RHCA之路—EX280(6)
1. 题目
Create an application greeter in the project samples
which uses the Docker image registry.lab.example.com/openshift/hello-openshift
so that it is reachable at the following address only: https://greeter.apps.lab.example.com
(Note you can use the script http://materials.example.com/exam280/gencert.sh to generate the necessary certificate files.)
2. 解题
2.1 切换项目
[root@master farm]# oc project samples
Now using project "samples" on server "https://master.lab.example.com".
[root@master farm]# mkdir ~/samples
[root@master farm]# cd ~/samples
[root@master samples]# oc projects
You have access to the following projects and can switch between them with 'oc project <projectname>':
default
ditto
farm
kube-public
kube-service-catalog
kube-system
logging
management-infra
openshift
openshift-ansible-service-broker
openshift-infra
openshift-node
openshift-template-service-broker
openshift-web-console
rome
* samples
shrimp
Using project "samples" on server "https://master.lab.example.com".
2.2 创建app
[root@master samples]# oc new-app --docker-image=registry.lab.example.com/openshift/hello-openshift --name=greeter
--> Found Docker image 7af3297 (5 years old) from registry.lab.example.com for "registry.lab.example.com/openshift/hello-openshift"
* An image stream will be created as "greeter:latest" that will track this image
* This image will be deployed in deployment config "greeter"
* Ports 8080/tcp, 8888/tcp will be load balanced by service "greeter"
* Other containers can access this service through the hostname "greeter"
--> Creating resources ...
imagestream "greeter" created
deploymentconfig "greeter" created
service "greeter" created
--> Success
Application is not exposed. You can expose services to the outside world by executing one or more of the commands below:
'oc expose svc/greeter'
Run 'oc status' to view your app.
2.3 准备https配置文件
[root@master samples]# wget http://materials.example.com/exam280/gencert.sh
--2023-09-04 16:07:54-- http://materials.example.com/exam280/gencert.sh
Resolving materials.example.com (materials.example.com)... 172.25.254.254
Connecting to materials.example.com (materials.example.com)|172.25.254.254|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 338 [application/x-sh]
Saving to: ‘gencert.sh’
100%[===========================================================================================================>] 338 --.-K/s in 0s
2023-09-04 16:07:54 (56.9 MB/s) - ‘gencert.sh’ saved [338/338]
[root@master samples]# chmod +x gencert.sh
[root@master samples]# ./gencert.sh greeter.apps.lab.example.com
Generating a private key...
Generating RSA private key, 2048 bit long modulus
..............+++
............+++
e is 65537 (0x10001)
Generating a CSR...
Generating a certificate...
Signature ok
subject=/C=US/ST=NC/L=Raleigh/O=RedHat/OU=RHT/CN=greeter.apps.lab.example.com
Getting Private key
DONE.
2.4 配置https路由
[root@master samples]# oc create route edge --service=greeter \
--hostname=greeter.apps.lab.example.com \
--key=greeter.apps.lab.example.com.key \
--cert=greeter.apps.lab.example.com.crt
route "greeter" created
3. 确认
[root@master samples]# curl -k https://greeter.apps.lab.example.com
Hello OpenShift!