
- 手机号 imsi tmsi_你好,我借的网贷忘了叫什么名字了怎么办,手机号也没用了,怎么可以查到-免费法律咨询...
- 使用vue做一个“淘宝“项目——3
热门文章
- idea服务器如何手动加载项目,idea导入本地idea的web项目(服务器用的是tomcat)
- 设计灵感|App中的页面空状态应该如何表现?
- 海报展示样机模板|给你一个现实的环境
- 一组飒气十足的商务海报PSD分层海报
- 电商设计师必备素材|快速组合自己想要的场景和落版文字
- 秋意来袭,这些清新促销海报不容错过!
- speedtest命令行linux,Linux或者Mac下命令行speedtest测试网络速度
- ithoughts怎么自定义样式_微信小程序自定义导航栏组件封装
- 面向过程(或者叫结构化)分析方法与面向对象分析方法到底区别
- OpenStack概念结构与逻辑架构:Conceptual architecture and Logical architecture