Goal Validate design of ShipperD Operator
- Create Airgap'd cluster (TPDK + Sparta IaC Deploy in AWS Airgap VPC)
- Create project
shipperd-operator - Create pod with skopeo enabled container (Konductor container during POC phase)
- Create serviceaccount
shipperd - Exec into container
oc rsh -n shipperd-operator po/pod-name-xyz-qwer - Skopeo
login --authfileivashipperduname:token toimage-registry.openshift-image-registry.svc:5000 - Validate OCP Internal Registry ready to recieve images YAML Config
- copy image from external registry using authfile
0.a Try konductor image by digest
sh-4.4$ skopeo login --authfile /tmp/config.json -u shipperd -p eyJhbGciOiJSUzI1NiIsImtpZCI6Im1oMERWRkhCdENOTkx0SVRoTTR0QlFSQWV2cFNWcFRqMHFBM1pHM0FiU2sifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJzaGlwcGVyZC1vcGVyYXRvciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJidWlsZGVyLXRva2VuLTc1ZDI1Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImJ1aWxkZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjZTI0NzczNy1jMDUwLTQ1YjMtODI3Mi1iOGVhNzUzODUzOGIiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6c2hpcHBlcmQtb3BlcmF0b3I6YnVpbGRlciJ9.Qy3FGnjH_5BR7aNwMjFAhJHuroIzvOQvNgfEQ7ywJBVO_5a3Mqz7a51i7Z-Wp7fBHybv-pCx2uuX_hCdg5M8zCXaxHNSo1MC-ucCnKuzJY_tI6GPI6TeDClvBurG08IJrRhiG1QuOwjeC4PY0u9Ql2Fn69Ew01Fk6Fx25A9o64nylia5q1KrovKr7kgQqXo2dDVG4xJj2PAosUB0dROi5RhUN6i7d066i_2aAk_6FXCQudqfKPfayDEb1U0CkAG4rLVczySEDc-2gYU4IC4w8lhzSqF3k7r2AQS15Qx01Ug5jWErUtFdz6Y3xPkOM_MVPm4V8TEQETreXN5chpve7A image-registry.openshift-image-registry.svc:5000 --tls-verify=false
Login Succeeded!
0.b Try 4.6.16 release image by digest openshift-release-dev@sha256:3e855ad88f46ad1b7f56c312f078ca6adaba623c5d4b360143f9f82d2f349741
sh-4.4$ export i='openshift-release-dev@sha256:3e855ad88f46ad1b7f56c312f078ca6adaba623c5d4b360143f9f82d2f349741'
sh-4.4$ skopeo copy --authfile /tmp/config.json --src-tls-verify=false --dest-tls-verify=false docker://registry.falcon.millenium.io:5000/cloudctl/konductor@sha256:0a5f154a3a087f3f435b91f92fd560f187d5bb393d37e11a17fda6a7f3a5cab2 docker://image-registry.openshift-image-registry.svc:5000/cloudctl/konductor@sha256:0a5f154a3a087f3f435b91f92fd560f187d5bb393d37e11a17fda6a7f3a5cab2
Getting image source signatures
FATA[0000] Error trying to reuse blob sha256:9b6e470bc333c97b19d93436e2ee401ae948dfa9f89d57afb90f9aba2951223b at destination: Error checking whether a blob sha256:9b6e470bc333c97b19d93436e2ee401ae948dfa9f89d57afb90f9aba2951223b exists in image-registry.openshift-image-registry.svc:5000/cloudctl/konductor: unauthorized: authentication required
- add role to user system:serviceaccount:admin:shipperd
root@cloudctl quick-starts$ oc adm policy add-role-to-user system:image-builder -n shipperd-operator system:serviceaccount:admin:shipperd
Warning: ServiceAccount 'shipperd' not found
clusterrole.rbac.authorization.k8s.io/system:image-builder added: "system:serviceaccount:admin:shipperd"
root@cloudctl quick-starts$ oc policy add-role-to-user admin system:serviceaccount:shipperd-operator:shipperd -n shipperd-operator
clusterrole.rbac.authorization.k8s.io/admin added: "system:serviceaccount:shipperd-operator:shipperd"
- Copy from
<registry:port/namespace>to<cluster-registry:port/project-namespace-name>
sh-4.4$ skopeo copy --authfile /tmp/config.json --src-tls-verify=false --dest-tls-verify=false docker://registry.falcon.millenium.io:5000/cloudctl/konductor@sha256:0a5f154a3a087f3f435b91f92fd560f187d5bb393d37e11a17fda6a7f3a5cab2 docker://image-registry.openshift-image-registry.svc:5000/shipperd-operator/konductor@sha256:0a5f154a3a087f3f435b91f92fd560f187d5bb393d37e11a17fda6a7f3a5cab2 --insecure-policy
Getting image source signatures
Copying blob 0cc7f3cc2dd7 skipped: already exists
Copying blob 253f389e53ae skipped: already exists
Copying blob daecccc87477 skipped: already exists
Copying blob feeb8fcfbddc skipped: already exists
Copying blob e8632d993fae skipped: already exists
Copying blob 4b1d20451a14 [--------------------------------------] 0.0b / 0.0b
Copying config 00a8f3906c [======================================] 25.6KiB / 25.6KiB
Writing manifest to image destination
FATA[0000] Error writing manifest: Error uploading manifest sha256:0a5f154a3a087f3f435b91f92fd560f187d5bb393d37e11a17fda6a7f3a5cab2 to image-registry.openshift-image-registry.svc:5000/shipperd-operator/konductor: received unexpected HTTP status: 500 Internal Server Error
sh-4.4$ skopeo copy --authfile /tmp/config.json --src-tls-verify=false --dest-tls-verify=false docker://registry.falcon.millenium.io:5000/${i} docker://image-registry.openshift-image-registry.svc:5000/shipperd-operator/${i} --insecure-policy
Getting image source signatures
Copying blob b6dc2de9c78d skipped: already exists
Copying blob f895238caed4 skipped: already exists
Copying blob b24086fcc584 skipped: already exists
Copying blob 64c41bab2425 skipped: already exists
Copying blob f936adfd6ff7 skipped: already exists
Copying blob 622b8bb95c14 [--------------------------------------] 0.0b / 0.0b
Copying config 8befe889d6 [======================================] 1.7KiB / 1.7KiB
Writing manifest to image destination
FATA[0000] Error writing manifest: Error uploading manifest sha256:3e855ad88f46ad1b7f56c312f078ca6adaba623c5d4b360143f9f82d2f349741 to image-registry.openshift-image-registry.svc:5000/shipperd-operator/openshift-release-dev: received unexpected HTTP status: 500 Internal Server Error
null till path to success identified