OpenShift 4.6版本下OperatorHub新增了opm命令,用于在OperatorHub中添加客户化的index image 或者删除已有的组件,形成新的index image.
因为添加需要准备Operator的Bundle,所以相对比较麻烦,这里验证了一个做离线OperatorHub经常用的场景,就是删除,然后准备下载的mapping文件。
1.下载opm
因为opm依赖于glibc-2.28的包,而这个包只有在rhel8环境下才有,所以建议安装rhel8,然后按照下面命令下载
oc image extract registry.redhat.io/openshift4/ose-operator-registry:v4.6 --path /usr/bin/opm:. --confirm 如果觉得比较慢,可以先下载到本地,然后再extract podman pull registry.redhat.io/openshift4/ose-operator-registry:v4.6 podman tag registry.redhat.io/openshift4/ose-operator-registry:v4.6 registry.example.com:5443/openshift4/ose-operator-registry:v4.6 podman push registry.example.com:5443/openshift4/ose-operator-registry:v4.6 oc image extract registry.example.com:5443/openshift4/ose-operator-registry:v4.6 --path /usr/bin/opm:. --confirm
chmod +x ./opm
mv ./opm /usr/local/bin/
2.了解需要下载的Operator的名称
这个比较重要,否则只能靠猜了
[root@registry 4.6]# podman run -p50051:50051 > -it registry.redhat.io/redhat/redhat-operator-index:v4.6 WARN[0000] unable to set termination log path error="open /dev/termination-log: permission denied" INFO[0000] serving registry database=/database/index.db port=50051
然后通过grpcurl
[root@registry 4.6]# grpcurl -plaintext localhost:50051 api.Registry/ListPackages > packages.out
会形成一个packages.out文件,打开再里面找自己需要的Operator
{ "name": "3scale-operator" } { "name": "advanced-cluster-management" } { "name": "amq-broker" } { "name": "amq-broker-lts" } { "name": "amq-online" } { "name": "amq-streams" } { "name": "amq7-interconnect-operator" }
3.选择需要的Operator形成新的index images
比如我需要安装service mesh, cluster-logging功能的,那需要把相关的jaeger,elasticsearch, kiali的组件都下载下来。
opm index prune -f registry.example.com:5443/redhat/redhat-operator-index:v4.6 -p servicemeshoperator,cluster-logging,elasticsearch-operator,jaeger-product,kiali-ossm -t registry.example.com:5443/redhat/redhat-operator-index:my1v4.6 ...... INFO[0017] input has been sanitized pkg=service-registry-operator INFO[0017] packages: [service-registry-operator] pkg=service-registry-operator INFO[0017] deleting packages pkg=sriov-network-operator INFO[0017] input has been sanitized pkg=sriov-network-operator INFO[0017] packages: [sriov-network-operator] pkg=sriov-network-operator INFO[0017] deleting packages pkg=vertical-pod-autoscaler INFO[0017] input has been sanitized pkg=vertical-pod-autoscaler INFO[0017] packages: [vertical-pod-autoscaler] pkg=vertical-pod-autoscaler INFO[0017] deleting packages pkg=web-terminal INFO[0017] input has been sanitized pkg=web-terminal INFO[0017] packages: [web-terminal] pkg=web-terminal INFO[0017] Generating dockerfile packages="[servicemeshoperator cluster-logging elasticsearch-operator jaeger-product kiali-ossm]" INFO[0017] writing dockerfile: index.Dockerfile451780153 packages="[servicemeshoperator cluster-logging elasticsearch-operator jaeger-product kiali-ossm]" INFO[0017] running podman build packages="[servicemeshoperator cluster-logging elasticsearch-operator jaeger-product kiali-ossm]" INFO[0017] [podman build --format docker -f index.Dockerfile451780153 -t registry.example.com:5443/redhat/redhat-operator-index:my1v4.6 .] packages="[servicemeshoperator cluster-logging elasticsearch-operator jaeger-product kiali-ossm]"
形成新的镜像在本地,需要然后push到镜像仓库去。
podman push registry.example.com:5443/redhat/redhat-operator-index:my1v4.6 Getting image source signatures Copying blob 89c36445dd4e done Copying blob ace0eda3e3be skipped: already exists Copying blob fbe39d558281 skipped: already exists Copying blob e105a1e44712 skipped: already exists Copying blob 371d4702865c skipped: already exists Copying blob 4570b0d18853 skipped: already exists Copying config 3bc89f122d done Writing manifest to image destination Storing signatures
4.拿下来验证一下
[root@registry 4.6]oc adm catalog mirror --manifests-only registry.example.com:5443/redhat/redhat-operator-index:my1v4.6 registry.example.com:5443 --insecure src image has index label for database path: /database/index.db using database path mapping: /database/index.db:/tmp/439829874 wrote database to /tmp/439829874 using database at: /tmp/439829874/index.db no digest mapping available for registry.redhat.io/openshift-service-mesh/kiali-rhel7-operator:1.0.10, skip writing to ImageContentSourcePolicy no digest mapping available for registry.redhat.io/openshift-service-mesh/kiali-rhel7-operator:1.0.12, skip writing to ImageContentSourcePolicy no digest mapping available for registry.redhat.io/openshift-service-mesh/kiali-rhel7:1.12.7, skip writing to ImageContentSourcePolicy no digest mapping available for registry.redhat.io/openshift-service-mesh/kiali-rhel7-operator:1.12.7, skip writing to ImageContentSourcePolicy no digest mapping available for registry.redhat.io/openshift-service-mesh/kiali-rhel7-operator:1.0.6, skip writing to ImageContentSourcePolicy no digest mapping available for registry.redhat.io/openshift-service-mesh/kiali-rhel7:1.0.8, skip writing to ImageContentSourcePolicy no digest mapping available for registry.redhat.io/openshift-service-mesh/kiali-rhel7-operator:1.0.9, skip writing to ImageContentSourcePolicy no digest mapping available for registry.redhat.io/openshift-service-mesh/kiali-rhel7-operator:1.0.7, skip writing to ImageContentSourcePolicy no digest mapping available for registry.redhat.io/openshift-service-mesh/kiali-rhel7-operator:1.0.11, skip writing to ImageContentSourcePolicy no digest mapping available for registry.redhat.io/distributed-tracing/jaeger-rhel7-operator:1.13.2, skip writing to ImageContentSourcePolicy no digest mapping available for registry.redhat.io/openshift-service-mesh/kiali-rhel7-operator:1.0.8, skip writing to ImageContentSourcePolicy no digest mapping available for registry.redhat.io/openshift-service-mesh/kiali-rhel7:1.0.7, skip writing to ImageContentSourcePolicy no digest mapping available for registry.redhat.io/openshift-service-mesh/kiali-rhel7-operator:1.0.5, skip writing to ImageContentSourcePolicy wrote mirroring manifests to redhat-operator-index-manifests
忽略告警信息,进入redhat-operator-index-manifests目录,发现确实在mapping文件中已经只剩下我们需要的几个Operator了
遗憾的是也还有360多行,和之前手工做的模式差不多。