1.18.2.8. 部署策略来部署断开连接的目录源

Catalogsource 策略推送到受管集群,将默认位置从连接的位置更改为您断开连接的本地 registry。

  1. 在 Red Hat Advanced Cluster Management 控制台中,选择 Infrastructure > Clusters
  2. 在集群列表中找到要接收策略的受管集群。
  3. 记录下受管集群 name 标签的值。标签格式为 name=managed-cluster-name。该值会在推送策略时使用。
  4. 在 Red Hat Advanced Cluster Management 控制台菜单中,选择 Governance > Create policy
  5. YAML 开关设置为 On 以查看策略的 YAML 版本。
  6. 删除 YAML 代码中的所有内容。

  7. 将以下 YAML 内容粘贴到窗口以创建自定义策略: 

    apiVersion: policy.open-cluster-management.io/v1
kind: Policy
metadata:
  name: policy-pod
  namespace: default
  annotations:
    policy.open-cluster-management.io/standards:
    policy.open-cluster-management.io/categories:
    policy.open-cluster-management.io/controls:
spec:
  disabled: false
  policy-templates:
    - objectDefinition:
        apiVersion: policy.open-cluster-management.io/v1
        kind: ConfigurationPolicy
        metadata:
          name: policy-pod-sample-nginx-pod
        spec:
          object-templates:
            - complianceType: musthave
              objectDefinition:
                apiVersion: v1
                kind: Pod
                metadata:
                  name: sample-nginx-pod
                  namespace: default
                status:
                  phase: Running
          remediationAction: inform
          severity: low
  remediationAction: enforce
---
apiVersion: policy.open-cluster-management.io/v1
kind: PlacementBinding
metadata:
  name: binding-policy-pod
  namespace: default
placementRef:
  name: placement-policy-pod
  kind: PlacementRule
  apiGroup: apps.open-cluster-management.io
subjects:
- name: policy-pod
  kind: Policy
  apiGroup: policy.open-cluster-management.io
---
apiVersion: apps.open-cluster-management.io/v1
kind: PlacementRule
metadata:
  name: placement-policy-pod
  namespace: default
spec:
  clusterConditions:
  - status: "True"
    type: ManagedClusterConditionAvailable
  clusterSelector:
    matchExpressions:
      []  # selects all clusters if not specified

  8. 在策略中添加以下内容: 

    apiVersion: config.openshift.io/vi
kind: OperatorHub
metadata:
 name: cluster
spec:
 disableAllDefaultSources: true

  9. 添加以下内容: 

    apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: my-operator-catalog
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: <registry_host_name>:<port>/olm/redhat-operators:v1
  displayName: My Operator Catalog
  publisher: grpc

    spec.image 值替换为本地受限目录源镜像的路径。

  10. 在 Red Hat Advanced Cluster Management 控制台导航中,选择 Infrastructure > Clusters 以检查受管集群的状态。应用策略时,集群状态为 ready