《OpenShift 4.x HOL教程汇总》
本文在 OpenShift4.9 环境中进行验证。
安装客户端环境
安装客户端工具
以下命令是针对 RHEL 8.4 的客户端环境。
$ sudo dnf install podman podman-docker
$ sudo dnf install git
$ sudo dnf install procps-ng
$ curl -O https://github.com/mikefarah/yq/releases/download/2.4.1/yq_linux_amd64
$ curl -O https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64
安装Ansible环境和模块
$ sudo dnf install ansible python3
$ sudo pip3 install kubernetes jmespath --user
$ sudo pip3 install openshift pyyaml --user
$ ansible-galaxy collection install cloud.common
$ ansible-galaxy collection install kubernetes.core
Process install dependency map
Starting collection install process
Installing 'kubernetes.core:2.2.2' to '/home/lab-user/.ansible/collections/ansible_collections/kubernetes/core'
RHACS 控制台功能演示应用
- 下载Ansible脚本
$ git clone https://github.com/rcarrata/rhacs-demo
$ cd rhacs-demo
- 根据 Ansible Role 部署 OpenShift 演示应用。
$ ACS_PASSWORD=$(oc -n stackrox get secret central-htpasswd -o go-template='{
{index .data "password" | base64decode}}')
$ ansible-playbook rhacs-demo.yaml -e ocp4_workload_stackrox_central_admin_password=${ACS_PASSWORD}
。。。
TASK [ocp4_workload_stackrox_demo_apps : post_workload tasks complete] *********************************************************************************************
ok: [localhost] => {
"msg": "Post-Workload Tasks completed successfully."
}
TASK [ocp4_workload_stackrox_demo_apps : Running Workload removal Tasks] *******************************************************************************************
skipping: [localhost]
PLAY RECAP *********************************************************************************************************************************************************
localhost : ok=43 changed=3 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
- 运行容器应用(可选)。
$ oc new-project test
$ oc run shell --labels=app=shellshock,team=test-team --image=vulnerables/cve-2014-6271 -n test
pod/shell created
$ oc run samba --labels=app=rce --image=vulnerables/cve-2017-7494 -n test
pod/samba created