Last active
October 7, 2021 17:35
-
-
Save cdoan1/6ec6a5b3f57764caeb22e015a109e4b7 to your computer and use it in GitHub Desktop.
disconnected downstream
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Reference: https://www.openshift.com/blog/openshift-4-2-disconnected-install | |
# | |
HOSTNAME=`hostname` | |
USERNAME=admin | |
PASSWORD=password | |
yum -y install podman httpd httpd-tools | |
mkdir -p $(pwd)/registry/{auth,certs,data} | |
sudo openssl genrsa -out $(pwd)/registry/certs/domain.key 4096 | |
sudo openssl req -x509 -key $(pwd)/registry/certs/domain.key \ | |
-out $(pwd)/registry/certs/domain.crt \ | |
-days 365 \ | |
-subj "/C=US/ST=NC/L=Raleigh/O=Test Company/OU=Testing/CN=$HOSTNAME" | |
htpasswd -bBc $(pwd)/registry/auth/htpasswd $USERNAME $PASSWORD | |
cp $(pwd)/registry/certs/domain.crt /etc/pki/ca-trust/source/anchors/ | |
update-ca-trust extract | |
podman run -d --net host --name poc-registry -p 5000:5000 \ | |
-v $(pwd)/registry/data:/var/lib/registry:z \ | |
-v $(pwd)/registry/auth:/auth:z \ | |
-e "REGISTRY_AUTH=htpasswd" \ | |
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry" \ | |
-e "REGISTRY_HTTP_SECRET=ALongRandomSecretForRegistry" \ | |
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ | |
-v $(pwd)/registry/certs:/certs:z \ | |
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ | |
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \ | |
docker.io/registry:latest |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# given an ACM PRE-GA image manifests json file | |
# generate the `oc image mirror list of commands | |
# | |
MANIFEST_FILE=${MANIFEST_FILE:-2.1.0-DOWNSTREAM-2020-09-27-13-15-20.json} | |
SCRIPT_NAME=image_mirror_command.sh | |
cat > $SCRIPT_NAME <<EOF | |
#!/bin/bash | |
AUTHFILE=pull-secret.json | |
DEST=ip-172-31-6-109.us-west-1.compute.internal:5000/rhacm2 | |
# include the SHA referenced operator bundle image and custom registry | |
oc image mirror --registry-config=$AUTHFILE --keep-manifest-list=true --filter-by-os=. quay.io/acm-d/acm-operator-bundle@sha256:4ac24debb3d09c8ba9442f0d0bdaf9832482138f80b9de03615195b12707925b $DEST/acm-operator-bundle:v2.1.0-48 | |
oc image mirror --registry-config=$AUTHFILE --keep-manifest-list=true --filter-by-os=. quay.io/acm-d/acm-custom-registry:2.1.0-DOWNSTREAM-2020-09-27-13-15-00 $DEST/acm-custom-registry:2.1.0-DOWNSTREAM-2020-09-27-13-15-00 | |
EOF | |
jq -r '.[] | "oc image mirror --registry-config=$AUTHFILE --keep-manifest-list=true --filter-by-os=. quay.io/acm-d/" + ."image-name" + "@" + ."image-digest" + " " + "$DEST/" + ."image-name" + ":" + ."image-tag"' $MANIFEST_FILE >> $SCRIPT_NAME | |
chmod 755 $SCRIPT_NAME |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# given an ACM PRE-GA image manifests json file | |
# generate the a list of `podman pull image` to verify that digests are appropriate | |
# | |
MANIFEST_FILE=${MANIFEST_FILE:2.1.0-DOWNSTREAM-2020-09-27-13-15-20.json} | |
cat > verify_oc_image_mirror.sh <<EOF | |
#!/bin/bash | |
AUTHFILE=authfile.json | |
DEST=f24-h20-000-r630.rdu2.scalelab.redhat.com:5000/acmtest | |
EOF | |
jq -r '.[] | "podman pull --authfile=$AUTHFILE $DEST/" + ."image-name" + "@" + ."image-digest"' $MANIFEST_FILE >> verify_oc_image_mirror.sh | |
chmod 755 verify_oc_image_mirror.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[ | |
{ | |
"image-key": "application_ui", | |
"image-name": "application-ui-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-30", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:d583bc58a98d00c625f246e61065f168ab34456858265e9a02a84f481d9fbfbc" | |
}, | |
{ | |
"image-key": "cert_manager_acmesolver", | |
"image-name": "acmesolver-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-7", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:f63cb6505650b462ddd1d35de6bc6ac2e8a2347cef61d2be905ad2448fb26863" | |
}, | |
{ | |
"image-key": "cert_manager_cainjector", | |
"image-name": "cainjector-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-7", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:e33a09e879188598b3378cef98e54ea7ef9b51bf48628e9ddf27f1472ba679ea" | |
}, | |
{ | |
"image-key": "cert_manager_controller", | |
"image-name": "cert-manager-controller-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-7", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:3f39a8bb63d97e12a1f0a70785c7177e9d6080912ab8ecaf1873a6d138c47985" | |
}, | |
{ | |
"image-key": "cert_manager_webhook", | |
"image-name": "cert-manager-webhook-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-7", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:66fea59e8a258bb0c06883bc422d96213de7c210e3534309bb836497fa592725" | |
}, | |
{ | |
"image-key": "cert_policy_controller", | |
"image-name": "cert-policy-controller-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-10", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:137983f78d988b85ad1afbee26da05690bfdc020363e69f60da28ef429ee4b3b" | |
}, | |
{ | |
"image-key": "config_policy_controller", | |
"image-name": "config-policy-controller-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-11", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:d2b34536d70249fc5851bdb467fab2093c4c7291d3c2afe4702035acdce876fa" | |
}, | |
{ | |
"image-key": "configmap_watcher", | |
"image-name": "configmap-watcher-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-7", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:09df637bd8259a5be505f9a2d6528f509fd59a4182c94ab77d58908d89295efd" | |
}, | |
{ | |
"image-key": "console_api", | |
"image-name": "console-api-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-17", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:0eae50e03d6e27022512440f16fc41fc26eae9561f4d28ca4e061f15b63ee559" | |
}, | |
{ | |
"image-key": "console_header", | |
"image-name": "console-header-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-14", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:8b5ffbbe4727cdf302e099af90db6b171fc69b9c6a14d3e6bf09d055309fef68" | |
}, | |
{ | |
"image-key": "console_ui", | |
"image-name": "console-ui-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-25", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:b9ac7ce29b91ac106c19370586382d1f8211c8de9e2d85c108eaad61ce3ba231" | |
}, | |
{ | |
"image-key": "endpoint_component_operator", | |
"image-name": "endpoint-component-rhel8-operator", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-12", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:ed8d2c763de655dfdf44e230ff1981a1f6eb94f83dd3273490deb5907b61d4a9" | |
}, | |
{ | |
"image-key": "endpoint_monitoring_operator", | |
"image-name": "endpoint-monitoring-operator-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-15", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:fda22e264fe67d39ec2a37c326f8d1020e2a90a3a975b625113f0c202a8ba274" | |
}, | |
{ | |
"image-key": "governance_policy_propagator", | |
"image-name": "governance-policy-propagator-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-5", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:bfd69d2272a56feafcc62a9e9518b50337c46382e5d4781d8837bb4bcdf6ab36" | |
}, | |
{ | |
"image-key": "governance_policy_spec_sync", | |
"image-name": "governance-policy-spec-sync-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-7", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:a2213974c1b8ebc315fd331f5f0bb7f2e533f4534c627c7ead7ee0d34d8d895b" | |
}, | |
{ | |
"image-key": "governance_policy_status_sync", | |
"image-name": "governance-policy-status-sync-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-7", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:5e3c89535a51627acc38d3211f6d7bcb523a423d7d0196a62c767531ea2b7244" | |
}, | |
{ | |
"image-key": "governance_policy_template_sync", | |
"image-name": "governance-policy-template-sync-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-5", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:3944ddfb9130dcedafe207f2e1b7ffcfd34061133567a859e8cd6ad1a92fa11c" | |
}, | |
{ | |
"image-key": "grc_ui", | |
"image-name": "grc-ui-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-26", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:0d4e7d7c85ca8236baee4148ae03d4d9e6a1571b79680eeab0446a273693d514" | |
}, | |
{ | |
"image-key": "grc_ui_api", | |
"image-name": "grc-ui-api-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-16", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:b725087ae9a749ee4662f19d5448129e6c86edd5e7b61b15507085435406979a" | |
}, | |
{ | |
"image-key": "iam_policy_controller", | |
"image-name": "iam-policy-controller-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-6", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:5041efd0759611d2eb820e7800ac5f195a8a83380d3323bd1e92368f2f471b92" | |
}, | |
{ | |
"image-key": "klusterlet_addon_lease_controller", | |
"image-name": "klusterlet-addon-lease-controller-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-4", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:769dbc40a9c4f5b15aa433a3dd777a7d5e5b8380c2194499277b2ac267d217b3" | |
}, | |
{ | |
"image-key": "kui_web_terminal", | |
"image-name": "kui-web-terminal-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-7", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:bffa581211101ceecbbf6c77a5093b7aa72bdb8ac350f13cae493a30dc06c06b" | |
}, | |
{ | |
"image-key": "management_ingress", | |
"image-name": "management-ingress-rhel7", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-8", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:18b6cd5d9cc21a74bdf51c4c1abab704a819d166b3e80b244aef6f555785e66e" | |
}, | |
{ | |
"image-key": "mcm_topology", | |
"image-name": "mcm-topology-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-11", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:ca94c2f78366eb0a5a3aea5b99711d61c9f5ed48b3bc4701103f93e92373019c" | |
}, | |
{ | |
"image-key": "mcm_topology_api", | |
"image-name": "mcm-topology-api-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-9", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:9cde204a6f7c83bf028ef31f71cbc4e0e59ee331d6c64281a41383b0a2d87c8b" | |
}, | |
{ | |
"image-key": "memcached", | |
"image-name": "memcached-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-1", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:ab2e86197bc8382746cd05da2e0020c66c37c69f02968437fb4461c499357e64" | |
}, | |
{ | |
"image-key": "memcached_exporter", | |
"image-name": "memcached-exporter-rhel7", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-2", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:31bdc1f01b955f8dc4d18bc53ce71f2f88421bf6457990df8cd31f67963e1cf6" | |
}, | |
{ | |
"image-key": "metrics_collector", | |
"image-name": "metrics-collector-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-10", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:c96dabb1255dc9d3122dd0fcdc4352cd46acc953d72c8f861e9cfefa32d8d8cc" | |
}, | |
{ | |
"image-key": "multicloud_manager", | |
"image-name": "multicloud-manager-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-11", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:9e20fe059e69308e79e7f4bea3c4df294543fef187e60057d853a9fe40a22947" | |
}, | |
{ | |
"image-key": "multicluster_observability_operator", | |
"image-name": "multicluster-observability-operator-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-18", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:399f1db11d1009a6e590682c5ac762bcd4fb8b9a1e8293247b9714aa05f1e0a6" | |
}, | |
{ | |
"image-key": "multicluster_operators_application", | |
"image-name": "multicluster-operators-application-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-3", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:a779949fa41844cbe527f708215ce92bdd2fee3d0f2994801e032895243cf711" | |
}, | |
{ | |
"image-key": "multicluster_operators_channel", | |
"image-name": "multicluster-operators-channel-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-6", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:19338b6df9e0b7da21e796ef66ff0eb8b8360f72dc281611bb3704bc6d11a1f4" | |
}, | |
{ | |
"image-key": "multicluster_operators_deployable", | |
"image-name": "multicluster-operators-deployable-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-4", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:d132670e3027dd9ad1735cfe438232b345066fe6be20f6946dc8e6e1297f39ce" | |
}, | |
{ | |
"image-key": "multicluster_operators_placementrule", | |
"image-name": "multicluster-operators-placementrule-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-7", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:e94547cd51cfe9eac2952ef750f7b05e9f6ef2c168c06ac095b78646811ec478" | |
}, | |
{ | |
"image-key": "multicluster_operators_subscription", | |
"image-name": "multicluster-operators-subscription-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-13", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:fc9467d39c8b105b5c6b5d30af9fa1ac6f2b3e262ea3d65b48a094b578b9b2f3" | |
}, | |
{ | |
"image-key": "multicluster_operators_subscription_release", | |
"image-name": "multicluster-operators-subscription-release-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-7", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:460ef88bb980f584e087ad59e7bb884be5d64256f12535f792a700b7514c5a90" | |
}, | |
{ | |
"image-key": "multiclusterhub_repo", | |
"image-name": "multiclusterhub-repo-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-19", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:c2348000a2b5cdea46decdbc9a5b08ce190341b9daabb2dbce6151f3a61303ff" | |
}, | |
{ | |
"image-key": "observatorium", | |
"image-name": "observatorium-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-8", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:a2c862a8207f178829162e6e62d31fd0138b0d82f0bbdf53bbfa6677c4ef776c" | |
}, | |
{ | |
"image-key": "observatorium_operator", | |
"image-name": "observatorium-operator-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-4", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:5b130dcc128fa60f05c521c6c23c608e42734811b5cb1e0665e7a5ff43c80c45" | |
}, | |
{ | |
"image-key": "openshift_hive", | |
"image-name": "openshift-hive-rhel7", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-10", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:e546bbf710969123a6df78de2571a205bec64f4cce2143e86d4e5767238a0f15" | |
}, | |
{ | |
"image-key": "rbac_query_proxy", | |
"image-name": "rbac-query-proxy-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-6", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:69f71b1327c31045b8640d1556fbc1780d0381c52ac72fa0ff848af850fb3c22" | |
}, | |
{ | |
"image-key": "rcm_controller", | |
"image-name": "rcm-controller-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-10", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:b10d260da52b16946e1e9b409e5867051129e82fb836a99c959313470be97cf3" | |
}, | |
{ | |
"image-key": "redisgraph_tls", | |
"image-name": "redisgraph-tls-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-5", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:5ad6eb7f0b7679a86502bb8c16603f09a9135412c80af28328e68001177b7589" | |
}, | |
{ | |
"image-key": "registration", | |
"image-name": "registration-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-15", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:c61871b9bdc50c106e9b4306119379a493f75516335d68550a0a7fe9b7aef7f3" | |
}, | |
{ | |
"image-key": "registration_operator", | |
"image-name": "registration-rhel8-operator", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-9", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:f68d38166dad54c8e1b4dcd2dc61650ae23d1ae5c82e136d467c997257e1a5a7" | |
}, | |
{ | |
"image-key": "search_aggregator", | |
"image-name": "search-aggregator-rhel7", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-9", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:31891ebb7c203df74f0abec3e86bfea8759d709282b204bf087952092d1ffe5b" | |
}, | |
{ | |
"image-key": "search_api", | |
"image-name": "search-api-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-12", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:0b0be362f878176d32f2486ac38048cbec668e5314162d215072b948bbfa9ca0" | |
}, | |
{ | |
"image-key": "search_collector", | |
"image-name": "search-collector-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-17", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:6cfdbda8d8e67c33f1b366e4dfd9ea7aaa9995b6b0fd31466a2bb99377a3815b" | |
}, | |
{ | |
"image-key": "search_operator", | |
"image-name": "search-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-3", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:4a06fcd25a3e5564fb7aec1bc967e9f627632108ffc0da5ba34b36fa489c243d" | |
}, | |
{ | |
"image-key": "thanos", | |
"image-name": "thanos-rhel7", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-4", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:e6803bcccc4c8e3ed0fca6f48be7b3d9f5ab672b46e96aeccdec9b31c947af0f" | |
}, | |
{ | |
"image-key": "thanos_receive_controller", | |
"image-name": "thanos-receive-controller-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-3", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:572d4336d4fea9aeed2fc36610622562d76d3525a583ebe8d019720e7315d6cf" | |
}, | |
{ | |
"image-key": "work", | |
"image-name": "work-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-14", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:d86cf321bf80b952cf456dac0f9ee4410473378f1750365c7659c0631445e064" | |
}, | |
{ | |
"image-key": "acm_must_gather", | |
"image-name": "acm-must-gather-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-10", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:d9c7da10a6cbcdf5f149021e60dd177cdfce2a5fbe906f8586a897d51e1a8d6c" | |
}, | |
{ | |
"image-key": "endpoint_operator", | |
"image-name": "endpoint-rhel8-operator", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-41", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:6ac803a000dd9caa1afcf31c0379d1e7db3f65d05483546ca1dd6df56b02c5b8" | |
}, | |
{ | |
"image-key": "multiclusterhub_operator", | |
"image-name": "multiclusterhub-rhel8", | |
"image-version": "v2.1.0", | |
"image-tag": "v2.1.0-41", | |
"image-remote": "registry.redhat.io/rhacm2", | |
"image-digest": "sha256:f563b37d92867324e7c5496b788a52640cc41f6db5fd2cbbf4f75c4cea7c0d74" | |
}, | |
{ | |
"image-key": "grafana", | |
"image-name": "ose-grafana", | |
"image-version": "v4.5.0", | |
"image-tag": "v4.5.0-202009041228.p0", | |
"image-remote": "registry.redhat.io/openshift4", | |
"image-digest": "sha256:a507dd30c77e8bdc93b124e75aa6f0e2d5ab5f01652ef255d6de3f40bedaa9ea" | |
}, | |
{ | |
"image-key": "oauth_proxy", | |
"image-name": "ose-oauth-proxy", | |
"image-version": "v4.4.0", | |
"image-tag": "v4.4.0-202009041255.p0", | |
"image-remote": "registry.redhat.io/openshift4", | |
"image-digest": "sha256:a6c9f9d3514873b9e3a00d194472ad3ae5326cbad20e67a6bdf7e5a97ff79982" | |
}, | |
{ | |
"image-key": "prometheus-alertmanager", | |
"image-name": "ose-prometheus-alertmanager", | |
"image-version": "v4.5.0", | |
"image-tag": "v4.5.0-202009041228.p0", | |
"image-remote": "registry.redhat.io/openshift4", | |
"image-digest": "sha256:7a1bea7f5a5b8e3efd5098b050122e992bd036d0f3b9c3e99488c19fa5c7eca7" | |
}, | |
{ | |
"image-key": "prometheus-config-reloader", | |
"image-name": "ose-configmap-reloader", | |
"image-version": "v4.5.0", | |
"image-tag": "v4.5.0-202009041228.p0", | |
"image-remote": "registry.redhat.io/openshift4", | |
"image-digest": "sha256:81b4b75f12474c640793e14fb17d539b3351aefec020df276bcaabcf56800e96" | |
} | |
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: operator.openshift.io/v1alpha1 | |
kind: ImageContentSourcePolicy | |
metadata: | |
name: rhacm-repo | |
spec: | |
repositoryDigestMirrors: | |
- mirrors: | |
- f24-h20-000-r630.rdu2.scalelab.redhat.com:5000/acmtest | |
source: quay.io/acm-d | |
- mirrors: | |
- f24-h20-000-r630.rdu2.scalelab.redhat.com:5000/acmtest | |
source: registry.redhat.io/rhacm2 | |
- mirrors: | |
- registry.redhat.io/openshift4/ose-oauth-proxy | |
source: registry.access.redhat.com/openshift4/ose-oauth-proxy |
HTTP PROXY
- When importing or creating a managed clusters in disconnected, by default the images are referenced to the registry that was used to deploy ACM on the hub.
- If the target managed cluster does not have access to the mirror registry, accessing the images through an available
http proxy
would be an alternative. https://docs.openshift.com/container-platform/4.2/networking/enable-cluster-wide-proxy.html - The
klusterletaddonconfigs.agent.open-cluster-management.io
resource on the hub has override parameter to change theimageRegistry
path for addon components. But this does not cover the klusterlet images.
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: klusterlet
name: klusterlet
namespace: open-cluster-management-agent
spec:
replicas: 1
selector:
matchLabels:
app: klusterlet
template:
metadata:
labels:
app: klusterlet
spec:
containers:
- args:
- /registration-operator
- klusterlet
image: ec2-54-219-172-86.us-west-1.compute.amazonaws.com:5000/paas/openshift/proof-of-concept/rhacm2/registration-rhel8-operator@sha256:f68d38166dad54c8e1b4dcd2dc61650ae23d1ae5c82e136d467c997257e1a5a7
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: 8443
scheme: HTTPS
initialDelaySeconds: 2
periodSeconds: 10
name: klusterlet
readinessProbe:
httpGet:
path: /healthz
port: 8443
scheme: HTTPS
initialDelaySeconds: 2
serviceAccountName: klusterlet
---
apiVersion: operator.open-cluster-management.io/v1
kind: Klusterlet
metadata:
name: klusterlet
spec:
clusterName: singapore
imagePullSecret: open-cluster-management-image-pull-credentials
namespace: open-cluster-management-agent
registrationImagePullSpec: ec2-54-219-172-86.us-west-1.compute.amazonaws.com:5000/paas/openshift/proof-of-concept/rhacm2/registration-rhel8@sha256:c61871b9bdc50c106e9b4306119379a493f75516335d68550a0a7fe9b7aef7f3
workImagePullSpec: ec2-54-219-172-86.us-west-1.compute.amazonaws.com:5000/paas/openshift/proof-of-concept/rhacm2/work-rhel8@sha256:d86cf321bf80b952cf456dac0f9ee4410473378f1750365c7659c0631445e064
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Mirror pre-GA ACM images for Disconnected Install
oc image mirror
commands to copy these images from quay.io/acm-d to your mirror registry. If you don't have a mirror registry handy, you can run script 00 to run a local registry container.pull-secret.json
file with the credentials to your target registry, and the source registry.oc image mirror
command to mirror images from source to target.imagecontentsourcepolicy
resource to map the original image path to your mirror registry. This is an example ICSP.Run the ACM Installation
git clone https://github.com/open-cluster-management/deploy.git
edit the
snapshot.ver
with your snapshot2.1.0-DOWNSTREAM-2020-09-27-13-15-00
or input it when runningstart.sh
set these environment variables
./start.sh
NOTE:
skopeo
can be used to copy images as well, but the fail to copy this imagequay.io/acm-d/acm-custom-registry
.oc image mirror
must be used.Useful References