2
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

minishift v1.28.0でRed Hat Container Catalogを使いたい

Last updated at Posted at 2018-12-15

minishift v1.28.0でRed Hat Container Catalogを使いたい

Red Hat Container Catalog
https://access.redhat.com/containers/
30.png

ここのイメージをカタログにインポートしたい。
 カタログには未だインポートできていません。すいません。
 Docker Imageを直接DLしました(笑)

Redhatアカウント登録

アカウントを登録していないと使えないらしいので登録
登録はこちらから
Log in to Red Hat IDP
https://access.redhat.com/myaccount

Red Hat Container Catalogでコマンドを確認

Red Hat Container Catalogで「WordPress」を検索
31.png

WordPress with Nginx and PHP7 by Bitnamiのリンクをクリック
表示される詳細画面で「Get Latest Image」をクリック
Choose your platform:
 Redhat OpenShift
とするとインポートコマンドが紹介されていますね。

oc import-image my-bitnami/wordpress-nginx-php7 --from=registry.connect.redhat.com/bitnami/wordpress-nginx-php7 --confirm

Let's oc import-image

その前にやることがあるみたいですが叩いてみます(笑)

[tak@centos76 ~]$ oc import-image my-bitnami/wordpress-nginx-php7 --from=registry.connect.redhat.com/bitnami/wordpress-nginx-php7 --confirm
error: tag latest failed: Internal error occurred: Get https://registry.connect.redhat.com/v2/bitnami/wordpress-nginx-php7/manifests/latest: unauthorized: Invalid username or password
imagestream.image.openshift.io/wordpress-nginx-php7 imported with errors

Name:			wordpress-nginx-php7
Namespace:		myproject
Created:		1 second ago
Labels:			<none>
Annotations:		openshift.io/image.dockerRepositoryCheck=2018-12-15T13:16:18Z
Docker Pull Spec:	172.30.1.1:5000/myproject/wordpress-nginx-php7
Image Lookup:		local=false
Unique Images:		0
Tags:			1

latest
  tagged from registry.connect.redhat.com/bitnami/wordpress-nginx-php7

  ! error: Import failed (InternalError): Internal error occurred: Get https://registry.connect.redhat.com/v2/bitnami/wordpress-nginx-php7/manifests/latest: unauthorized: Invalid username or password
      1 second ago

Invalid username or passwordだそうで、まぁそうですよね(笑)

認証情報の登録

This image requires registry authentication. See the following documentatiot to use this image with OpenShift.

そのドキュメントがこちら
Allowing Pods to Reference Images from Other Secured Registries

英語は正直言って苦手です(笑)

先ほど登録したRedHatの登録情報を<username>,<password>に入力します。

$ oc create secret docker-registry \
--docker-server=sso.redhat.com \
--docker-username=<username> \
--docker-password=<password> \
--docker-email=unused \
redhat-connect-sso

secret/redhat-connect-sso created


$ oc secrets link default redhat-connect-sso --for=pull
$ oc secrets link builder redhat-connect-sso

これでいいのかなぁ~!?
でもう一度気を取り直してoc import-image♪
結果はやっぱりInvalid username or passwordだそうで

Try agein, oc import-image

そもそもoc loginに指定すべきなのではと閃いたのですが…

$ oc login -u <username> -p <password>
[tak@centos76 ~]$ oc import-image my-bitnami/wordpress-nginx-php7 --from=registry.connect.redhat.com/bitnami/wordpress-nginx-php7 --confirm
Error from server (Forbidden): secrets is forbidden: User "<username>" cannot create secrets in the namespace "default": no RBAC policy matched

今度は<username>さんにdefaultのcreate権限が必要と言われていますね…。

RBAC policyの確認

Google先生に色々教わりながら権限まわりを確認します。

[tak@centos76 ~]$ eval $(minishift oc-env)
[tak@centos76 ~]$ oc login -u system -p admin
Login successful.

You don't have any projects. You can try to create a new project, by running

    oc new-project <projectname>
[tak@centos76 ~]$ oc get scc
No resources found.
Error from server (Forbidden): securitycontextconstraints.security.openshift.io is forbidden: User "system" cannot list securitycontextconstraints.security.openshift.io at the cluster scope: no RBAC policy matched

あれあれ?

[tak@centos76 ~]$ oc adm policy add-role-to-user cluster-admin <username>
Error from server (Forbidden): rolebindings.rbac.authorization.k8s.io is forbidden: User "system" cannot list rolebindings.rbac.authorization.k8s.io in the namespace "default": no RBAC policy matched

あれあれ?
sysytem:adminなのに権限がない(Forbidden)言われてます…

またInternetの広い海を捜索してると「minishiftで管理者権限を使う」の記事に出会いました。

Minishiftで、管理者権限を使うには「admin-user」というAdd-onを使う必要があるようです。

[tak@centos76 ~]$ minishift addons list
- admin-user                     : disabled	P(0)
- anyuid                         : disabled	P(0)
- che                            : disabled	P(0)
- htpasswd-identity-provider     : disabled	P(0)
- registry-route                 : disabled	P(0)
- xpaas	                         : disabled	P(0)
[tak@centos76 ~]$ minishift addons enable admin-user
Add-on 'admin-user' enabled
[tak@centos76 ~]$ minishift addons list
- admin-user                     : enabled	P(0)
- anyuid                         : disabled	P(0)
- che                            : disabled	P(0)
- htpasswd-identity-provider     : disabled	P(0)
- registry-route                 : disabled	P(0)
- xpaas	                         : disabled	P(0)

これで逝けるのかと思いきや、やっぱり同じ結果に…
「admin-user」というAdd-onについて更に捜索活動がいるようですね...。

改めてoc adm policy

[tak@centos76 ~]$ minishift stop
:
[tak@centos76 ~]$ minishift start
:
[tak@centos76 ~]$ eval $(minishift oc-env)
[tak@centos76 ~]$ oc adm policy add-cluster-role-to-user cluster-admin admin --as=system:admin
cluster role "cluster-admin" added: "admin"

おお。できましたね。
systemとかでログインする前に設定がいるみたいですね。

でも本当は<username>,<password>の人を追加する必要があります。

oc create user

ではではユーザを作成します。

[tak@centos76 ~]$ minishift stop
:
[tak@centos76 ~]$ minishift start
:
[tak@centos76 ~]$ eval $(minishift oc-env)
[tak@centos76 ~]$ oc create user <username>
Error from server (AlreadyExists): users.user.openshift.io "<username>" already exists

既に居ると言われていますね。先ほどoc loginしたから出来たのかな!?
ユーザが居るという事は、ロールさえ与えればOKそうなので試してみます。

[tak@centos76 ~]$ oc adm policy add-cluster-role-to-user cluster-admin admin --as=<username>
Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "<username>" cannot list clusterrolebindings.rbac.authorization.k8s.io at the cluster scope: no RBAC policy matched

[tak@centos76 ~]$ oc adm policy add-cluster-role-to-user cluster-admin admin --as=<username>:<password>
Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "<username>:<password>" cannot list clusterrolebindings.rbac.authorization.k8s.io at the cluster scope: no RBAC policy matched

[tak@centos76 ~]$ oc adm policy add-cluster-role-to-user cluster-admin admin --as=<username>:admin
Error from server (Forbidden): clusterrolebindings.rbac.authorization.k8s.io is forbidden: User "<username>:admin" cannot list clusterrolebindings.rbac.authorization.k8s.io at the cluster scope: no RBAC policy matched

何やっても駄目。
先にRBACに登録する必要があるっぽいですね。

create role

ではここを参考にロールを与えてみたいと思います。
Creating a User

[tak@centos76 ~]$ oc create clusterrolebinding registry-controller --clusterrole=cluster-admin --user=<username>
clusterrolebinding.rbac.authorization.k8s.io/registry-controller created
[tak@centos76 ~]$ oc adm policy add-cluster-role-to-user cluster-admin admin --as=<username>
cluster role "cluster-admin" added: "admin"
[tak@centos76 ~]$ oc login -u <username> -p <password>
Login successful.

You have access to the following projects and can switch between them with 'oc project <projectname>':

    default
    kube-dns
    kube-proxy
    kube-public
    kube-system
  * myproject
    openshift
    openshift-apiserver
    openshift-controller-manager
    openshift-core-operators
    openshift-infra
    openshift-node
    openshift-service-cert-signer
    openshift-web-console

Using project "myproject".

正常にロールが割り当てられて見えるProjectが増えてますね!
期待大(笑)

[tak@centos76 ~]$ oc import-image my-bitnami/wordpress-nginx-php7 --from=registry.connect.redhat.com/bitnami/wordpress-nginx-php7 --confirm
error: tag latest failed: Internal error occurred: Get https://registry.connect.redhat.com/v2/bitnami/wordpress-nginx-php7/manifests/latest: unauthorized: Invalid username or password
imagestream.image.openshift.io/wordpress-nginx-php7 imported with errors

Name:                   wordpress-nginx-php7
Namespace:              myproject
Created:                13 hours ago
Labels:                 <none>
Annotations:            openshift.io/image.dockerRepositoryCheck=2018-12-15T13:16:18Z
Docker Pull Spec:       172.30.1.1:5000/myproject/wordpress-nginx-php7
Image Lookup:           local=false
Unique Images:          0
Tags:                   1

latest
  tagged from registry.connect.redhat.com/bitnami/wordpress-nginx-php7

  ! error: Import failed (InternalError): Internal error occurred: Get https://registry.connect.redhat.com/v2/bitnami/wordpress-nginx-php7/manifests/latest: unauthorized: Invalid username or password
      13 hours ago

あれ...また再び捜索の旅へ

oc import-imageの再確認

まさかと思い、一応インポートコマンドのヘルプを確認
まぁユーザ指定なんてないよね…

[tak@centos76 ~]$ oc import-image --help
Import the latest image information from a tag in a Docker registry

Image streams allow you to control which images are rolled out to your builds and applications. This command fetches the
latest version of an image from a remote repository and updates the image stream tag if it does not match the previous
value. Running the command multiple times will not create duplicate entries. When importing an image, only the image
metadata is copied, not the image contents.

If you wish to change the image stream tag or provide more advanced options, see the 'tag' command.

Usage:
  oc import-image IMAGESTREAM[:TAG] [flags]

Examples:
  oc import-image mystream

Options:
      --all=false: If true, import all tags from the provided source on creation or if --from is specified
      --allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in
the template. Only applies to golang and jsonpath output formats.
      --confirm=false: If true, allow the image stream import location to be set or changed
      --dry-run=false: Fetch information about images without creating or updating an image stream.
      --from='': A Docker image repository to import images from
      --insecure=false: If true, allow importing from registries that have invalid HTTPS certificates or are hosted via
HTTP. This flag will take precedence over the insecure annotation.
  -o, --output='': Output format. One of:
json|yaml|name|templatefile|template|go-template|go-template-file|jsonpath|jsonpath-file.
      --reference-policy='source': Allow to request pullthrough for external image when set to 'local'. Defaults to
'source'.
      --scheduled=false: Set each imported Docker image to be periodically imported from a remote repository. Defaults
to false.
      --template='': Template string or path to template file to use when -o=go-template, -o=go-template-file. The
template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].

Use "oc options" for a list of global command-line options (applies to all commands).

projectをdefaultにしてみる

[tak@centos76 ~]$ oc login -u <username> -n default
Logged into "https://192.168.42.208:8443" as "<username>" using existing credentials.

You have access to the following projects and can switch between them with 'oc project <projectname>':

  * default
    kube-dns
    kube-proxy
    kube-public
    kube-system
    myproject
    openshift
    openshift-apiserver
    openshift-controller-manager
    openshift-core-operators
    openshift-infra
    openshift-node
    openshift-service-cert-signer
    openshift-web-console

Using project "default".

念のため確認してみたら…

[tak@centos76 ~]$ oc secrets link default redhat-connect-sso --for=pull
secret "redhat-connect-sso" not found
error: No valid secrets found

secretはproject単位なんですかねぇ~

[tak@centos76 ~]$ oc create secret docker-registry \
--docker-server=sso.redhat.com \
--docker-username=<username> \
--docker-password=<password> \
--docker-email=unused \
redhat-connect-sso

secret/redhat-connect-sso created

[tak@centos76 ~]$ oc secrets link default redhat-connect-sso --for=pull

再びimport-imageを試みるも同じ結果に

ocコマンドのログを詳細に

ocコマンドの引数に**--loglegel=#**を指定すると詳細なログが表示されます。

[tak@centos76 ~]$ oc import-image my-bitnami/wordpress-nginx-php7 --from=registry.connect.redhat.com/bitnami/wordpress-nginx-php7 --confirm  --loglevel=8
I1216 15:59:56.592474   12604 loader.go:359] Config loaded from file /home/tak/.kube/config
I1216 15:59:56.593645   12604 loader.go:359] Config loaded from file /home/tak/.kube/config
I1216 15:59:56.594571   12604 round_trippers.go:383] GET https://192.168.42.208:8443/apis/image.openshift.io/v1/namespaces/myproject/imagestreams/wordpress-nginx-php7
I1216 15:59:56.594587   12604 round_trippers.go:390] Request Headers:
I1216 15:59:56.594592   12604 round_trippers.go:393]     User-Agent: oc/v1.11.0+d4cacc0 (linux/amd64) kubernetes/d4cacc0
I1216 15:59:56.594597   12604 round_trippers.go:393]     Accept: application/json, */*
I1216 15:59:56.594602   12604 round_trippers.go:393]     Authorization: Bearer WGIzy-5ZSPXOsrwQOyW-bnlOY5gS*****uQXOraWZJg
I1216 15:59:56.623166   12604 round_trippers.go:408] Response Status: 200 OK in 28 milliseconds
I1216 15:59:56.623185   12604 round_trippers.go:411] Response Headers:
I1216 15:59:56.623191   12604 round_trippers.go:414]     Date: Sun, 16 Dec 2018 06:59:55 GMT
I1216 15:59:56.623195   12604 round_trippers.go:414]     Content-Length: 1119
I1216 15:59:56.623199   12604 round_trippers.go:414]     Cache-Control: no-store
I1216 15:59:56.623203   12604 round_trippers.go:414]     Cache-Control: no-store
I1216 15:59:56.623207   12604 round_trippers.go:414]     Content-Type: application/json
I1216 15:59:56.623243   12604 request.go:897] Response Body: {"kind":"ImageStream","apiVersion":"image.openshift.io/v1","metadata":{"name":"wordpress-nginx-php7","namespace":"myproject","selfLink":"/apis/image.openshift.io/v1/namespaces/myproject/imagestreams/wordpress-nginx-php7","uid":"9bf2f5b8-006b-11e9-****-5254003f4b86","resourceVersion":"47835","generation":1,"creationTimestamp":"2018-12-15T13:16:18Z","annotations":{"openshift.io/image.dockerRepositoryCheck":"2018-12-15T13:16:18Z"}},"spec":{"lookupPolicy":{"local":false},"tags":[{"name":"latest","annotations":null,"from":{"kind":"DockerImage","name":"registry.connect.redhat.com/bitnami/wordpress-nginx-php7"},"generation":1,"importPolicy":{},"referencePolicy":{"type":"Source"}}]},"status":{"dockerImageRepository":"172.30.1.1:5000/myproject/wordpress-nginx-php7","tags":[{"tag":"latest","items":null,"conditions":[{"type":"ImportSuccess","status":"False","lastTransitionTime":"2018-12-15T13:16:18Z","reason":"InternalError","message":"Internal error occurred: Get https://registry.connect.redhat.com/v2/bitnami/wordpress [truncated 95 chars]
I1216 15:59:56.625805   12604 request.go:897] Request Body: {"kind":"ImageStreamImport","apiVersion":"image.openshift.io/v1","metadata":{"name":"wordpress-nginx-php7","namespace":"myproject","resourceVersion":"47835","creationTimestamp":null},"spec":{"import":true,"images":[{"from":{"kind":"DockerImage","name":"registry.connect.redhat.com/bitnami/wordpress-nginx-php7"},"to":{"name":"latest"},"importPolicy":{},"referencePolicy":{"type":""}}]},"status":{}}
I1216 15:59:56.625864   12604 round_trippers.go:383] POST https://192.168.42.208:8443/apis/image.openshift.io/v1/namespaces/myproject/imagestreamimports
I1216 15:59:56.625871   12604 round_trippers.go:390] Request Headers:
I1216 15:59:56.625876   12604 round_trippers.go:393]     User-Agent: oc/v1.11.0+d4cacc0 (linux/amd64) kubernetes/d4cacc0
I1216 15:59:56.625881   12604 round_trippers.go:393]     Authorization: Bearer WGIzy-5ZSPXOsrwQOyW-bnlOY5gS*****uQXOraWZJg
I1216 15:59:56.625885   12604 round_trippers.go:393]     Accept: application/json, */*
I1216 15:59:56.625889   12604 round_trippers.go:393]     Content-Type: application/json
I1216 15:59:58.609344   12604 round_trippers.go:408] Response Status: 201 Created in 1983 milliseconds
I1216 15:59:58.609363   12604 round_trippers.go:411] Response Headers:
I1216 15:59:58.609369   12604 round_trippers.go:414]     Cache-Control: no-store
I1216 15:59:58.609374   12604 round_trippers.go:414]     Cache-Control: no-store
I1216 15:59:58.609378   12604 round_trippers.go:414]     Content-Type: application/json
I1216 15:59:58.609383   12604 round_trippers.go:414]     Date: Sun, 16 Dec 2018 06:59:57 GMT
I1216 15:59:58.609387   12604 round_trippers.go:414]     Content-Length: 1991
I1216 15:59:58.609417   12604 request.go:897] Response Body: {"kind":"ImageStreamImport","apiVersion":"image.openshift.io/v1","metadata":{"name":"wordpress-nginx-php7","namespace":"myproject","selfLink":"/apis/image.openshift.io/v1/namespaces/myproject/imagestreamimports/wordpress-nginx-php7","uid":"31bde307-0100-11e9-****-5254003f4b86","resourceVersion":"47835","creationTimestamp":"2018-12-16T06:59:55Z"},"spec":{"import":true,"images":[{"from":{"kind":"DockerImage","name":"registry.connect.redhat.com/bitnami/wordpress-nginx-php7"},"to":{"name":"latest"},"importPolicy":{},"referencePolicy":{"type":"Source"}}]},"status":{"import":{"metadata":{"name":"wordpress-nginx-php7","namespace":"myproject","uid":"9bf2f5b8-006b-****-95c5-5254003f4b86","resourceVersion":"47835","generation":1,"creationTimestamp":"2018-12-15T13:16:18Z","annotations":{"openshift.io/image.dockerRepositoryCheck":"2018-12-15T13:16:18Z"}},"spec":{"lookupPolicy":{"local":false},"tags":[{"name":"latest","annotations":null,"from":{"kind":"DockerImage","name":"registry.connect.redhat.com/bitnami/wordpress-ngi [truncated 967 chars]
error: tag latest failed: Internal error occurred: Get https://registry.connect.redhat.com/v2/bitnami/wordpress-nginx-php7/manifests/latest: unauthorized: Invalid username or password
imagestream.image.openshift.io/wordpress-nginx-php7 imported with errors

Name:                   wordpress-nginx-php7
Namespace:              myproject
Created:                18 hours ago
Labels:                 <none>
Annotations:            openshift.io/image.dockerRepositoryCheck=2018-12-15T13:16:18Z
Docker Pull Spec:       172.30.1.1:5000/myproject/wordpress-nginx-php7
Image Lookup:           local=false
Unique Images:          0
Tags:                   1

latest
  tagged from registry.connect.redhat.com/bitnami/wordpress-nginx-php7

  ! error: Import failed (InternalError): Internal error occurred: Get https://registry.connect.redhat.com/v2/bitnami/wordpress-nginx-php7/manifests/latest: unauthorized: Invalid username or password
      18 hours ago


最初にconfigを読み込んでいるようですね

Config loaded from file /home/tak/.kube/config

このファイルの中身を見てみましょうか。

/home/tak/.kube/config
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2akNDQWRLZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFtTVN...ElGSUNBVEUtLS0tLQo=
    server: https://192.168.42.208:8443
  name: 192-168-42-208:8443
contexts:
- context:
    cluster: 192-168-42-208:8443
    user: admin/192-168-42-208:8443
  name: /192-168-42-208:8443/admin
- context:
    cluster: 192-168-42-208:8443
    user: developer/192-168-42-208:8443
  name: /192-168-42-208:8443/developer
- context:
    cluster: 192-168-42-208:8443
    user: system/192-168-42-208:8443
  name: /192-168-42-208:8443/system
- context:
    cluster: 192-168-42-208:8443
    user: <username>/192-168-42-208:8443
  name: /192-168-42-208:8443/t.kitasuka@gmail.com
- context:
    cluster: 192-168-42-208:8443
    namespace: default
    user: developer/192-168-42-208:8443
  name: default/192-168-42-208:8443/developer
- context:
    cluster: 192-168-42-208:8443
    namespace: default
    user: <username>/192-168-42-208:8443
  name: default/192-168-42-208:8443/<username>
- context:
    cluster: 192-168-42-208:8443
    namespace: myproject
    user: developer/192-168-42-208:8443
  name: minishift
- context:
    cluster: 192-168-42-208:8443
    namespace: my-test
    user: developer/192-168-42-208:8443
  name: my-test/192-168-42-208:8443/developer
- context:
    cluster: 192-168-42-208:8443
    namespace: myproject
    user: developer/192-168-42-208:8443
  name: myproject/192-168-42-208:8443/developer
- context:
    cluster: 192-168-42-208:8443
    namespace: myproject
    user: system:admin/192-168-42-208:8443
  name: myproject/192-168-42-208:8443/system:admin
- context:
    cluster: 192-168-42-208:8443
    namespace: myproject
    user: <username>/192-168-42-208:8443
  name: myproject/192-168-42-208:8443/<username>
current-context: minishift
kind: Config
preferences: {}
users:
- name: admin/192-168-42-208:8443
  user:
    token: XUguyvrhXXNAY0P664****4p5h7ExmP9LCdQodk5BI
- name: developer/192-168-42-208:8443
  user:
    token: WGIzy-5ZSPXOsrwQOyW-bnlOY5gS*****uQXOraWZJg
- name: system/192-168-42-208:8443
  user:
    token: Fl5z6iAf6yZJPZhQPwlEMjj_*****nGLuhQ65eEpbBM
- name: system:admin/192-168-42-208:8443
  user:
    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lCQnpBTkJna3Foa2lHOXcwQkFRc0ZBREFtTVNRd0...1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
    client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcnBPdU41TEFhOG80bTB3NExrMkd2Q3FiK01icGVEcjZNbm...JTQSBQUklWQVRFIEtFWS0tLS0tCg==
- name: <username>/192-168-42-208:8443
  user:
    token: 0uCzN8ucDqk7FLxvirKsdccHCo*****NGMjcIor5y6g

どうやらdeveloperで繫ぎに行こうとしている様子
そりゃ認証通らないですよね...。

I1216 15:59:56.594602   12604 round_trippers.go:393]     Authorization: Bearer WGIzy-5ZSPXOsrwQOyW-bnlOY5gS_*****QXOraWZJg
- name: developer/192-168-42-208:8443
  user:
    token: WGIzy-5ZSPXOsrwQOyW-bnlOY5gS_*****QXOraWZJg

ユーザを切り替えて再チャレンジしてみます。

[tak@centos76 .kube]$ oc login -u <username> -p <password>
Login successful.

You have access to the following projects and can switch between them with 'oc project <projectname>':

    default
    kube-dns
    kube-proxy
    kube-public
    kube-system
  * myproject
    openshift
    openshift-apiserver
    openshift-controller-manager
    openshift-core-operators
    openshift-infra
    openshift-node
    openshift-service-cert-signer
    openshift-web-console

Using project "myproject".
[tak@centos76 .kube]$ oc import-image my-bitnami/wordpress-nginx-php7 --from=registry.connect.redhat.com/bitnami/wordpress-nginx-php7 --confirm  --loglevel=8
I1216 16:19:25.350164   12949 loader.go:359] Config loaded from file /home/tak/.kube/config
I1216 16:19:25.352231   12949 loader.go:359] Config loaded from file /home/tak/.kube/config
I1216 16:19:25.352778   12949 round_trippers.go:383] GET https://192.168.42.208:8443/apis/image.openshift.io/v1/namespaces/myproject/imagestreams/wordpress-nginx-php7
I1216 16:19:25.352795   12949 round_trippers.go:390] Request Headers:
I1216 16:19:25.352802   12949 round_trippers.go:393]     User-Agent: oc/v1.11.0+d4cacc0 (linux/amd64) kubernetes/d4cacc0
I1216 16:19:25.352808   12949 round_trippers.go:393]     Authorization: Bearer 5tPboiZURtis4rReQFqKHXqInJxMiIPW33PIcI6W5FY
I1216 16:19:25.352814   12949 round_trippers.go:393]     Accept: application/json, */*
I1216 16:19:25.378836   12949 round_trippers.go:408] Response Status: 200 OK in 26 milliseconds
I1216 16:19:25.378855   12949 round_trippers.go:411] Response Headers:
I1216 16:19:25.378861   12949 round_trippers.go:414]     Cache-Control: no-store
I1216 16:19:25.378866   12949 round_trippers.go:414]     Cache-Control: no-store
I1216 16:19:25.378870   12949 round_trippers.go:414]     Content-Type: application/json
I1216 16:19:25.378874   12949 round_trippers.go:414]     Date: Sun, 16 Dec 2018 07:19:24 GMT
I1216 16:19:25.378878   12949 round_trippers.go:414]     Content-Length: 1119
I1216 16:19:25.378921   12949 request.go:897] Response Body: {"kind":"ImageStream","apiVersion":"image.openshift.io/v1","metadata":{"name":"wordpress-nginx-php7","namespace":"myproject","selfLink":"/apis/image.openshift.io/v1/namespaces/myproject/imagestreams/wordpress-nginx-php7","uid":"9bf2f5b8-006b-11e9-****-5254003f4b86","resourceVersion":"47835","generation":1,"creationTimestamp":"2018-12-15T13:16:18Z","annotations":{"openshift.io/image.dockerRepositoryCheck":"2018-12-15T13:16:18Z"}},"spec":{"lookupPolicy":{"local":false},"tags":[{"name":"latest","annotations":null,"from":{"kind":"DockerImage","name":"registry.connect.redhat.com/bitnami/wordpress-nginx-php7"},"generation":1,"importPolicy":{},"referencePolicy":{"type":"Source"}}]},"status":{"dockerImageRepository":"172.30.1.1:5000/myproject/wordpress-nginx-php7","tags":[{"tag":"latest","items":null,"conditions":[{"type":"ImportSuccess","status":"False","lastTransitionTime":"2018-12-15T13:16:18Z","reason":"InternalError","message":"Internal error occurred: Get https://registry.connect.redhat.com/v2/bitnami/wordpress [truncated 95 chars]
I1216 16:19:25.380561   12949 request.go:897] Request Body: {"kind":"ImageStreamImport","apiVersion":"image.openshift.io/v1","metadata":{"name":"wordpress-nginx-php7","namespace":"myproject","resourceVersion":"47835","creationTimestamp":null},"spec":{"import":true,"images":[{"from":{"kind":"DockerImage","name":"registry.connect.redhat.com/bitnami/wordpress-nginx-php7"},"to":{"name":"latest"},"importPolicy":{},"referencePolicy":{"type":""}}]},"status":{}}
I1216 16:19:25.380616   12949 round_trippers.go:383] POST https://192.168.42.208:8443/apis/image.openshift.io/v1/namespaces/myproject/imagestreamimports
I1216 16:19:25.380623   12949 round_trippers.go:390] Request Headers:
I1216 16:19:25.380628   12949 round_trippers.go:393]     User-Agent: oc/v1.11.0+d4cacc0 (linux/amd64) kubernetes/d4cacc0
I1216 16:19:25.380633   12949 round_trippers.go:393]     Accept: application/json, */*
I1216 16:19:25.380637   12949 round_trippers.go:393]     Content-Type: application/json
I1216 16:19:25.380641   12949 round_trippers.go:393]     Authorization: Bearer 5tPboiZURtis4rReQFqKHXqInJxMiIPW*****I6W5FY
I1216 16:19:26.821434   12949 round_trippers.go:408] Response Status: 201 Created in 1440 milliseconds
I1216 16:19:26.821461   12949 round_trippers.go:411] Response Headers:
I1216 16:19:26.821470   12949 round_trippers.go:414]     Content-Length: 1991
I1216 16:19:26.821477   12949 round_trippers.go:414]     Cache-Control: no-store
I1216 16:19:26.821485   12949 round_trippers.go:414]     Cache-Control: no-store
I1216 16:19:26.821493   12949 round_trippers.go:414]     Content-Type: application/json
I1216 16:19:26.821500   12949 round_trippers.go:414]     Date: Sun, 16 Dec 2018 07:19:25 GMT
I1216 16:19:26.821575   12949 request.go:897] Response Body: {"kind":"ImageStreamImport","apiVersion":"image.openshift.io/v1","metadata":{"name":"wordpress-nginx-php7","namespace":"myproject","selfLink":"/apis/image.openshift.io/v1/namespaces/myproject/imagestreamimports/wordpress-nginx-php7","uid":"ea5c54be-0102-11e9-****-5254003f4b86","resourceVersion":"47835","creationTimestamp":"2018-12-16T07:19:24Z"},"spec":{"import":true,"images":[{"from":{"kind":"DockerImage","name":"registry.connect.redhat.com/bitnami/wordpress-nginx-php7"},"to":{"name":"latest"},"importPolicy":{},"referencePolicy":{"type":"Source"}}]},"status":{"import":{"metadata":{"name":"wordpress-nginx-php7","namespace":"myproject","uid":"9bf2f5b8-006b-****-95c5-5254003f4b86","resourceVersion":"47835","generation":1,"creationTimestamp":"2018-12-15T13:16:18Z","annotations":{"openshift.io/image.dockerRepositoryCheck":"2018-12-15T13:16:18Z"}},"spec":{"lookupPolicy":{"local":false},"tags":[{"name":"latest","annotations":null,"from":{"kind":"DockerImage","name":"registry.connect.redhat.com/bitnami/wordpress-ngi [truncated 967 chars]
error: tag latest failed: Internal error occurred: Get https://registry.connect.redhat.com/v2/bitnami/wordpress-nginx-php7/manifests/latest: unauthorized: Invalid username or password
imagestream.image.openshift.io/wordpress-nginx-php7 imported with errors

Name:                   wordpress-nginx-php7
Namespace:              myproject
Created:                18 hours ago
Labels:                 <none>
Annotations:            openshift.io/image.dockerRepositoryCheck=2018-12-15T13:16:18Z
Docker Pull Spec:       172.30.1.1:5000/myproject/wordpress-nginx-php7
Image Lookup:           local=false
Unique Images:          0
Tags:                   1

latest
  tagged from registry.connect.redhat.com/bitnami/wordpress-nginx-php7

  ! error: Import failed (InternalError): Internal error occurred: Get https://registry.connect.redhat.com/v2/bitnami/wordpress-nginx-php7/manifests/latest: unauthorized: Invalid username or password
      18 hours ago


今度はあれ…当てはまるユーザが居ない...ザワザワ
一体どの認証情報を持っていっているんでしょうかねぇ~

I1216 16:19:25.352808   12949 round_trippers.go:393]     Authorization: Bearer 5tPboiZURtis4rReQFqKHXqInJxMiIPW*****I6W5FY

脳内では↓になることを期待していたのですが…

- name: <username>/192-168-42-208:8443
  user:
    token: 0uCzN8ucDqk7FLxvirKsdccHCo*****NGMjcIor5y6g

もう一度ドキュメントを読んでみる

Allowing Pods to Reference Images from Other Secured Registries

The Red Hat Connect Partner Registry (registry.connect.redhat.com) does not accept the auto-generated dockercfg secret type (BZ#1476330). A generic file-based secret must be created using the generated file from a docker login command:

$ docker login registry.connect.redhat.com --username developer@example.com
Password: *************
Login Succeeded
$ oc create secret generic redhat-connect --from-file=.dockerconfigjson=.docker/config.json
$ oc secrets link default redhat-connect --for=pull


うんと。これってminishiftの場合どうやれば良いのでしょうか?
dockerコマンドと同一セッション内でocコマンド叩けないよね…( ;∀;)

```bash
[tak@centos76 ~]$ minishift ssh
Last login: Sun Dec 16 13:53:34 2018 from 192.168.42.1
[docker@minishift ~]$ docker login registry.connect.redhat.com --username <username>
Password:<password>
Login Succeeded
[docker@minishift ~]$ exit
logout
[tak@centos76 ~]$

logoutしちゃ逝けないし…

Red Hat Container CatalogのDocker Imageをインポートする

Catalogに載らない事を良しとするなら、以下の方法でDocker Imageを取得できますね。

[tak@centos76 ~]$ minishift ssh
Last login: Sun Dec 16 13:53:34 2018 from 192.168.42.1
[docker@minishift ~]$ docker login registry.connect.redhat.com --username <username>
Password:<password>
Login Succeeded

[docker@minishift ~]$ docker search registry.connect.redhat.com/wordpress
INDEX        NAME                                                        DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
redhat.com   registry.connect.redhat.com/bitnami/wordpress-apache-php5   This WordPress container solution is optim...   0
redhat.com   registry.connect.redhat.com/bitnami/wordpress-apache-php7   This WordPress container solution is optim...   0
redhat.com   registry.connect.redhat.com/bitnami/wordpress-nginx-php5    This WordPress container solution is optim...   0
redhat.com   registry.connect.redhat.com/bitnami/wordpress-nginx-php7    This WordPress container solution is optim...   0

[docker@minishift ~]$ docker pull registry.connect.redhat.com/bitnami/wordpress-nginx-php7
Using default tag: latest
Trying to pull repository registry.connect.redhat.com/bitnami/wordpress-nginx-php7 ...
latest: Pulling from registry.connect.redhat.com/bitnami/wordpress-nginx-php7
367d84554057: Pull complete
b82a357e4f15: Pull complete
c3a7f6001199: Pull complete
7cbe8a798dae: Pull complete
69d8459ca3d2: Pull complete
bf6f445ee07a: Pull complete
4b06aa1b81f5: Pull complete
bf7e66f8dff6: Pull complete
5cce36c95eec: Pull complete
e0bf5aceea70: Pull complete
19948d26ff48: Pull complete
eb8a429fe70d: Pull complete
d63ad058569e: Pull complete
f44baacf7cf7: Pull complete
7fdbc8026083: Pull complete
be782444a7ef: Pull complete
119b0de383d9: Pull complete
Digest: sha256:7f9bef9632f2a9a87ff4c02ded5080d4048418d26913d3dacfb9cf1c6612ae04
Status: Downloaded newer image for registry.connect.redhat.com/bitnami/wordpress-nginx-php7:latest
[docker@minishift ~]$ exit
[tak@centos76 ~]$ oc import-image my-bitnami/wordpress-nginx-php7 --from=registry.connect.redhat.com/bitnami/wordpress-nginx-php7 --confirm

これで良しとするかは置いといてイメージはRed Hat Container Catalogから取得できましたね
Docker Imageをビルドするのは此方を参照してください。

openshift namespaceへのインポート

minishiftのopenshift namesaceにイメージをインポートする

2
1
2

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
2
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?