disconnected-operators

disconnected-operators.md

References

• https://docs.openshift.com/container-platform/4.3/operators/olm-restricted-networks.html
• docs bug to add procedure for creating the CatalogSource manually https://bugzilla.redhat.com/show_bug.cgi?id=1796464

Notes

• using oc from 4.4 as 4.3 apparently has a bug in the oc adm catalog command(s)

Procedure

Disable the default catalog sources

oc patch OperatorHub cluster --type json \
    -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]'

Build a custom catalog

oc adm catalog build \
    --appregistry-endpoint https://quay.io/cnr \
    --appregistry-org redhat-operators \
    --to=registry.ocp.sjennings.me/olm/redhat-operators:v1

Mirror catalog images

oc adm catalog mirror \
    registry.ocp.sjennings.me/olm/redhat-operators:v1 \
    registry.ocp.sjennings.me

Mirror missing and sample application images

Some images required for Service Mesh are not mirrored by the oc adm catalog mirror above

#!/bin/bash

set -eu

images=(
registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel7:1.13.1
registry.redhat.io/openshift-service-mesh/kiali-rhel7:1.0.9
registry.redhat.io/openshift4/ose-oauth-proxy:latest
registry.redhat.io/openshift4/ose-oauth-proxy:4.2
docker.io/maistra/examples-bookinfo-details-v1:0.12.0
docker.io/maistra/examples-bookinfo-productpage-v1:0.12.0
docker.io/maistra/examples-bookinfo-ratings-v1:0.12.0
docker.io/maistra/examples-bookinfo-reviews-v1:0.12.0
docker.io/maistra/examples-bookinfo-reviews-v2:0.12.0
docker.io/maistra/examples-bookinfo-reviews-v3:0.12.0
)

for image in ${images[@]}; do
  src=$image
  dst=registry.lab.variantweb.net/${image#*/}
  oc image mirror $src $dst
done

Custom modification of /etc/containers/registries.conf (UNSUPPORTED)

This registries.conf is sufficient for Service Mesh

unqualified-search-registries = ["registry.access.redhat.com", "docker.io"]

[[registry]]
  prefix = ""
  location = "docker.io/maistra"

  [[registry.mirror]]
    location = "registry.ocp.sjennings.me/maistra"

[[registry]]
  prefix = ""
  location = "quay.io/openshift-release-dev/ocp-release"

  [[registry.mirror]]
    location = "registry.ocp.sjennings.me/ocp/release"

[[registry]]
  prefix = ""
  location = "quay.io/openshift-release-dev/ocp-v4.0-art-dev"

  [[registry.mirror]]
    location = "registry.ocp.sjennings.me/ocp/release"

[[registry]]
  prefix = ""
  location = "registry.redhat.io/distributed-tracing"

  [[registry.mirror]]
    location = "registry.ocp.sjennings.me/distributed-tracing"

[[registry]]
  prefix = ""
  location = "registry.redhat.io/openshift-service-mesh"

  [[registry.mirror]]
    location = "registry.ocp.sjennings.me/openshift-service-mesh"

[[registry]]
  prefix = ""
  location = "registry.redhat.io/openshift4"

  [[registry.mirror]]
    location = "registry.ocp.sjennings.me/openshift4"

Create CatalogSource

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: mirrored-redhat-operators
  namespace: openshift-marketplace
spec:
  displayName: Red Hat Operators
  sourceType: grpc
  image: registry.ocp.sjennings.me/olm/redhat-operators:v1

I encoutered an issue were the marketplace-operator pod had trouble contacting the kube API server sometime in the past and had basically stopped operating. I had to delete pod and wait for a new pod to be created before action was taken on my CatalogSource.

Install Service Mesh Operator

https://docs.openshift.com/container-platform/4.3/service_mesh/service_mesh_install/installing-ossm.html#installing-ossm

Even with the latest 4.4 nightly build: 4.4.0-0.nightly-2020-02-11-232643

I ran into this: https://bugzilla.redhat.com/show_bug.cgi?id=1795272

My original command:

./oc adm catalog build --auth-token=/tmp/pull-secret.txt --appregistry-endpoint https://quay.io/cnr --appregistry-org redhat-operators --to=localhost.localdomain:5000/olm/redhat-operators:v1

As soon as I copied my pull secret to: ~/.docker/config.json
It worked. I made sure the pull secret include credentials for my local registry mirror.