openshift搭建registry-持久存储nfs

报错:

https://docs.openshift.org/latest/install_config/registry/deploy_registry_existing_clusters.html 

The Docker registry pod runs as user 1001. This user must be able to write to the host directory. You may need to change directory ownership to user ID 1001 with this command:

$ sudo chown 1001:root <path>

新增registry:

oc delete dc docker-registry registry-console router

oc delete svc docker-registry registry-console router

oc delete serviceaccounts registry router

 

 

mkdir -p /opt/openshift-registry

chown 1001:root /opt/openshift-registry

oc create serviceaccount registry -n default

oc adm policy add-scc-to-user privileged system:serviceaccount:default:registry

 

#service clusterrolebinding deploymentconfig

oc adm registry --service-account=registry --mount-host=/opt/openshift-registry

oc logs dc/docker-registry

 

 

#为admin帐号授权

oc adm policy add-role-to-user system:registry admin

oc adm policy add-role-to-user admin admin -n openshift

oc adm policy add-role-to-user system:image-builder admin

 

oc adm policy add-role-to-user system:image-puller system:anonymous -n openshift

 

 

 

 

搭建nfs-nfs目录权限

chown 1001.1000030000 /export/openshift-registry-storage

chmod g+s /export/openshift-registry-storage

共享:exports

/export/openshift-registry-storage *(rw,sync,no_root_squash,no_subtree_check)

 

oc project default

[root@master template]# cat registry-pvc.yaml

apiVersion: v1

kind: List

items:

- apiVersion: v1

kind: PersistentVolume

metadata:

name: registry-storage

labels:

provider: docker-registry

project: default

spec:

capacity:

storage: 20Gi

accessModes:

- ReadWriteMany

nfs:

path: /export/openshift-registry-storage

server: 192.168.6.135

persistentVolumeReclaimPolicy: Retain

- apiVersion: v1

kind: PersistentVolumeClaim

metadata:

labels:

provider: docker-registry

project: default

name: registry-storage

spec:

accessModes:

- ReadWriteMany

resources:

requests:

storage: 20Gi

volumeName: registry-storage

 

 

 

oc get svc docker-registry -o yaml > registry-svc.yml

oc delete -f registry-svc.yml

[root@master template]# cat registry-svc.yml

apiVersion: v1

kind: Service

metadata:

creationTimestamp: 2017-04-14T01:57:18Z

labels:

docker-registry: default

name: docker-registry

namespace: default

resourceVersion: "56807"

selfLink: /api/v1/namespaces/default/services/docker-registry

uid: b0fbef3d-20b5-11e7-832b-5afbca75f359

spec:

clusterIP: 172.30.0.3

portalIP: 172.30.0.3

ports:

- name: 5000-tcp

port: 5000

protocol: TCP

targetPort: 5000

selector:

docker-registry: default

sessionAffinity: ClientIP

type: ClusterIP

status:

loadBalancer: {}

 

 

oc create -f registry-svc.yml

oc get svc docker-registry

 

web界面:

进入 "openshift web" - "default" - "Deployments" - "docker-registry" 点 "Actions" - "Edit YAML" 进入编辑模式，找到以下部分

修改:

volumes:

- name: registry-storage

persistentVolumeClaim:

claimName: registry-storage

 

 

oc login -n openshift

oc whoami -t

docker login -u admin -p 5S1FMOjluARDLwR33PW-JTJAz3PkY4XcnximqoAYDuU 172.30.0.3:5000

docker tag nginx:1.11.4-alpine 172.30.0.3:5000/openshift/nginx:1.11.4-alpine

docker push 172.30.0.3:5000/openshift/nginx:1.11.4-alpine