CI/CD
Red Hat OpenShift Service on AWS 4
包含有关 AWS 上的 Red Hat OpenShift Service 构建、管道和 GitOps 的信息
Red Hat OpenShift Documentation Team
摘要
CI/CD for Red Hat OpenShift Service on AWS。
第 1 章 Builds
1.1. 为构建设置其他可信证书颁发机构
在从镜像 registry 中拉取镜像时,参照以下部分设置构建可信任的额外证书颁发机构 (CA) 。
此流程要求集群管理员创建 ConfigMap,并在 ConfigMap 中添加额外的 CA 作为密钥。
-
ConfigMap必须在openshift-config命名空间中创建。 domain是ConfigMap中的键,value是 PEM 编码的证书。-
每个 CA 必须与某个域关联。域格式是
hostname[..port]。
-
每个 CA 必须与某个域关联。域格式是
-
ConfigMap名称必须在image.config.openshift.io/cluster集群范围配置资源的spec.additionalTrustedCA字段中设置。
1.1.1. 在集群中添加证书颁发机构
您可以按照以下流程将证书颁发机构 (CA) 添加到集群,以便在推送和拉取镜像时使用。
先决条件
- 您必须具有集群管理员特权。
-
您必须有权访问 registry 的公共证书,通常是位于
/etc/docker/certs.d/目录中的hostname/ca.crt文件。
流程
在
openshift-config命名空间中创建一个ConfigMap,其中包含使用自签名证书的 registry 的可信证书。对于每个 CA 文件,确保ConfigMap中的键是hostname[..port]格式的容器镜像仓库的主机名:$ oc create configmap registry-cas -n openshift-config \ --from-file=myregistry.corp.com..5000=/etc/docker/certs.d/myregistry.corp.com:5000/ca.crt \ --from-file=otherregistry.com=/etc/docker/certs.d/otherregistry.com/ca.crt
更新集群镜像配置:
$ oc patch image.config.openshift.io/cluster --patch '{"spec":{"additionalTrustedCA":{"name":"registry-cas"}}}' --type=merge
1.1.2. 其他资源
法律通告
Copyright © 2024 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
