联想重启快捷键 | 联想快捷键重启
839 2023-04-02 19:11:59
1. 下载 https://github.com/openshift/origin/releases
并且上传到360云盘 /Postgraduate/云计算/Openshift Origin相关/安装包
2.1.安装
https://docs.openshift.org/latest/getting_star
ted/administrators.html#getting-started-administrators
2.2.视频教程
https://access.redhat.com/videos/1606273
2.3.需要CLI
https://docs.openshift.org/latest/cli_reference/get_started_cli.html#cli-reference-get-started-cli
2.4.进入web console的网址:http s :127.0.0.1:8443 (注意是https,然后打开的时候会有不安全的提示,别管他)
2.5 Web Console Authentication
https://docs.openshift.org/latest/dev_guide/authentication.html#dev-guide-authentication
3.发现ubuntu不是很友好,且运行console,图形化管理的话,需要一些制约条件
后面发现Ubuntu 下面的firefox也是可以运行的
https://docs.openshift.org/latest/architecture/infrastructure_components/web_console.html#architecture-infrastructure-components-web-console
正式生产的分布式环境下的条件
https://docs.openshift.org/latest/install_config/install/prerequisites.html#install-config-install-prerequisites
5.控制台发布应用,往下拉
https://docs.openshift.org/latest/dev_guide/new_app.html
创建templete和instant app
https://docs.openshift.org/latest/dev_guide/templates.html
默认不导入Default Images,查看下面的链接
https://docs.openshift.org/latest/install_config/imagestreams_templates.html#install-config-imagestreams-templates
首先需要
Deploying a Docker Registry
https://docs.openshift.org/latest/install_config/install/docker_registry.html#install-config-install-docker-registry
按照下面的命令。总是找不到admin.kubeconfig,
运行/oadm registry —help,发现发现可以不带参数运行registery
Install or configure an integrated Docker registry
This command sets up a Docker registry integrated with your cluster to provide notifications when
images are pushed. With no arguments, the command will check for the existing registry service
called 'docker-registry' and try to create it. If you want to test whether the registry has
been created add the --dry-run flag and the command will exit with 1 if the registry does not
exist.
6.权限不够,无法创建docker registry
https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#roles
需要在 cluster policy or in a local policy .中定义各个角色
https://docs.openshift.org/latest/architecture/additional_concepts/authorization.html#roles
看下面关于policy的建议和例子
https://github.com/openshift/origin/blob/master/docs/proposals/policy.md
修改权限,查看policy的命令
https://docs.openshift.org/latest/admin_guide/manage_authorization_policy.html#viewing-cluster-roles
查看cluster级别的
oc describe clusterPolicy default6.1默认的admin和test账户都无法查看cluster级别的policy
需要权限,国外开发组的邮件
Did you already log in as user test? Only a cluster admin can give that role to another user, so you need to run that command as the bootstrap cluster admin user. The credentials for that user are in the admin.kubeconfig file on the API server.
oadm policy add-cluster-role-to-user cluster-admin test --config= /home/zhk/Downloads/openshift-origin-server-v1.3.0-alpha.2-983578e-linux-64bit/openshift.local.config/master/ admin.kubeconfig
You can add and remove roles to and from users and groups using oadm policy commands.
利用oadm policy命令修改policy
admin.kubeconfig文件是在
/root/Downloads/openshift-origin-server-v1.3.0-alpha.2-983578e-linux-64bit/openshift.local.config/master 或者(后面的centos) /home/zhk/Downloads/openshift-origin-server-v1.3.0-alpha.2-983578e-linux-64bit/openshift.local.config/master角色授予成功后,test下面会多出 3个project,这就证明角色已经分配给test了。
6.3 oadm policy add-cluster-role-to-user <role> <username>
增加cluster级别的角色给某个用户
但是跑下面的命令,却没有权限查看
https://docs.openshift.org/latest/dev_guide/templates.html#dev-guide-templates
2.导入默认的 install-config-imagestreams-templates
https://docs.openshift.org/latest/install_config/imagestreams_templates.html#install-config-imagestreams-templates
3.admin.kubeconfig文件是在
/root/Downloads/openshift-origin-server-v1.3.0-alpha.2-983578e-linux-64bit/openshift.local.config/master
即在master节点下面
https://docs.openshift.org/latest/install_config/install/docker_registry.html#install-config-install-docker-registry
oadm registry --config=/root/Downloads/openshift-origin-server-v1.3.0-alpha.2-983578e-linux-64bit/openshift.local.config/master/admin.kubeconfig --service-account=registry
1.第一步,运行上面的命令
根据此次命令的运行,可能命令行加上参数 —config=admin.kubeconfig的时候,当前用户就拥有了全局的权限吧。可能是之前没有理解下面红框内的英文的意思。
根据上面的链接,只执行了第一步,后面的什么deploy the registry as a daemons对于导入默认的instant app和template貌似并不是要求的,所以先放一放。 目前,test用户拥有最高权限
8.目前根据 https://docs.openshift.org/latest/install_config/imagestreams_templates.html
已经完成下面这4个步骤。
9.
可见,集成默认的instant app和template就是在操作open shift这个project,从命令行的参数 -n open shift可以看出来,目前,test用户因为有了cluster-admin的角色,所以可以查看open shift这个project了
10.
单核的阿里云的ubuntu执行起来比较慢,但是登录vnc查看远程桌面的话,发现终端是一直在执行脚本的,导致ssh这边看上去好像卡住了一样,耐心等待