OpenShift推送自定义镜像到本地仓库并创建项目和应用

创建push 权限

#oc create serviceaccount registry -n default
#oc adm policy add-scc-to-user privileged system:serviceaccount:default:registry

为admin帐号授权

#oc adm policy add-role-to-user system:registry admin
#oc adm policy add-role-to-user admin admin -n openshift
#oc adm policy add-role-to-user system:image-builder admin
#oc adm policy add-role-to-user system:image-puller system:anonymous -n openshift

登陆openshift 项目

#oc login -n openshift #使用admin用户登陆openshift
admin/admin
#oc whoami -t #查看admin用户的token

登陆Docker login 私有库（只有登陆成功才能上传）

#docker login -u admin -p qcrV9mq92fH16SpWKHdah3t_qRn0KCZNNlSi-YfDaRc 172.30.60.125:5000

先给镜像打tag

#docker tag nginx:1.11.4-alpine 172.30.60.125:5000/openshift/nginx:1.11.4-alpine

push 镜像到私有仓库

docker push 172.30.60.125:5000/openshift/nginx:1.11.4-alpine

至此会推送成功

使用刚刚推送的image创建app，虽然会报一堆错误，但是能够创建成功

#oc new-app --docker-image=“docker-registry.default.svc:5000/openshift/mybank-tomcat” --allow-missing-images

报错的原因应该是私有镜像仓库没有启用https，加参数–insecure-registry=true绕过证书检查就不会报错了

#oc new-app --docker-image=“docker-registry.default.svc:5000/openshift/mybank-tomcat” --allow-missing-images --insecure-registry=true

使用自主搭建的私有镜像仓库也是可以的

#docker login harbor.ctwifi.cn (输入用户名和密码登陆，所有node节点也要登陆一次)
#oc new-app --docker-image=“harbor.ctwifi.cn/openshift/nginx:1.12” --allow-missing-images --insecure-registry=true

新增registry（我使用本地仓库所以没有使用新增）:

#oc delete dc docker-registry registry-console router

#oc delete svc docker-registry registry-console router

#oc delete serviceaccounts registry router

#mkdir -p /opt/openshift-registry
#chown 1001:root /opt/openshift-registry
#oc create serviceaccount registry -n default
#oc adm policy add-scc-to-user privileged system:serviceaccount:default:registry

#service cluster role binding deployment config

#oc adm registry --service-account=registry --mount-host=/opt/openshift-registry
#oc logs dc/docker-registry