OpenShift 4.2環境離線部署Operatorhub

缺省離線環境安裝的ocp4的Operatorhub是沒有內容的。詳細離線文檔參考官網文檔

https://docs.openshift.com/container-platform/4.2/operators/olm-restricted-networks.html

我這裏以amq-stream爲例記錄離線部署的過程, 如何批量導入的過程正在研究中。。。。

•  訪問路徑拿出全部的package

$ curl https://quay.io/cnr/api/v1/packages?namespace=redhat-operators > packages.txt

• 拼出amq-stream的連接後curl一下獲取下載地址

bash-4.2$ curl https://quay.io/cnr/api/v1/packages/redhat-operators/amq-streams/4.0.0
[{"content":{"digest":"091168d8d6f9511404ffa1d69502c84144e1a83ceb5503e8c556f69a1af66a1e","mediaType":"application/vnd.cnr.package.helm.v0.tar+gzip","size":89497,"urls":[]},"created_at":"2019-10-24T09:09:26","digest":"sha256:d0707e2a688e64907ff4d287c5f95a35b45b08121f8a7d556b9f130840e39052","mediaType":"application/vnd.cnr.package-manifest.helm.v0.json","metadata":null,"package":"redhat-operators/amq-streams","release":"4.0.0"}]

• 將Operator的內容存成一個tar.gz的包

curl -XGET https://quay.io/cnr/api/v1/packages/redhat-operators/amq-streams/blobs/sha256/091168d8d6f9511404ffa1d69502c84144e1a83ceb5503e8c556f69a1af66a1e \
    -o amq-streams.tar.gz

創建路徑並解壓縮
$ mkdir -p manifests/ 
$ tar -xf amq-stream.tar.gz -C manifests/

• 從新命名後tree一下結構

[root@localhost ~]# tree manifests/
manifests/
└── amq-streams
    ├── 1.0.0
    │   ├── amq-streams-kafkaconnect.crd.yaml
    │   ├── amq-streams-kafkaconnects2i.crd.yaml
    │   ├── amq-streams-kafka.crd.yaml
    │   ├── amq-streams-kafkamirrormaker.crd.yaml
    │   ├── amq-streams-kafkatopic.crd.yaml
    │   ├── amq-streams-kafkauser.crd.yaml
    │   └── amq-streams.v1.0.0.clusterserviceversion.yaml
    ├── 1.1.0
    │   ├── amq-streams-kafkaconnect.crd.yaml
    │   ├── amq-streams-kafkaconnects2i.crd.yaml
    │   ├── amq-streams-kafka.crd.yaml
    │   ├── amq-streams-kafkamirrormaker.crd.yaml
    │   ├── amq-streams-kafkatopic.crd.yaml
    │   ├── amq-streams-kafkauser.crd.yaml
    │   └── amq-streams.v1.1.0.clusterserviceversion.yaml
    ├── 1.2.0
    │   ├── amq-streams-kafkabridges.crd.yaml
    │   ├── amq-streams-kafkaconnects2is.crd.yaml
    │   ├── amq-streams-kafkaconnects.crd.yaml
    │   ├── amq-streams-kafkamirrormakers.crd.yaml
    │   ├── amq-streams-kafkas.crd.yaml
    │   ├── amq-streams-kafkatopics.crd.yaml
    │   ├── amq-streams-kafkausers.crd.yaml
    │   └── amq-streams.v1.2.0.clusterserviceversion.yaml
    ├── 1.3.0
    │   ├── amq-streams-kafkabridges.crd.yaml
    │   ├── amq-streams-kafkaconnects2is.crd.yaml
    │   ├── amq-streams-kafkaconnects.crd.yaml
    │   ├── amq-streams-kafkamirrormakers.crd.yaml
    │   ├── amq-streams-kafkas.crd.yaml
    │   ├── amq-streams-kafkatopics.crd.yaml
    │   ├── amq-streams-kafkausers.crd.yaml
    │   └── amq-streams.v1.3.0.clusterserviceversion.yaml
    └── amq-streams.package.yaml

展開package.yaml看看

[root@localhost ~]# cat manifests/amq-streams/amq-streams.package.yaml 
packageName: amq-streams
channels:
- name: stable
  currentCSV: amqstreams.v1.3.0

當前指向爲1.3.0目錄，因此去1.3.0目錄去更新amq-streams.v1.3.0.clusterserviceversion.yaml,具體是這麼一堆標黑的。

              labels:
                name: amq-streams-cluster-operator
                strimzi.io/kind: cluster-operator
            spec:
              serviceAccountName: strimzi-cluster-operator
              containers:
              - name: cluster-operator image: registry.redhat.ren/amq7/amq-streams-operator:1.3.0
                args:
                - /opt/strimzi/bin/cluster_operator_run.sh
                env:
                - name: STRIMZI_NAMESPACE
                  valueFrom:
                    fieldRef:
                      fieldPath: metadata.annotations['olm.targetNamespaces']
                - name: STRIMZI_FULL_RECONCILIATION_INTERVAL_MS
                  value: "120000"
                - name: STRIMZI_OPERATION_TIMEOUT_MS
                  value: "300000"
                - name: STRIMZI_DEFAULT_ZOOKEEPER_IMAGE value: registry.redhat.io/amq7/amq-streams-kafka-23:1.3.0
                - name: STRIMZI_DEFAULT_TLS_SIDECAR_ENTITY_OPERATOR_IMAGE value: registry.redhat.io/amq7/amq-streams-kafka-23:1.3.0
                - name: STRIMZI_DEFAULT_TLS_SIDECAR_KAFKA_IMAGE value: registry.redhat.io/amq7/amq-streams-kafka-23:1.3.0
                - name: STRIMZI_DEFAULT_TLS_SIDECAR_ZOOKEEPER_IMAGE value: registry.redhat.io/amq7/amq-streams-kafka-23:1.3.0
                - name: STRIMZI_DEFAULT_KAFKA_EXPORTER_IMAGE value: registry.redhat.io/amq7/amq-streams-kafka-23:1.3.0
                - name: STRIMZI_KAFKA_IMAGES value: |
                    2.2.1=registry.redhat.io/amq7/amq-streams-kafka-22:1.3.0
                    2.3.0=registry.redhat.io/amq7/amq-streams-kafka-23:1.3.0
                - name: STRIMZI_KAFKA_CONNECT_IMAGES value: |
                    2.2.1=registry.redhat.io/amq7/amq-streams-kafka-22:1.3.0

下載鏡像，而後再推送到本身的位置那些就不說了

我由於只修改了上面那個operator的後面的沒有修改和導入致使後來拉鏡像有問題，不說了。。。。

• 創建一個 custom-registry.Dockerfile

[root@helper operator]# cat custom-registry.Dockerfile 
FROM registry.redhat.io/openshift4/ose-operator-registry:v4.2.0 AS builder

COPY manifests manifests

RUN /bin/initializer -o ./bundles.db;sleep 20 

#FROM scratch

#COPY --from=builder /registry/bundles.db /bundles.db
#COPY --from=builder /bin/registry-server /registry-server
#COPY --from=builder /bin/grpc_health_probe /bin/grpc_health_probe

EXPOSE 50051

ENTRYPOINT ["/bin/registry-server"]

CMD ["--database", "/registry/bundles.db"]

 若是按照官方文檔來搞, 此處有個n大坑

• 運行完initializer後說找不到bundles.db文件，實際上運行完後須要sleep一下，讓文件造成
• bundles.db位置不對，在/registry下，而不是在/build下
• registry-server的位置不對，在/bin下，而不是在/build/bin/下
• 若是FROM scratch的話，造成的鏡像由於格式問題沒法運行。

耽誤時間3個鐘頭以上。。。。。

 

$ oc patch OperatorHub cluster --type json \
    -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]'

 

• 構建鏡像

podman build -f custom-registry.Dockerfile  -t registry.redhat.ren/ocp4/custom-registry 

podman push registry.redhat.ren/ocp4/custom-registry 

• 建立一個my-operator-catalog.yaml文件

[root@helper operator]# cat my-operator-catalog.yaml 
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: my-operator-catalog
  namespace: openshift-marketplace
spec:
  displayName: My Operator Catalog
  sourceType: grpc
  image: registry.redhat.ren/ocp4/custom-registry:latest

而後

oc create -f my-operator-catalog.yaml 

正常狀況下看到的是

[root@helper operator]# oc get pods -n openshift-marketplace
NAME                                    READY   STATUS    RESTARTS   AGE
marketplace-operator-5c846b89cb-k5827   1/1     Running   1          2d4h
my-operator-catalog-8jt25               1/1     Running   0          4m53s

[root@helper operator]# oc get catalogsource -n openshift-marketplace
NAME                  DISPLAY               TYPE   PUBLISHER   AGE
my-operator-catalog   My Operator Catalog   grpc               5m5s

[root@helper operator]# oc get packagemanifest -n openshift-marketplace
NAME          CATALOG               AGE
amq-streams   My Operator Catalog   5m11s

個人中間過程有點問題，後來發現是由於各個節點解析不到registry.redhat.ren這個外部鏡像倉庫地址，後手工在/etc/hosts中加上。

• 切換到openshift界面。

 

 

創建一個新的項目安裝

 

 

而後創建kafka集羣而後查看Pod,我由於沒有鏡像因此都image pullbackoff..... :-(

 

大功告成！