minishift v1.28.0でRed Hat Container Catalogを使いたい
Red Hat Container Catalog
https://access.redhat.com/containers/
ここのイメージをカタログにインポートしたい。
カタログには未だインポートできていません。すいません。
Docker Imageを直接DLしました(笑)
Redhatアカウント登録
アカウントを登録していないと使えないらしいので登録
登録はこちらから
Log in to Red Hat IDP
https://access.redhat.com/myaccount
Red Hat Container Catalogでコマンドを確認
Red Hat Container Catalogで「WordPress」を検索
WordPress with Nginx and PHP7 by Bitnamiのリンクをクリック
表示される詳細画面で「Get Latest Image」をクリック
Choose your platform:
Redhat OpenShift
とするとインポートコマンドが紹介されていますね。
oc import-image my-bitnami/wordpress-nginx-php7 --from=registry.connect.redhat.com/bitnami/wordpress-nginx-php7 --confirm
Let's oc import-image
その前にやることがあるみたいですが叩いてみます(笑)
[tak@centos76 ~]$ oc import-image my-bitnami/wordpress-nginx-php7 --from=registry.connect.redhat.com/bitnami/wordpress-nginx-php7 --confirm
error: tag latest failed: Internal error occurred: Get https://registry.connect.redhat.com/v2/bitnami/wordpress-nginx-php7/manifests/latest: unauthorized: Invalid username or password
imagestream.image.openshift.io/wordpress-nginx-php7 imported with errors
Name: wordpress-nginx-php7
Namespace: myproject
Created: 1 second ago
Labels: <none>
Annotations: openshift.io/image.dockerRepositoryCheck=2018-12-15T13:16:18Z
Docker Pull Spec: 172.30.1.1:5000/myproject/wordpress-nginx-php7
Image Lookup: local=false
Unique Images: 0
Tags: 1
latest
tagged from registry.connect.redhat.com/bitnami/wordpress-nginx-php7
! error: Import failed (InternalError): Internal error occurred: Get https://registry.connect.redhat.com/v2/bitnami/wordpress-nginx-php7/manifests/latest: unauthorized: Invalid username or password
1 second ago
Invalid username or passwordだそうで、まぁそうですよね(笑)
認証情報の登録
This image requires registry authentication. See the following documentatiot to use this image with OpenShift.
そのドキュメントがこちら
Allowing Pods to Reference Images from Other Secured Registries
英語は正直言って苦手です(笑)
先ほど登録したRedHatの登録情報を<username>,<password>に入力します。
$ oc create secret docker-registry \
--docker-server=sso.redhat.com \
--docker-username=<username> \
--docker-password=<password> \
--docker-email=unused \
redhat-connect-sso
secret/redhat-connect-sso created
$ oc secrets link default redhat-connect-sso --for=pull
$ oc secrets link builder redhat-connect-sso
これでいいのかなぁ~!?
でもう一度気を取り直してoc import-image♪
結果はやっぱりInvalid username or passwordだそうで
Try agein, oc import-image
そもそもoc loginに指定すべきなのではと閃いたのですが…
$ oc login -u <username> -p <password>
[tak@centos76 ~]$ oc import-image my-bitnami/wordpress-nginx-php7 --from=registry.connect.redhat.com/bitnami/wordpress-nginx-php7 --confirm
Error from server (Forbidden): secrets is forbidden: User "<username>" cannot create secrets in the namespace "default": no RBAC policy matched
今度は<username>さんにdefaultのcreate権限が必要と言われていますね…。
RBAC policyの確認
Google先生に色々教わりながら権限まわりを確認します。
[tak@centos76 ~]$ eval $(minishift oc-env)
[tak@centos76 ~]$ oc login -u system -p admin
Login successful.
You don't have any projects. You can try to create a new project, by running
oc new-project <projectname>
[tak@centos76 ~]$ oc get scc
No resources found.
Error from server (Forbidden): securitycontextconstraints.security.openshift.io is forbidden: User "system" cannot list securitycontextconstraints.security.openshift.io at the cluster scope: no RBAC policy matched
あれあれ?
[tak@centos76 ~]$ oc adm policy add-role-to-user cluster-admin <username>
Error from server (Forbidden): rolebindings.rbac.authorization.k8s.io is forbidden: User "system" cannot list rolebindings.rbac.authorization.k8s.io in the namespace "default": no RBAC policy matched
あれあれ?
sysytem:adminなのに権限がない(Forbidden)言われてます…
またInternetの広い海を捜索してると「minishiftで管理者権限を使う」の記事に出会いました。
Minishiftで、管理者権限を使うには「admin-user」というAdd-onを使う必要があるようです。
[tak@centos76 ~]$ minishift addons list
- admin-user : disabled P(0)
- anyuid : disabled P(0)
- che : disabled P(0)
- htpasswd-identity-provider : disabled P(0)
- registry-route : disabled P(0)
- xpaas : disabled P(0)
[tak@centos76 ~]$ minishift addons enable admin-user
Add-on 'admin-user' enabled
[tak@centos76 ~]$ minishift addons list
- admin-user : enabled P(0)
- anyuid : disabled P(0)
- che : disabled P(0)
- htpasswd-identity-provider : disabled P(0)
- registry-route : disabled P(0)
- xpaas : disabled P(0)
これで逝けるのかと思いきや、やっぱり同じ結果に…
「admin-user」というAdd-onについて更に捜索活動がいるようですね...。
改めてoc adm policy
[tak@centos76 ~]$ minishift stop
:
[tak@centos76 ~]$ minishift start
:
[tak@centos76 ~]$ eval $(minishift oc-env)
[tak@centos76 ~]$ oc adm policy add-cluster-role-to-user cluster-admin admin --as=system:admin
cluster role "cluster-admin" added: "admin"
おお。できましたね。
systemとかでログインする前に設定がいるみたいですね。
でも本当は<username>,<password>の人を追加する必要があります。
oc create user
ではではユーザを作成します。
[tak@centos76 ~]$ minishift stop
:
[tak@centos76 ~]$ minishift start
:
[tak@centos76 ~]$ eval $(minishift oc-env)
[tak@centos76 ~]$ oc create user <username>
Error from server (AlreadyExists): users.user.openshift.io "<username>" already exists
既に居ると言われていますね。先ほどoc loginしたから出来たのかな!?
ユーザが居るという事は、ロールさえ与えればOKそうなので試してみます。
[tak@centos76 ~]$ oc adm policy add-cluster-role-to-user cluster-admin admin --as=<username>
Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "<username>" cannot list clusterrolebindings.rbac.authorization.k8s.io at the cluster scope: no RBAC policy matched
[tak@centos76 ~]$ oc adm policy add-cluster-role-to-user cluster-admin admin --as=<username>:<password>
Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "<username>:<password>" cannot list clusterrolebindings.rbac.authorization.k8s.io at the cluster scope: no RBAC policy matched
[tak@centos76 ~]$ oc adm policy add-cluster-role-to-user cluster-admin admin --as=<username>:admin
Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "<username>:admin" cannot list clusterrolebindings.rbac.authorization.k8s.io at the cluster scope: no RBAC policy matched
何やっても駄目。
先にRBACに登録する必要があるっぽいですね。
create role
ではここを参考にロールを与えてみたいと思います。
Creating a User
[tak@centos76 ~]$ oc create clusterrolebinding registry-controller --clusterrole=cluster-admin --user=<username>
clusterrolebinding.rbac.authorization.k8s.io/registry-controller created
[tak@centos76 ~]$ oc adm policy add-cluster-role-to-user cluster-admin admin --as=<username>
cluster role "cluster-admin" added: "admin"
[tak@centos76 ~]$ oc login -u <username> -p <password>
Login successful.
You have access to the following projects and can switch between them with 'oc project <projectname>':
default
kube-dns
kube-proxy
kube-public
kube-system
* myproject
openshift
openshift-apiserver
openshift-controller-manager
openshift-core-operators
openshift-infra
openshift-node
openshift-service-cert-signer
openshift-web-console
Using project "myproject".
正常にロールが割り当てられて見えるProjectが増えてますね!
期待大(笑)
[tak@centos76 ~]$ oc import-image my-bitnami/wordpress-nginx-php7 --from=registry.connect.redhat.com/bitnami/wordpress-nginx-php7 --confirm
error: tag latest failed: Internal error occurred: Get https://registry.connect.redhat.com/v2/bitnami/wordpress-nginx-php7/manifests/latest: unauthorized: Invalid username or password
imagestream.image.openshift.io/wordpress-nginx-php7 imported with errors
Name: wordpress-nginx-php7
Namespace: myproject
Created: 13 hours ago
Labels: <none>
Annotations: openshift.io/image.dockerRepositoryCheck=2018-12-15T13:16:18Z
Docker Pull Spec: 172.30.1.1:5000/myproject/wordpress-nginx-php7
Image Lookup: local=false
Unique Images: 0
Tags: 1
latest
tagged from registry.connect.redhat.com/bitnami/wordpress-nginx-php7
! error: Import failed (InternalError): Internal error occurred: Get https://registry.connect.redhat.com/v2/bitnami/wordpress-nginx-php7/manifests/latest: unauthorized: Invalid username or password
13 hours ago
あれ...また再び捜索の旅へ
oc import-imageの再確認
まさかと思い、一応インポートコマンドのヘルプを確認
まぁユーザ指定なんてないよね…
[tak@centos76 ~]$ oc import-image --help
Import the latest image information from a tag in a Docker registry
Image streams allow you to control which images are rolled out to your builds and applications. This command fetches the
latest version of an image from a remote repository and updates the image stream tag if it does not match the previous
value. Running the command multiple times will not create duplicate entries. When importing an image, only the image
metadata is copied, not the image contents.
If you wish to change the image stream tag or provide more advanced options, see the 'tag' command.
Usage:
oc import-image IMAGESTREAM[:TAG] [flags]
Examples:
oc import-image mystream
Options:
--all=false: If true, import all tags from the provided source on creation or if --from is specified
--allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in
the template. Only applies to golang and jsonpath output formats.
--confirm=false: If true, allow the image stream import location to be set or changed
--dry-run=false: Fetch information about images without creating or updating an image stream.
--from='': A Docker image repository to import images from
--insecure=false: If true, allow importing from registries that have invalid HTTPS certificates or are hosted via
HTTP. This flag will take precedence over the insecure annotation.
-o, --output='': Output format. One of:
json|yaml|name|templatefile|template|go-template|go-template-file|jsonpath|jsonpath-file.
--reference-policy='source': Allow to request pullthrough for external image when set to 'local'. Defaults to
'source'.
--scheduled=false: Set each imported Docker image to be periodically imported from a remote repository. Defaults
to false.
--template='': Template string or path to template file to use when -o=go-template, -o=go-template-file. The
template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
Use "oc options" for a list of global command-line options (applies to all commands).
projectをdefaultにしてみる
[tak@centos76 ~]$ oc login -u <username> -n default
Logged into "https://192.168.42.208:8443" as "<username>" using existing credentials.
You have access to the following projects and can switch between them with 'oc project <projectname>':
* default
kube-dns
kube-proxy
kube-public
kube-system
myproject
openshift
openshift-apiserver
openshift-controller-manager
openshift-core-operators
openshift-infra
openshift-node
openshift-service-cert-signer
openshift-web-console
Using project "default".
念のため確認してみたら…
[tak@centos76 ~]$ oc secrets link default redhat-connect-sso --for=pull
secret "redhat-connect-sso" not found
error: No valid secrets found
secretはproject単位なんですかねぇ~
[tak@centos76 ~]$ oc create secret docker-registry \
--docker-server=sso.redhat.com \
--docker-username=<username> \
--docker-password=<password> \
--docker-email=unused \
redhat-connect-sso
secret/redhat-connect-sso created
[tak@centos76 ~]$ oc secrets link default redhat-connect-sso --for=pull
再びimport-imageを試みるも同じ結果に
ocコマンドのログを詳細に
ocコマンドの引数に--loglegel=#を指定すると詳細なログが表示されます。
[tak@centos76 ~]$ oc import-image my-bitnami/wordpress-nginx-php7 --from=registry.connect.redhat.com/bitnami/wordpress-nginx-php7 --confirm --loglevel=8
I1216 15:59:56.592474 12604 loader.go:359] Config loaded from file /home/tak/.kube/config
I1216 15:59:56.593645 12604 loader.go:359] Config loaded from file /home/tak/.kube/config
I1216 15:59:56.594571 12604 round_trippers.go:383] GET https://192.168.42.208:8443/apis/image.openshift.io/v1/namespaces/myproject/imagestreams/wordpress-nginx-php7
I1216 15:59:56.594587 12604 round_trippers.go:390] Request Headers:
I1216 15:59:56.594592 12604 round_trippers.go:393] User-Agent: oc/v1.11.0+d4cacc0 (linux/amd64) kubernetes/d4cacc0
I1216 15:59:56.594597 12604 round_trippers.go:393] Accept: application/json, */*
I1216 15:59:56.594602 12604 round_trippers.go:393] Authorization: Bearer WGIzy-5ZSPXOsrwQOyW-bnlOY5gS*****uQXOraWZJg
I1216 15:59:56.623166 12604 round_trippers.go:408] Response Status: 200 OK in 28 milliseconds
I1216 15:59:56.623185 12604 round_trippers.go:411] Response Headers:
I1216 15:59:56.623191 12604 round_trippers.go:414] Date: Sun, 16 Dec 2018 06:59:55 GMT
I1216 15:59:56.623195 12604 round_trippers.go:414] Content-Length: 1119
I1216 15:59:56.623199 12604 round_trippers.go:414] Cache-Control: no-store
I1216 15:59:56.623203 12604 round_trippers.go:414] Cache-Control: no-store
I1216 15:59:56.623207 12604 round_trippers.go:414] Content-Type: application/json
I1216 15:59:56.623243 12604 request.go:897] Response Body: {"kind":"ImageStream","apiVersion":"image.openshift.io/v1","metadata":{"name":"wordpress-nginx-php7","namespace":"myproject","selfLink":"/apis/image.openshift.io/v1/namespaces/myproject/imagestreams/wordpress-nginx-php7","uid":"9bf2f5b8-006b-11e9-****-5254003f4b86","resourceVersion":"47835","generation":1,"creationTimestamp":"2018-12-15T13:16:18Z","annotations":{"openshift.io/image.dockerRepositoryCheck":"2018-12-15T13:16:18Z"}},"spec":{"lookupPolicy":{"local":false},"tags":[{"name":"latest","annotations":null,"from":{"kind":"DockerImage","name":"registry.connect.redhat.com/bitnami/wordpress-nginx-php7"},"generation":1,"importPolicy":{},"referencePolicy":{"type":"Source"}}]},"status":{"dockerImageRepository":"172.30.1.1:5000/myproject/wordpress-nginx-php7","tags":[{"tag":"latest","items":null,"conditions":[{"type":"ImportSuccess","status":"False","lastTransitionTime":"2018-12-15T13:16:18Z","reason":"InternalError","message":"Internal error occurred: Get https://registry.connect.redhat.com/v2/bitnami/wordpress [truncated 95 chars]
I1216 15:59:56.625805 12604 request.go:897] Request Body: {"kind":"ImageStreamImport","apiVersion":"image.openshift.io/v1","metadata":{"name":"wordpress-nginx-php7","namespace":"myproject","resourceVersion":"47835","creationTimestamp":null},"spec":{"import":true,"images":[{"from":{"kind":"DockerImage","name":"registry.connect.redhat.com/bitnami/wordpress-nginx-php7"},"to":{"name":"latest"},"importPolicy":{},"referencePolicy":{"type":""}}]},"status":{}}
I1216 15:59:56.625864 12604 round_trippers.go:383] POST https://192.168.42.208:8443/apis/image.openshift.io/v1/namespaces/myproject/imagestreamimports
I1216 15:59:56.625871 12604 round_trippers.go:390] Request Headers:
I1216 15:59:56.625876 12604 round_trippers.go:393] User-Agent: oc/v1.11.0+d4cacc0 (linux/amd64) kubernetes/d4cacc0
I1216 15:59:56.625881 12604 round_trippers.go:393] Authorization: Bearer WGIzy-5ZSPXOsrwQOyW-bnlOY5gS*****uQXOraWZJg
I1216 15:59:56.625885 12604 round_trippers.go:393] Accept: application/json, */*
I1216 15:59:56.625889 12604 round_trippers.go:393] Content-Type: application/json
I1216 15:59:58.609344 12604 round_trippers.go:408] Response Status: 201 Created in 1983 milliseconds
I1216 15:59:58.609363 12604 round_trippers.go:411] Response Headers:
I1216 15:59:58.609369 12604 round_trippers.go:414] Cache-Control: no-store
I1216 15:59:58.609374 12604 round_trippers.go:414] Cache-Control: no-store
I1216 15:59:58.609378 12604 round_trippers.go:414] Content-Type: application/json
I1216 15:59:58.609383 12604 round_trippers.go:414] Date: Sun, 16 Dec 2018 06:59:57 GMT
I1216 15:59:58.609387 12604 round_trippers.go:414] Content-Length: 1991
I1216 15:59:58.609417 12604 request.go:897] Response Body: {"kind":"ImageStreamImport","apiVersion":"image.openshift.io/v1","metadata":{"name":"wordpress-nginx-php7","namespace":"myproject","selfLink":"/apis/image.openshift.io/v1/namespaces/myproject/imagestreamimports/wordpress-nginx-php7","uid":"31bde307-0100-11e9-****-5254003f4b86","resourceVersion":"47835","creationTimestamp":"2018-12-16T06:59:55Z"},"spec":{"import":true,"images":[{"from":{"kind":"DockerImage","name":"registry.connect.redhat.com/bitnami/wordpress-nginx-php7"},"to":{"name":"latest"},"importPolicy":{},"referencePolicy":{"type":"Source"}}]},"status":{"import":{"metadata":{"name":"wordpress-nginx-php7","namespace":"myproject","uid":"9bf2f5b8-006b-****-95c5-5254003f4b86","resourceVersion":"47835","generation":1,"creationTimestamp":"2018-12-15T13:16:18Z","annotations":{"openshift.io/image.dockerRepositoryCheck":"2018-12-15T13:16:18Z"}},"spec":{"lookupPolicy":{"local":false},"tags":[{"name":"latest","annotations":null,"from":{"kind":"DockerImage","name":"registry.connect.redhat.com/bitnami/wordpress-ngi [truncated 967 chars]
error: tag latest failed: Internal error occurred: Get https://registry.connect.redhat.com/v2/bitnami/wordpress-nginx-php7/manifests/latest: unauthorized: Invalid username or password
imagestream.image.openshift.io/wordpress-nginx-php7 imported with errors
Name: wordpress-nginx-php7
Namespace: myproject
Created: 18 hours ago
Labels: <none>
Annotations: openshift.io/image.dockerRepositoryCheck=2018-12-15T13:16:18Z
Docker Pull Spec: 172.30.1.1:5000/myproject/wordpress-nginx-php7
Image Lookup: local=false
Unique Images: 0
Tags: 1
latest
tagged from registry.connect.redhat.com/bitnami/wordpress-nginx-php7
! error: Import failed (InternalError): Internal error occurred: Get https://registry.connect.redhat.com/v2/bitnami/wordpress-nginx-php7/manifests/latest: unauthorized: Invalid username or password
18 hours ago
最初にconfigを読み込んでいるようですね
Config loaded from file /home/tak/.kube/config
このファイルの中身を見てみましょうか。
/home/tak/.kube/config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2akNDQWRLZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFtTVN...ElGSUNBVEUtLS0tLQo=
server: https://192.168.42.208:8443
name: 192-168-42-208:8443
contexts:
- context:
cluster: 192-168-42-208:8443
user: admin/192-168-42-208:8443
name: /192-168-42-208:8443/admin
- context:
cluster: 192-168-42-208:8443
user: developer/192-168-42-208:8443
name: /192-168-42-208:8443/developer
- context:
cluster: 192-168-42-208:8443
user: system/192-168-42-208:8443
name: /192-168-42-208:8443/system
- context:
cluster: 192-168-42-208:8443
user: <username>/192-168-42-208:8443
name: /192-168-42-208:8443/t.kitasuka@gmail.com
- context:
cluster: 192-168-42-208:8443
namespace: default
user: developer/192-168-42-208:8443
name: default/192-168-42-208:8443/developer
- context:
cluster: 192-168-42-208:8443
namespace: default
user: <username>/192-168-42-208:8443
name: default/192-168-42-208:8443/<username>
- context:
cluster: 192-168-42-208:8443
namespace: myproject
user: developer/192-168-42-208:8443
name: minishift
- context:
cluster: 192-168-42-208:8443
namespace: my-test
user: developer/192-168-42-208:8443
name: my-test/192-168-42-208:8443/developer
- context:
cluster: 192-168-42-208:8443
namespace: myproject
user: developer/192-168-42-208:8443
name: myproject/192-168-42-208:8443/developer
- context:
cluster: 192-168-42-208:8443
namespace: myproject
user: system:admin/192-168-42-208:8443
name: myproject/192-168-42-208:8443/system:admin
- context:
cluster: 192-168-42-208:8443
namespace: myproject
user: <username>/192-168-42-208:8443
name: myproject/192-168-42-208:8443/<username>
current-context: minishift
kind: Config
preferences: {}
users:
- name: admin/192-168-42-208:8443
user:
token: XUguyvrhXXNAY0P664****4p5h7ExmP9LCdQodk5BI
- name: developer/192-168-42-208:8443
user:
token: WGIzy-5ZSPXOsrwQOyW-bnlOY5gS*****uQXOraWZJg
- name: system/192-168-42-208:8443
user:
token: Fl5z6iAf6yZJPZhQPwlEMjj_*****nGLuhQ65eEpbBM
- name: system:admin/192-168-42-208:8443
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lCQnpBTkJna3Foa2lHOXcwQkFRc0ZBREFtTVNRd0...1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcnBPdU41TEFhOG80bTB3NExrMkd2Q3FiK01icGVEcjZNbm...JTQSBQUklWQVRFIEtFWS0tLS0tCg==
- name: <username>/192-168-42-208:8443
user:
token: 0uCzN8ucDqk7FLxvirKsdccHCo*****NGMjcIor5y6g
どうやらdeveloperで繫ぎに行こうとしている様子
そりゃ認証通らないですよね...。
I1216 15:59:56.594602 12604 round_trippers.go:393] Authorization: Bearer WGIzy-5ZSPXOsrwQOyW-bnlOY5gS_*****QXOraWZJg
- name: developer/192-168-42-208:8443
user:
token: WGIzy-5ZSPXOsrwQOyW-bnlOY5gS_*****QXOraWZJg
ユーザを切り替えて再チャレンジしてみます。
[tak@centos76 .kube]$ oc login -u <username> -p <password>
Login successful.
You have access to the following projects and can switch between them with 'oc project <projectname>':
default
kube-dns
kube-proxy
kube-public
kube-system
* myproject
openshift
openshift-apiserver
openshift-controller-manager
openshift-core-operators
openshift-infra
openshift-node
openshift-service-cert-signer
openshift-web-console
Using project "myproject".
[tak@centos76 .kube]$ oc import-image my-bitnami/wordpress-nginx-php7 --from=registry.connect.redhat.com/bitnami/wordpress-nginx-php7 --confirm --loglevel=8
I1216 16:19:25.350164 12949 loader.go:359] Config loaded from file /home/tak/.kube/config
I1216 16:19:25.352231 12949 loader.go:359] Config loaded from file /home/tak/.kube/config
I1216 16:19:25.352778 12949 round_trippers.go:383] GET https://192.168.42.208:8443/apis/image.openshift.io/v1/namespaces/myproject/imagestreams/wordpress-nginx-php7
I1216 16:19:25.352795 12949 round_trippers.go:390] Request Headers:
I1216 16:19:25.352802 12949 round_trippers.go:393] User-Agent: oc/v1.11.0+d4cacc0 (linux/amd64) kubernetes/d4cacc0
I1216 16:19:25.352808 12949 round_trippers.go:393] Authorization: Bearer 5tPboiZURtis4rReQFqKHXqInJxMiIPW33PIcI6W5FY
I1216 16:19:25.352814 12949 round_trippers.go:393] Accept: application/json, */*
I1216 16:19:25.378836 12949 round_trippers.go:408] Response Status: 200 OK in 26 milliseconds
I1216 16:19:25.378855 12949 round_trippers.go:411] Response Headers:
I1216 16:19:25.378861 12949 round_trippers.go:414] Cache-Control: no-store
I1216 16:19:25.378866 12949 round_trippers.go:414] Cache-Control: no-store
I1216 16:19:25.378870 12949 round_trippers.go:414] Content-Type: application/json
I1216 16:19:25.378874 12949 round_trippers.go:414] Date: Sun, 16 Dec 2018 07:19:24 GMT
I1216 16:19:25.378878 12949 round_trippers.go:414] Content-Length: 1119
I1216 16:19:25.378921 12949 request.go:897] Response Body: {"kind":"ImageStream","apiVersion":"image.openshift.io/v1","metadata":{"name":"wordpress-nginx-php7","namespace":"myproject","selfLink":"/apis/image.openshift.io/v1/namespaces/myproject/imagestreams/wordpress-nginx-php7","uid":"9bf2f5b8-006b-11e9-****-5254003f4b86","resourceVersion":"47835","generation":1,"creationTimestamp":"2018-12-15T13:16:18Z","annotations":{"openshift.io/image.dockerRepositoryCheck":"2018-12-15T13:16:18Z"}},"spec":{"lookupPolicy":{"local":false},"tags":[{"name":"latest","annotations":null,"from":{"kind":"DockerImage","name":"registry.connect.redhat.com/bitnami/wordpress-nginx-php7"},"generation":1,"importPolicy":{},"referencePolicy":{"type":"Source"}}]},"status":{"dockerImageRepository":"172.30.1.1:5000/myproject/wordpress-nginx-php7","tags":[{"tag":"latest","items":null,"conditions":[{"type":"ImportSuccess","status":"False","lastTransitionTime":"2018-12-15T13:16:18Z","reason":"InternalError","message":"Internal error occurred: Get https://registry.connect.redhat.com/v2/bitnami/wordpress [truncated 95 chars]
I1216 16:19:25.380561 12949 request.go:897] Request Body: {"kind":"ImageStreamImport","apiVersion":"image.openshift.io/v1","metadata":{"name":"wordpress-nginx-php7","namespace":"myproject","resourceVersion":"47835","creationTimestamp":null},"spec":{"import":true,"images":[{"from":{"kind":"DockerImage","name":"registry.connect.redhat.com/bitnami/wordpress-nginx-php7"},"to":{"name":"latest"},"importPolicy":{},"referencePolicy":{"type":""}}]},"status":{}}
I1216 16:19:25.380616 12949 round_trippers.go:383] POST https://192.168.42.208:8443/apis/image.openshift.io/v1/namespaces/myproject/imagestreamimports
I1216 16:19:25.380623 12949 round_trippers.go:390] Request Headers:
I1216 16:19:25.380628 12949 round_trippers.go:393] User-Agent: oc/v1.11.0+d4cacc0 (linux/amd64) kubernetes/d4cacc0
I1216 16:19:25.380633 12949 round_trippers.go:393] Accept: application/json, */*
I1216 16:19:25.380637 12949 round_trippers.go:393] Content-Type: application/json
I1216 16:19:25.380641 12949 round_trippers.go:393] Authorization: Bearer 5tPboiZURtis4rReQFqKHXqInJxMiIPW*****I6W5FY
I1216 16:19:26.821434 12949 round_trippers.go:408] Response Status: 201 Created in 1440 milliseconds
I1216 16:19:26.821461 12949 round_trippers.go:411] Response Headers:
I1216 16:19:26.821470 12949 round_trippers.go:414] Content-Length: 1991
I1216 16:19:26.821477 12949 round_trippers.go:414] Cache-Control: no-store
I1216 16:19:26.821485 12949 round_trippers.go:414] Cache-Control: no-store
I1216 16:19:26.821493 12949 round_trippers.go:414] Content-Type: application/json
I1216 16:19:26.821500 12949 round_trippers.go:414] Date: Sun, 16 Dec 2018 07:19:25 GMT
I1216 16:19:26.821575 12949 request.go:897] Response Body: {"kind":"ImageStreamImport","apiVersion":"image.openshift.io/v1","metadata":{"name":"wordpress-nginx-php7","namespace":"myproject","selfLink":"/apis/image.openshift.io/v1/namespaces/myproject/imagestreamimports/wordpress-nginx-php7","uid":"ea5c54be-0102-11e9-****-5254003f4b86","resourceVersion":"47835","creationTimestamp":"2018-12-16T07:19:24Z"},"spec":{"import":true,"images":[{"from":{"kind":"DockerImage","name":"registry.connect.redhat.com/bitnami/wordpress-nginx-php7"},"to":{"name":"latest"},"importPolicy":{},"referencePolicy":{"type":"Source"}}]},"status":{"import":{"metadata":{"name":"wordpress-nginx-php7","namespace":"myproject","uid":"9bf2f5b8-006b-****-95c5-5254003f4b86","resourceVersion":"47835","generation":1,"creationTimestamp":"2018-12-15T13:16:18Z","annotations":{"openshift.io/image.dockerRepositoryCheck":"2018-12-15T13:16:18Z"}},"spec":{"lookupPolicy":{"local":false},"tags":[{"name":"latest","annotations":null,"from":{"kind":"DockerImage","name":"registry.connect.redhat.com/bitnami/wordpress-ngi [truncated 967 chars]
error: tag latest failed: Internal error occurred: Get https://registry.connect.redhat.com/v2/bitnami/wordpress-nginx-php7/manifests/latest: unauthorized: Invalid username or password
imagestream.image.openshift.io/wordpress-nginx-php7 imported with errors
Name: wordpress-nginx-php7
Namespace: myproject
Created: 18 hours ago
Labels: <none>
Annotations: openshift.io/image.dockerRepositoryCheck=2018-12-15T13:16:18Z
Docker Pull Spec: 172.30.1.1:5000/myproject/wordpress-nginx-php7
Image Lookup: local=false
Unique Images: 0
Tags: 1
latest
tagged from registry.connect.redhat.com/bitnami/wordpress-nginx-php7
! error: Import failed (InternalError): Internal error occurred: Get https://registry.connect.redhat.com/v2/bitnami/wordpress-nginx-php7/manifests/latest: unauthorized: Invalid username or password
18 hours ago
今度はあれ…当てはまるユーザが居ない...ザワザワ
一体どの認証情報を持っていっているんでしょうかねぇ~
I1216 16:19:25.352808 12949 round_trippers.go:393] Authorization: Bearer 5tPboiZURtis4rReQFqKHXqInJxMiIPW*****I6W5FY
脳内では↓になることを期待していたのですが…
- name: <username>/192-168-42-208:8443
user:
token: 0uCzN8ucDqk7FLxvirKsdccHCo*****NGMjcIor5y6g
もう一度ドキュメントを読んでみる
Allowing Pods to Reference Images from Other Secured Registries
The Red Hat Connect Partner Registry (registry.connect.redhat.com) does not accept the auto-generated dockercfg secret type (BZ#1476330). A generic file-based secret must be created using the generated file from a docker login command:
$ docker login registry.connect.redhat.com --username developer@example.com Password: ************* Login Succeeded $ oc create secret generic redhat-connect --from-file=.dockerconfigjson=.docker/config.json $ oc secrets link default redhat-connect --for=pull
うんと。これってminishiftの場合どうやれば良いのでしょうか?
dockerコマンドと同一セッション内でocコマンド叩けないよね…( ;∀;)
[tak@centos76 ~]$ minishift ssh
Last login: Sun Dec 16 13:53:34 2018 from 192.168.42.1
[docker@minishift ~]$ docker login registry.connect.redhat.com --username <username>
Password:<password>
Login Succeeded
[docker@minishift ~]$ exit
logout
[tak@centos76 ~]$
logoutしちゃ逝けないし…
Red Hat Container CatalogのDocker Imageをインポートする
Catalogに載らない事を良しとするなら、以下の方法でDocker Imageを取得できますね。
[tak@centos76 ~]$ minishift ssh
Last login: Sun Dec 16 13:53:34 2018 from 192.168.42.1
[docker@minishift ~]$ docker login registry.connect.redhat.com --username <username>
Password:<password>
Login Succeeded
[docker@minishift ~]$ docker search registry.connect.redhat.com/wordpress
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
redhat.com registry.connect.redhat.com/bitnami/wordpress-apache-php5 This WordPress container solution is optim... 0
redhat.com registry.connect.redhat.com/bitnami/wordpress-apache-php7 This WordPress container solution is optim... 0
redhat.com registry.connect.redhat.com/bitnami/wordpress-nginx-php5 This WordPress container solution is optim... 0
redhat.com registry.connect.redhat.com/bitnami/wordpress-nginx-php7 This WordPress container solution is optim... 0
[docker@minishift ~]$ docker pull registry.connect.redhat.com/bitnami/wordpress-nginx-php7
Using default tag: latest
Trying to pull repository registry.connect.redhat.com/bitnami/wordpress-nginx-php7 ...
latest: Pulling from registry.connect.redhat.com/bitnami/wordpress-nginx-php7
367d84554057: Pull complete
b82a357e4f15: Pull complete
c3a7f6001199: Pull complete
7cbe8a798dae: Pull complete
69d8459ca3d2: Pull complete
bf6f445ee07a: Pull complete
4b06aa1b81f5: Pull complete
bf7e66f8dff6: Pull complete
5cce36c95eec: Pull complete
e0bf5aceea70: Pull complete
19948d26ff48: Pull complete
eb8a429fe70d: Pull complete
d63ad058569e: Pull complete
f44baacf7cf7: Pull complete
7fdbc8026083: Pull complete
be782444a7ef: Pull complete
119b0de383d9: Pull complete
Digest: sha256:7f9bef9632f2a9a87ff4c02ded5080d4048418d26913d3dacfb9cf1c6612ae04
Status: Downloaded newer image for registry.connect.redhat.com/bitnami/wordpress-nginx-php7:latest
[docker@minishift ~]$ exit
[tak@centos76 ~]$ oc import-image my-bitnami/wordpress-nginx-php7 --from=registry.connect.redhat.com/bitnami/wordpress-nginx-php7 --confirm
これで良しとするかは置いといてイメージはRed Hat Container Catalogから取得できましたね
Docker Imageをビルドするのは此方を参照してください。
- minishift v1.28.0にDockerイメージを追加してみた