Skip to content

Instantly share code, notes, and snippets.

@cdoan1

cdoan1/00_setup_local_mirror_registry.sh

Last active October 7, 2021 17:35
Show Gist options
  • Save cdoan1/6ec6a5b3f57764caeb22e015a109e4b7 to your computer and use it in GitHub Desktop.
Save cdoan1/6ec6a5b3f57764caeb22e015a109e4b7 to your computer and use it in GitHub Desktop.
Download ZIP
disconnected downstream
Raw
00_setup_local_mirror_registry.sh
#!/bin/bash
#
# Reference: https://www.openshift.com/blog/openshift-4-2-disconnected-install
#
HOSTNAME=`hostname`
USERNAME=admin
PASSWORD=password
yum -y install podman httpd httpd-tools
mkdir -p $(pwd)/registry/{auth,certs,data}
sudo openssl genrsa -out $(pwd)/registry/certs/domain.key 4096
sudo openssl req -x509 -key $(pwd)/registry/certs/domain.key \
-out $(pwd)/registry/certs/domain.crt \
-days 365 \
-subj "/C=US/ST=NC/L=Raleigh/O=Test Company/OU=Testing/CN=$HOSTNAME"
htpasswd -bBc $(pwd)/registry/auth/htpasswd $USERNAME $PASSWORD
cp $(pwd)/registry/certs/domain.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust extract
podman run -d --net host --name poc-registry -p 5000:5000 \
-v $(pwd)/registry/data:/var/lib/registry:z \
-v $(pwd)/registry/auth:/auth:z \
-e "REGISTRY_AUTH=htpasswd" \
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry" \
-e "REGISTRY_HTTP_SECRET=ALongRandomSecretForRegistry" \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-v $(pwd)/registry/certs:/certs:z \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
docker.io/registry:latest
Raw
01_generate_oc_image_mirror_cmd.sh
#!/bin/bash
#
# given an ACM PRE-GA image manifests json file
# generate the `oc image mirror list of commands
#
MANIFEST_FILE=${MANIFEST_FILE:-2.1.0-DOWNSTREAM-2020-09-27-13-15-20.json}
SCRIPT_NAME=image_mirror_command.sh
cat > $SCRIPT_NAME <<EOF
#!/bin/bash
AUTHFILE=pull-secret.json
DEST=ip-172-31-6-109.us-west-1.compute.internal:5000/rhacm2
# include the SHA referenced operator bundle image and custom registry
oc image mirror --registry-config=$AUTHFILE --keep-manifest-list=true --filter-by-os=. quay.io/acm-d/acm-operator-bundle@sha256:4ac24debb3d09c8ba9442f0d0bdaf9832482138f80b9de03615195b12707925b $DEST/acm-operator-bundle:v2.1.0-48
oc image mirror --registry-config=$AUTHFILE --keep-manifest-list=true --filter-by-os=. quay.io/acm-d/acm-custom-registry:2.1.0-DOWNSTREAM-2020-09-27-13-15-00 $DEST/acm-custom-registry:2.1.0-DOWNSTREAM-2020-09-27-13-15-00
EOF
jq -r '.[] | "oc image mirror --registry-config=$AUTHFILE --keep-manifest-list=true --filter-by-os=. quay.io/acm-d/" + ."image-name" + "@" + ."image-digest" + " " + "$DEST/" + ."image-name" + ":" + ."image-tag"' $MANIFEST_FILE >> $SCRIPT_NAME
chmod 755 $SCRIPT_NAME
Raw
02_verify_oc_image_mirror.sh
#!/bin/bash
#
# given an ACM PRE-GA image manifests json file
# generate the a list of `podman pull image` to verify that digests are appropriate
#
MANIFEST_FILE=${MANIFEST_FILE:2.1.0-DOWNSTREAM-2020-09-27-13-15-20.json}
cat > verify_oc_image_mirror.sh <<EOF
#!/bin/bash
AUTHFILE=authfile.json
DEST=f24-h20-000-r630.rdu2.scalelab.redhat.com:5000/acmtest
EOF
jq -r '.[] | "podman pull --authfile=$AUTHFILE $DEST/" + ."image-name" + "@" + ."image-digest"' $MANIFEST_FILE >> verify_oc_image_mirror.sh
chmod 755 verify_oc_image_mirror.sh
Raw
2.1.0-DOWNSTREAM-2020-09-27-13-15-20.json
[
{
"image-key": "application_ui",
"image-name": "application-ui-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-30",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:d583bc58a98d00c625f246e61065f168ab34456858265e9a02a84f481d9fbfbc"
},
{
"image-key": "cert_manager_acmesolver",
"image-name": "acmesolver-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-7",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:f63cb6505650b462ddd1d35de6bc6ac2e8a2347cef61d2be905ad2448fb26863"
},
{
"image-key": "cert_manager_cainjector",
"image-name": "cainjector-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-7",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:e33a09e879188598b3378cef98e54ea7ef9b51bf48628e9ddf27f1472ba679ea"
},
{
"image-key": "cert_manager_controller",
"image-name": "cert-manager-controller-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-7",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:3f39a8bb63d97e12a1f0a70785c7177e9d6080912ab8ecaf1873a6d138c47985"
},
{
"image-key": "cert_manager_webhook",
"image-name": "cert-manager-webhook-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-7",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:66fea59e8a258bb0c06883bc422d96213de7c210e3534309bb836497fa592725"
},
{
"image-key": "cert_policy_controller",
"image-name": "cert-policy-controller-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-10",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:137983f78d988b85ad1afbee26da05690bfdc020363e69f60da28ef429ee4b3b"
},
{
"image-key": "config_policy_controller",
"image-name": "config-policy-controller-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-11",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:d2b34536d70249fc5851bdb467fab2093c4c7291d3c2afe4702035acdce876fa"
},
{
"image-key": "configmap_watcher",
"image-name": "configmap-watcher-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-7",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:09df637bd8259a5be505f9a2d6528f509fd59a4182c94ab77d58908d89295efd"
},
{
"image-key": "console_api",
"image-name": "console-api-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-17",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:0eae50e03d6e27022512440f16fc41fc26eae9561f4d28ca4e061f15b63ee559"
},
{
"image-key": "console_header",
"image-name": "console-header-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-14",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:8b5ffbbe4727cdf302e099af90db6b171fc69b9c6a14d3e6bf09d055309fef68"
},
{
"image-key": "console_ui",
"image-name": "console-ui-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-25",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:b9ac7ce29b91ac106c19370586382d1f8211c8de9e2d85c108eaad61ce3ba231"
},
{
"image-key": "endpoint_component_operator",
"image-name": "endpoint-component-rhel8-operator",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-12",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:ed8d2c763de655dfdf44e230ff1981a1f6eb94f83dd3273490deb5907b61d4a9"
},
{
"image-key": "endpoint_monitoring_operator",
"image-name": "endpoint-monitoring-operator-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-15",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:fda22e264fe67d39ec2a37c326f8d1020e2a90a3a975b625113f0c202a8ba274"
},
{
"image-key": "governance_policy_propagator",
"image-name": "governance-policy-propagator-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-5",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:bfd69d2272a56feafcc62a9e9518b50337c46382e5d4781d8837bb4bcdf6ab36"
},
{
"image-key": "governance_policy_spec_sync",
"image-name": "governance-policy-spec-sync-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-7",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:a2213974c1b8ebc315fd331f5f0bb7f2e533f4534c627c7ead7ee0d34d8d895b"
},
{
"image-key": "governance_policy_status_sync",
"image-name": "governance-policy-status-sync-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-7",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:5e3c89535a51627acc38d3211f6d7bcb523a423d7d0196a62c767531ea2b7244"
},
{
"image-key": "governance_policy_template_sync",
"image-name": "governance-policy-template-sync-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-5",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:3944ddfb9130dcedafe207f2e1b7ffcfd34061133567a859e8cd6ad1a92fa11c"
},
{
"image-key": "grc_ui",
"image-name": "grc-ui-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-26",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:0d4e7d7c85ca8236baee4148ae03d4d9e6a1571b79680eeab0446a273693d514"
},
{
"image-key": "grc_ui_api",
"image-name": "grc-ui-api-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-16",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:b725087ae9a749ee4662f19d5448129e6c86edd5e7b61b15507085435406979a"
},
{
"image-key": "iam_policy_controller",
"image-name": "iam-policy-controller-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-6",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:5041efd0759611d2eb820e7800ac5f195a8a83380d3323bd1e92368f2f471b92"
},
{
"image-key": "klusterlet_addon_lease_controller",
"image-name": "klusterlet-addon-lease-controller-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-4",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:769dbc40a9c4f5b15aa433a3dd777a7d5e5b8380c2194499277b2ac267d217b3"
},
{
"image-key": "kui_web_terminal",
"image-name": "kui-web-terminal-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-7",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:bffa581211101ceecbbf6c77a5093b7aa72bdb8ac350f13cae493a30dc06c06b"
},
{
"image-key": "management_ingress",
"image-name": "management-ingress-rhel7",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-8",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:18b6cd5d9cc21a74bdf51c4c1abab704a819d166b3e80b244aef6f555785e66e"
},
{
"image-key": "mcm_topology",
"image-name": "mcm-topology-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-11",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:ca94c2f78366eb0a5a3aea5b99711d61c9f5ed48b3bc4701103f93e92373019c"
},
{
"image-key": "mcm_topology_api",
"image-name": "mcm-topology-api-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-9",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:9cde204a6f7c83bf028ef31f71cbc4e0e59ee331d6c64281a41383b0a2d87c8b"
},
{
"image-key": "memcached",
"image-name": "memcached-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-1",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:ab2e86197bc8382746cd05da2e0020c66c37c69f02968437fb4461c499357e64"
},
{
"image-key": "memcached_exporter",
"image-name": "memcached-exporter-rhel7",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-2",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:31bdc1f01b955f8dc4d18bc53ce71f2f88421bf6457990df8cd31f67963e1cf6"
},
{
"image-key": "metrics_collector",
"image-name": "metrics-collector-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-10",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:c96dabb1255dc9d3122dd0fcdc4352cd46acc953d72c8f861e9cfefa32d8d8cc"
},
{
"image-key": "multicloud_manager",
"image-name": "multicloud-manager-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-11",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:9e20fe059e69308e79e7f4bea3c4df294543fef187e60057d853a9fe40a22947"
},
{
"image-key": "multicluster_observability_operator",
"image-name": "multicluster-observability-operator-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-18",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:399f1db11d1009a6e590682c5ac762bcd4fb8b9a1e8293247b9714aa05f1e0a6"
},
{
"image-key": "multicluster_operators_application",
"image-name": "multicluster-operators-application-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-3",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:a779949fa41844cbe527f708215ce92bdd2fee3d0f2994801e032895243cf711"
},
{
"image-key": "multicluster_operators_channel",
"image-name": "multicluster-operators-channel-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-6",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:19338b6df9e0b7da21e796ef66ff0eb8b8360f72dc281611bb3704bc6d11a1f4"
},
{
"image-key": "multicluster_operators_deployable",
"image-name": "multicluster-operators-deployable-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-4",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:d132670e3027dd9ad1735cfe438232b345066fe6be20f6946dc8e6e1297f39ce"
},
{
"image-key": "multicluster_operators_placementrule",
"image-name": "multicluster-operators-placementrule-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-7",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:e94547cd51cfe9eac2952ef750f7b05e9f6ef2c168c06ac095b78646811ec478"
},
{
"image-key": "multicluster_operators_subscription",
"image-name": "multicluster-operators-subscription-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-13",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:fc9467d39c8b105b5c6b5d30af9fa1ac6f2b3e262ea3d65b48a094b578b9b2f3"
},
{
"image-key": "multicluster_operators_subscription_release",
"image-name": "multicluster-operators-subscription-release-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-7",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:460ef88bb980f584e087ad59e7bb884be5d64256f12535f792a700b7514c5a90"
},
{
"image-key": "multiclusterhub_repo",
"image-name": "multiclusterhub-repo-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-19",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:c2348000a2b5cdea46decdbc9a5b08ce190341b9daabb2dbce6151f3a61303ff"
},
{
"image-key": "observatorium",
"image-name": "observatorium-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-8",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:a2c862a8207f178829162e6e62d31fd0138b0d82f0bbdf53bbfa6677c4ef776c"
},
{
"image-key": "observatorium_operator",
"image-name": "observatorium-operator-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-4",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:5b130dcc128fa60f05c521c6c23c608e42734811b5cb1e0665e7a5ff43c80c45"
},
{
"image-key": "openshift_hive",
"image-name": "openshift-hive-rhel7",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-10",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:e546bbf710969123a6df78de2571a205bec64f4cce2143e86d4e5767238a0f15"
},
{
"image-key": "rbac_query_proxy",
"image-name": "rbac-query-proxy-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-6",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:69f71b1327c31045b8640d1556fbc1780d0381c52ac72fa0ff848af850fb3c22"
},
{
"image-key": "rcm_controller",
"image-name": "rcm-controller-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-10",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:b10d260da52b16946e1e9b409e5867051129e82fb836a99c959313470be97cf3"
},
{
"image-key": "redisgraph_tls",
"image-name": "redisgraph-tls-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-5",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:5ad6eb7f0b7679a86502bb8c16603f09a9135412c80af28328e68001177b7589"
},
{
"image-key": "registration",
"image-name": "registration-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-15",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:c61871b9bdc50c106e9b4306119379a493f75516335d68550a0a7fe9b7aef7f3"
},
{
"image-key": "registration_operator",
"image-name": "registration-rhel8-operator",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-9",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:f68d38166dad54c8e1b4dcd2dc61650ae23d1ae5c82e136d467c997257e1a5a7"
},
{
"image-key": "search_aggregator",
"image-name": "search-aggregator-rhel7",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-9",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:31891ebb7c203df74f0abec3e86bfea8759d709282b204bf087952092d1ffe5b"
},
{
"image-key": "search_api",
"image-name": "search-api-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-12",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:0b0be362f878176d32f2486ac38048cbec668e5314162d215072b948bbfa9ca0"
},
{
"image-key": "search_collector",
"image-name": "search-collector-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-17",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:6cfdbda8d8e67c33f1b366e4dfd9ea7aaa9995b6b0fd31466a2bb99377a3815b"
},
{
"image-key": "search_operator",
"image-name": "search-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-3",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:4a06fcd25a3e5564fb7aec1bc967e9f627632108ffc0da5ba34b36fa489c243d"
},
{
"image-key": "thanos",
"image-name": "thanos-rhel7",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-4",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:e6803bcccc4c8e3ed0fca6f48be7b3d9f5ab672b46e96aeccdec9b31c947af0f"
},
{
"image-key": "thanos_receive_controller",
"image-name": "thanos-receive-controller-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-3",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:572d4336d4fea9aeed2fc36610622562d76d3525a583ebe8d019720e7315d6cf"
},
{
"image-key": "work",
"image-name": "work-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-14",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:d86cf321bf80b952cf456dac0f9ee4410473378f1750365c7659c0631445e064"
},
{
"image-key": "acm_must_gather",
"image-name": "acm-must-gather-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-10",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:d9c7da10a6cbcdf5f149021e60dd177cdfce2a5fbe906f8586a897d51e1a8d6c"
},
{
"image-key": "endpoint_operator",
"image-name": "endpoint-rhel8-operator",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-41",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:6ac803a000dd9caa1afcf31c0379d1e7db3f65d05483546ca1dd6df56b02c5b8"
},
{
"image-key": "multiclusterhub_operator",
"image-name": "multiclusterhub-rhel8",
"image-version": "v2.1.0",
"image-tag": "v2.1.0-41",
"image-remote": "registry.redhat.io/rhacm2",
"image-digest": "sha256:f563b37d92867324e7c5496b788a52640cc41f6db5fd2cbbf4f75c4cea7c0d74"
},
{
"image-key": "grafana",
"image-name": "ose-grafana",
"image-version": "v4.5.0",
"image-tag": "v4.5.0-202009041228.p0",
"image-remote": "registry.redhat.io/openshift4",
"image-digest": "sha256:a507dd30c77e8bdc93b124e75aa6f0e2d5ab5f01652ef255d6de3f40bedaa9ea"
},
{
"image-key": "oauth_proxy",
"image-name": "ose-oauth-proxy",
"image-version": "v4.4.0",
"image-tag": "v4.4.0-202009041255.p0",
"image-remote": "registry.redhat.io/openshift4",
"image-digest": "sha256:a6c9f9d3514873b9e3a00d194472ad3ae5326cbad20e67a6bdf7e5a97ff79982"
},
{
"image-key": "prometheus-alertmanager",
"image-name": "ose-prometheus-alertmanager",
"image-version": "v4.5.0",
"image-tag": "v4.5.0-202009041228.p0",
"image-remote": "registry.redhat.io/openshift4",
"image-digest": "sha256:7a1bea7f5a5b8e3efd5098b050122e992bd036d0f3b9c3e99488c19fa5c7eca7"
},
{
"image-key": "prometheus-config-reloader",
"image-name": "ose-configmap-reloader",
"image-version": "v4.5.0",
"image-tag": "v4.5.0-202009041228.p0",
"image-remote": "registry.redhat.io/openshift4",
"image-digest": "sha256:81b4b75f12474c640793e14fb17d539b3351aefec020df276bcaabcf56800e96"
}
]
Raw
mirror_icsp.yaml
apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata:
name: rhacm-repo
spec:
repositoryDigestMirrors:
- mirrors:
- f24-h20-000-r630.rdu2.scalelab.redhat.com:5000/acmtest
source: quay.io/acm-d
- mirrors:
- f24-h20-000-r630.rdu2.scalelab.redhat.com:5000/acmtest
source: registry.redhat.io/rhacm2
- mirrors:
- registry.redhat.io/openshift4/ose-oauth-proxy
source: registry.access.redhat.com/openshift4/ose-oauth-proxy
@cdoan1
Copy link
Author

cdoan1 commented Sep 30, 2020
edited

Mirror pre-GA ACM images for Disconnected Install

  1. Given a JSON manifest of ACM images
  2. Generate the list of oc image mirror commands to copy these images from quay.io/acm-d to your mirror registry. If you don't have a mirror registry handy, you can run script 00 to run a local registry container.
  3. update your pull-secret.json file with the credentials to your target registry, and the source registry.
  4. run the oc image mirror command to mirror images from source to target.
  5. add an imagecontentsourcepolicy resource to map the original image path to your mirror registry. This is an example ICSP.
apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata:
  name: rhacm-repo
spec:
  repositoryDigestMirrors:
  - mirrors:
    - mirror-registry.com:5000/rhacm2
    source: quay.io/acm-d
  - mirrors:
    - mirror-registry.com:5000/rhacm2
    source: registry.redhat.io/rhacm2
  - mirrors:
    - registry.redhat.io/openshift4/ose-oauth-proxy
    source: registry.access.redhat.com/openshift4/ose-oauth-proxy

NOTE: if you try to install preGA code into an environment where you have already mirrored the RedHat Operators Catalog, then the imagecontentsourcepolicy defined in that process can supersede the ICSP that we want define above. The imagecontentsourcepolicy created from the oc adm catalog mirror command references images by name. As it is best to make sure that the RHACM images are all mirrored to the same destination path.

Run the ACM Installation

  1. git clone https://github.com/open-cluster-management/deploy.git

  2. edit the snapshot.ver with your snapshot 2.1.0-DOWNSTREAM-2020-09-27-13-15-00 or input it when running start.sh

  3. set these environment variables

export COMPOSITE_BUNDLE=true
export CUSTOM_REGISTRY_REPO="mirror-registry:5000/rhacm2"
export DOWNSTREAM=true
export QUAY_TOKEN=ewogICJhdXRocyI6IHsKICAgICJxdWF5Lml...
  1. run ./start.sh

NOTE: skopeo can be used to copy images as well, but the fail to copy this image quay.io/acm-d/acm-custom-registry. oc image mirror must be used.

Useful References

  1. https://docs.openshift.com/container-platform/4.5/openshift_images/image-configuration.html
  2. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/building_running_and_managing_containers/working-with-container-images_building-running-and-managing-containers
  3. https://docs.openshift.com/container-platform/4.5/registry/accessing-the-registry.html

@cdoan1
Copy link
Author

cdoan1 commented Oct 6, 2020
edited

HTTP PROXY

  • When importing or creating a managed clusters in disconnected, by default the images are referenced to the registry that was used to deploy ACM on the hub.
  • If the target managed cluster does not have access to the mirror registry, accessing the images through an available http proxy would be an alternative. https://docs.openshift.com/container-platform/4.2/networking/enable-cluster-wide-proxy.html
  • The klusterletaddonconfigs.agent.open-cluster-management.io resource on the hub has override parameter to change the imageRegistry path for addon components. But this does not cover the klusterlet images.
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: klusterlet
  name: klusterlet
  namespace: open-cluster-management-agent
spec:
  replicas: 1
  selector:
    matchLabels:
      app: klusterlet
  template:
    metadata:
      labels:
        app: klusterlet
    spec:
      containers:
      - args:
        - /registration-operator
        - klusterlet
        image: ec2-54-219-172-86.us-west-1.compute.amazonaws.com:5000/paas/openshift/proof-of-concept/rhacm2/registration-rhel8-operator@sha256:f68d38166dad54c8e1b4dcd2dc61650ae23d1ae5c82e136d467c997257e1a5a7
        imagePullPolicy: IfNotPresent
        livenessProbe:
          httpGet:
            path: /healthz
            port: 8443
            scheme: HTTPS
          initialDelaySeconds: 2
          periodSeconds: 10
        name: klusterlet
        readinessProbe:
          httpGet:
            path: /healthz
            port: 8443
            scheme: HTTPS
          initialDelaySeconds: 2
      serviceAccountName: klusterlet

---
apiVersion: operator.open-cluster-management.io/v1
kind: Klusterlet
metadata:
  name: klusterlet
spec:
  clusterName: singapore
  imagePullSecret: open-cluster-management-image-pull-credentials
  namespace: open-cluster-management-agent
  registrationImagePullSpec: ec2-54-219-172-86.us-west-1.compute.amazonaws.com:5000/paas/openshift/proof-of-concept/rhacm2/registration-rhel8@sha256:c61871b9bdc50c106e9b4306119379a493f75516335d68550a0a7fe9b7aef7f3
  workImagePullSpec: ec2-54-219-172-86.us-west-1.compute.amazonaws.com:5000/paas/openshift/proof-of-concept/rhacm2/work-rhel8@sha256:d86cf321bf80b952cf456dac0f9ee4410473378f1750365c7659c0631445e064

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment