OCP4版本安裝(虛擬機安裝版):
1. 服務器准備:
1.1 准備7台服務器,每台服務器的規划如下:
bastion:1台,centos系統
192.168.145.181,安裝必要的輔助工具,如DNS、HTTP、LB、HARBOR等
bootstrap:1台,無需事先安裝系統,在安裝OCP4的過程中,通過iso鏡像安裝
192.168.145.182,安裝引導節點,會臨時創建一個K8S集群,負責引導OCP集群的安裝,等OCP安裝完成后,此節點可以刪除
master:3台,無需事先安裝系統,在安裝OCP4的過程中,通過iso鏡像安裝
192.168.145.183
192.168.145.184
192.168.145.185
worker:2台,無需事先安裝系統,在安裝OCP4的過程中,通過iso鏡像安裝
192.168.145.186
192.168.145.187
1.2 修改bastion的機器主機名(示例:bastion.ocp4.liufeng.cc)
2. LB、DNS、HARBOR、HTTP的准備。本篇是所有服務均安裝在bastion機器上,資源允許的話,也可以安裝在不同的機器上。
2.1 准備LB,使用haproxy實現
2.1.1 安裝haproxy
# yum install haproxy
2.1.2 配置負載均衡器,把如下配置追加到haproxy.cfg文件后面。
frontend openshift-api-server
bind *:6443
default_backend openshift-api-server
mode tcp
option tcplog
backend openshift-api-server
balance source
mode tcp
server bootstrap 192.168.145.182:6443 check
server master1 192.168.145.183:6443 check
server master2 192.168.145.184:6443 check
server master3 192.168.145.185:6443 check
frontend machine-config-server
bind *:22623
default_backend machine-config-server
mode tcp
option tcplog
backend machine-config-server
balance source
mode tcp
server bootstrap 192.168.145.182:22623 check
server master1 192.168.145.183:22623 check
server master2 192.168.145.184:22623 check
server master3 192.168.145.185:22623 check
2.1.3 啟動haproxy並設置開機啟動
# systemctl start haproxy
# systemctl enable haproxy
# systemctl status haproxy
如果haproxy沒有啟動,運行下面的命令后,再次啟動haproxy
# setsebool -P haproxy_connect_any=1
2.1.4 開通防火牆以便可以訪問到
# firewall-cmd --add-port=6443/tcp --permanent
# firewall-cmd --add-port=22623/tcp --permanent
# firewall-cmd --reload
# firewall-cmd --list-all
2.2 准備DNS,使用dnsmasq實現
2.2.1 安裝dnsmasq
# yum install dnsmasq
2.2.2 配置dns解析
# ocp4 node
address=/master1.ocp4.liufeng.cc/192.168.145.183
address=/master2.ocp4.liufeng.cc/192.168.145.184
address=/master3.ocp4.liufeng.cc/192.168.145.185
address=/worker1.ocp4.liufeng.cc/192.168.145.186
address=/worker2.ocp4.liufeng.cc/192.168.145.187
# etcd
address=/etcd-0.ocp4.liufeng.cc/192.168.145.183
address=/etcd-1.ocp4.liufeng.cc/192.168.145.184
address=/etcd-2.ocp4.liufeng.cc/192.168.145.185
# etcd srv
# <name>,<target>,<port>,<priority>,<weight>
srv-host=_etcd-server-ssl._tcp.ocp4.liufeng.cc,etcd-0.ocp4.liufeng.cc,2380,0,10
srv-host=_etcd-server-ssl._tcp.ocp4.liufeng.cc,etcd-1.ocp4.liufeng.cc,2380,0,10
srv-host=_etcd-server-ssl._tcp.ocp4.liufeng.cc,etcd-2.ocp4.liufeng.cc,2380,0,10
# lb
address=/.ocp4.liufeng.cc/192.168.145.186
address=/api.ocp4.liufeng.cc/192.168.145.181
address=/api-int.ocp4.liufeng.cc/192.168.145.181
# other
address=/bootstrap.ocp4.liufeng.cc/192.168.145.182
address=/bastion.ocp4.liufeng.cc/192.168.145.181
address=/harbor.ocp4.liufeng.cc/192.168.145.181
2.2.3 啟動dnsmasq並設置開機自啟
# systemctl start dnsmasq
# systemctl enable dnsmasq
2.2.4 防火牆及設定
# firewall-cmd --add-port=53/tcp --permanent
# firewall-cmd --add-port=53/udp --permanent
# firewall-cmd --reload
# firewall-cmd --list-all
2.2.5 驗證dns是否生效,例如:
# dig +short -t A etcd-0.ocp4.liufeng.cc @192.168.145.181
# dig +short -t SRV _etcd-server-ssl._tcp.ocp4.liufeng.cc @192.168.145.181
如果沒有dig命令,請使用如下命令安裝
# yum install bind-utils
2.3 Harbor、http服務器的准備
2.3.1 Harbor的安裝,使用https訪問,http的訪問留着給http服務器使用。
見Harbor安裝文檔 2.3.2 Harbor安裝完成之后,就使用Harbor自帶的nginx作為http服務器。
2.3.2.1 修改docker-compose.yml文件,proxy的volumes部分,就是加一個映射(這里是把主機的/home/www目錄映射成nginx容器的/var/www/html目錄):
proxy:
image: goharbor/nginx-photon:v2.1.3
container_name: nginx
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- ./common/config/nginx:/etc/nginx:z
- /home/harbor/data/secret/cert:/etc/cert:z
- /home/www:/var/www/html:z
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
dns_search: .
ports:
- 80:8080
- 443:8443
depends_on:
- registry
- core
- portal
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://127.0.0.1:1514"
tag: "proxy"
2.3.2.2 修改nginx.conf
在harbor目錄中尋找到nginx的配置文件:common/config/nginx/nginx.conf
修改如下server段,注釋掉308跳轉,並加一個root目錄
server {
listen 8080;
#server_name harbordomain.com;
#return 308 https://$host:443$request_uri;
root /var/www/html;
}
2.3.2.3 開通防火牆並驗證harbor與nginx是否正常
# firewall-cmd --add-port=443/tcp --permanent
# firewall-cmd --add-port=80/tcp --permanent
# firewall-cmd --reload
# docker-compose down
# docker-compose up -d
# systemctl enable docker
3. 同步ocp4的鏡像
3.1 安裝同步工具,也就是oc客戶端
# wget https://mirror.openshift.com/pub/openshift-v4/clients/oc/latest/linux/oc.tar.gz
# tar xvf oc.tar.gz
# mv kubectl oc /usr/local/bin/
3.2 創建pull-secret.json
3.2.1 創建私有倉庫的secret信息
# echo -n 'admin:Harbor12345' | base64 -w0 //對harbor登錄信息進行base64加密,示例:YWRtaW46SGFyYm9yMTIzNDU=
3.2.2 從官網下載pull-secret,地址:https://cloud.redhat.com/openshift/install/pull-secret,下載是一個txt文件,需要轉換為json文件。
# cat pull-secret.txt | jq . > pull-secret.json
如果沒有jq命令,請安裝(需要epel源)
# yum install jq
3.2.3 合並pull-secret.json文件
把上面的私有倉庫的信息也添加到pull-secret.json中。下載此文件似乎要redhat的賬號,那就注冊一個吧!免費的。其實如果安裝openshift社區版okd的話,可以不用下載,以后再表。
合並后的json文件類似如下:
{
"auths": {
"harbor.ocp4.liufeng.cc": {
"auth": "YWRtaW46SGFyYm9yMTIzNDU=",
"email": ""
},
"cloud.openshift.com": {
"auth": "b3BlbnNoaWZ0LXJlbGVhc2UtZGV2K29jbV9hY2Nlc3NfYTdmNGQ1MjZiMGVlNDkwNzk2MmViZWRiZTE1ZjEwNTI6SVVFSExFTk9SNVdQVVc4QldUT1k2VVlSMlc2V0xMQTQwNDA5UTRJRzNBRDRHS0lXR0NGTzJaN0dXOTJTMzIzMg==",
"email": "lf_30y@163.com"
},
……
}
}
3.3 拉取鏡像
先在私有倉庫建一個名為“openshift”的倉庫(如下的openshift/ocp4.7,后面的ocp4.7就不需要手動創建了,會自動創建)。
# export LOCAL_REGISTRY='harbor.ocp4.liufeng.cc'
# export LOCAL_REPOSITORY='openshift/ocp4.7'
# export PRODUCT_REPO='openshift-release-dev'
# export RELEASE_NAME='ocp-release'
# export OCP_RELEASE='4.7.0-fc.4'
# export ARCHITECTURE='x86_64'
# export LOCAL_SECRET_JSON='/root/pull-secret.json'
# export GODEBUG='x509ignoreCN=0'
# oc adm release mirror -a ${LOCAL_SECRET_JSON} --from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-${ARCHITECTURE} --to=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY} --to-release-image=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE}-${ARCHITECTURE}
ocp: https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags
okd: https://quay.io/repository/openshift/okd?tab=tags
這兩個地址是同步鏡像的源倉庫,對照oc adm release mirror命令,可以推出上述幾個export的變量的值,同步完成之后,會顯示類似下面的信息,請保存下來,后面要用到。
Success
Update image: harbor.ocp4.liufeng.cc/openshift/ocp4.7:4.7.0-fc.4-x86_64
Mirror prefix: harbor.ocp4.liufeng.cc/openshift/ocp4.7
To use the new mirrored repository to install, add the following section to the install-config.yaml:
imageContentSources:
- mirrors:
- harbor.ocp4.liufeng.cc/openshift/ocp4.7
source: quay.io/openshift-release-dev/ocp-release
- mirrors:
- harbor.ocp4.liufeng.cc/openshift/ocp4.7
source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
To use the new mirrored repository for upgrades, use the following to create an ImageContentSourcePolicy:
apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata:
name: example
spec:
repositoryDigestMirrors:
- mirrors:
- harbor.ocp4.liufeng.cc/openshift/ocp4.7
source: quay.io/openshift-release-dev/ocp-release
- mirrors:
- harbor.ocp4.liufeng.cc/openshift/ocp4.7
source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
3.4 查看同步結果:
# curl -s -u admin:Harbor12345 -k https://harbor.ocp4.liufeng.cc/v2/openshift/ocp4.7/tags/list|jq .
4. 生成openshift-install安裝文件
# oc adm release extract -a ${LOCAL_SECRET_JSON} --command=openshift-install "${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE}-${ARCHITECTURE}" [--skip-verification=true --insecure=true]
因為要校驗一致性,所以不要使用下載的openshift-install,而是用上面的命令會生成openshift-install文件,生成后的openshift-install文件拷貝到path路徑下。
5. 准備安裝文件
5.1 因為coreos的默認用戶是core,所以要准備core用戶的ssh key
# ssh-keygen -t rsa -b 4096 -N '' -f ~/.ssh/core_rsa
# eval "$(ssh-agent -s)"
# ssh-add ~/.ssh/core_rsa
5.2 准備install-config.yaml文件
# mkdir -pv ~/ocp4/ocp4install
# cd ~/ocp4/ocp4install
准備一個干凈的空的文件夾(例如ocp4-install),在這個文件夾內創建install-config.yaml文件,詳細內容見后面的:install-config.yaml
5.2.1 metadata.name + baseDomain 即為集群名稱
5.2.2 compute.replicas 設置為0
5.2.3 pullSecret 之前拉取用的json文件再轉換成txt的格式即可
5.2.4 sshKey 為將來要ssh到集群所用的pub文件,即上面生成的core_rsa.pub文件
5.2.5 additionalTrustBundle 為前一步驟安裝harbor時本地生成的crt文件,注意縮進2格
5.2.6 imageContentSources 為同步私服鏡像后,最后生成出來的內容
5.3 生成ign文件
首先備份install-config.yaml文件,因為使用下面的命令會刪除掉install-config.yaml。
# openshift-install create manifests --dir=/root/ocp4/ocp4install
# openshift-install create ignition-configs --dir=/root/ocp4/ocp4install
最終ocp4install文件夾生成如下文件:
.
├── auth
│ ├── kubeadmin-password
│ └── kubeconfig
├── bootstrap.ign
├── master.ign
├── metadata.json
└── worker.ign
【注意:從生成這個文件開始,24小時內必須完成ocp集群的安裝!!!】
5.4 上傳文件到http服務器
把上述生成的.ign文件上傳,讓其可以通過http訪問到。
# cd ~/ocp4/ocp4install
# cp *.ign /home/www/
# chmod +r /home/www/*.ign
6. 創建rhcos鏡像 6.1 RHCOS鏡像下載地址:https://mirror.openshift.com/pub/openshift-v4/dependencies/rhcos/4.6/latest/,如果可用,請使用與 OpenShift Container Platform 版本匹配的鏡像版本。沒有的話,下載最高版本的鏡像,其版本號應小於或等於您安裝的 OpenShift Container Platform 版本。iso文件名類似:rhcos-<version>-live.<architecture>.iso
6.2 用虛擬機啟動下載的rhcos的iso,再引導啟動前按Tab,加入啟動參數:
rd.neednet=1 ip=192.168.145.182::192.168.145.254:255.255.255.0:bootstrap.ocp4.liufeng.cc:eth0:none nameserver=192.168.145.181 coreos.inst.install_dev=/dev/xvda coreos.inst.ignition_url=http://192.168.145.181/bootstrap.ign
6.2.1 rd.neednet=1,需要網絡信息
6.2.2 ip=,后面的格式是“IP地址::網關:子網掩碼:完整主機名:網卡:none
6.2.3 nameserver=,DNS服務器地址,可以添加多個
6.2.4 coreos.inst.install_dev=,安裝到本地哪個磁盤
6.2.5 coreos.inst.ignition_url=,ign文件的url,有三種ign文件bootstrap、master、worker,注意區分
7. 調試
7.1 在bastion節點上,執行如下命令查看進度:
# openshift-install --dir=/root/ocp4/ocp4install wait-for bootstrap-complete --log-level=debug
# openshift-install --dir=/root/ocp4/ocp4install wait-for install-complete --log-level=debug
7.2 在bastion節點上,使用oc命令:
沒有意外的話,執行下面的命令,可執行oc
# export KUBECONFIG=/root/ocp4/ocp4install/auth/kubeconfig
# oc get nodes
# oc get ns
# oc get pods --all-namespaces
8. oc的補全命令:
# yum install bash-completion
# oc completion bash > ~/.kube/completion.bash.inc
在~/.bash_profile里添加:source '/root/.kube/completion.bash.inc'
9. 創建用戶(使用htpasswd)
9.1 創建htpass-secret
# htpasswd -c -B -b users.htpasswd admin liufeng.cc0021 //第一個用戶
# htpasswd -b -B users.htpasswd liufeng 8888.8888 //添加后續用戶
# oc create secret generic htpass-secret --from-file=htpasswd=</path/to/users.htpasswd> -n openshift-config
9.2 創建HTPasswd CR,新建一個文件(假設為htpasswd-cr.yaml),保存如下yaml:
apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
name: cluster
spec:
identityProviders:
- name: my_htpasswd_provider
mappingMethod: claim
type: HTPasswd
htpasswd:
fileData:
name: htpass-secret
9.3 應用HTPasswd CR及授權
# oc apply -f htpasswd-cr.yaml
# oc adm policy add-cluster-role-to-user cluster-admin admin
9.4 登錄集群
# oc login -u <username>
# oc whoami
install-config.yaml內容如下(請注意格式與縮進):
apiVersion: v1
baseDomain: liufeng.cc
compute:
- hyperthreading: Enabled
name: worker
replicas: 0
controlPlane:
hyperthreading: Enabled
name: master
replicas: 3
metadata:
name: ocp4
networking:
clusterNetwork:
- cidr: 10.128.0.0/14
hostPrefix: 23
networkType: OpenShiftSDN
serviceNetwork:
- 172.30.0.0/16
platform:
none: {}
fips: false
pullSecret: '{"auths":{"harbor.ocp4.liufeng.cc":{"auth":"YWRtaW46SGFyYm9yMTIzNDU=","email":""},"quay.io":{"auth":"b3BlbnNoaWZ0LXJlbGVhc2UtZGV2K29jbV9hY2Nlc3NfYTdmNGQ1MjZiMGVlNDkwNzk2MmViZWRiZTE1ZjEwNTI6SVVFSExFTk9SNVdQVVc4QldUT1k2VVlSMlc2V0xMQTQwNDA5UTRJRzNBRDRHS0lXR0NGTzJaN0dXOTJTMzIzMg==","email":"lf_30y@163.com"},"registry.connect.redhat.com":{"auth":"NTMyMTk5MTJ8dWhjLTFmUXpOTjRWWHhaQ29OT0ZpR2QyOGVvYW9YSDpleUpoYkdjaU9pSlNVelV4TWlKOS5leUp6ZFdJaU9pSXlNVEkyTm1Kak4ySTJZamswTTJFd1lXRTVNVEl4TXpaa1kyUmhaVEl6TXlKOS53WHptUDhZT0ZPelh2TzQ5RXNCMlA3Q0VDc3ktRFctWG5CcWtTMXc5MkJSWU0wSzU1RDhHS3FwLW1VOFRMUk5Fa01Ja3dRWE5fRkdSY1Q3eEtqd2Z2SDVLTVNjVkpCdUpYSmtoS1gtdjEwRmZ6ZXF6U2tOZ2FsUFM4VnpXWi1WRG9iaXViQWtjSEYyeXotLUVGUVpGeEktbXZkYklZTkt5dXZSVkZQUW56cUJ5Q0s2d0pRMXI2MWRFRUxyRnU3a25lVFlZSU9wWXR0V21QTG5rU21FUjNrei14S2FGcG4zZFFhMG9rUUVDZlFHRVBVbFlvNkZqSTk3R3Z1Uk9NTmFqckxwUE1GSV9QZ21oeGd2OHFqVHg3M0hsOE9rWFlOSkRCSUMwN1dNcWN4ZHBfM3ZhMmRVdm5JUUo4X2o0OGt0dFpScTNVQWZMMkVRUXpQMDZIanJWVlgyWTZkWEhYVWRHWFZPem9JckVLcHBTQTBDRExCM1dkOUU1YVpHRmF5a21YOTZOSmdWWnB5enVDcW54WWZIWWM3WDliLXl2UkdCSGtrNzdxdTBJNGowa2JqUWZvelJNS0VVcUo0VFgtVUtNX3ZqLUE5b09Tek04bWJEa3JOWEFMM0NzOHFGc2ZBRTVPUDFYdlIyRDRDck81eWdEZzVVMks2dHYyajktRlE3Zmx1eTg4b0ZWUEZybG5IbTNNX1I2ZXBocXFZZVZSME1hMEN6bHNUZzJLUjBRSHZvN3ZvaWRsaG1NcHdFWkJWalJPR3p0a1FPcUdqdnZMc0ZxZWpsOGRsb3I1MFFtUFltd2E0aTFrdU5wY0l5ZzhZeGU3ODFhYUtMbjFldzZXVC1veWtTbjhNaF9RYWM2SHExdkpDTWcyM1BDVzU2M1VNV3FhU2ZRbnhhWFdxTQ==","email":"lf_30y@163.com"},"registry.redhat.io":{"auth":"NTMyMTk5MTJ8dWhjLTFmUXpOTjRWWHhaQ29OT0ZpR2QyOGVvYW9YSDpleUpoYkdjaU9pSlNVelV4TWlKOS5leUp6ZFdJaU9pSXlNVEkyTm1Kak4ySTJZamswTTJFd1lXRTVNVEl4TXpaa1kyUmhaVEl6TXlKOS53WHptUDhZT0ZPelh2TzQ5RXNCMlA3Q0VDc3ktRFctWG5CcWtTMXc5MkJSWU0wSzU1RDhHS3FwLW1VOFRMUk5Fa01Ja3dRWE5fRkdSY1Q3eEtqd2Z2SDVLTVNjVkpCdUpYSmtoS1gtdjEwRmZ6ZXF6U2tOZ2FsUFM4VnpXWi1WRG9iaXViQWtjSEYyeXotLUVGUVpGeEktbXZkYklZTkt5dXZSVkZQUW56cUJ5Q0s2d0pRMXI2MWRFRUxyRnU3a25lVFlZSU9wWXR0V21QTG5rU21FUjNrei14S2FGcG4zZFFhMG9rUUVDZlFHRVBVbFlvNkZqSTk3R3Z1Uk9NTmFqckxwUE1GSV9QZ21oeGd2OHFqVHg3M0hsOE9rWFlOSkRCSUMwN1dNcWN4ZHBfM3ZhMmRVdm5JUUo4X2o0OGt0dFpScTNVQWZMMkVRUXpQMDZIanJWVlgyWTZkWEhYVWRHWFZPem9JckVLcHBTQTBDRExCM1dkOUU1YVpHRmF5a21YOTZOSmdWWnB5enVDcW54WWZIWWM3WDliLXl2UkdCSGtrNzdxdTBJNGowa2JqUWZvelJNS0VVcUo0VFgtVUtNX3ZqLUE5b09Tek04bWJEa3JOWEFMM0NzOHFGc2ZBRTVPUDFYdlIyRDRDck81eWdEZzVVMks2dHYyajktRlE3Zmx1eTg4b0ZWUEZybG5IbTNNX1I2ZXBocXFZZVZSME1hMEN6bHNUZzJLUjBRSHZvN3ZvaWRsaG1NcHdFWkJWalJPR3p0a1FPcUdqdnZMc0ZxZWpsOGRsb3I1MFFtUFltd2E0aTFrdU5wY0l5ZzhZeGU3ODFhYUtMbjFldzZXVC1veWtTbjhNaF9RYWM2SHExdkpDTWcyM1BDVzU2M1VNV3FhU2ZRbnhhWFdxTQ==","email":"lf_30y@163.com"}}}'
sshKey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3Aav1hMwvu6tQUtAy9VVrot8HBgQ7fQ8uZlw5GvPnts31BLrEha4UvbXbZAF1eACcwYhKRIEDz9VAt63WiGX3FqgMO3l5E5Ekk5V8GQBbSf0TezNLYTiPEvZV7JDNlsF2vAhGyHrYmnElJriVxZn3KzwqeIz9l2aOXHi1o/t0FD4P6FbAjT3xB1x+EX5aaAeRT5uiIiPzW6MljZOoyyApriO6FsrblIiksx4MZazp63ubB20IKYh54Cg7TIzQ5XkR8DCXPcZ1Jm2+XnRyQaN9ydJf9hwTivCGLesnHDBTkZ/wolh3hAMlHg1wlvAwYhRC+Ukc+Ewqit/Z5MkRCDHqYFUJVJwrLZQElBpBmjMKLBKXj1lo1CplF77ubqutl+hs46UIu+Hc+elqdDxn03TOsBouuJVwuvCU1IaPUeLtkz0LxaAykpVog/5NopPNVWVB5htkyqTeONfEFeeUL6/Af8Pn7ARd6giLmuTggG8lCxWYnN+Y48pmc3adG8NavsjKfEuhFzbgMu7t3DF6Aqz3emxGaUfJ5pE8vNVjisP4ufOwTYvjckO1adui1XLAx6i0CDrQO17nyK3lrRQLeySZlQmg2elI2OaPqBLVfBQBuWGI6ECPAmBdjJ/9BcsPlboXOkan1UmJpeFBcAkiClO0kozz3NUvmkoXXxzjULqa3w== root@bastion.ocp4.baison.cc'
additionalTrustBundle: |
-----BEGIN CERTIFICATE-----
MIIFtzCCA5+gAwIBAgIJAJo2D89dAHnlMA0GCSqGSIb3DQEBCwUAMHExCzAJBgNV
BAYTAkNOMREwDwYDVQQIDAhTaGFuZ2hhaTERMA8GA1UEBwwIU2hhbmdoYWkxDzAN
BgNVBAoMBkJhaXNvbjELMAkGA1UECwwCaXQxHjAcBgNVBAMMFWhhcmJvci5vY3A0
LmJhaXNvbi5jYzAgFw0yMTAxMzAxMTM2NDhaGA8yMTIxMDEwNjExMzY0OFowcTEL
MAkGA1UEBhMCQ04xETAPBgNVBAgMCFNoYW5naGFpMREwDwYDVQQHDAhTaGFuZ2hh
aTEPMA0GA1UECgwGQmFpc29uMQswCQYDVQQLDAJpdDEeMBwGA1UEAwwVaGFyYm9y
Lm9jcDQuYmFpc29uLmNjMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
0V0po4o0ZskyvkzC4uhME+Pv5AZbnONRMkLLVRTMjEKNOnmyS84T5aN3EYGujfGl
FLTyraSpRQNLA3PkJr7pEWaRljpTjOvrNxo3u819VDcFBOn9GEVprvEd5HaennBQ
ip6BZrhHPIjv8uHs4TXSWfxPZMuX9gpg0bj5Icm+V3lHImTALvOlDXloDTokPlq9
kX16ZB14AGA287w3p4B7S2a5+b109DTHLAyDGi8JMiLJYJb0Xf4fdv8K5qv5WTPl
qyjjkVnLi8ka3TLVDXKxYTDtCkqMVp3MmPpyntBLkoiB2F7GVSwVruppf4F+TGJw
gaSz3RGl4Mnpy3qgUjtZ4dgXsYL+Bpg3+LzJe22lyIejYEDCw/QKhzqfoxOIPiD8
TAyjqH9nEZ2pYF0gBIrZDe1cCfpN/+cdBTwac96Ph45rkWkF+BVSqRV0g0ppTSMi
BQ+x5c1WooUfVqtunqJ2rixapm+ASmbMG1aCP/5/18gE/pZQlX0cxOrZa9R8lZgZ
rq3HLRScGqC1rhe/NDpV2zAx4bFNwKKLqPu6bLPkn7jpWcuQhHdZcCfvHojz1IPn
C5zJPmu7D3HRubLcQ3AK97etyG+yS7Orrmwr2Ci84eqcZYy66fEoJA7a69kolFW1
z6+0rQIrIrEjqsxsY5xTt8wbTN81LbyKal8ly819TtMCAwEAAaNQME4wHQYDVR0O
BBYEFB0hnyLxArythRW0K/7/LaSr00HCMB8GA1UdIwQYMBaAFB0hnyLxArythRW0
K/7/LaSr00HCMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAA8+l3YW
MIpl3oeGsFSZ8n+HGNCcOZz6eiL4qx9m2pvCR2VJ4FYdFchEfX9hadXRi6o6p9Jo
XNkaLsymlaLtU4eCgTUpiXz8v29zqGm+M+0OHr/EEqS3DoN6sfSEalH+KiKXA6sB
C6BP0afnftR3TIjxmMEjfjOcsyaaOn/oJ6qstViP1M8vajKtYlKWvhg7cD4pOoCy
1LyIeibBoHNFPI4qVhd43pPnTukeV61X5DZsEIuODKXvS7RFrpx4x5um58fogsP/
tBfwrOhNAXSpO3p6OwdE9Zk/CQm4Irj7NIIB1sc5X0LreWLEQHIlGEfFfpMPKPEU
fKOnfjx1k5pUDn8fpwqFGpMvn5qB+jHpMe4xeJy6L8ge2JygpEZd69EgdF3KwK8M
szOkxXZNlUg9F3B4BhYMqHft6lI6yz6Vn+h5yOdDTiP33jytQDuLdwgiWD8MJXiu
ta3pXc0/fpuPa5UKa75D9vyXZIPG340x/LprezwpYYR2inEu3a6OF65Nyi0FRsac
L7lbhEtZdOX+ZkuhvL02+Cy3JyipibShyK9Z+aoMHR+1sv/0qjN8hhIo3kcMXtcG
l722rM9IIawR9o5f/IJO9AgvHd1QwJdRY2ftvyf7cLLlbEnOK1K/YFdYzAciHzoD
dpez8+4JZAi+6si63NSuVPh2ZcZRiIln+PEX
-----END CERTIFICATE-----
imageContentSources:
- mirrors:
- harbor.ocp4.liufeng.cc/openshift/ocp4.7
source: quay.io/openshift-release-dev/ocp-release
- mirrors:
- harbor.ocp4.liufeng.cc/openshift/ocp4.7
source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
