1004 Note - HackMD

# SMEG ## 待釐清 ### 跟運作正常的Production Quay配置有和不同 - 網路相同 - 都是連到OCP的sso 3. SSO 安裝方式 -> SSO Operator ## 有無開啟Proxy - registry.apps.ocp.tsmeg.org.tw ## Command 1. Get Python ca cert. Please substitute the name of quay pod if different: ``` oc exec <quay-app-pod> -- /bin/bash -c 'export PYTHONUSERBASE_SITE_PACKAGE=${PYTHONUSERBASE_SITE_PACKAGE:-"$(python -m site --user-site)"}; tar cz $PYTHONUSERBASE_SITE_PACKAGE/certifi/' > python-cacert.tgz ``` 2. Conf/stack directory. Please substitute the name of quay pod if different: ``` oc exec <quay-app-pod> -- /bin/bash -c 'tar cz /conf/stack' > conf-stack.tgz ``` Others ``` oc get quayregistry <name> -o yaml ``` ``` oc adm inspect ns/<QUAY-NAMESPACE> ``` ``` curl -kvs https://<sso route>:443 and also: openssl s_client -showcerts <sso route>:443 ``` # resources https://access.redhat.com/solutions/3566061 https://access.redhat.com/solutions/6623671 https://blog.csdn.net/weixin_43902588/article/details/105303056 https://wangzheng422.github.io/docker_env/ocp4/4.3/4.3.sso.html 產生憑證的腳本所有產生憑證的檔案 /tmp/ocp-certs/ 針對sso route所帶的憑證 openssl s_client -showcerts <sso route>:443