This page (revision-9) was last changed on 23-Apr-2022 17:06 by Harry Metske

This page was created on 23-Apr-2022 17:05 by Harry Metske

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note
9 23-Apr-2022 17:06 11 KB Harry Metske to previous
8 23-Apr-2022 17:05 10 KB Harry Metske to previous | to last
7 23-Apr-2022 17:05 9 KB Harry Metske to previous | to last
6 23-Apr-2022 17:05 9 KB Harry Metske to previous | to last
5 23-Apr-2022 17:05 8 KB Harry Metske to previous | to last
4 23-Apr-2022 17:05 7 KB Harry Metske to previous | to last
3 23-Apr-2022 17:05 6 KB Harry Metske to previous | to last
2 23-Apr-2022 17:05 6 KB Harry Metske to previous | to last
1 23-Apr-2022 17:05 350 bytes Harry Metske to last

Page References

Incoming links Outgoing links
OpenShift origin all in one...nobody
OpenShift origin all in one

Version management

Difference between version and

At line 87 changed one line
Looks like this registry is meant for only openshift itself? Not sure, but let's try to hook up an external docker registry.
!! Testapp1
At line 89 added 85 lines
We first need a (mysql) database. This can be created in openshift. First we user the admin console to create a "deployment" of a mysql db, there we can set the dbname, user and password.
It takes about 2 minutes for the db to be available, and we have 2 additional docker containers running in the VirtualBox.
! Create docker image for your runnable jar
We user the following Dockerfile and built an image with it:
%%prettify
{{{
FROM alpine:3.3
MAINTAINER Harry Metske <metskem@apache.org>
RUN apk --update add openjdk8-jre
ADD testapp1-0.1.1.jar /
ENV LANG en_US.UTF-8
ENV CATALINA_OPTS -Djava.security.egd=file:/dev/./urandom
EXPOSE 8080
CMD ["java","-jar", "/testapp1-0.1.1.jar"]
}}}
%%
! Registry
Next we need a registry where we can push/pull our images:
{{docker run -d -p 5000:5000 -v /home/metskem/registry:/tmp/registry-dev --name=registry registry}}
Next we tag and push our image:
{{{
➜ testapp1 git:(master) ✗ docker tag testapp1:latest athena:5000/testapp1:0.1.1
➜ testapp1 git:(master) ✗ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
athena:5000/testapp1 0.1.1 66ece7b26ab2 10 minutes ago 165.7 MB
testapp1 latest 66ece7b26ab2 10 minutes ago 165.7 MB
registry latest 182810e6ba8c 4 days ago 37.62 MB
monitoringartist/zabbix-xxl 3.2.3 b7ae522f5534 10 days ago 659.8 MB
----- snip -----
➜ testapp1 git:(master) ✗ docker push athena:5000/testapp1:0.1.1
The push refers to a repository [athena:5000/testapp1]
a634f2e80801: Pushed
f43d53ce4f92: Pushed
501307b47dda: Pushed
0.1.1: digest: sha256:27508c97430484cab6cfe56b4562437d24b4f50d17d9387a39957a6278f57045 size: 952
➜ testapp1 git:(master) ✗
__However__ we need SSL if we want to access this registry remotely. Therefore create keypair first:
{{{
keyfile=/tmp/keyfile.key
certfile=/tmp/certfile.crt
export subj="
C=NL
ST=Overijssel
O=computerhok
localityName=Rijssen
commonName=athena
"
/usr/bin/openssl req -x509 -nodes -newkey rsa:2048 -sha256 -keyout ${keyfile} -days 3650 -out ${certfile} -batch -subj "$(echo -n "$subj" | tr "\n" "/")"
}}}
And then (remove and) restart the registry container with:
{{docker run -d -p 5000:5000 -v /home/metskem/registry:/tmp/registry-dev -v /home/metskem/registry-certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/certfile.crt -e REGISTRY_HTTP_TLS_KEY=/certs/keyfile.key --name=registry registry}}
Next also edit {{/etc/sysconfig/docker}} on the VirtualBox and add/change {{--insecureegistry=athena:5000}} , after also adding {{10.0.0.164 athena}} to {{etc/hosts}} in the VirtualBox. After that: {{systemctl restart docker}}
Also add the self-signed cert to the VirtualBox (and again restart docker) : {{scp metskem@athena:registry-certs/certfile.crt /etc/docker/certs.d/athena\:5000/ca.crt}}
The above does not help, the admin console keeps saying ''Internal error occurred: Get https://athena:5000/v2/: x509: certificate signed by unknown authority''.
But the oc command says it's fine:
{{{
➜ ~ oc new-app athena:5000/testapp1:0.1.1
--> Found Docker image 66ece7b (50 minutes old) from athena:5000 for "athena:5000/testapp1:0.1.1"
* This image will be deployed in deployment config "testapp1"
* [WARNING] Image "testapp1" runs as the 'root' user which may not be permitted by your cluster administrator
* Port 8080/tcp will be load balanced by service "testapp1"
--> Creating resources with label app=testapp1 ...
DeploymentConfig "testapp1" created
Service "testapp1" created
--> Success
Run 'oc status' to view your app.
}}}
But no, looking at the admin console, we do see our testapp1, but it can't pull the image: {{Failed to pull image "athena:5000/library/testapp1:0.1.1": image pull failed for athena:5000/library/testapp1:0.1.1, this may be because there are no credentials on this request. details: (Error: image library/testapp1 not found)}}
This page (revision-9) was last changed on 23-Apr-2022 17:06 by Harry MetskeTop