In order to mirror the downstream images, we need to get the image lists from the index image. There are a number of ways to do this, but probably the simplest way, is to generate a mapping.txt file fromt he index image and oc image mirror
.
- Generate the
mapping.txt
file.
export MIRROR_REGISTRY=${MIRROR_REGISTRY:-localhost}
oc adm catalog mirror \
quay.io/acm-d/acm-custom-registry:2.3.0-DOWNSTREAM-2021-05-17-11-52-59 \
$MIRROR_REGISTRY --manifests-only
✗ oc adm catalog mirror quay.io/acm-d/acm-custom-registry:2.3.0-DOWNSTREAM-2021-05-17-11-52-59 localhost --manifests-only
src image has index label for database path: /database/index.db
using database path mapping: /database/index.db:/var/folders/h6/dy5jb54j7wx2tk5nf1_907c00000gn/T/717305544
wrote database to /var/folders/h6/dy5jb54j7wx2tk5nf1_907c00000gn/T/717305544
using database at: /var/folders/h6/dy5jb54j7wx2tk5nf1_907c00000gn/T/717305544/index.db
no digest mapping available for registry.redhat.io/rhacm2/acm-operator-bundle:v2.2.2, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/rhacm2/acm-operator-bundle:v2.0.3, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/rhacm2/acm-operator-bundle:v2.2.1, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/rhacm2/acm-operator-bundle:v2.1.3, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/rhacm2/acm-operator-bundle:v2.0.5, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/rhacm2/acm-operator-bundle:v2.1.2, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/rhacm2/acm-operator-bundle:v2.0.1, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/rhacm2/acm-operator-bundle:v2.0.4, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/rhacm2/acm-operator-bundle:v2.1.5, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/rhacm2/acm-operator-bundle:v2.1.6, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/rhacm2/acm-operator-bundle:v2.0.6, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/rhacm2/acm-operator-bundle:v2.0.7, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/rhacm2/acm-operator-bundle:v2.2.0, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/rhacm2/acm-operator-bundle:v2.0.9, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/rhacm2/acm-operator-bundle:v2.1.0, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/rhacm2/acm-operator-bundle:v2.0.2, skip writing to ImageContentSourcePolicy
no digest mapping available for quay.io/acm-d/acm-operator-bundle:v2.3.0-104, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/rhacm2/acm-operator-bundle:v2.1.4, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/rhacm2/acm-operator-bundle:v2.0.10, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/rhacm2/acm-operator-bundle:v2.1.1, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/rhacm2/acm-operator-bundle:v2.0.8, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/rhacm2/acm-operator-bundle:v2.0.0, skip writing to ImageContentSourcePolicy
no digest mapping available for registry.redhat.io/rhacm2/acm-operator-bundle:v2.2.3, skip writing to ImageContentSourcePolicy
no digest mapping available for quay.io/acm-d/acm-custom-registry:2.3.0-DOWNSTREAM-2021-05-17-11-52-59, skip writing to ImageContentSourcePolicy
wrote mirroring manifests to manifests-acm-custom-registry-1621451126
NOTE: Unfortunately, the index image includes images for all releases, and we cannot prune by release version.
-
replace registry.redhat.io/rhacm2/ with quay.io/acm-d/ in the image source. We want to copy images from quay.io/acm-d/ to $MIRROR_REGISTRY/rhacm2/
-
With the mapping.txt file, you just need to mirror the images into your mirror registry.
oc image mirror \
-f ./mapping.txt \
-a ${PULLSECRET} \
--filter-by-os=.* \
--keep-manifest-list \
--continue-on-error=true
This method allows you to focus only on the images of the latest release.
- Load the catalog source in a cluster, so we can extract the relatedImages. You can load the catalog source by applying the following manifests:
oc apply -f rhacm-downstream.yaml
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
name: rhacm-downstream
namespace: packages
spec:
sourceType: grpc
image: quay.io/open-cluster-management/acm-custom-registry:2.3.0-SNAPSHOT-2021-05-19-13-53-17
displayName: rhacm-downstream-nightly
publisher: grpc
- Run the mirror step from your jump server. Here is an example.
list=$(oc get packagemanifests advanced-cluster-management -n packages -o jsonpath='{.status.channels[].currentCSVDesc.relatedImages}' | jq '.[]')
for x in $list
do
echo $x
skopeo $x $y ...
done
In all cases when you are moving the original RH images around, you need to contend with ICSP.
apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata:
name: rhacm-repo
spec:
repositoryDigestMirrors:
- mirrors:
- $MIRROR_REGISTRY/rhacm2
source: registry.redhat.io/rhacm2
- mirrors:
- $MIRROR_REGISTRY/openshift4/ose-oauth-proxy
source: registry.access.redhat.com/openshift4/ose-oauth-proxy