.net core 获取配置_如何为OpenShift 4配置Image Registry

OpenShift 4安装后缺省是将registry.access.redhat.com和docker.io作为容器镜像源。我们可以通过修改配置为OpenShift 4添加其他镜像源，例如Insecure Registry和Blocked Registry镜像源。

首先查看缺省的Image Registry配置，其中包括Registry的internal和external的访问地址。

$ oc get images.config.openshift.io -n openshift-configNAME      AGEcluster   22d$ oc get images.config.openshift.io cluster -o yaml -n openshift-configapiVersion: config.openshift.io/v1kind: Imagemetadata:  annotations:    release.openshift.io/create-only: "true"  creationTimestamp: "2019-11-22T15:53:20Z"  generation: 1  name: cluster  resourceVersion: "20150"  selfLink: /apis/config.openshift.io/v1/images/cluster  uid: 35059e15-0d40-11ea-912d-525400ae0293spec: {}status:  externalRegistryHostnames:  - default-route-openshift-image-registry.apps-crc.testing  internalRegistryHostname: image-registry.openshift-image-registry.svc:5000

执行以下命令可以修改images.config.openshift.io配置：

$ oc edit images.config.openshift.io cluster

我们可以在上面的spec: {}中添加定制的blockedRegistries和insecureRegistries配置。

spec:  registrySources:    blockedRegistries:    - docker.io    insecureRegistries:    - bastion.mycloud.com:5000    - 198.18.100.1:5000

在修改完后OpenShift会自动更新所有masters和nodes节点上的配置文件/etc/containers/registries.conf。使用《[OpenShift 4 之进入到集群节点内执行sosreport收集故障信息](https://blog.csdn.net/weixin_43902588/article/details/103443472)》登录到节点查看Registry的配置文件。

[core@worker-0 ~]$ sudo cat /etc/containers/registries.conf[registries]  [registries.search]    registries = ["registry.access.redhat.com", "docker.io"]  [registries.insecure]    registries = ["bastion.mycloud.com:5000", "198.18.100.1:5000"]  [registries.block]    registries = ["docker.io"]

最后我们可以验证一下，执行以下命令使用docker.io的镜像，然后可以从日志中查看到错误消息，说明已经不能从docker上获取Image了。

$ oc new-app --name sleep https://github.com/liuxiaoyu-git/openshift-dockerfile-example.git$ oc logs bc/sleep。。。。。Pulling image bash@sha256:d6696f7ac04ec9753f56c6bb2ab69b4f03a39a14a3dd72341bb41b9f6855def9 ...Warning: Pull failed, retrying in 5s ...Warning: Pull failed, retrying in 5s ...Warning: Pull failed, retrying in 5s ...error: build error: failed to pull image: After retrying 2 times, Pull image still failed due to error: while pulling "docker://bash@sha256:d6696f7ac04ec9753f56c6bb2ab69b4f03a39a14a3dd72341bb41b9f6855def9" as "bash@sha256:d6696f7ac04ec9753f56c6bb2ab69b4f03a39a14a3dd72341bb41b9f6855def9": pullaccess to registry for "docker://bash@sha256:d6696f7ac04ec9753f56c6bb2ab69b4f03a39a14a3dd72341bb41b9f6855def9" is blocked by configuration