Openshift创建Router和Registry

Openshift创建Router和Registry:

[root@DockerServer openshift]# oadm policy add-scc-to-user privileged system:serviceacount:default:router

scc "privileged" added to: ["system:serviceacount:default:router"]

[root@DockerServer openshift]# oadm policy add-scc-to-user hostnetwork system:serviceaccount:default:router

scc "hostnetwork" added to: ["system:serviceaccount:default:router"]

[root@DockerServer openshift]# oadm policy add-scc-to-user privileged system:serviceaccount:default:router

scc "privileged" added to: ["system:serviceaccount:default:router"]

[root@DockerServer openshift]# oadm router router --replicas=1 --service-account=router

info: password for stats user admin has been set to gEpwLc6BC4

--> Creating router router ...

serviceaccount "router" created

clusterrolebinding "router-router-role" created

deploymentconfig "router" created

service "router" created

--> Success

Same way:

[root@DockerServer openshift]# oadm policy add-scc-to-user privileged -z router

scc "privileged" added to: ["system:serviceaccount:default:router"]

[root@DockerServer openshift]# oc adm policy add-scc-to-user hostnetwork -z router

scc "hostnetwork" added to: ["system:serviceaccount:default:router"]

[root@DockerServer openshift]# oc get pod -n default

NAME READY STATUS RESTARTS AGE

router-1-bd6f2 1/1 Running 0 4m

[root@DockerServer openshift]# ss -ltn|egrep -w "80|443"

LISTEN 0 128 *:80 *:*

LISTEN 0 128 *:443 *:*

[root@DockerServer openshift]# oadm registry --config=/opt/openshift/openshift.local.config/master/admin.kubeconfig --service-account=registry

--> Creating registry registry ...

serviceaccount "registry" created

clusterrolebinding "registry-registry-role" created

deploymentconfig "docker-registry" created

service "docker-registry" created

--> Success

[root@DockerServer openshift]# oc get pod

NAME READY STATUS RESTARTS AGE

docker-registry-1-2kqtb 1/1 Running 0 1m

router-1-bd6f2 1/1 Running 0 29m

[root@DockerServer openshift]# vi /etc/sysconfig/docker

OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false --registry-mirror=https://docker.mirrors.ustc.edu.cn --insecure-registry=172.30.0.0/16'

[root@DockerServer openshift]# systemctl restart docker